Software quality assurance

Software quality assurance (SQA) is a means and practice of monitoring all software engineering processes, methods, and work products to ensure compliance against defined standards. It may include ensuring conformance to standards or models, such as ISO/IEC 9126 (now superseded by ISO 25010), SPICE or CMMI.

It includes standards and procedures that managers, administrators or developers may use to review and audit software products and activities to verify that the software meets quality criteria which link to standards.

SQA encompasses the entire software development process, including requirements engineering, software design, coding, code reviews, source code control, software configuration management, testing, release management and software integration. It is organized into goals, commitments, abilities, activities, measurements, verification and validation.

Purpose
SQA involves a three-pronged approach:


 * Organization-wide policies, procedures and standards
 * Project-specific policies, procedures and standards
 * Compliance to appropriate procedures

Guidelines for the application of ISO 9001:2015 to computer software are described in ISO/IEC/IEEE 90003:2018. External entities can be contracted as part of process assessments to verify that projects are standard-compliant. More specifically in case of software, ISO/IEC 9126 (now superseded by ISO 25010) should be considered and applied for software quality.

Activities
Quality assurance activities take place at each phase of development. Analysts use application technology and techniques to achieve high-quality specifications and designs, such as model-driven design. Engineers and technicians find bugs and problems with related software quality through testing activities. Standards and process deviations are identified and addressed throughout development by project managers or quality managers, who also ensure that changes to functionality, performance, features, architecture and component (in general: changes to product or service scope) are made only after appropriate review, e.g. as part of change control boards.