Software Subcontract Management Level

While subcontracting is not specifically addressed by the process framework, all the techniques, tools, and mechanisms are assumed to be flowed down to subcontractors so that the process remains homogeneous. If this cannot be done, or if the prime contractor cannot define a well-partitioned piece of work to be performed by a mature subcontractor, subcontracting should be avoided. To manage risks effectively, the number and complexity of organizational interfaces must be managed. All subcontracting decisions should be documented in the business case.

1. Isa documented procedure used for selecting subcontractors based on their ability to perform the work ?

a Organizational policy should require all personnel on a project, including software subcontractors, to follow a single development plan. Projects should employ subcontractors that have been assessed as having a process that is at least as mature as that of the project's parent organization. (In other words, a level 3 organization should not employ a level 2 subcontractor.)

2. Are changes to subcontracts made with the agreement of both the prime contractor and the subcontractor?

▲ Common sense suggests this would always be the case.

3. Are periodic technical interchanges held with subcontractors?

a Subcontractors following the same development plan would participate in the same technical interchanges, major milestones, and status assessments.

4. Are the results and performance of the software subcontractor tracked against their commitments?

a Subcontractors following the same development plan would be tracked against their commitments in the same way that the prime contractor is tracked.

5. Does the project follow a written organizational policy for managing software subcontracts?

a Policy documents require that subcontractors follow the process that the prime contractor follows.

6. Are the people responsible for managing software subcontracts trained in managing software subcontracts?

a Training is an organization-specific issue.

7. Are measurements used to determine the status of the activities for managing software subcontracts (e.g., schedule status with respect to planned delivery dates and effort expended for managing the subcontract) ?

a Subcontractors should be managed in the same homogeneous way as the prime contractor.

8. Are the software subcontract activities reviewed with the project manager on both a periodic and event-driven basis?

a Subcontractors should be managed by the software project manager in the same way as the rest of the project team. All subcontractor commitment decisions are documented in the business case, which is updated at life-cycle phase transitions.

Software Quality Assurance, Level 2

All activities and all people are involved in SQA. The use of an independent assessment team is recommended to enable quality assessment activities, such as testing and metrics analysis, to be performed concurrently (for schedule efficiency) and independently (for diversity of technical perspective). Accountability for quality resides in the various teams within an organization. For the purpose of answering this question naire, however, the activities of the independent assessment team correlate most closely to the CMM definition of SQA.

1. Are SQA activities planned?

▲ The software development plan describes the test activities, metrics, and quality control activities. The WBS captures many of the details of the plan. Release specifications are also mechanisms for planning the SQA activities.

2. Do SQA activities provide objective verification that software products and activities adhere to applicable standards, procedures, and requirements?

▲ Release specifications identify the objectives of an iteration. Software development plans identify the project standards and procedures. Release specifications also describe the quality of intermediate products from the perspective of objective pass/ fail criteria. CCBs and SCOs verify that low-level standards and procedures are checked and tracked. Automated tools within the environment (compilers, documentation production, change management) should be burdened with assuring that products adhere to applicable standards.

3. Are the results of SQA reviews and audits provided to affected groups and individuals (e.g., those who performed the work and those who are responsible for the work)?

▲ All the process checkpoints and CCB activities are SQA reviews. Intermediate results are documented periodically in release descriptions. All SCOs are addressed by the CCB with participation by affected groups.

4. Are issues of noncompliance that are not resolved' within the project addressed by senior management (e.g., deviations from applicable standards)?

a This is one of the explicit purposes of PRA approval of the development plans and status assessments. Periodic PRA reviews address any proposed deviations from organizational policy as the project progresses.

5. Does the project follow a written organizational policy for implementing SQA?

a Organizational policy and software development plans should provide the written SQA policies for the organization and projects, respectively.

6. Are adequate resources provided for performing SQA activities (e.g., funding and a designated manager who will receive and act on software noncompliance items)?

▲ The adequacy of SQA resources is not specified by policy. A good target benchmark is that about 25% of a project's effort should be allocated to assessment team activities (testing, assessment, metrics, CCB). While the determination of adequate resources and individuals is project-specific, these assessments would clearly come under the scrutiny of the PRA.

7. Are measurements used to determine the cost and schedule status of the activities performed for SQA (e.g., work completed, effort, and funds expended compared to the plan)?

▲ The WBS provides the baseline, and the periodic status assessments track actuals versus plan for all activities.

8. Are activities for SQA reviewed with senior management on a periodic basis?

a This is one of the explicit purposes of PRA reviews and PRA approval of the software development plan.

Software Configuration Management, Level 2

All activities and all people are involved with SCM, just as they are with SQA. An independent assessment team assumes primary responsibility for configuration control activities, including SCO database maintenance, CCB administration, and baseline management. These activities should be performed concurrently (for schedule efficiency) and independently (for diversity of technical perspective). In general, SCM activities are practiced by all software engineers and are supported primarily by the software engineering environment. For the purpose of answering this questionnaire, the activities of the assessment team correlate most closely to the CMM definition of SCM.

1. Are software configuration management activities planned for the project?

a The software development plan should document the SCM activities and support them with automation.

2. Has the project identified, controlled, and made available the software work products through the use of configuration management?

a SCOs and all artifacts are configuration-controlled.

3. Does the project follow a documented procedure to control changes to configuration items/units?

a SCOs provide the on-line mechanism for change control as documented in the organizational policy and software development plan.

4. Are standard reports on software baselines (e.g., software configuration control board minutes and change request summary and status reports) distributed to affected groups and individuals?

▲ Status assessments, which contain the CCB results in the form of standard metrics, should be available to all stakeholders and project teams.

5. Does the project follow a written organizational policy for implementing software configuration management activities?

a This is provided by the organizational policy and software development plans.

6. Are project personnel trained to perform the software configuration management activities for which they are responsible?

a Training is an organization-specific issue. In general, everyone in the software organization practices configuration management as enforced by the environment. The formal configuration management activities of the independent test group are primarily administrative control and reporting.

7. Are measurements used to determine the status of activities for software configuration management (e.g., effort and funds expended for software configuration management activities)?

a The WBS provides the baseline, and the periodic status assessments track actuals versus plan for all activities.

8. Are periodic audits performed to verify that software baselines conform to the documentation that defines them (e.g., by the S CM group)?

a CCBs are the most frequent audits that verify consistency on an SCO-by-SCO basis. Release descriptions provide an integrated quality, completeness, and consistency audit of the interim baselines created for major milestones.

Organization Process Focus, Level 3

1. Are the activities for developing and improving the organization's and project's software processes coordinated across the organization (e.g., via a software engineering process group)?

a All development plans and status assessments are reviewed and approved by the Software Engineering Process Authority (SEPA). These mechanisms provide for coordination and consistency across the organization.

2. Is your organization's software process assessed periodically?

▲ The SEPA is responsible for periodic assessments such as trend analyses. These assessments should be planned and quantified in an appendix to the organizational policy.

3. Does your organization follow a documented plan for developing and improving its software process?

▲ The SEPA should document this plan as an appendix to the organizational policy.

4. Does senior management sponsor the organization's activities for software process development and improvements (e.g., by establishing long-term plans, and by committing resources and funding)?

a The extent to which senior management sponsors these activities should be easy to evaluate from the composition of the SEPA and details of the organizational policy. Another indicator of management sponsorship is the extent to which the organization's process is backed up with capital investments in automation.

5. Do one or more individuals have full-time or part-time responsibility for the organization's software process activities (e.g., a software engineering process group)?

a The SEPA has this responsibility. Whether this is a single person part-time or a team of people full-time depends on the specific organization.

6. Are measurements used to determine the status of the activities performed to develop and improve the organization's software process (e.g., effort expended for software process assessment and improvement)?

a The organizational policy should address the ROI of the SEPA activities and should be updated periodically.

7. Are the activities performed for developing and improving software processes reviewed periodically with senior management?

a The organization general manager should be required to approve all periodic updates to the organizational policy.

Organization Process Definition, Level 3

1. Has your organization developed, and does it maintain, a standard software process?

a The organizational policy defines the standard software process and is updated periodically.

2. Does the organization collect, review, and make available information related to the use of the organization's standard software process (e.g., estimates and actual data on software size, effort, and cost; productivity data; and quality measurements)?

a The SEPA attends all status assessments and maintains a library of organizational assets, including status assessment results, software development plans, past project perfomance data, and other standard organizational tools and components.

3. Does the organization follow a written policy for both developing and maintaining its standard software process?

a Organizational policy defines the standard process and its maintenance.

4. Do individuals who develop and maintain the organization's standard software process receive the required training to perform these activities?

a Training is an organization-specific issue.

5. Are measurements used to determine the status of the activities performed to define and maintain the organization's standard software process (e.g., status of schedule milestones and the cost of process definition activities)?

a An appendix to the organizational policy should address the ROI of the SEPA activities.

6. Are the activities and work products for developing and maintaining the organization's standard software process subject to SQA review and audit?

a The activities and work products are continuously reviewed by practitioners. The organization general manager should convene the appropriate review authority as necessary to ensure that the organizational process collateral is adequate. The SEPA is the chief organizational SQA authority. The buck stops there unless the general manager intervenes.

Project Management Made Easy

Project Management Made Easy

What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.

Get My Free Ebook


Post a comment