Quality Assurance Plan

 

 

 

DCN# SYS-PL-0003

 

 

 

 

August 28, 2009

 

 

 

 

COMPANY PROPRIETARY

 

 

 

Systalex Corporation
1901 Research Boulevard, Suite 240
 Rockville, MD 20850

 

 


Document Information

TABLE OF CONTENTS

 

1.0        Introduction. 1

1.1    Purpose. 1

1.2    Scope  1

1.3    References. 1

2.0        Quality Objectives. 1

3.0        Management 2

3.1    Organization. 2

3.2    Tasks & Responsibilities. 2

3.2.1     Task 1:  Development and Revisions to QA Planning. 2

3.2.1.1         Purpose. 2

3.2.1.2         Roles and Responsibilities. 2

3.2.2     Task 2:  Review/Audit Project Processes and Work Products. 2

3.2.2.1         Purpose. 2

3.2.2.2         Roles and Responsibilities. 3

3.2.3     Task 3:  Participate in the Preparation and Review of the Project Management Plan. 3

3.2.3.1         Purpose. 3

3.2.3.2         Roles and Responsibilities. 3

3.2.4     Task 4:  Review Project Activities. 3

3.2.4.1         Purpose. 3

3.2.4.2         Roles and Responsibilities. 3

3.2.5     Task 5:  Objective Audits of QAG Staff. 3

3.2.5.1         Purpose. 3

3.2.5.2         Roles and Responsibilities. 3

3.3    Task Scheduling. 4

4.0        Processes. 4

5.0        Quality Assurance Documentation. 4

5.1    Project Documentation. 5

6.0        Standards and Guidelines. 5

7.0        Metrics. 6

8.0        Review and Audit Procedure. 7

8.1    Process and Product Reviews. 7

8.2    Process and Product Audits. 7

9.0        Resolution and Corrective Action for Deviations and Non -Compliances. 8

10.0      Recording and Analyzing Deviations and Noncompliance Items. 8

11.0      Quality Records. 8

12.0      Training. 8

13.0      Risk Management 8

 


1.0              Introduction

1.1         Purpose

This Quality Assurance Plan (QAP) provides the essential guidance, direction and focus for use by the Quality Assurance Group (QAG) in monitoring, assessing and reporting quality assurance (QA) activities associated with projects within the Systalex. The purpose of QA within the context of this plan is to provide executive and senior management with appropriate insight into the processes and products being used and developed. To that end, QA will involve the review and auditing of project work products and activities by the QAG to verify that they comply with applicable standards and procedures. QA will further provide executive management, senior management, project-level management and appropriate staff/line elements with the results of these reviews and audits.

1.2         Scope

This QAP applies to all activities associated with Systalex projects for which a specific QAP has not been developed. This will act as the standing QAP and should be followed for most projects in the division. The QAG will:

  • Be responsible for coordinating and implementing QA for the projects
  • Assist with the establishment of project plans, standards and procedures that will add value to the project
  • Assist in satisfying project constraints as well as constraints that may be generated by corporate policies
  • Verify that all project QA staff perform their functions in compliance with this QAP
  • Review and/or audit project activities and work products for developing and maintaining relevant standard process and related process assets and report the results
  • Be trained on proper QA auditing procedures, reporting and deficiency tracking

1.3         References

1.       CMU/SEI-2002-TR-001, Capability Maturity Model® Integration (CMMI ), Version 1.1, Continuous Representation, December 2001

2.       Policies For Projects, SYS-PO-0001

3.       QA Plan Template, SYS-TP-0006

4.       QA Audit Report Template, SYS-TP-0009

5.       QA Deviation and Non-Compliance Log, SYS-LG-0002

6.       QA Audit Checkpoint Review Checklist, SYS-CL-0009

2.0              Quality Objectives

The objectives of QA for the Systalex team are to:

  • Ensure QA activities are planned and incorporated into this QAP
  • Inform affected groups and individuals of QA activities and results
  • Ensure the project’s QA staff follow applicable project and organizational standards and procedures
  • Objectively verify conformance to applicable standards, procedures and requirements across all projects and subcontractors
  • Identify in accordance with established procedures non-compliance issues of the project staff, engineering support groups, and others as required using process and product reviews and audits
  • Provide executive management with the results of process reviews and audits

3.0              Management

3.1         Organization

The QAG will verify compliance with organizational and project defined processes and will serve as the objective “eyes and ears” of senior management.  A QAG staff member has been assigned to each project or program within Systalex and has a reporting channel to senior management. Each QAG staff member will conduct reviews and audits for processes that they have not performed or work products they have not authored or co-authored. Senior management has the responsibility and the authority to receive and act upon noncompliance issues. If the QAG identifies a deviation or non-compliance with a process or product standard, sufficient mechanisms are in place to immediately report to appropriate levels of management without fear of retribution.

3.2         Tasks & Responsibilities

The QAG will perform project tasks, roles and responsibilities as summarized in the following paragraphs. The QAG will:

·         Verify that all projects QA staff performs their functions in compliance with this QAP.

·         Review and/or audit project activities and work products for developing and maintaining project processes and related process assets and report the results in accordance with established procedures. At a minimum, these reviews and/or audits will verify that:

-Appropriate standards are followed in developing, documenting, and maintaining the project standard processes and related process assets

-The project standard processes and related process assets are controlled and used appropriately

3.2.1        Task 1:  Development and Revisions to QA Planning

3.2.1.1       Purpose

Ensure that this QAP is developed in compliance with the most recent version of the applicable procedures and QAP template (see references – item 3).  This QAP will define an approach that provides adequate confidence that the project’s QA's work products conform to organizational and project defined processes and standards. The QAP will identify product and process reviews and ensure that they are planned and performed according to applicable procedures and standards. The schedule for reviews is included in Section 3.3.

3.2.1.2       Roles and Responsibilities

  • QAG: Develop and update the QAP
  • Senior Management:  Establish the QAG and provide for its oversight; periodically review QAG activities and resolve nonconformance issues when necessary
  • Program Management:  Provide direction and make available project plans, standards and procedures that require QA audit / review. Identify work products that must be audited by QA and the relevant standards against which these work products should be audited.
  • Project Staff:  Will provide input as necessary regarding areas of their tasking that require QA audits or reviews.

3.2.2        Task 2:  Review/Audit Project Processes and Work Products

3.2.2.1       Purpose

This QAP will identify all QA work products to be developed and evaluated and includes standards or guidelines to be followed. The QAG verifies that project work products have undergone appropriate product evaluation, testing, and corrective actions as required by the project defined and/or organizational processes and standards prior to the delivery to clients. The QAG will ensure that project QA audit/review results are reported and that issues or problems that are reported are resolved in accordance with established procedures.

3.2.2.2       Roles and Responsibilities

  • Delivery Director:  Make available project staff as required and provide documentation and artifacts to the QAG.
  • QAG: Verify that the project QA activities and work product development are in accordance with corporate, project and client specifications.

3.2.3        Task 3:  Participate in the Preparation and Review of the Project Management Plan

3.2.3.1       Purpose

The QAG will provide consultation and review of a project’s Project Management Plan:

  • Compliance to organizational policy
  • Compliance to externally imposed standards and requirements
  • Standards that are appropriate for use by the project
  • Topics that should be addressed in the project management plan
  • Other areas as assigned by the project

3.2.3.2       Roles and Responsibilities

  • Delivery Director:  Make available the project management plan and any related artifacts and tools (project schedules, work breakdown structures, status reports, level of effort and cost tracking sheets etc.) that support the plan and its implementation.
  • QAG: Verify that the project management plan and its associated artifacts and tools have been developed in accordance with corporate, project and client specifications.

3.2.4        Task 4:  Review Project Activities

3.2.4.1       Purpose

The QAG will:

  • Evaluate project activities against the project management plan and designated project standards and procedures
  • Identify, document and track deviations to closure
  • Verify that corrective action are initiated and appropriate

3.2.4.2       Roles and Responsibilities

  • The QAG:  Review project activities to verify compliance with prevailing directives, standards etc.
  • Project lead, engineering support groups and relevant project staff:  Cooperate and be fully supportive of review activities of the QAG
  • Non Systalex Stakeholders:  Review QA activities and be informed of QAG progress and results
  • Or Non Systalex Stakeholders:  Is NOT available or does NOT desire visibility into the QA activities and findings, therefore the “Waiver” checkbox located on the Approval page is checked “YES” as validation.

3.2.5        Task 5:  Objective Audits of QAG Staff

3.2.5.1       Purpose

The QAG staff will undergo annual audits to ensure they are following applicable QA processes and standards.

 

3.2.5.2       Roles and Responsibilities

  • External Auditor: Review QAG activities and work products to verify compliance with prevailing directives, standards, processes etc.
  • QAG:  Provide external auditor with all of the necessary artifacts for conducting the audits and provide full cooperation to the external auditor

3.3         Task Scheduling

Table 3-1.  Task Schedule of Milestones, shows the reviews and audits scheduled for task milestones, as well as reviews that are triggered by delivery of task artifacts. Each of these tasks will be included in each project’s schedule.

 

Table 3-1.  Task Schedule of Milestones

Task

Milestone

Typical Date Planned

Task 1:  Revisions to QAP

·         Review QAP

·         Identify new tasks/update QAP

·         Quarterly

·         As notified by Senior Management

Task 2:  Review/ Audit Project Processes and Work Products

·        Review Project activities to verify compliance

·        Review/audit Project work products for compliance with Project/Organizational standards

·         Prior to Start of Next Phase of the Project’s Lifecycle

·         Prior to Delivery to the Client or Base lining

 

Task 3:  Participate in Preparation/Review of Project Management Plans

·         Participate in the preparation of project plans

·         Verify that appropriate project plans are created and updated

·         As notified by the PM

 

·         Prior to Start of Next Phase of the Project’s Lifecycle

Task 4:  Review Project Activities

·         Evaluate project engineering support activities

·         Track deviations and corrective actions

·         Prior to Start of Next Phase of the Project’s Lifecycle

·         As required

Task 5:  Objective audit of QAG Staff

·         Audit QAG Staff by a qualified objective party.

·         Annually

 

Refer to the Standard MS Project Plan Checklist for QA tasks and activities:

 

4.0              Processes

A typical full development life cycle project should implement the following core set of processes:

·          Project Planning

·          Project Monitoring and Control

·          Requirements Management

·          Configuration Management

·          Measurement and Analysis

QA is responsible for conducting audits on processes and work products.  Refer to the Standard MS Project Plan for QA tasks and activities.

Additionally, when a project is using suppliers QA is responsible for auditing the projects implementation of the Supplier Management process.

QA is also responsible for submitting to an independent of its QA process as performed on the project.

 

 

5.0              Quality Assurance Documentation

Quality Assurance documentation consists of the following:

 

  • Audit Results
  • Audit Reports
  • QA MS Project Plan
  • QA Metrics Workbook
  • Deviation and Non-compliance Log
  • QA Monthly Review Briefings
  • QA Monthly Status Reports
  • QA Plan

 

5.1         Project Documentation

A typical full development life cycle project should at a minimum have the following documentation:

  • Project Management Plan
  • Requirements Traceability Matrix and possibly a separate Requirements Document (Functional, Business Rules etc.)
  • Detailed Design Document (this may be split into high level and detail design documents) (to be included in the Traceability Matrix)
  • Test Plan(s) and Test Scripts
  • User Documentation (e.g., Release Notes, User Guides, Installation Guides, etc.)
  • Configuration Management Plan
  • Statement of Work (SOW)
  • MS Project Plan
  • QA Plan

 

QA is responsible for reviewing and approving these documents to ensure they comply with all applicable standards.

6.0              Standards and Guidelines

See the references section of the project’s Project Management Plan for the standards used by which the project’s activities should be monitored.


 

7.0              Metrics

The following measurements will be used to monitor a project’s QA activities:

 

Metric Name

Objective

Definition

Data Source

Collection Method

Storage Procedure

Analysis Method

Analysis Threshold

Reporting Requirement

Product and Process Quality Assurance

# of QA audits/reviews planned vs. # completed

·   Ensure audits are conducted in a timely fashion

A direct comparison between the number of audits planned in a month against the audits actually performed

Actual  QA Audit Forms

QA Audit reports for each project/activity.

QA deviation logs for each project/activity

 

QA activities are tracked on the project’s schedule. This data will be summarized into the QA metrics workbook.

Monthly QA PMR

QA Metric Workbook

Actual Audit Forms

· Monthly, the data will be charted on a graph and visually analyzed

· Any variance will require Senior Management notification and resolution

· Monthly report to Delivery Director and Senior Management

Effort planned vs. spent on QA activities

·   Ensure audits are performed efficiently

·   Ensure proper management of QA overhead

The % deviation of the effort expended in month on QA vs. the planned effort

Actual  QA Audit Forms

QA Audit reports for each project/activity.

QA deviation logs for each project/activity

 

The time reported on Actual audit form plus the planned effort recorded on the project’s schedule will be summarized into the QA metrics workbook.

Monthly QA PMR

QA Metric Workbook

Actual Audit Forms

· Monthly, the data will be charted on a graph and visually analyzed

· Any variance greater than 10% will require Senior Management notification and resolution

· Monthly report to Delivery Director and Senior Management

# of deviations outstanding per month

·   Ensure deviations are resolved according to the agreed schedule

Aging of deviations beyond their resolution due date

Actual  QA Audit Forms

QA Audit reports for each project/activity.

QA deviation logs for each project/activity

 

The data from the deviation tracking log will be summarized in the QA metrics workbook.

Monthly QA PMR

QA Metric Workbook

Actual Audit Forms

· Monthly, the data will be charted on a graph and visually analyzed

· Any unresolved deviation that is older than 3 months will require Senior Management notification and resolution

· Monthly report to Delivery Director and Senior Management

 

8.0              Review and Audit Procedure

8.1         Process and Product Reviews

The QAG will use QA Audit checklists to ensure appropriate artifacts exist and are being followed for each of their task areas (see section 3.2 of this QAP). The checklists’ focus will be developed with input from the project team members and results from previous audits. The project’s defined processes (e.g. Project Management Plan, Configuration Management Plan, project reviews) will be used as the basis for deriving process related questions. These checklists will be tailored to focus on the project’s defined processes. They will contain objective questions that will provide insight into the project staff’s knowledge and use of the project’s defined processes. They will also contain objective questions that will provide insight into the project’s defined processes’ effectiveness in meeting the business objectives and standards.

8.2         Process and Product Audits

The QAG reports the results of audits of the project’s defined processes and product and provides recommendations, if necessary, using the QA Audit Report (see references – item 4).  The QA Audit Report and related documentation reviewed/audit checklist used/supplemental questions included with the QA Audit Report are used to record that the process is:

  • Being followed correctly and working effectively
  • Being followed but is not working effectively, or
  • Not being followed

The QAG will provide the QA Audit Report to the project lead and any staff audited.  In addition, the QA Audit Report will be made available to all Systalex team staff through posting of the report on the division’s Process Asset Library. The project lead uses the report results to identify enforcement activities, needed training or changes that may be required to established processes. Additionally, the QAG will provide the QA Audit Report to executive/senior management for use in identifying and mitigating project risks at the organizational level.

For all QA Audit Reports, the project lead’s acceptance will be required on the results of the audit prior to addressing deviations and/or non-compliances.  Acceptance means that the project lead agrees with the results of the audit and agrees with meeting the resolution date of all deviations under his/her purview. In the case where a deviation expands outside of the project lead’s responsibility, the audit report will be provided to the responsible process owner that the deviation is written against. This process own will also be responsible for accepting the audit results and resolving the deviation per the agreed schedule.

In addition to being included in the QA Audit Report, any deviations found during an audit will be recorded in the QA Deviation and Non-Compliance Log (see references – item 5).  This log will serve as the central repository for all deviation and non-compliance tracking. It will be maintained on the Systalex Process Asset Library.

9.0              Resolution and Corrective Action for Deviations and Non -Compliances

Deviations will be first addressed within the project and resolved at the lowest possible level. Deviations found will be included in the QA Audit Report and tracked in the QA Deviations and Non-Compliance Log.  For deviations not resolved by the project by the agreed date, the QAG will upgrade these to noncompliance items and will escalate them to senior management for resolution.

 

The QAG will communicate the noncompliance items to senior management during routine scheduled weekly status meetings.  The Deviations and Non-Compliance Log is updated on an as needed bases and placed on the portal for management review.

10.0          Recording and Analyzing Deviations and Noncompliance Items

The QAG is responsible for monitoring the implementation of corrective actions to verify that the deviation is actually closed.  When a project closes a deviation, the QAG will be notified. The QAG will then verify that the deviation is actually closed. The QAG will use the QA monthly status report to report deviations, noncompliance items, corrective actions and resolutions. Noncompliance items presented to senior management will be periodically reviewed until they are resolved. The QA monthly status report will be provided to senior management, program management and project leads. Tools, Techniques and Methodologies

This QAP, QA Audit Report, QA Assessment Templates, and QA Deviation and Non-Compliance Log will be the tools used by the QAG to verify that organizational and project defined processes are complied with.

11.0          Quality Records

The QA Monthly Status Reports and metrics data collected (see Section 6) will be reviewed for trends and QA process improvement initiatives. All QA records will be collected and maintained by the QAG and archived and stored on the Systalex Process Asset Library. The QA metrics will be collected in a MS Excel spreadsheet, database or similar repository.

12.0           Training

The QAG will receive training in QA as well as training on the Capability Maturity Model Integration (CMMI). Additional training that may be required for members of the QAG include:

  • Engineering skills and practices
  • Roles and responsibilities of engineering support groups and project support groups
  • Standards, procedures and methods for the project
  • Application domain of the project
  • QA objectives, procedures and methods
  • Effective use of QA methods and tools
  • Interpersonal skills and communications

13.0          Risk Management

The QAG will interface with the project lead, the project staff, and Executive/Senior Management. Actions must be taken to ensure that:

  • Sufficient resources (e.g., staff, tools, facilities, etc.) are available to perform audits/reviews of project work products and processes and other essential QA activities
  • Scheduling and funding of QAG activities are adequately addressed
  • Project level QA problems and issues are tracked to closure in an expeditious fashion.