© 2011 by Taylor & Francis Group, LLC
A policy is the key element in the engineering process, and there are orga-
nizational, soware planning, and control procedures to support these
key elements. e signicant activities are dened in this chapter. To con-
duct a successful soware development program, one should understand
the scope of the work to be accomplished.
A policy provides a mission statement of direction and guidance for so-
ware industries and military and aerospace programs. Policies are the
highest level of authority and are consistent with the vision one should use
to be successful.
In the past I have seen in many soware companies and military and
aerospace programs that policies are not reviewed, implemented, or even
considered in the work place. Why? I stated in the rst paragraph that a
policy is a mission statement and should be used as a starting point for
performing soware development and supporting soware engineering
reviews and audits. A very eective policy I like to review over and over is
a policy for soware quality. e soware quality policy states that we are
the dierence, such as
I am personally responsible and accountable for the quality of my work.
I acquire/use the necessary tools and skills needed to meet qual-
ity requirements.
I know my objectives (process improvement goals and produce
22  •  Soware Engineering Reviews and Audits
© 2011 by Taylor & Francis Group, LLC
Do what you say (compliance): follow all procedures and instructions
that aect your work. You must say what you do (documentation): use
current plans, procedures, and work instructions.
Prove it (records): demonstrate your work in accordance with sound
processes/procedures and provide objective evidence.
Improve it: (process management/continual improvement): implement
change based on information/metrics.
4.1.1 Organization-Level Policy
I feel that process models and quality management provide the necessary
means for soware organizations to establish eective soware engineer-
ing review and audit processes to be implemented to support soware
development, modication, and soware procurement programs. e
number of processes and the extent of quality soware engineering review
and audit process implementation is based on the soware program or
project activities being performed each day. Soware Quality Assurance
(SQA) is an organization that will always ask audit questions concerning
soware development in order to support soware engineering reviews
and audit processes, because that is what soware quality is allowed to do.
At times this organization can be an annoyance to system, soware, and
test teams because of the many questions asked, including to subcontrac-
tors or supplier management.
e Soware Conguration Management (SCM) organization and so-
ware quality team work well together in soware activities such as audits,
tracking of changes, soware builds, loading of soware in labs/sites, so-
ware supplier audits, verication/validation of processes for compliance,
and soware product development. I have been on both sides, and these
organizations together make a very good team to ensure that soware orga-
nizations or programs are compliant with required soware standards.
Soware development activities are performed in accordance with
dened, repeatable, managed, and optimized policies. e soware qual-
ity disciplines and soware conguration principals ensure that soware
development processes are using a company or program standard, which
shows that cost parameters are established, documented, and maintained.
e peer review methods utilize that major soware defects are addressed
and will prevent future occurrences. In many soware industries and mili-
tary and aerospace programs, soware cost estimates are used for standard
estimation tools based on historical data and expert estimation techniques.

Get Software Engineering Reviews and Audits now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.