SOFTWARE ENGINEERING UNIT 3 PART 3:- VERIFICATION AND VALIDATION OF SOFTWARE QUALITY

 BY DR. AJAY KUMAR PATHAK

MJ–11 (TH): SOFTWARE ENGINEERING

F.Y.U.G.P FOR B. Sc. IT SEM 5

UNIT 3 PART 2

VERIFICATION AND VALIDATION OF SOFTWARE QUALITY ASSURANCE (SQA) :-

This is where Verification and Validation (V&V) in Software Testing play a critical role. Verification and validation serve two distinct yet complementary purposes within the Software Development Life Cycle (SDLC).

VERIFICATION focuses on evaluating whether the software is being built correctly, checking requirements, design, and specifications through reviews, inspections, and static testing. VALIDATION, on the other hand, determines whether the right product is being built, ensuring the final system meets user needs through dynamic testing and real-world evaluation. Together, they provide end-to-end quality assurance, risk reduction, and compliance with industry.

standards like ISO 26262, DO-178C, and IEC 62304 (International Electrotechnical Commission).

VERIFICATION AND VALIDATION IN SOFTWARE TESTING?:-

Verification and Validation (V&V) in Software Testing are systematic processes that ensure software quality throughout the Software Development Life Cycle (SDLC).

VERIFICATION: The process of evaluating whether the software is being developed correctly, according to specified requirements, design documents, and standards. It relies on static testing techniques such as reviews, inspections, and walkthroughs.

VALIDATION: The process of checking whether the right product is built, ensuring the software meets customer needs and performs in real-world conditions. It involves dynamic testing such as functional, system, and user acceptance testing.

Simply put: Verification = Are we building the product right? | Validation = Are we building the right product?

DIFFERENCES BETWEEN VERIFICATION VS VALIDATION TESTING:-

Aspect	Verification	Validation
Methods	Verification implements static approaches such as doc analyses & reviews	Validation uses dynamic test approaches including code execution
Concentration	Verification focuses on procedure devotion to the requirements	Validation concentrates on the real product & its suitability for consumer needs
Timing	The verification process takes place in the development stage, directing the detection of errors early	Validation occurs after the development stage, certifying that the end product meets user demands
Goal	Verification confirms the product is built properly and consistent with design specifics	Validation guarantees the correct product has been built to please user expectations

SQA (SOFTWARE QUALITY ASSURANCE ) PLANS:-

The Software Quality Assurance Plan includes the procedures, techniques, and tools that are

employed to make sure that a product or service aligns with the requirements defined in the

SRS(Software Requirement Specification). The plan identifies the SQA responsibilities of the team and lists the areas that need to be reviewed and audited. It also identifies the SQA work products.

The SQA plan document consists of the following sections:-

1. Purpose

2. Reference

3. Software configuration management

4. Problem reporting and corrective action

5. Tools, technologies, and methodologies

6. Code control

7. Records: Collection, maintenance, and retention

8. Testing methodology

SQA ACTIVITIES:-

1) Creating an SQA Management Plan:- Creating an SQA Management plan involves charting out a blueprint of how SQA will be carried out in the project concerning the engineering activities while ensuring that you corral the right talent/team.

2) Setting the Checkpoints:- The SQA team sets up periodic quality checkpoints to ensure that product development is on track and shaping up as expected.

3) Support/Participate in the Software Engineering team’s requirement gathering:- Participate in the software engineering process to gather high-quality specifications. For gathering information, a designer may use techniques such as interviews and FAST (Functional Analysis System Technique).

4) Conduct Formal Technical Reviews:- An FTR is traditionally used to evaluate the quality and design of the prototype. In this process, a meeting is conducted with the technical staff to discuss the quality requirements of the software and the design quality of the prototype. This activity helps in detecting errors in the early phase of SDLC and reduces rework effort later.

5) Formulate a Multi-Testing Strategy:- The multi-testing strategy employs different types of testing so that the software product can be tested well from all angles to ensure better quality.

6) Enforcing Process Adherence:- This activity involves coming up with processes and getting cross-functional teams to buy in on adhering to set-up systems.

 

SOFTWARE QUALITY FRAMEWORKS:-

Software Quality Frameworks are structured, repeatable systems that guide how an organization defines, builds, tests, and maintains software to ensure it meets quality goals. They encompass people, processes, and tools arranged to prevent defects, detect issues early, and deliver reliable, usable, and secure software.

WHAT A SOFTWARE QUALITY FRAMEWORK INCLUDES

1)      Quality objectives and standards:-  Clear statements of what “quality” means for a project (e.g., functionality, performance, security, usability) and the standards or guidelines used to measure it.

2)      Process discipline:-  Defined life cycle activities with prescribed methods, roles, inputs, outputs, and gates (e.g., requirements, design, implementation, testing, release, and maintenance).

3)      Quality assurance (QA) activities:-   Planned actions to ensure processes are followed and quality goals are met (audits, process improvements, training, static analysis, code reviews).

4)      Quality control (QC) activities:-  Verification and validation tasks that inspect the product to detect defects (test execution, defect reporting, acceptance criteria).

5)      Measurement and metrics:-  Quantitative data collected to monitor quality (defect density, test coverage, code churn, failure rate, mean time to recover).

6)      Risk management:-  Identification and listing of risks to quality, with justification plans and contingency actions.

7)      Continuous improvement loop:-  Regular review of processes and metrics, with actionable improvements to quality over time.

8)      Tool chain and automation:- A set of tools that support the framework to increase efficiency and consistency.

9)      Governance and roles:- Defined responsibilities (e.g., QA leads, test engineers, developers, product owners) and decision authorities at project milestones.

WHAT IS FRAMING SQA PLAN:-

Framing an SQA Plan (Software Quality Assurance Plan) is about defining how quality will be built into a software project from start to finish. It details who does what, when, and with which methods to ensure the product meets its quality goals. Below is a thorough, easy-to-understand guide with a concrete example.

ANSWER IN BRIEF:-

An SQA Plan is the blueprint that specifies quality objectives, roles, processes, standards, tools, and metrics for a project, plus the activities that will ensure those standards are met throughout the software lifecycle. It acts as both a roadmap and a contract between stakeholders and the project team to prevent defects, verify quality, and continuously improve.

WHAT AN SQA PLAN TYPICALLY INCLUDES:

1.      Purpose, scope, and references:- Why the plan exists, which projects it covers, and which standards or guidelines it follows (e.g., industry norms, company policies).

2.      Quality objectives and acceptance criteria:- Specific, measurable goals (e.g., defect leakage rate, test coverage targets, performance benchmarks, security requirements).

3.      Roles and responsibilities:-  Who owns quality activities (QA leads, testers, developers, product owners) and how they collaborate.

4.      Quality standards and compliance:-  Coding standards, review guidelines, testing standards, documentation requirements, security and privacy rules.

5.      Quality activities and lifecycle plan:- How quality will be addressed in each phase: planning, requirements, design, implementation, testing, release, and maintenance.

6.      Tools and infrastructure:- Testing tools, static analysis, defect tracking, configuration management, and monitoring systems.

7.      Test strategy and test plans:-  What to test (functional, non-functional), how to test (manual, automated), environments needed, and entry/exit criteria.

8.      Defect management:- How defects are reported, triaged, prioritized, tracked, and closed, including root-cause analysis.

9.      Risk management:-  Identification, assessment, and modification of quality risks with contingency actions.

10.  Governance and audit:- Decision authorities, approvals required for releases, and audit trails for compliance.

ISO 9000 MODELS, SEI-CMM MODEL AND THEIR RELEVANCE TO PROJECT MANAGEMENT.

ISO 9000 models are a family of internationally recognized standards for quality management systems (QMS). They provide a blueprint for establishing, documenting, and continually improving how a company does its work so that products and services consistently meet customer requirements. SEI-CMM (now evolved into CMMI) is a maturity framework that helps organizations improve their process capability across projects. Both are relevant to project management because they set expectations, guide process improvements, and provide measurable quality outcomes. ISO 9000 focuses on the systems and processes a company uses; CMM/CMMI focuses on the maturity of the organization’s processes and how well they are defined, managed, measured, and continuously improved. Together, they help project managers plan, execute, monitor, and improve work more predictably.

ISO 9000 models: what they are and how they help projects:-

What ISO 9000 covers:- A set of quality management principles and requirements for a QMS, designed to ensure consistent quality across products and services. These standards emphasize customer focus, leadership, process approach, evidence-based decision making, relationship management, and continual improvement.

The process-based mindset:- ISO 9000 encourages viewing an organization as a network of interrelated processes. By mapping and managing these processes, projects gain predictability, traceability, and easier audits.

Plan-Do-Check-Act with risk thinking:-     Core cycle: Plan what to do, Do the work, Check results against objectives, Act to improve. Recent versions emphasize risk-based thinking to prevent problems before they occur. This helps project teams set realistic schedules, budgets, and quality targets.

How ISO 9000 supports project management:-

1)      Clarifies roles, responsibilities, and documentation needed for quality (process descriptions, procedures, work instructions).

2)      Provides a common vocabulary for quality goals (customer satisfaction, defect prevention, process performance).

3)      Enables consistent process performance across projects, aiding governance, audits, and supplier relationships.

SEI-CMM / CMMI: what it is and how it helps projects:-

What the model is:-     The Capability Maturity Model (CMM) originated to assess and improve software development processes. It evolved into CMMI (Capability Maturity Model Integration), which covers a broader set of process areas including engineering, project management, and organization-wide operations. The model defines maturity levels and specific process areas (PAs) that organizations should implement to reach higher capability. ( existing knowledge; no exact citations required here per this format, but the concept is widely used in software and systems engineering )

Maturity levels (typical outline):-

1.      Level 1: Initial — processes are ad hoc and chaotic; success depends on individuals.

2.      Level 2: Managed — basic project management processes are in place; you can plan, track, and manage requirements and quality.

3.      Level 3: Defined — processes are standardized, documented, and integrated across the organization.

4.      Level 4: Quantitatively Managed — processes are measured and controlled; data drives decisions.

5.      Level 5: Optimizing — continuous improvement based on quantitative insight and innovative practices.

How CMMI helps project management:-

1.      Provides a structured path to improve project governance, risk management, measurement, and control over time.

2.      Aligns project practices with organization-wide process improvements, making projects more predictable in scope, schedule, and quality.

3.      Emphasizes planning, requirements management, configuration management, quality assurance, and measurement—core areas that directly impact project outcomes.

Simple, easy example: building a mobile banking feature:-

ü  ISO 9000 implementation

ü  Establish a QMS that defines processes for requirement capture, design, development, testing, release, and monitoring.

ü  Plan to deliver the feature with measurable targets: user acceptance criteria, performance thresholds, security checks, and accessibility standards.

 

ü  Use Plan-Do-Check-Act: Plan the feature, implement with code reviews and testing, verify with automated tests and security scans, and act on any gaps (update tests, adjust requirements).

ü  Documentation and audits ensure traceability of decisions, tests, and changes for compliance purposes.

CMMI implementation

ü  Pick relevant process areas (requirements management, project planning, configuration management, quality assurance, measurement and analysis).

ü  Move from Level 2 to Level 3 by standardizing the processes across the organization: consistent requirements templates, design reviews, test plans, and a common defect-tracking workflow.

ü  Use data (defect rates, test coverage, cycle time) to drive improvements, and mature the process by institutionalizing lessons learned.

UNIT 3 COMPLETED