Software Testing - Software Quality Assurance (SQA) Practices

Software Quality Assurance (SQA) is a process-oriented discipline that ensures software development and maintenance activities follow defined standards and procedures, so the final product consistently meets required quality levels.
Unlike software testing (which detects defects), SQA prevents defects by controlling how software is built.

1. SQA Standards

Standards define what “quality” means and how it should be measured.

ISO/IEC 25010 – Software Product Quality Model

ISO/IEC 25010

This standard defines quality characteristics of a software product. It helps teams evaluate whether software is “good” from a user and system perspective.

Main quality characteristics:

  • Functional suitability

  • Performance efficiency

  • Compatibility

  • Usability

  • Reliability

  • Security

  • Maintainability

  • Portability

Purpose in SQA:
Ensures quality is measurable and standardized, not subjective.

2. SQA Audits

SQA audits are formal reviews to verify whether processes follow defined standards.

Types of audits:

  • Process audit – checks if SDLC activities follow documented procedures

  • Product audit – checks if deliverables meet quality criteria

  • Compliance audit – checks adherence to external standards (ISO, CMMI)

Audit outputs:

  • Non-conformance reports

  • Corrective action plans

  • Process improvement recommendations

Key point:
Audits do not test software; they verify how the software is developed.

3. Process Quality in SQA

Process quality ensures consistent results, regardless of team or project size.

Core process-quality activities:

  • Defining standard operating procedures (SOPs)

  • Enforcing documentation (SRS, test plans, review records)

  • Conducting reviews (requirements, design, code)

  • Monitoring quality metrics (defect density, rework rate)

Why process quality matters:
Good processes → fewer defects → lower cost → predictable delivery.

4. CMMI (Capability Maturity Model Integration)

CMMI Institute

CMMI evaluates process maturity of an organization.

CMMI maturity levels:

  1. Initial – ad hoc, chaotic

  2. Managed – basic project management

  3. Defined – standardized processes

  4. Quantitatively Managed – metrics-driven

  5. Optimizing – continuous improvement

Role in SQA:
Provides a roadmap for improving software development processes.

5. SPICE (ISO/IEC 15504)

ISO/IEC 15504
(Commonly called SPICE – Software Process Improvement and Capability Determination)

SPICE assesses process capability, not organizational maturity.

Capability levels:

  • Level 0 – Incomplete

  • Level 1 – Performed

  • Level 2 – Managed

  • Level 3 – Established

  • Level 4 – Predictable

  • Level 5 – Optimizing

Difference from CMMI:

  • CMMI → organization maturity

  • SPICE → individual process capability