The short story:
- What is a Quality Assurance Plan?- What should a QAP contain?
A QAP is a plan of how you intend to do QA activities in your project (a plan is where you identify what you'll be doing, related to Quality Assurance (QA), when and with what resources).
This is where tailoring decisions are recorded (according to the tailorings allowed in each of the QMS processes).
As in many QA-related documents, there could be several possible TOCs (Table of Contents) if your QMS do not force you to use one, but in the case of a QAP for a software development project it is expectable to find in it a detailed description of all relevant QMS processes to produce the project outputs, and a description of how we will be applying them (or not) to our project (including the tailoring decisions).
Example topics / TOC can be seen below (in the "long story").
The long story:
Internal QAP Assurance TOC / relevant topics to be referred:- Life cycle tailoring decision and review provides an identification of the life cycle phases to which the Software Product Quality Assurance activities are applied.
- Review strategy consists on the definition of the type of verification activities to be held during the project development. These may include code and document reviews.
- Audits, consists of the plan for the audits and inspections. This includes customer audits, internal audits or external audits.
- Risk and Critical Items management, consists of the specification of the methods and procedures employed to identify, assess, monitor, and control areas of risk and critical items arising during the portion of the software life cycle covered by the QAP.
- Alert Procedure, consists of the specification of the methods and procedures employed to manage incoming and outgoing alerts. Alerts occur when new data triggers an impact evaluation on the project. An example of an incoming alert is a new security protocol breach identified by some work group that may require a specific project to change some functionalities implementation.
- Standards, practices, conventions identifies how standards, practices, conventions and metrics are to be applied, and states how compliance with these items is to be monitored and assured.
- Reporting, describes the reporting methods to be applied for the PA activities.
- Documentation, identifies the documentation governing the development, verification, validation, use, and maintenance of the software, and describes how the documents are to be checked for adequacy.
- Non conformances, deviation and change process, provides a description of the practices and procedures to be followed for non-conformances, deviations, and problem resolution during the software development and maintenance phases.
- Dependability and Safety Plan, describes the proposed dependability and safety activities that will be performed within the frame of the project.
- Procurement specifies the practices and procedures to be followed for procured software.
- Identification and traceability, specifies the features of a system for the identification, collection, cataloguing, storage, maintenance and disposition of records aimed at maintaining the integrity and traceability of the quality activities.
- Training identifies the training activities necessary to meet the needs of the development of the software product.
- Warranty identifies the quality activities that must be performed in the period of warranty of the system.
- Maintenance and operations, specifies the SPA activities for maintenance and support.
- Tailoring identifies any adaptation of any of the QMS defined processes, procedures or activities to better fit the project needs. Tailoring can be present in every abovementioned section and does not have to be an independent one.
- In case of Agile projects, the definition of “Done” must be formally specified