CSQA CBOK v6.3

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (3.02 MB, 548 trang )

Trang 1<div class="page_container" data-page="1">

CSQA COMMON BODY OF KNOWLEDGE

Guide to the

</div>Trang 2<div class="page_container" data-page="2">

No part of this publication, or translations of it, may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or any other media embodiments now known or hereafter to become known, without the prior written permission of the Quality Assurance Institute.

Visit www.qaiusa.com for additional courseware and training seminars.

</div>Trang 3<div class="page_container" data-page="3">

Increased Confidence by IT Users and Customers . . . .Intro-5Improved Processes to Build/Acquire/Maintain, Operate and Measure Software . . . .Intro-5Independent Assessment of Quality Assurance Competencies . . . .Intro-5Quality Assurance Competencies Maintained Through Recertification . . . .Intro-5Value Provided to Co-Workers . . . .Intro-6Mentoring the QA Staff . . . .Intro-6SQA Resource to “IT” Staff . . . .Intro-6Role Model for SQA Practitioners . . . .Intro-6

How to Improve Software Quality Assurance Effectiveness

through Certification . . . Intro-6

Meeting the Certification Qualifications . . . Intro-7

Prerequisites for Candidacy . . . .Intro-7

Educational and Professional Prerequisites . . . Intro-7

CASQ . . . .Intro-7CSQA . . . .Intro-7CMSQ . . . .Intro-8

Expectations of the Certified Professional . . . Intro-8

Professional Skill Proficiency Responsibilities . . . .Intro-9Develop a Lifetime Learning Habit . . . .Intro-9

Code of Ethics . . . .Intro-9

Purpose . . . Intro-10Responsibility . . . Intro-10Professional Code of Conduct . . . Intro-10Grounds for Decertification . . . Intro-11

Submitting the Initial Application . . . .Intro-11

Updating Your On-Line Profile . . . Intro-12

</div>Trang 4<div class="page_container" data-page="4">

Scheduling with Pearson VUE to Take the Examination . . . .Intro-13

Arriving at the Examination Site . . . Intro-13

No-shows . . . Intro-13

How to Maintain Competency and Improve Value . . . .Intro-14

Continuing Professional Education . . . Intro-14Advanced Software Quality Assurance Designations . . . Intro-14

What is the Certification Competency Emphasis? . . . Intro-14

Preparing for the CSQA Examination . . . .Intro-17

Assess Your CSQA CBOK Competency . . . .Intro-18

Complete the CSQA Skill Assessment Worksheet . . . Intro-18Calculate Your CSQA CBOK Competency Rating . . . Intro-20

Understand the Key Principles Incorporated

Into the Examination . . . .Intro-22Review the List of References . . . .Intro-23Initiate a Self-Study Program . . . .Intro-24Take the Sample Examination . . . .Intro-25

CSQA Skill Assessment Worksheet . . . Eval-1

Assess Your Skills against the CSQA CBOK . . . Eval-1

Skill Category 1 – Quality Principles and Concepts . . . Eval-2Skill Category 2 – Quality Leadership . . . Eval-3Skill Category 3 – Quality Baselines . . . Eval-4Skill Category 4 – Quality Assurance . . . Eval-5Skill Category 5 – Quality Planning . . . Eval-6Skill Category 6 – Define, Build, Implement and Improve

Work Processes . . . Eval-7Skill Category 7 – Quality Control Practices . . . Eval-8Skill Category 8 – Metrics and Measurement . . . Eval-9Skill Category 9 – Internal Control and Security . . . Eval-10Skill Category 10 – Outsourcing, COTS, and Contracting Quality . . Eval-11

CSQA CBOK Competency Rating Table . . . Eval-12

</div>Trang 5<div class="page_container" data-page="5">

Skill Category 1

Quality Principles . . . 1-1

Vocabulary of Quality . . . .1-1The Different Views of Quality . . . .1-4

The Two Quality Gaps . . . .1-5Quality Attributes for an Information System . . . .1-6

Quality Concepts and Practices . . . .1-8

PDCA Cycle . . . .1-9Cost of Quality . . . .1-11

The Three Key Principles of Quality . . . 1-14The Quality Solution . . . 1-14Best Practices . . . 1-15

Six Sigma Quality . . . .1-15Baselining and Benchmarking . . . .1-16Earned Value . . . .1-16

Quality Control and Quality Assurance . . . .1-17

Quality Control . . . .1-17Quality Assurance . . . .1-18Differentiating Between Quality Control and Quality Assurance . . . .1-18Understanding and Using the Just-In-Time (JIT) Technique . . . .1-19

Quality Pioneers Approach to Quality . . . .1-22

Dr. W. Edwards Deming . . . .1-22Philip Crosby . . . .1-25Dr. Joseph Juran . . . .1-28Total Quality Management . . . .1-29

A Managerial Philosophy Based on the Work of the Pioneers . . . 1-29

</div>Trang 6<div class="page_container" data-page="6">

Competition to Cooperation . . . 2-11Awareness Training . . . 2-11Nurturing New Behaviors . . . 2-13

Empowerment of Employees . . . 2-14

Quality Management Infrastructure . . . 2-15

Quality Council . . . 2-16Management Committees . . . 2-17Teams and Work Groups . . . 2-17

Understanding Team Development Phases . . . 2-18Establishing Group Compatibility . . . 2-19Consensus . . . 2-21Controlling Meetings . . . 2-21Using Task Forces Effectively . . . 2-22Personal Persuasion . . . 2-23Conformity Behavior of Individuals in a Group . . . 2-24Resolving Customer Complaints . . . 2-25Written Reports . . . 2-27

Process Improvement Teams . . . 2-29

Quality Environment . . . 2-30

The Six Attributes of an Effective Quality Environment . . . 2-30

The Core Values and Concepts Included in the Malcolm Baldrige National Quality Award Model . . . 2-33

Core Values and Concepts . . . 2-34Visionary Leadership . . . 2-34Customer-Driven Excellence . . . 2-35Organizational and Personal Learning . . . 2-35Valuing Employees and Partners . . . 2-36Agility . . . 2-37Focus on the Future . . . 2-38

</div>Trang 7<div class="page_container" data-page="7">

Managing for Innovation . . . 2-38Management by Fact . . . 2-38Social Responsibility . . . 2-39

Focus on Results and Creating Value . . . 2-40Systems Perspective . . . 2-40

Setting the Proper “Tone” at the Top . . . .2-40Code of Ethics and Conduct . . . .2-41Open Communications . . . .2-41

Guidelines for Effective Communications . . . 2-42

Providing Constructive Criticism . . . 2-42Achieving Effective Listening . . . 2-44The 3-Step Listening Process . . . 2-45

Implementing a Mission, Vision, Goals, Values, and Quality Policy . . .2-48

Mission . . . 2-48Vision . . . 2-49Goals . . . 2-49Values . . . 2-51Quality Policy . . . 2-52

Monitoring Compliance to Organizational Policies and Procedures . . . .2-53

Four Types of Monitoring . . . 2-54

Monitoring the Tone at the Top . . . 2-54Monitoring by Individuals . . . 2-55Ongoing Monitoring . . . 2-55Independent Monitoring . . . 2-56

Enforcement of Organizational Policies and Procedures . . . .2-57

Types of Enforcements . . . 2-58

Automated Enforcement . . . 2-58Self-Enforcement . . . 2-58Supervisory Enforcement . . . 2-59

</div>Trang 8<div class="page_container" data-page="8">

Skill Category 3

Quality Baselines . . . .3-1

Quality Baseline Concepts . . . 3-1

Baselines Defined . . . 3-1Types of Baselines . . . 3-2Conducting Baseline Studies . . . 3-2

Conducting Objective Baseline Studies . . . 3-4Conducting Subjective Baseline Studies . . . 3-5

Planning . . . 3-6Internal analysis . . . 3-6Benchmarking . . . 3-6

Methods Used for Establishing Baselines . . . 3-7

Customer Surveys . . . 3-7Benchmarking to Establish a Baseline Goal . . . 3-7Assessments against Management Established Criteria . . . 3-10Assessments against Industry Models . . . 3-12

Model and Assessment Fundamentals . . . 3-12

Purpose of a Model . . . 3-12Types of Models (Staged and Continuous) . . . 3-13

Staged models . . . 3-13Continuous models . . . 3-14

Model Selection Process . . . 3-14Using Models for Assessment and Baselines . . . 3-15

Assessments versus Audits . . . 3-15

Industry Quality Models . . . 3-16

Software Engineering Institute Capability Maturity Model Integration MI®) . . . 3-16

(CM-Maturity Levels . . . 3-16

Level 1: Initial . . . 3-18Level 2: Managed . . . 3-18Level 3: Defined . . . 3-18Level 4: Quantitatively Managed . . . 3-19Level 5: Optimizing . . . 3-19

Components of the Maturity Levels . . . 3-20Skipping Maturity Levels . . . 3-20

Malcolm Baldrige National Quality Award (MBNQA) . . . 3-21

National Institute of Standards and Technology . . . 3-21

Board of Overseers . . . 3-21Board of Examiners . . . 3-21

</div>Trang 9<div class="page_container" data-page="9">

Award Recipients . . . 3-21

2005 Award Criteria . . . 3-22

1 – Leadership . . . 3-222 – Strategic Planning . . . 3-223 – Customer and Market Focus . . . 3-224 – Information and Analysis . . . 3-235 – Human Resources . . . 3-236 – Process Management . . . 3-237 – Business Results . . . 3-23

2005 Award Scoring System . . . 3-23

Process . . . 3-24

The Application Review Process . . . 3-25Other National and Regional Awards . . . 3-25

ISO 9001:2000 . . . .3-25

Model Overview . . . 3-26

Management Responsibility . . . 3-27Resource Management . . . 3-28Product Realization . . . 3-28Measurement, Analysis and Improvement . . . 3-29

ISO/IEC 12207: Information Technology – Software Life Cycle

Processes . . . .3-29

Model Overview . . . 3-29Target Audience . . . 3-32Views of Software Development . . . 3-32Relationship to Other Standards . . . 3-33

ISO/IEC System and Software Standards . . . 3-33IEEE/EIA 12207 . . . 3-33

ISO/IEC 15504: Process Assessment

(Formerly Known as Software Improvement and Capability Determination (SPICE)) . . . .3-34

Model Overview . . . 3-34Reference Models . . . 3-37

Process Dimension . . . 3-37Process Capability Dimension . . . 3-39

The Assessment Process . . . 3-40Relationship to other International Standards . . . 3-42

Post-Implementation Audits . . . .3-42

</div>Trang 10<div class="page_container" data-page="10">

Skill Category 4

Quality Assurance . . . .4-1

Establishing a Function to Promote and Manage Quality . . . 4-1

The Challenges of Implementing a Quality Function . . . 4-3How the Quality Function Matures Over Time . . . 4-5

Three Phases of Quality Function Maturation . . . 4-5

Initial Phase . . . 4-5Intermediate Phase . . . 4-5Final Phase . . . 4-6

Drivers that Change the Role of the QA Analyst . . . 4-7

Management Philosophy . . . 4-7Personal Belief System of Managers . . . 4-8

Quality Function Recommendations . . . 4-8

Support in Corporate Quality Management Environment . . . 4-9

Support of Corporate Quality Management with Repository

of Quality Information . . . 4-9IT Management Responsibilities in Corporate Quality Management Environment 4-9

Implementing an IT Quality Function . . . 4-10

Step 1: Develop a Charter . . . 4-10Step 2: Identify the Quality Manager . . . 4-12Step 3: Locate Organizationally the IT Quality Function . . . 4-13Step 4: Build Support for Quality . . . 4-14Step 5: Staff and Train the Quality Function . . . 4-16Step 6: Build and Deploy the Quality Toolbox . . . 4-18Step 7: Drive the Implementation of the Quality Management Environment . . . . 4-19

IT Quality Plan . . . 4-19

Long-Term Actions . . . 4-20Short-Term Actions . . . 4-21

Quality Tools . . . 4-23

Management Tools . . . 4-24

Brainstorming . . . 4-25Affinity Diagram . . . 4-25Nominal Group Technique . . . 4-26Cause-and-Effect Diagram . . . 4-27Force Field Analysis . . . 4-29Flowchart and Process Map . . . 4-30Benchmarking . . . 4-31

Planning Phase . . . 4-32Analysis Phase . . . 4-33Integration Phase . . . 4-33Action Phase . . . 4-33

Matrix . . . 4-34Quality Function Deployment . . . 4-35

</div>Trang 11<div class="page_container" data-page="11">

Fundamental Deployments . . . 4-37Horizontal Deployments . . . 4-38Vertical Deployments . . . 4-38

Playscript . . . 4-39

Statistical Tools . . . .4-40

Check Sheet . . . 4-40Histogram . . . 4-41Pareto Chart . . . 4-43Run Chart . . . 4-44Control Chart . . . 4-45Scatter Plot . . . 4-47

Presentation Tools . . . .4-49

Table . . . 4-49Line Chart . . . 4-49Bar Chart . . . 4-50Pie Chart . . . 4-51Stem-and-Leaf Chart . . . 4-52

Process Deployment . . . .4-53

Getting Buy-In for Change through Marketing . . . .4-53

Step 1: Identify Customer Needs . . . 4-54Step 2: Present Solution in Terms of Customer Needs . . . 4-54Step 3: Identify Barriers and Obstacles . . . 4-55Step 4: Address Barriers and Obstacles . . . 4-55Step 5: Obtain Approval . . . 4-56

The Formula for Effective Behavior Change . . . .4-56The Deployment Process . . . .4-56

Deployment Phase 1: Assessment . . . 4-57Deployment Phase 2: Strategic . . . 4-57Deployment Phase 3: Tactical . . . 4-60

Critical Success Factors for Deployment . . . .4-64

Internal Auditing and Quality Assurance . . . .4-66

Types of Internal Audits . . . .4-66Differences in Responsibilities . . . .4-67

</div>Trang 12<div class="page_container" data-page="12">

Integrating Business and Quality Planning . . . 5-6

The Fallacy of Having Two Separate Planning Processes . . . 5-6Planning Should be a Single IT Activity . . . 5-6

Prerequisites to Quality Planning . . . 5-8The Planning Process . . . 5-9

Planning Process Overview . . . 5-9The Six Basic Planning Questions . . . 5-11The Common Activities in the Planning Process . . . 5-13

Business or Activity Planning . . . 5-13Environment Planning . . . 5-13Capabilities and Opportunities Planning . . . 5-13Assumptions/Potential Planning . . . 5-14Objectives/Goals Planning . . . 5-14Policies/Procedures Planning . . . 5-14Strategy/Tactics Planning . . . 5-15Priorities/Schedules Planning . . . 5-15Organization/Delegation Planning . . . 5-15Budget/Resources Planning . . . 5-16Planning Activities for Outsourced Work . . . 5-16

Planning to Mature IT Work Processes . . . 5-17

QAI Model and Approach to Mature IT Work Processes . . . 5-17

Why Six Process Categories Were Chosen . . . 5-19Manage by Process, a Tactical View of Process Maturity . . . 5-19Tactics for Maturing the Management Processes . . . 5-20

Level 1 -- Product Focus . . . 5-22Level 2 -- Process Focus . . . 5-23Level 3 -- End User Focus . . . 5-23Level 4 -- Team Focus . . . 5-23Level 5 – World-Class Focus . . . 5-23

Tactics for Maturing the People Management Processes . . . 5-26

Level 1 – Unpredictable . . . 5-28Level 2 – Process Skills . . . 5-29Level 3 – Integration . . . 5-30Level 4 – Quantitative Management . . . 5-31Level 5 – Innovate . . . 5-31

Tactics for Maturing the Deliverables Processes . . . 5-32

</div>Trang 13<div class="page_container" data-page="13">

Level 1 – Constraint Requirements . . . 5-34Level 2 – Business Requirements . . . 5-35Level 3 – Relational Requirements . . . 5-35Level 4 – Quality Requirements . . . 5-35Level 5 – Reliability Requirements . . . 5-36

Tactics for Maturing the Technology Processes . . . 5-36

Level 1 – Assessment/Pilot . . . 5-38Level 2 – Operational . . . 5-39Level 3 – Predictable . . . 5-39Level 4 – Technology Optimization . . . 5-39Level 5 – People Optimization . . . 5-39

Tactics for Maturing the Quality Assurance Processes . . . 5-39

Level 1 – Controlling . . . 5-42Level 2 -- Defining . . . 5-42Level 3 -- Aligning . . . 5-43Level 4 -- Adapting . . . 5-43Level 5 -- Champion . . . 5-44

Tactics for Maturing the Quality Control Management Processes . . . 5-45

Level 1 – Validation . . . 5-46Level 2 – Verification . . . 5-47Level 3 -- Defect Management . . . 5-47Level 4 -- Statistical Process Control . . . 5-47Level 5 - Preventive Management . . . 5-47

How to Plan the Sequence for Implementing Process Maturity . . . .5-48

Relationship between People Skills and Process Definitions . . . 5-48Relationship of Do and Check Procedures . . . 5-49Relationship of Individuals' Assessment of How They are Evaluated to Work Per-formed . . . 5-50Relationship of What Management Relies on for Success . . . 5-51Relationship of Maturity Level to Cost to Do Work . . . 5-52Relationship of Process Maturity to Defect Rates . . . 5-53Relationship of Process Maturity and Cycle Time . . . 5-54Relationship of Process Maturity and End User Satisfaction . . . 5-54Relationship of Process Maturity and Staff Job Satisfaction . . . 5-55Relationship of Process Maturity to an Organization's Willingness to Embrace Change 5-56

Relationship of Tools to Process Maturity . . . 5-56Relationship of the Control and Test Process Category to Quick Paybacks . . . 5-56Strategy for Moving to Higher Maturity Levels . . . 5-57Skipping Levels and Reverting Back to Lower Levels . . . 5-57

</div>Trang 14<div class="page_container" data-page="14">

Process Management Processes . . . 6-11

Planning Processes . . . 6-12

Process Inventory . . . 6-12Process Mapping . . . 6-13Process Planning . . . 6-14

Do Processes . . . 6-15

Process Definition . . . 6-15

Check Processes . . . 6-19

Identify Control Points . . . 6-19

Automatic . . . 6-21Self-Checking . . . 6-21Peer Reviews . . . 6-22Supervisory . . . 6-22Third Party . . . 6-22

Process Measurement . . . 6-22Testing . . . 6-23

Act Processes . . . 6-23

Process Improvement Teams . . . 6-25Process Improvement Process . . . 6-26

Identify and Understand the Process . . . 6-26Improve the Process . . . 6-29

</div>Trang 15<div class="page_container" data-page="15">

Informal Review . . . 7-10Semiformal Review (or Walkthrough) . . . 7-10Formal Review (or Inspection) . . . 7-10

In-Process Reviews . . . 7-11Checkpoint Reviews . . . 7-11Phase-End Reviews . . . 7-11

Software Requirements Review . . . 7-12Critical Design Review . . . 7-12Test Readiness Review . . . 7-12

Post-Implementation Reviews . . . 7-12Inspections . . . 7-12

Developing Testing Methodologies . . . .7-14

Acquire and Study the Test Strategy . . . .7-14Determine the Type of Development Project . . . .7-14Determine the Type of Software System . . . .7-15Determine the Project Scope . . . .7-16Identify the Tactical Risks . . . .7-17Determine When Testing Should Occur . . . .7-18Build the System Test Plan . . . .7-19

</div>Trang 16<div class="page_container" data-page="16">

Verification and Validation Methods . . . 7-20

Management of Verification and Validation . . . 7-20Verification Techniques . . . 7-20

Feasibility Reviews . . . 7-21Requirements Reviews . . . 7-21Design Reviews . . . 7-21Code Walkthroughs . . . 7-21Code Inspections or Structured Walkthroughs . . . 7-21Requirements Tracing . . . 7-21

Validation Techniques . . . 7-22

White-Box . . . 7-22Black-Box . . . 7-23

Equivalence Partitioning . . . 7-23Boundary Analysis . . . 7-23Error Guessing . . . 7-23

Incremental . . . 7-23

Top-Down . . . 7-24Bottom-Up . . . 7-24

Thread . . . 7-24Regression . . . 7-24

Unit Regression Testing . . . 7-25Regional Regression Testing . . . 7-25Full Regression Testing . . . 7-25

Structural and Functional Testing . . . 7-25

Structural Testing . . . 7-26Functional Testing . . . 7-26

Software Change Control . . . 7-27

Software Configuration Management . . . 7-27Change Control Procedures . . . 7-28

Defect Management . . . 7-29

Defect Management Process . . . 7-29Defect Reporting . . . 7-29Severity versus Priority . . . 7-31

A Sample Defect Tracking Process . . . 7-31

Using Defects for Process Improvement . . . 7-33

</div>Trang 17<div class="page_container" data-page="17">

Measurement in Software . . . .8-8

Product Measurement . . . .8-9

Size . . . 8-9

Lines of Code . . . 8-9Function Points . . . 8-9

Complexity . . . 8-10

Cyclomatic Complexity -- v(G) . . . 8-10Knots . . . 8-10

Quality . . . 8-10

Correctness . . . 8-10Reliability . . . 8-11Maintainability . . . 8-11

Customer Perception of Product Quality . . . 8-11

Process Measurement . . . .8-11

Variation and Process Capability . . . .8-13

The Measurement Program . . . .8-13

</div>Trang 18<div class="page_container" data-page="18">

Common and Special Causes of Variation . . . 8-18

Common Causes of Variation . . . 8-18Special Causes of Variation . . . 8-19

Variation and Process Improvement . . . 8-20Process Capability . . . 8-21

Risk Management . . . 8-22

Defining Risk . . . 8-22Characterizing Risk . . . 8-22

Situational . . . 8-22Time-Based . . . 8-23Interdependent . . . 8-23Magnitude Dependent . . . 8-23Value-Based . . . 8-23

Managing Risk . . . 8-23

Risk Identification . . . 8-24Risk Analysis . . . 8-25Risk Prioritization . . . 8-28Risk Response Planning . . . 8-29Risk Resolution . . . 8-29Risk Monitoring . . . 8-30

Software Risk Management . . . 8-30Risks of Integrating New Technology . . . 8-31

Implementing a Measurement Program . . . 8-33

The Need for Measurement . . . 8-33Prerequisites . . . 8-34

</div>Trang 19<div class="page_container" data-page="19">

Skill Category 9

Internal Control and Security . . . 9-1

Principles and Concepts of Internal Control . . . .9-2

Internal Control and Security Vocabulary and Concepts . . . .9-2

Internal Control Responsibilities . . . 9-3The Internal Auditor’s Internal Control Responsibilities . . . 9-3

Risk versus Control . . . .9-5Environmental versus Transaction Processing Controls . . . .9-5

Environmental or General Controls . . . .9-6Transaction Processing Controls . . . .9-8

Preventive, Detective and Corrective Controls . . . .9-9

Preventive Controls . . . 9-9

Source-Data Authorization . . . 9-10Data Input . . . 9-11Source-Data Preparation . . . 9-11Turn-Around Document . . . 9-11Pre-Numbered Forms . . . 9-11Input Validation . . . 9-11Computer Updating of Files . . . 9-13Controls over Processing . . . 9-13

Detective Controls . . . 9-15

Data Transmission. . . 9-15Control Register . . . 9-16Control Totals . . . 9-16Documentation and Testing . . . 9-16Output Checks . . . 9-16

Corrective Controls . . . 9-17

Error Detection and Resubmission . . . 9-17Audit Trails . . . 9-18

Cost versus Benefit of Controls . . . .9-18

The Quality Professionals Responsibility for Internal Control and Security 9-19

Risk and Internal Control Models . . . .9-20

COSO Enterprise Risk Management (ERM) Model . . . .9-20

The ERM Process . . . 9-20 ERM Components . . . 9-20

COSO Internal Control Framework Model . . . .9-22

Example of a Transaction Processing Internal Control System . . . 9-24

CobiT Model . . . .9-25

</div>Trang 20<div class="page_container" data-page="20">

Model for Building Transaction Processing Controls . . . 9-28

Transaction Origination . . . 9-29Transaction Entry . . . 9-29Transaction Communications . . . 9-29Transaction Processing . . . 9-30Database Storage and Retrieval . . . 9-30Transaction Output . . . 9-30

Building Adequate Security . . . 9-31

Where Vulnerabilities in Security Occur . . . 9-31

Functional Vulnerabilities . . . 9-31IT Areas Where Security is Penetrated . . . 9-33Accidental versus Intentional Losses . . . 9-35

Establishing a Security Baseline . . . 9-36

Creating Baselines . . . 9-36

Step 1: Establish the Team . . . 9-38Step 2: Set Requirements and Objectives . . . 9-39Step 3: Design Data Collection Methods . . . 9-41Step 4: Train Participants . . . 9-43Step 5: Collect Data . . . 9-44Step 6: Analyze and Report Security Status . . . 9-44

Using Baselines . . . 9-46Security Awareness Training . . . 9-46

Step 1 – Create a Security Awareness Policy . . . 9-47Step 2 – Develop a Security Awareness Strategy . . . 9-48

Awareness . . . 9-49Training . . . 9-50Education . . . 9-50Professional Development . . . 9-50

Step 3 – Assign the Roles for Security Awareness . . . 9-51

IT Director/CIO . . . 9-51Information Technology Security Program Manager . . . 9-52IT Managers . . . 9-52Users . . . 9-52

Security Practices . . . 9-53

</div>Trang 21<div class="page_container" data-page="21">

Skill Category 10

Outsourcing, COTS and Contracting Quality . . 10-1

Quality and Outside Software . . . .10-1

Purchased COTS software . . . .10-2

Evaluation versus Assessment . . . 10-2

Outsourced Software . . . .10-3

Additional differences if the contract is with an offshore organization . . . 10-3Quality Professionals Responsibility for Outside Software . . . 10-4

Selecting COTS Software . . . .10-6

Assure Completeness of Needs Requirements . . . .10-6Define Critical Success Factor . . . .10-7Determine Compatibility with Hardware, Operating System, and Other COTS Software . . . .10-8

Hardware Compatibility . . . 10-9Operating Systems Compatibility . . . 10-9Program Compatibility . . . 10-10Data Compatibility . . . 10-10

Assure the Software can be Integrated into Your Business System

Work Flow . . . .10-10Demonstrate the Software in Operation . . . .10-11Evaluate People Fit . . . .10-13Acceptance Test the Software Process . . . .10-14

Selecting Software Developed by Outside Organizations . . . .10-15

Contracting Life Cycle . . . .10-15

Selecting an Outside Organization . . . 10-16

Feasibility Study . . . 10-16Selection of an Outside Organization . . . 10-18

Assure That Requirements and Contract Criteria are Testable . . . 10-19Assure That the Contractor Has an Adequate Software Development Process . . 10-19Assure That the Contractor Has an Effective Test Process . . . 10-19Define Acceptance Testing Criteria . . . 10-20Contractor’s Status Reporting . . . 10-20Ensure Knowledge Transfer Occurs . . . 10-20Ensure Protection of Intellectual Property Rights of Both Organizations . . . 10-21

Developing Selection Criteria . . . .10-21

Contracting for Software Developed by Outside Organizations . . . .10-22

</div>Trang 22<div class="page_container" data-page="22">

Operating for Software Developed by Outside Organizations . . . 10-28

Acceptance Testing . . . 10-28

Acceptance Testing Concerns . . . 10-28Operation and Maintenance of the Software . . . 10-29

Operation and Maintenance Concerns . . . 10-30

Contractual Relations . . . 10-31

Contractual Relation Concerns . . . 10-32

Appendix A

Vocabulary . . . A-1Appendix B

References . . . B-1How to Take the CSQA Examination . . . C-1

CSQA Examination Overview . . . .C-1

Quality Assurance Theory and Practice . . . .C-1

Guidelines to Answer Questions . . . .C-2Sample CSQA Examination . . . .C-5

Part 1 Multiple-Choice Questions . . . .C-5Part 1 and Part 3 Multiple-Choice Answers . . . .C-11Part 2 Essay Questions and Answers . . . .C-12

Part 2 – Quality Assurance Theory Essay Questions . . . C-12Part 2 – Quality Assurance Theory Essay Questions . . . C-15Part 2 – Quality Assurance Practice Essay Questions . . . C-18Part 4 – Quality Assurance Practice Essay Answers . . . C-22

</div>Trang 23<div class="page_container" data-page="23">

Software Quality Assurance Certification Program

he Software Quality Assurance Certification program (CASQ, CSQA, and CMSQ) was developed by leading software quality professionals as a means of recognizing

software quality analysts who demonstrate a predefined level of quality assurance competency. The Software Quality Assurance Certification program is directed by the International Software Certification Board (ISCB), an independent Board and administered by the QAI Global Institute (QAI). The program was developed to provide value to the

profession, the individual, the employer, and co-workers.

The CASQ, CSQA, and CMSQ certifications test the level of competence in the principles and practices of software quality assurance and control in the Information Technology (IT) profession. These principles and practices are defined by the ISCB as the Software Quality Assurance Body of Knowledge (SQABOK). The ISCB will periodically update the SQABOK to reflect changing software quality and control, as well as changes in computer technology. These updates should occur approximately every three years.

Be sure to check the Software Certifications Web site for up-to-date information on the Software Quality Assurance Certification program at:

Using this product does not constitute, nor imply, the successful passing of the

Scheduling with Pearson VUE to Take the Examination

T

</div>Trang 24<div class="page_container" data-page="24">

Intro.1 Software Certification Overview

Software Certifications is recognized worldwide as the standard for IT software quality assurance (SQA) professionals. Certification is a big step, a big decision. Certification identifies an individual as a SQA leader and earns the candidate the respect of colleagues and managers. It is formal acknowledgment that the IT recipient has an overall understanding of the disciplines and skills represented in a comprehensive Software Quality Assurance Body of Knowledge (SQABOK) for a respective software discipline.

The Software Quality Assurance Certification programs demonstrate the following objectives to establish standards for initial qualification and continuing improvement of professional competence. The certification programs help to:

1. Define the tasks (skill categories) associated with SQA duties in order to evaluate skill mastery.

2. Demonstrate an individual’s willingness to improve professionally.

3. Acknowledge attainment of an acceptable standard of professional competency.4. Aid organizations in selecting and promoting qualified individuals.

5. Motivate personnel having SQA responsibilities to maintain their professional tency.

compe-6. Assist individuals in improving and enhancing their organization’s SQA programs (i.e., provide a mechanism to lead a professional).

In addition to Software Quality Assurance Certification, the ISCB also offer the following software certifications.

• Certified Associate in Business Analysis (CABA)• Certified Software Business Analyst (CSBA)

</div>Trang 25<div class="page_container" data-page="25">

Intro.1.1 Contact Us

Software CertificationsPhone: (407)-472-8100

Fax: (407)-363-1112

Certification questions? E-mail:

Intro.1.2 Program History

QAI was established in 1980 as a professional association formed to represent the software quality assurance industry. The first certification began development in 1985 and the first formal examination process was launched in 1990. Today, Software Certifications, administered by QAI, is global. Since its inception, the ISCB has certified over 50,000 IT professionals in 50+ countries world wide.

Intro.1.3 Why Become Certified?

As the IT industry becomes more competitive, management must be able to distinguish professional and skilled individuals in the field when hiring. Certification demonstrates a level of understanding in carrying out SQA principles and practices that management can depend upon.

Acquiring a CASQ, CSQA, or CMSQ certification indicates a foundation, professional practitioner, or managerial level of competence in SQA respectively. Software Quality Analysts become members of a recognized professional group and receive recognition for their competence by businesses and professional associates, potentially more rapid career advancement, and greater acceptance in the role as advisor to management.

Intro.1.4 Benefits of Becoming Certified

As stated above, the Software Quality Assurance certifications were developed to provide value to the profession, the individual, the employer, and co-workers. The following information is data collected from CSQAs in the IT industry – a real testimonial to the benefits and reasons to make the effort to become a certified.

</div>Trang 26<div class="page_container" data-page="26">

Intro.1.4.1 Value Provided to the Profession

Software quality assurance is often viewed as a software project task, even though many individuals are full-time quality assurance professionals. The Software Quality Assurance Certification program was designed to recognize SQA professionals by providing:

• Software Quality Assurance Body of Knowledge (SQABOK)

The ISCB defines the skills upon which the software quality assurance certification isbased. The current SQABOK includes 10 skill categories fully described in this book – seeSkill Category 1 through Skill Category 10.

• Examination Process to Evaluate Competency

The successful candidate must pass an examination that is based on the SQABOK. Youmust receive a grade of 70% or higher. The CASQ examination consists of 100 multiplechoice questions; the CSQA examination consists of 100 multiple choice and 12 shortsessays; and the CMSQ examination consists of 12 short essays.

• Code of Ethics

The successful candidate must agree to abide by a professional Code of Ethics as specifiedby the ISCB. See “Code of Ethics” on page 9 for an explanation of the ethical behaviorsexpected of all certified professionals.

Intro.1.4.2 Value Provided to the Individual

The individual obtaining the CSQA certification receives the following values:• Recognition by Peers of Personal Desire to Improve

Approximately seventy-five percent (75%) of all CSQAs stated that a personal desire forself-improvement and peer recognition was the main reason for obtaining the CSQAcertification. Fifteen percent (15%) were required by their employer to sit for theexamination, and ten percent (10%) were preparing themselves for an improved qualityassurance related position.

Many CSQAs indicated that while their employer did not require CSQA certification, itwas strongly encouraged.

• Increased Confidence in Personal Capabilities

Eighty-five percent (85%) of the CSQAs stated that passing the examination increasedtheir confidence to perform their job more effectively. Much of that confidence came fromstudying for the examination.

• Recognition by IT Management for Professional Achievement

Most CSQAs stated that their management greatly respects those who put forth thepersonal effort needed for self-improvement. IT organizations recognized and rewardedindividuals in the following ways:

</div>Trang 27<div class="page_container" data-page="27">

• Thirteen percent (13%) received an immediate average one-time bonus of $610, with arange of $250 to $2,500.

• Twelve percent (12%) received an immediate average salary increase of 10%, with arange of 2% to 50%.

Non-monetary recognitions were:

• Thirty-six percent (36%) were recognized in staff meetings.• Twenty percent (20%) in newsletters or e-mail.

• Many received rewards, management visits or calls, and lunch with the boss.Within the first 18 months after receiving the CSQA certification:

• Twenty-seven percent (27%) received an average salary increase of 23%, with a rangeof 2% to 100%.

• Twenty-three percent (23%) were promoted, 25% received a better assignment and13% a new assignment.

Intro.1.4.3 Value Provided to the Employer

With the need for increased software quality and reliability, companies employing certified QA professionals provide value in these ways:

Intro.1.4.3.1 Increased Confidence by IT Users and Customers

IT users and customers expressed confidence in IT to effectively build or acquire software when certified quality assurance practitioners were involved.

Intro.1.4.3.2 Improved Processes to Build/Acquire/Maintain, Operate and Measure Software

Certified SQA Analysts use their knowledge and skills to continuously improve the IT work processes. They know what to measure, how to measure it, and then prepare an analysis to aid in the decision-making process.

Intro.1.4.3.3 Independent Assessment of Quality Assurance Competencies

The Software Quality Assurance Certification program is directed by the ISCB. Through examination and recertification, they provide an independent assessment of one’s quality assurance competencies, based on a continuously strengthening Software Quality Assurance Body of Knowledge.

Intro.1.4.3.4 Quality Assurance Competencies Maintained Through Recertification

Yesterday’s quality assurance competencies are inadequate for today’s challenges.

Recertification is a process that helps assure one’s skills remain current. The recertification

</div>Trang 28<div class="page_container" data-page="28">

From an IT director’s perspective, this is employee-initiated quality assurance training. Most, if not all SQA analysts, do this training during their personal time. IT organizations gain three benefits from recertification: 1) employees initiate improvement; 2) quality assurance

practitioners obtain competencies in SQA methods and techniques; and 3) employees train during personal time.

Intro.1.4.3.5 Value Provided to Co-Workers

The drive for self-improvement is a special trait that manifests itself in providing these values to co-workers:

Intro.1.4.3.6 Mentoring the QA Staff

Forty-five percent (45%) of the CSQAs mentor their SQA colleagues by conducting training classes, encouraging staff to become certified, and acting as a resource to the staff on sources of IT SQA-related information.

Intro.1.4.3.7 SQA Resource to “IT” Staff

CSQAs and CMSQs are recognized as experts in SQA and are used heavily for advice, counseling, and for recommendations on software construction, quality assurance and testing.

Intro.1.4.3.8 Role Model for SQA Practitioners

CSQAs and CMSQs are the IT role models for individuals with SQA responsibilities to become more effective in performing their job responsibilities.

Intro.1.4.4 How to Improve Software Quality Assurance Effectiveness through Certification

A “driver” for improved IT effectiveness is the integration of the Software Quality Assurance certification program in your “IT” career development plan. This can be accomplished by:

• Creating an awareness of the Software Quality Assurance Certification and its benefitsto your quality assurance practitioners.

• Requiring or encouraging your quality assurance practitioners to become certified. • Recognizing and rewarding successful candidates.

• Supporting recertification as a means of maintaining quality assurance competency.

QAI, as administrators of the Software Quality Assurance Certification, will assist you in this effort.

</div>Trang 29<div class="page_container" data-page="29">

See www.qaiglobalinstitute.com for detailed information.

Intro.2 Meeting the Certification Qualifications

To become certified in Software Quality Assurance, every candidate must first:

1. Satisfy all of the prerequisites required prior to applying for candidacy – educational and professional prerequisites, and recommendations for preparing for the examination.2. Subscribe to the Code of Ethics as described on page Intro-9.

3. Complete the Certification Candidacy Online Application. See “Submitting the Initial Application” on page Intro-11 for information on all the materials needed to submit your application.

Intro.2.1 Prerequisites for Candidacy

Before you submit your application, first check that you satisfy the educational and professional prerequisites described below and understand what is expected of Certified Software Quality Analysts after certification.

Intro.2.1.1 Educational and Professional Prerequisites

Intro.2.1.1.1 CASQ

To qualify for candidacy, each applicant must meet one of the “rule of 3’s” credentials listed below:

1. A three- or four-year degree from an accredited college-level institution.

2. A two-year degree from an accredited college-level institution and one year ofexperience in the information services field.

3. Three years of experience in the information services field.

Intro.2.1.1.2 CSQA

To qualify for candidacy, each applicant must meet one of the “rule of 6’s” credentials listed below:

</div>Trang 30<div class="page_container" data-page="30">

1. A four year degree from an accredited college-level institution and two years of ence in the information services field.

2. A three year degree from an accredited college-level institution and three years of ence in the information services field.

3. A two year degree from an accredited college-level institution and four years of ence in the information services field.

experi-4. Six years of experience in the information services field.

3. Eight years of experience in the information services field.

Intro.2.1.2 Expectations of the Certified Professional

Knowledge within a profession doesn't stand still. Having passed the certification

examination, a certificant has demonstrated knowledge of the designation's SQABOK at the point in time of the examination. In order to stay current in the field, as knowledge and techniques mature, the certificant must be actively engaged in professional practice, and seek opportunities to stay aware of, and learn, emerging practices.

The certified SQA analyst is required to submit 120 credit hours of Continuing Professional Education (CPE) every three years to maintain certification or take an examination for recertification. Any special exceptions to the CPE requirements are to be directed to Software Certifications. Certified professionals are generally expected to:

• Attend professional conferences to stay aware of activities and trends in theprofession.

• Take education and training courses to continually update skills and competencies.• Develop and offer training to share knowledge and skills with other professionals and

</div>Trang 31<div class="page_container" data-page="31">

and work habits of individuals (or someone who can act in an advisory position to upper management) to make quality in software quality assurance happen.

Intro.2.1.2.1 Professional Skill Proficiency Responsibilities

In preparing yourself for the profession of Software Quality Assurance and to become more effective in your current job, you need to become aware of the three C’s of today's workplace:

• Change – The speed of change in technology and in the way work is performed is

accelerating. Without continuous skill improvement, you will become obsolete in themarketplace.

• Complexity – Information technology is becoming more complex, not less complex.

Thus, achieving quality, with regard to SQA in the information technologyenvironment, will become more complex. You must update your skill proficiency inorder to deal with this increased complexity.

• Competition – The ability to demonstrate mastery of multiple skills makes you a more

desirable candidate for any professional position. While hard work does not guaranteeyour success, few, if any, achieve success without hard work. A software qualityassurance certification is one form of achievement. A software quality assurancecertification is proof that you’ve mastered a basic skill set recognized worldwide in theinformation technology arena.

Intro.2.1.2.2 Develop a Lifetime Learning Habit

Become a lifelong learner in order to perform your current job effectively and remain marketable in an era of the three C’s. You cannot rely on your current knowledge to meet tomorrow's job demands. The responsibility for success lies within your own control.

Perhaps the most important single thing you can do to improve yourself professionally and personally is to develop a lifetime learning habit.

REMEMBER: “If it is going to be—it’s up to me.”

Intro.2.2 Code of Ethics

An applicant for certification must subscribe to the following Code of Ethics that outlines the ethical behaviors expected of all certified professionals. Software Certifications includes processes and procedures for monitoring certificant’s adherence to these policies. Failure to adhere to the requirements of the Code is grounds for decertification of the individual by the International Software Certifications Board.

</div>Trang 32<div class="page_container" data-page="32">

Intro.2.2.1 Purpose

A distinguishing mark of a profession is acceptance by its members of responsibility to the interests of those it serves. Those certified must maintain high standards of conduct in order to effectively discharge their responsibility.

Intro.2.2.2 Responsibility

This Code of Ethics is applicable to all certified by the ISCB. Acceptance of any certification designation is a voluntary action. By acceptance, those certified assume an obligation of self-discipline beyond the requirements of laws and regulations.

The standards of conduct set forth in this Code of Ethics provide basic principles in the practice of software quality assurance. Those certified should realize that their individual judgment is required in the application of these principles.

Those certified shall use their respective designations with discretion and in a dignified manner, fully aware of what the designation denotes. The designation shall also be used in a manner consistent with all statutory requirements.

Those certified who are judged by the ISCB to be in violation of the standards of conduct of the Code of Ethics shall be subject to forfeiture of their designation.

Intro.2.2.3 Professional Code of Conduct

Software Certifications certificate holders shall:

1. Exercise honesty, objectivity, and diligence in the performance of their duties and sibilities.

respon-2. Exhibit loyalty in all matters pertaining to the affairs of their organization or to whomever they may be rendering a service. However, they shall not knowingly be party to any illegal or improper activity.

3. Not engage in acts or activities that are discreditable to the profession of software quality assurance or their organization.

4. Refrain from entering any activity that may be in conflict with the interest of their zation or would prejudice their ability to carry out objectively their duties and responsibil-ities.

organi-5. Not accept anything of value from an employee, client, customer, supplier, or business associate of their organization that would impair, or be presumed to impair, their profes-sional judgment and integrity.

6. Undertake only those services that they can reasonably expect to complete with sional competence.

</div>Trang 33<div class="page_container" data-page="33">

profes-7. Be prudent in the use of information acquired in the course of their duties. They shall not use confidential information for any personal gain nor in any manner that would be con-trary to law or detrimental to the welfare of their organization.

8. Reveal all material facts known to them that, if not revealed, could either distort reports of operation under review or conceal unlawful practices.

9. Continually strive for improvement in their proficiency, and in the effectiveness and ity of their service.

qual-10. In the practice of their profession, shall be ever mindful of their obligation to maintain the high standards of competence, morality, and dignity promulgated by this Code of Ethics. 11. Maintain and improve their professional competency through continuing education. 12. Cooperate in the development and interchange of knowledge for mutual professional ben-

efit.

13. Maintain high personal standards of moral responsibility, character, and business integrity.

Intro.2.2.4 Grounds for Decertification

Revocation of a certification, or decertification, results from a certificant failing to reasonably adhere to the policies and procedures of Software Certifications as defined by the ISCB. The ISCB may revoke certification for the following reasons:

• Falsifying information on the initial application and/or a CPE reporting form, • Failure to abide by and support the Software Certifications Code of Ethics,

Intro.2.3 Submitting the Initial Application

A completed Certification Candidacy Application must be submitted on-line at

www.softwarecertifications.org/portal. The ISCB strongly recommends that you submit the application only if you have:

• Satisfied all of the prerequisites for candidacy as stated on page Intro-7.• Subscribed to the Code of Ethics as described on page Intro-9.

• Reviewed the SQABOK and identified those areas that require additional studying.The entire SQABOK is provided in Skill Category 1 through Skill Category 10. A

comprehensive list of related references is listed in the appendices.

• Current experience in the field covered by the certification designation.

• Significant experience and breadth to have mastered the basics of the entire SQABOK.• Prepared to take the required examination and therefore ready to schedule and take the

examination.

</div>Trang 34<div class="page_container" data-page="34">

• Are not yet working in the field but who have an interest in obtaining employment inthe field (CSQA and CMSQ).

• Are working in limited areas of the field but would like to expand their work roles toinclude broader responsibilities (CSQA and CMSQ).

• Are working in IT but have only marginal involvement or duties related to thecertification (CSQA and CMSQ).

• Are interested in determining if this certification program will be of interest to them.Candidates for certification who rely on only limited experience, or upon too few or specific study materials, typically do not successfully obtain certification. Many drop out without ever taking the examination. Fees in this program are nonrefundable.

Do not apply for CSQA or CMSQ unless you feel confident that your work activities and past experience have prepared you for the examination process.

Applicants already holding a certification from the ISCB must still submit a new application when deciding to pursue an additional certification. For example, an applicant already holding a CSTE or CSBA certification must still complete the application process if pursuing the CSQA certification.

Intro.2.3.1 Updating Your On-Line Profile

It is critical that candidates keep their on-line profile up-to-date. Many candidates change their residence or job situations during their certification candidacy. If any such changes occur, it is the candidate's responsibility to login to the Software Certification Customer Portal and update their profile as appropriate.

Intro.2.4 Application-Examination Eligibility Requirements

The Certification Candidacy begins the date the application fee is processed in the Customer Portal. The candidate then has 12 months from that date to take the initial examination or the

candidacy will officially expire. If the application is allowed to expire the individual must

reapply for candidacy and pay the current application fee to begin the certification candidacy again.

If the examination is taken inside that 12-month period, then another year is added to the original application length and two more attempts, if required. Candidates for certification must pass a two-part examination in order to obtain certification. The examination tests the candidate's knowledge and practice of the competency areas defined in the SQABOK.

Candidates who do not successfully pass the examination may re-take the examination up to

</div>Trang 35<div class="page_container" data-page="35">

two times by logging into the Software Certification’s Customer Portal and selecting the

retake option and paying all required fees.

Technical knowledge becomes obsolete quickly; therefore the board has established these eligibility guidelines. The goal is to test on a consistent and comparable knowledge base worldwide. The eligibility requirements have been developed to encourage candidates to prepare and pass all portions of the examination in the shortest time possible.

Intro.3 Scheduling with Pearson VUE to Take the Examination

When you have met all of the prerequisites as described above, you are ready to schedule and take the Software Quality Assurance examination.

To schedule the Software Quality Assurance Certification examination, every candidate must:• Satisfy all of the qualifications as described in “Meeting the CertificationQualifications” starting on page Intro-7. Be certain that you are prepared and havestudied the SQABOK and the vocabulary in Appendix A.

• After completing your on-line application you will receive within 24 hours anacknowledgment from Pearson VUE Testing Centers that you are eligible to take theexam at a Pearson VUE site. You will follow the instructions on that acknowledgmentemail for selecting a testing center location, date and time of your exam.

Intro.3.1 Arriving at the Examination Site

Candidates should arrive at the examination location at least 30 minutes before the scheduled start time of the examination. To check-in at the testing center, candidates must have with them two forms of identification, one of which must be a photo ID. You will receive an email from Pearson VUE regarding arrival instructions.

Intro.3.1.1 No-shows

Candidates who fail to appear for a scheduled examination – initial or retake – are marked as NO SHOW and must submit an on-line Examination Re-sit request to apply for a new examination date. If a candidate needs to change the date and/or time of their certification exam, they must log in directly to the Pearson VUE site to request the change. All changes must be made 24 hours before the scheduled exam or a re-sit fee will be required.

</div>Trang 36<div class="page_container" data-page="36">

Intro.4 How to Maintain Competency and Improve Value

Maintaining your personal competency is too important to leave to the sole discretion of your employer. In today’s business environment you can expect to work for several different organizations, and to move to different jobs within your own organization. In order to be adequately prepared for these changes you must maintain your personal competency in your field of expertise.

Intro.4.1 Continuing Professional Education

Most professions recognize that continuing professional education is required to maintain competency of your skills. There are many ways to get this training, including attending professional seminars and conferences, on-the-job training, attending professional meetings, taking e-learning courses, and attending professional association meetings.

You should develop an annual plan to improve your personal competencies. Getting 120 hours of continuing professional education will enable you to recertify your Software Quality Assurance designation.

Intro.4.2 Advanced Software Quality Assurance Designations

You can use your continuing professional education plan to improve and demonstrate your value to your employer. Your employer may have difficulty assessing improved competencies attributable to the continuing professional education you are acquiring. However, if you can use that continuing education effort to obtain an advanced certification, you can demonstrate to your employer your increased value to the organization by acquiring an advanced

Intro.4.2.1 What is the Certification Competency Emphasis?

The drivers for improving performance in IT are the quality assurance and quality control (testing) professionals. Dr. W. Edward Deming recognized this “do-check” partnership of quality professionals in his “14 points” as the primary means for implementing the change needed to mature. Quality control identifies the impediments to quality and quality assurance facilitates the fix. Listed below is the certification level, emphasis of each certification, and how you can demonstrate that competency.

• CASQ

Demonstrate competency in knowing what to do.

Study for, and pass, a one-part examination designed to evaluate the candidate’sknowledge of the principles and concepts incorporated into the SQABOK.

</div>Trang 37<div class="page_container" data-page="37">

• CSQA

Demonstrate competency in knowing what to do and how to do it.

Study for, and pass, a two-part examination designed to evaluate the candidate’sknowledge of the principles and concepts incorporated into the SQABOK, plus the abilityto relate those principles and concepts to the challenges faced by IT organizations.

Demonstrate competency in knowing how to solve management level challenges.

Candidates must demonstrate their ability to develop real solutions to challenges in theirIT organizations, by proposing a solution to a real-world management problem.

</div>Trang 39<div class="page_container" data-page="39">

Preparing for the CSQA Examination

he CSQA examination is designed to evaluate your knowledge of the principles andpractices of software quality analysis. The principles primarily will involve vocabulary.This is to ensure that you understand what quality in an IT function is attempting toaccomplish. The second half of the examination is on the application of those principles.This is to ensure that you can recognize good software quality practices when they occur.

Preparing for any standardized examination should be considered a serious undertaking. Beginpreparing and studying well in advance. Remember that the minimum requirement for submitting

your application is 60 calendar days prior to the exam date. When you know you will be applying

for the examination, submit your application and fees and begin studying. Avoid “cramming,” as itis rarely beneficial in the long term. See the “Introduction” for detailed information on submittingyour application.

Assess Your CSQA CBOK Competency Intro-18Understand the Key Principles Incorporated

Review the List of References Intro-23Initiate a Self-Study Program Intro-24Take the Sample Examination Intro-25

T

</div>Trang 40<div class="page_container" data-page="40">

Assess Your CSQA CBOK Competency

The Common Body of Knowledge (CBOK) for the CSQA is, in effect, a job description for aworld-class IT quality assurance analyst. The CSQA Certification Board has defined the skillswithin the CBOK as those skills that would enable an IT quality assurance analyst to perform thetasks needed to meet today’s IT quality challenges.

Many human resource organizations use the CSQA CBOK as the basis for writing job descriptionsfor IT quality assurance analysts. To properly prepare yourself to be proficient in the practice of ITquality assurance, you should develop a personal plan of action that would enable you to assessyour competency in the CSQA CBOK. It is recognized that many software quality analysts do notneed to be competent in all of the skill categories to fulfill their current job responsibilities.

The current CBOK includes 10 skill categories that are fully described in this guide:Skill Category 1 Quality Principles and Concepts

Skill Category 2 Quality Leadership

Skill Category 3 Quality Baselines (Assessments and Audits)Skill Category 4 Quality Assurance

Skill Category 5 Quality Planning

Skill Category 6 Define, Build, Implement and Improve Work ProcessesSkill Category 7 Quality Control Practices

Skill Category 8 Metrics and MeasurementsSkill Category 9 Internal Control and Security

Skill Category 10 Outsourcing, COTS, and Contracting Quality

The 10 CSQA CBOK Skill Categories are common to all quality-related assignments andtherefore, the certification examination focuses equally on all of them.

Complete the CSQA Skill Assessment Worksheet

To assess your competency of the CSQA CBOK, complete the worksheet, “CSQA SkillAssessment Worksheet” starting on Eval-2. Follow these guidelines on how to use the worksheetto rate your competency and identify those areas that you need to better understand to successfullypass the CSQA examination:

1. Assess your competency of each skill listed on the worksheet. Carefully read each skillwithin the skill category. Based on your reading of the skill, assess your competency in

</div>

CSQA CBOK v6.3

CSQA COMMON BODY OF KNOWLEDGE

<i>Guide to the</i>

<b>Meeting the Certification Qualifications . . . Intro-7</b>

Prerequisites for Candidacy . . . .Intro-7

Code of Ethics . . . .Intro-9

Submitting the Initial Application . . . .Intro-11

<b>Scheduling with Pearson VUE to Take the Examination . . . .Intro-13</b>

Arriving at the Examination Site . . . Intro-13

<b>How to Maintain Competency and Improve Value . . . .Intro-14</b>

Continuing Professional Education . . . Intro-14Advanced Software Quality Assurance Designations . . . Intro-14

<b>Preparing for the CSQA Examination . . . .Intro-17</b>

<b>Assess Your CSQA CBOK Competency . . . .Intro-18</b>

Complete the CSQA Skill Assessment Worksheet . . . Intro-18Calculate Your CSQA CBOK Competency Rating . . . Intro-20

<b>Understand the Key Principles Incorporated </b>

<b> Into the Examination . . . .Intro-22Review the List of References . . . .Intro-23Initiate a Self-Study Program . . . .Intro-24Take the Sample Examination . . . .Intro-25</b>

<b>CSQA Skill Assessment Worksheet . . . Eval-1</b>

<b>Assess Your Skills against the CSQA CBOK . . . Eval-1</b>

Work Processes . . . Eval-7Skill Category 7 – Quality Control Practices . . . Eval-8Skill Category 8 – Metrics and Measurement . . . Eval-9Skill Category 9 – Internal Control and Security . . . Eval-10Skill Category 10 – Outsourcing, COTS, and Contracting Quality . . Eval-11

<b>CSQA CBOK Competency Rating Table . . . Eval-12</b>

<b>Skill Category 1</b>

<b>Quality Principles . . . 1-1</b>

<b>Vocabulary of Quality . . . .1-1The Different Views of Quality . . . .1-4</b>

The Two Quality Gaps . . . .1-5Quality Attributes for an Information System . . . .1-6

<b>Quality Concepts and Practices . . . .1-8</b>

PDCA Cycle . . . .1-9Cost of Quality . . . .1-11

Six Sigma Quality . . . .1-15Baselining and Benchmarking . . . .1-16Earned Value . . . .1-16

<b>Quality Control and Quality Assurance . . . .1-17</b>

Quality Control . . . .1-17Quality Assurance . . . .1-18Differentiating Between Quality Control and Quality Assurance . . . .1-18Understanding and Using the Just-In-Time (JIT) Technique . . . .1-19

<b>Quality Pioneers Approach to Quality . . . .1-22</b>

Dr. W. Edwards Deming . . . .1-22Philip Crosby . . . .1-25Dr. Joseph Juran . . . .1-28Total Quality Management . . . .1-29

Empowerment of Employees . . . 2-14

<b>Quality Management Infrastructure . . . 2-15</b>

Quality Council . . . 2-16Management Committees . . . 2-17Teams and Work Groups . . . 2-17

Process Improvement Teams . . . 2-29

<b>Quality Environment . . . 2-30</b>

The Six Attributes of an Effective Quality Environment . . . 2-30

Setting the Proper “Tone” at the Top . . . .2-40Code of Ethics and Conduct . . . .2-41Open Communications . . . .2-41

Implementing a Mission, Vision, Goals, Values, and Quality Policy . . .2-48

Monitoring Compliance to Organizational Policies and Procedures . . . .2-53

Enforcement of Organizational Policies and Procedures . . . .2-57

<b>Skill Category 3</b>

<b>Quality Baselines . . . .3-1</b>

<b>Quality Baseline Concepts . . . 3-1</b>

Baselines Defined . . . 3-1Types of Baselines . . . 3-2Conducting Baseline Studies . . . 3-2

<b>Methods Used for Establishing Baselines . . . 3-7</b>