Quality Assurance Plan: External QAP (TOC)

Internal QAP vs. External QAP? 

Sometimes you will have to build also an External Quality Assurance Plan (External QAP), besides having to build the [Internal] QAP for your project (look here for what should be in the internal version).

As for the internal QAP, or just QAP, it is our [internal] document, stating in our terms how we intend to perform the QA activities. The external QAP is typically a deliverable requested by the customer (i.e. contracted with the end customer) according to compliance requirements that concern him, or using the customer templates. As it can be seen, they serve slightly different purposes.

Note. In the space domain/ESA the QAP is sometimes called SPAP (Software Product Assurance Plan).

External QAP TOC 

What should go in an External QAP? The external QAP must follow the quality assurance requirements or the compliance to software product assurance requirements.

It may include, but it is not limited to, some of the following sections:

• Organisational Structure
• Risk Management overview
• Project Lifecycle
• Review Strategy
• Audit Strategy
• Non-Conformances control
• Product / Process Metrics and reporting (reported typically later on in PAR documents)
• Number of defects, NCs, risks, packages, interfaces, LOCs, code comment frequency, nesting level, cyclomatic complexity, etc.
• QA activities and respective transition criteria
• Compliance Matrix with the standard / subcontractor / supplier requirements

If this is not clear enough by itself it's time for you to "google yourself out of this".

Edit log:
2017-04-12: Added reference and link to SPAP (Space domain)