- 1. Process Improvement & Software Reliability:A Symbiosis
Standardized methodologies deliver key components required to
implement Continuous and end-to-end Quality Assurance Frameworks
targeted at Software Reliability, and in turn, these Reliability
Frameworks enable controls that help enforce, measure and manage
the implementation of these standards For presentation to the SPIN
NYC BM SIG; Part II of a Series on Application of Methodologies to
leading technologies Sandipan Gangopadhyay, Dheeraj Misra, Murthy
Dasika, Ujjal Sanyal, Don hubman Graphics by Raghavendra G, Shimpi
Shankarling, Suchisman G Version 1.4 of March 22, 2006 MMVI
GalaxE.Solutions , Inc
2. Agenda
- A High-Level Blue Print for Reliability Frameworks
- A Sample Reliability Framework
3. Symbiosis 4. Symbiosis
- Aspects of standards such as ISO-12207, ITIL and COBIT generate
artifacts and capabilities that assist in the implementation of
end-to-end Reliability Frameworks (eRF)
- Reliability Frameworks, supported by these capabilities,
provide controls and feature-sets that help achieve and implement
these standards
- Their relationship is symbiotic
5. Standards Overview
- Software Engineering Institute Capability Maturity Model
- Software Development Lifecycle Management
- Common Objectives for Business and IT
- IT Infrastructure Library
- Architectural Description of Software-IntensiveSystems
-
- IEEE-1471:2000 (e.g., 4+1 Views)
6. Standards Overview SEI-CMMI 7. Standards Overview
ISO-12207:1995 Management Infrastructure Improvement HumanResource
AssetManagement Reuse ProgramManagement DomainEngineering
Organizational Processes Acquisition Development Supply Operation
Maintenance Primary Processes Documentation Configuration
Management Problem Resolution Supporting Processes Usability
Quality Assurance Verification Product Evaluation Validation Joint
Review Audit Source:ISO / IEC 8. Standards Overview COBIT Framework
COBIT Framework Business Objectives M 1Monitor the process M
2Assess internal control adequacy M 3Obtain independent assurance M
4Provide for independent audit DS 1Define service levels DS 2Manage
third - party services DS 3Manage performance and capacity DS
4Ensure continuous service DS 5Ensure systems security DS 6Identify
and attribute costs DS 7Educate and train users DS 8Assist and
advise IT customers DS 9Manage the configuration DS 10Manage
problems and incidents DS 11Manage data DS 12Manage facilities DS
13Manage operations PO 1Define a strategic IT plan PO 2Define the
information architecture PO 3Determine the technological direction
PO 4Define the IT organization and relationships PO 5Manage the IT
investment PO 6Communicate management aims and direction PO 7Manage
human resources PO 8Ensure compliance with external requirements PO
9Assess risks PO 10Manage projects PO 11Manage quality AI 1Identify
automated solutions AI 2Acquire and maintain application software
AI 3Acquire and maintain technology infrastructureAI 4Develop and
maintain IT procedures AI 5Install and accredit systems AI 6Manage
changes Criteria Effectiveness Efficiency Confidentiality Integrity
Availability Compliance Reliability ITRESOURCES ITRESOURCES Data
Application systems Technology Facilities People Data Application
systems Technology Facilities People PLAN ANDORGANISE PLAN
ANDORGANISE ACQUIREAND IMPLEMENT ACQUIREAND IMPLEMENT DELIVER
ANDSUPPORT DELIVER ANDSUPPORT ITRESOURCES ITRESOURCES Data
Application systems Technology Facilities People Data Application
systems Technology Facilities People PLAN ANDORGANISE PLAN
ANDORGANISE ACQUIREAND IMPLEMENT ACQUIREAND IMPLEMENT DELIVER
ANDSUPPORT DELIVER ANDSUPPORT Source:IT Governance Institute ,USA
MONITORAND EVALUATE 9. Standards Overview ITIL Service Management
10. Standards Overview 4+1 Views 11. SDLCM Components
- Facts about End-to-End Reliability Frameworks (eRFs)
-
- eRFs are best constructed piece by piece
-
- Both thefunctionalandnon-functionalassurances supported by
these frameworks need to be customized in order to
accuratelyreflect business needs and business justification of
cost
-
- The implementation of eRFs needs a holistic approach with
respect to:
-
-
- Organization- Management of intra-software monitoring, test
data, and continuous build
-
-
- testing requires capabilities outside of traditional QA
disciplines
-
-
- SDLC - Developers have to learn new techniques and use of new
tools
-
-
- that will reduce the impact of reliability related
responsibilities
-
-
- Infrastructure - End to end frameworks encompass reliability
aspects of
-
-
- infrastructure while providing predictable views of load,
stress
-
- Knowledge and experience helps in selecting the right set of
technologies for a given environment
Successful eRF implementations that demonstrate measurable ROI
require key SDLCM components 12. SDLCM ComponentsDelivered By These
MethodologiesFor The Implementation Of eRF Part 1
- Requirements - Use Case View and Non-functional Requirements,
Definition of Roles, Rights and Entitlements
-
- CMMI Engg Requirements management, Engg Requirements
development
- Business Domain Analysis and Model Identification of business
needs
-
- IEEE-1471 Use case view, Logical view
- Definition of Service Level Metrics
-
- COBIT DS Define service levels
- Ownership and Chargeback Mechanisms
-
- COBIT DS Identify and attribute costs
-
- ITIL Financial management
- Organizational Structure, Planning, PMO and Reporting
Process
-
- COBIT PO Define the strategic IT plan, Define the IT
organization and relationships, PO Manage projects
-
- CMMI ProjM Project planning
13. SDLCM ComponentsDelivered By These MethodologiesFor The
Implementation Of eRF Part 2
- Training and Human Resource
-
- ISO-12207 Management, Human resource, Documentation
-
- COBIT DS Educate and train users, PO Manage human
resources
-
- CMMI ProcM Organizational training
-
- ISO-12207 Configuration management, AI Manage changes, DS
Manage the configuration
-
- ITIL Change management, configuration management
- Environmental Constraints
-
- ISO-12207 Infrastructure and asset management
-
- COBIT PO Manage IT investment, DS Manage facilities
-
- ISO-12207 Domain Engineering, Reuse program management
14. A typical eRF Roadmap 15. High Level eRF Blue Print 16.
Components of an eRF 17. Components of an eRF (list)
- 1. Requirements Traceability Matrix
- 2. Test Scenarios And Database
-
- Baseline Data For DB / Loopbacks
- 4. Test Suite Builder And Orchestrator
- 5. Test Controller / Quick Test Pro
6. Virtual Clients 7. Application / Server Stack 8. Monitoring
Agents 9. Source Code Control / Management Database 10. Test Result
Database 11. Application Database 12. Application Memory / Cache
13. Loopback Devices / Simulators 14. Dashboards 15. Analytical
Reports 18. Controls And Metrics
- Facts about end-to-end Reliability Frameworks (eRFs):
-
- Service Oriented Architectures are meaningful only when
accompanied by relevant SLAs assuringfunctionaland
non-functionalreliability
-
- Abstraction of reliability services enables metrics to be
managed at levels of granularity aligned with business
processes/entities
-
- Models such as 4+1 deliver accountability through every stage
of the lifecycle
-
- Reliability is assured ascode, environment and business needs
continue to evolve
- The tools and frameworks associated with eRF help enforce,
manage, monitor and measure important controls required by the
Standards
19. Controls And Metrics(continued)
- Artifacts for Ensuring Requirements Traceability
-
- ISO-12207 Verification and Validation
-
- ISO-12207 Verification and validation, Joint Review, Audit
-
- COBIT M Obtain independent assurance
-
- CMMI Engg Verification and validation
-
- COBIT PO Manage quality, DS Manage problems and incidents, PO
Assess risks, M Monitor the process, DS Ensure continuous
service
-
- ITIL Continuity management, Availability management, Service
level management, Incident management, Problem management
-
- CMMI ProjM Risk management
-
- COBIT DS Manage performance and capacity
-
- COBIT DS Ensure systems security
-
- COBIT PO Define the information architecture
-
- Service levels, reliability, scalability and security
-
- Audit trails and accountability
20. Benefits
- Repeatable Regression Testing
- Capability to Orchestrate:
-
- Performance review and resource budgeting
- Ease of Scenario Maintenance
21. Benefits(continued)
- Facilitates Process Optimization:
-
- Improve resource utilization
-
- Integrate central processes
-
- Promote reuse and eliminate redundancy and duplication
-
- Quicker root cause analysis
- Justify cost of service and service quality through
metrics
- Predictable and reliable Software Management
- Assists compliance with statutory regulations such as:
-
- HIPAA in the Pharmaceutical and Pharmacy Benefits Management
industries
-
- US FDA 21CFR Part 11 and GxP in the Pharmaceutical
industry
-
- Sarbanes Oxley and COSO controls in a number of verticals
including Financial Services, Banking, Manufacturing and Insurance
industries
-
- NCPDP 5.x and RxHub requirements in Claims processing
-
- SEC regulations in the Financial Services industry
22. Q & A Thank You