kevin flowers qa plan

8/14/2019 Kevin Flowers QA Plan

1/21

Jokealot.org

Quality Assurance Plan

Kevin Flowers

TS5151

December 1, 2007


2/21

Jokealot.org QA plan Rev. 1.12.07

Page | 2

Table of Contents

1 Introduction .......................................................................................................................................... 3

2 Company Background ........................................................................................................................... 3

3 Scope ..................................................................................................................................................... 4

4 Objectives.............................................................................................................................................. 4

5 Plan ....................................................................................................................................................... 5

5.1 Quality Assurance Methodology ................................................................................................... 5

5.2 Walkthrough Methodology ........................................................................................................... 6

5.3 Review Methodology .................................................................................................................... 6

5.4 Review Procedures ........................................................................................................................ 7

5.5 Audit Methodology ....................................................................................................................... 7

5.5.1 Audit Procedures ............................................................................................................................. 8

5.6 Evaluation Methodology ............................................................................................................... 9

6 Standards ............................................................................................................................................ 10

7 Roles and Responsibilities ................................................................................................................... 10

8 Required Documentation .................................................................................................................... 12

9 Measurements .................................................................................................................................... 12

10 Risk Management ........................................................................................................................... 14

10.1 Methodology ............................................................................................................................... 14

11 Training ........................................................................................................................................... 15

12 Analysis and Milestones .................................................................................................................. 15

13 Results ............................................................................................................................................. 16

14 Jokealot.org QA Checklists .............................................................................................................. 17

14.1 Management Plan ....................................................................................................................... 18

14.2 Configuration Management ........................................................................................................ 18

14.3

Network Management

................................................................................................................

19

14.4 Network Operations .................................................................................................................... 19

14.5 Network Management Equipment Moves .............................................................................. 19

14.6 Desktop Computer Support Help Desk .................................................................................... 20

15 References ...................................................................................................................................... 21


3/21


Page | 3

1 Introduction

This plan provides a planned systematic method to provide confidence that Jokealot products andservices are developed and delivered according to established processes. It defines the policy forQA activities, the organizational structure of the QA group, responsibilities of the QA group,responsibilities of affected groups, and identifies necessary reviews and audits.This document serves as the QA plan of Jokealot activities and can be tailored by each Jokealotteam to fit their specific activities. This plan will be updated on an on-going basis as a result of process improvement activities.

Jokealot.org (Jokealot) is a business offering free web based email, networking services anddesktop and file server support. Jokealot offers services from a single person to multinationalcorporate level companies. Jokealot.org is in the process of a domain consolidation with itpartner Contoso01.com. Schedule to be complete December 2007. With the combining of domains and infrastructure a quality control program must be put in place.

Without a quality control program it difficult to determine if, network and email services areworking at the best for customer satisfaction. Currently the only method is review of technicalsupport calls on a call by call basis. There is no central collection or review of the calls as awhole. Once consolidation is complete and during the transition period audits on policies andprocedures and standard operation practices must be revamped to meet company needs.

2 Company Background

Jokealot has about 100 employees and hosts 2000 pay email accounts, and 3000 freeaccounts. Each employee has their own workstation and the 20 email servers and 40 file serversin addition to the domain controllers to handle authentication.

Jokealot consists of a technical team of computer specialists that perform a variety of activitiessupporting the desktop computer environment and Local Area Networks (LAN) for the Jokealotnetwork (JN). In order to provide high quality products and services, each support team mustadhere to processes, procedures and standards. Quality Assurance (QA) is a process used tomonitor and evaluate the adherence to processes, procedures, and standards to determinepotential product and service quality. It involves reviewing and auditing the products andactivities to verify that they comply with the applicable procedures and standards, and assuringthe appropriate visibility for the results of the reviews and audits.


4/21


Page | 4

3 Scope

QA activities should be an integral part of all Jokealot activities. Within Jokealot, there is not auniform set of products and services provided by all Jokealot groups. This plan provides QAactivities appropriate to the following Jokealot services and activities:

Jokealot Project Planning Network Administration and Operations Desktop Support Problem Tracking and Reporting Hardware/Software Configuration Management User Training Video Conferencing Network Procedures Web mail and POP/IMAP services File storage services

Since Jokealot.org does not have a Quality Assurance (QA) plan, the creation of a qualityAssurance plan is utmost priority. The scope covers the Jokealot.org model for network activitiesand desktop computer support. This plan discusses the following QA topics:

Organizational structureDocumentation required

Procedures to be enforcedAudits and reviews to be conductedProcess improvementProblem reporting and resolutionQuality Assurance metrics

The Jokealot.org activities that will be reviewed by QA activities are:

Network Administration/OperationsDesktop SupportProblem Tracking and ReportingHardware/Software Configuration Management

4 Objectives

The QA team objectives for the stakeholders are as follows:


5/21


Page | 5

Acceptable levels of confidence that networking services provided will remain consistent with99.99% uptime policy guideline.

Network protection for all stakeholders from hackers and email spammers.

Customer problems are resolved within an acceptable time, no customer left behind strategy.

Hardware and software improvements to improve services will support legacy applications forcustomer using older software.

Communication to all customers on a regular basis within an acceptable level.

5 Plan

In order to have a very effective QA plan, Jokealot.org will implement several methodologies .

5.1 Quality Assurance Methodology

The methodology used to establish the Jokealot.org QA process is based on the methodologyused to implement quality assurance for network services. The QA function and appliedtechniques are the same for Jokealot.org and software products/services.

Different methods and techniques will be utilized depending on the specific quality assurance

activity. The techniques, tools, and methodologies that will be used are as follows:

Walkthroughs - Formal or informal, structured walkthroughs are used for orientation,examining promising ideas, identifying defects or errors, and improving products at anystage in the process.

Reviews - An independent evaluation of an activity or process to assess compliance withthe project plan; or to examine products or processes against quality factors through theuse of checklists, interviews, and meetings.

Audits - An independent examination of a work product or process to determinecompliance with specifications, standards, contractual agreements, or other pre-established criteria.

Evaluations - An evaluation activity that examines products/services to determinecompliance to requirements.


6/21


7/21


Page | 7

Productivity - The amount of resources to correctly produce the product or deliver the service,including the relationship between the amounts of time needed to accomplish work and the effortexpended.

5.4 Review Procedures

The QA team will plan and conduct a review according to accepted practices and standards. Atypical review procedure includes:

Identify reviews in the WBS and project schedule

Verify correct review procedures are in place

Document review results against quality factors

Verify product/service traceability, if applicable

Verify product/service against contractual requirements

Verify product/service against standards and procedures

Validate corrections by scheduling follow-up actions and reviews

Verify that defects or errors are tracked to closure

Document review results against product validation information

Summarize review findings for other technical groups/organizations (e.g., Network Engineering)

Enhance review procedures

5.5 Audit Methodology

The QA team is responsible for conducting product/service and process audits. The purpose of audits is to identify deviations in process performance, identify noncompliance items that cannotbe resolved at the technical support or project management level, to validate processimprovement/corrective action achievements, and to provide relevant reports to all managementlevels.


8/21


Page | 8

A product audit is an independent examination of work product(s) to assess compliance withspecifications, standards, customer requirements, or other criteria. Product audits are used toverify that the product was evaluated before it was delivered to the customer, that it wasevaluated against applicable standards, procedures, or other requirements, that deviations areidentified, documented, and tracked to closure and to verify corrections.

A process audit is a systematic and independent examination to determine whether qualityactivities and results comply with planned arrangements and whether these arrangements areimplemented effectively and are suitable to achieve objectives.

The QA team will perform the following activities when conducting an audit.

1. Define the scope and purpose of the audit within the audit plan.

2. Prepare audit procedures and checklists for the audit.

3. Examine evidence of implementation and controls.

4. Interview personnel to learn the status and functions of the processes and thestatus of the products.

5. Discuss findings with the technical staff and task leader.

6. Prepare and submit an audit report to technical monitor/senior management

7. Refer unresolved deviations to technical monitor/senior management forresolution.

5.5.1 Audit Procedures

A typical audit would include the following steps:

1. Clearly understand and adhere to the audit scope

2. Conduct preparation meetings in advance of the audit.

a. Define areas to be reviewed.

b. Define review criteria.

3. Conduct an overview meeting in advance of the audit

4. Understand the organization, products, and processes.

5. Conduct the planned meetings, interviews, samples, etc.


9/21


Page | 9

6. Review the preliminary findings internally with the audit team.

7. Verify and classify findings from the audit.

8. Validate audit findings with the audit recipient.

9. Prepare the audit report for the audit client.

10. Provide recommendations on request only.

11. Follow-up on corrective action/process improvement.

12. Improve the audit process.

An audit is considered complete when:

Each element within the scope of the audit has been examined.

Findings have been presented to the audited organization.

Response to draft findings have been received and evaluated.

Final findings have been formally presented to the audited organization and initiatingentity.

The audit report has been prepared and submitted to recipients designated in the auditplan.

Document audit findings and recommendations and report to Project Manager.

The recommendation report, if required by the plan, has been prepared and submitted torecipients designated in the audit plan.

All of the auditing organization's follow-up actions included in the scope of the audithave been performed.

5.6 Evaluation Methodology

Evaluations examine the activities used to develop/deliver products and services, ultimatelydetermining if the activity is fulfilling requirements. The QA function establishes criteria for anevaluation, verifies the process has been performed, and collects the metrics to describe theactual results of those activities.


10/21


Page | 10

6 Standards

Standards will be used as a reference for the Jokealot.org quality assurance plan (JAP). Standardswill be based on Microsoft Best practices for email and servers, and Cisco networking standardsfor information management. The activities and standards will also follow guidelines set forth bythe IEEE are used as the foundation to guide Jokealot.org QA activities.

By using the best practices standards, Jokealot.org stakeholders will benefit with a consistentlevel of service across the board.

The Microsoft Exchange Best Practices Analyzer automatically examines an Exchange Serverdeployment and determines whether the configuration is set according to Microsoft bestpractices. (Microsoft, 2007)

With the proper network access, the tool can examine the Active Directory and Exchange servers

to do the following:

Generate a list of issues, such as suboptimal configuration settings or unsupported or notrecommended options.

.Judge the general health of a system.

Help troubleshoot specific problems.

Reviews will be conduct per the audit methodology.

7 Roles and Responsibilities

The role of the QA team is to assist the technical staff to continually improve the quality of theirwork products and services. The QA team is responsible for establishing processes and

procedures that accurately verify and validate the adherence of desktop computer support andnetwork activities to applicable standards, guidelines, and procedures.The QA team will be involved at the start of the project. They will participate in the developmentof the jokealot.org Project Management Plan (PMP) to establish their function within the projectand to provide input into the projects schedule and work breakdown structure (WBS) to ensurethat QA activities are identified and that time is allotted for QA activities. Funding for the QAteam members will be planned within the task hours and cost structure.The organizational responsibilities as they relate to QA are:


11/21


Page | 11

Technical Monitor/Senior Management

Provides management support, supervision, and oversight for the QA function Ensures the independence of the QA function Makes available staff and other resources as needed to support QA Ensures resolution of problem and concern issues Reviews QA audits and reports

Jokealot.org Task Leader

Manages overall jokealot.org performance. Ensures QA activities are conducted Ensures compliance with the QA program Ensures responses to deficiency reports from QA reviews and audits

Quality Assurance Team

Develops and maintains the Quality Assurance Plan Ensures work products adhere to the appropriate standard Conducts audits and reviews Develops audit and review procedures for jokealot.org activities Ensures the QA processes and procedures adequately control project quality Ensures the QA activities accurately measure the product, service, and process quality Reviews and approves specified deliverables for release to customer Promptly reports results of audits to the project task leader Periodically reports unresolved noncompliant items to technical monitor/senior

management Maintains an on-going dialogue with the technical monitor and jokealot.org support staff

to establish a common understanding of quality assurance activities as they apply to jokealot.org services and products

Ensures that the expectations of QA activities are identified and understood between thetechnical monitor, task leader, and the team members

Collects and analyzes metrics produced from the results of the QA process Recommends changes in procedures to improve processes

Technical Staff

Implements task level quality control based on QA standards, policies, and procedures Participates in reviews and audits Performs corrective actions or process improvements in response to QA findings Manages and controls defects/errors and corrections Tracks the status of defects/errors until closed


12/21


Page | 12

The effectiveness of the QA teams effort depends on the support and commitment of thetechnical staff and all levels of management. All affected groups should be trained in theprinciples of quality assurance and be committed to the proper inclusion and performance of QAactivities within their work efforts.

8 Required Documentation

All required documents will follow the appropriate standards concerning content and format.Industry wide standards for jokealot.org management are frequently unavailable. When industrystandards are not available, the QA team, along with input from the project team, must developthe standards or adapt documents developed by other groups to use as standards within theproject. The information used from other groups documents will be used to ensure compatibilitybetween other networks existing within the organization. Standards will be identified andfollowed for all required project documentation.

The jokealot.org activities are to be implemented according to customer requirements. Therequired documentation is necessary to ensure jokealot.org activities are planned, monitored andcontrolled and will be used to verify the adequacy of the actual processes and procedures used todevelop and/or deliver products/services. Required documentation, as applicable, includes:

Network Management Project Plan Network Architecture Network Baseline Network Operations Manual Network Security Procedures Network Disaster Recovery Plan Desktop Computer Support Operations Manual Configuration Management Plan

.Other documentation may need to be identified for specific tasks.

9 Measurements

Measurements for the jokealot.org QA plan will follow and confirm to the followingprocedures. These measurements will be use for reporting purposes of the quality of the

jokealot.org network and customer service base. Nonconformities will be handled by changemanagement and the review of the procedures for the nonconforming activity.

The areas that will receive QA measurements are:


13/21


Page | 13

Network communications

Servers Desktops Web Applications Network devices edge routers and firewall

Servers

DNS functionality WINS functionality DHCP WEB POP SMTP VNC FTP Exchange File servers Input/output Disk capacity Backups files and the exchange/DNS/DHCP/WINS databases Anti Virus Anti Spam

Desktops

Uptime (PING)

Web Applications

Certificate of Authority SSL connections Sessions Page views Webmail access

Network Devices

Router Delay Monitoring


14/21


Page | 14

Wi-Fi access points

There is a dedicated network measurement server that will apply a time and date for each activityfor monitoring. The exact time schedule will be published in the respective SOPs. To make surequality control on the measurement server is maintained and server monitor will be added as partof another server services to monitor the health and status of the measurement server.

10 Risk Management

Risk is defined as the likelihood of an undesirable event occurring and the severity of theconsequences of the occurrence. The Jokealot.org risk management program will achieve costeffectiveness in its risk management approach by comprehensively identifying the risks; rapidlyassessing those risks to specify which of them require the expenditure of project resources;taking early actions to mitigate the risks, and iterating the process frequently to be responsive tothe dynamic internal and external environments .

The function of the Jokealot.org risk management program is to:

Identify the potential sources of risk and identify risk drivers. Quantify risks and assess their impacts on cost, schedule and performance. Determine the sensitivity of these risks to program, product and process assumptions, and

the degree of correlation among the risks. Determine and evaluate alternative approaches to mitigate moderate and high risks. Take actions to avoid, control, assume or transfer each risk. Ensure that risk is factored into decisions on selection of specification requirements and

solution alternatives. Security risk assessments, appropriate policies, and adequate internal controls should be

in place before wireless networks are used. Security measures will protect wired and wireless-enabled devices from unauthorized

access, intercepted transmissions, and disclosure of confidential information, and othervulnerability threats.

10.1 Methodology

To determine the likelihood of a future adverse event, threats to the Jokealot.org networks (JN)systems must be analyzed in conjunction with the potential vulnerabilities and the controls inplace for the JN. Impact refers to the magnitude of harm that could be caused by a threatsexercise of a vulnerability. The level of impact is governed by the potential mission impacts andin turn produces a relative value for the IT assets and resources affected (e.g., the criticality and


15/21


16/21


Page | 16

Risk Analysis is the process of quantifying the likelihood of occurrence and the consequences of potential future events, as well as the attendant uncertainties. Jokealot.org risk manager willdecide on a case-by-case basis whether risk identification and classification are adequate tosupport decision making, or whether more quantified risk analysis is required.

The specific risk analysis activities available to the Jokealot.org project include

decision analysis probabilistic network schedules probabilistic cost and effectiveness models Checkpoints taken during measurements Log file interpretation

The risk assessment process should be repeated every 12 months or as needed. Risk managementshould be conducted and integrated in JN, because it is a good practice and supports theorganizations business objectives or mission. The scheduled assessing and mitigating missionrisks should be flexible enough to allow changes where warranted, such as major changes to theJN system and processing environment due to changes resulting from policies and newtechnologies.

Jokealot.org risk management program will rely on :

senior managements commitment the full support and participation of the JN information technology team the competence of the risk assessment team, which must have the expertise to apply the

risk assessment methodology to a specific site and system, identify mission risks, andprovide cost-effective safeguards that meet the needs of the organization

the awareness and cooperation of members of the user community, who must followprocedures and comply with the implemented controls to safeguard the mission of theirorganization

an ongoing evaluation and assessment of the IT-related mission risks.

13 Results

Describe plans for corrective action, content, and frequency of reports to management, and plansfor closeout activities to document lessons learned.

The Risk Review Board will monitor the Jokealot.org technical and programmatic performance,and the effectiveness of the risk mitigation actions being taken. Should corrective action be


17/21


Page | 17

deemed necessary, the Risk Review Board will make appropriate recommendations to theJokealot.org risk manager.

Errors, defects, issues, deviations and noncompliance items identified in the Jokealot.orgactivities must be itemized, documented, tracked to closure, and reported by the QA team. The

QA team must verify all problems were tracked to closure and must provide continuing feedback to management and the technical support team concerning the status of the problem.

Problems are resolved with the direct producer or the appropriate task leader, when possible.Problems that cannot be resolved with the technical team or task leader are elevated to theproject manager. Problems that have been referred to the project manager are reviewed weeklyuntil they are resolved. Items that cannot be resolved by the project manager within six weeksare elevated to the technical monitor for resolution.

The QA team will work with the technical support staff to identify indicators and their associatedmeasures (Metrics) that are needed to control performance and predict future status of processes

used to produce products and services. The metrics will be used to help determine when andwhere a problem is occurring and what type of impact it will have on the product or service. Themetrics will be used to base decisions concerning the selection of best practices to implement inthe project.

Metrics that are necessary to monitor the effectiveness of QA processes and procedures are:

Number of reviews (QA activities) conducted Status of non-conformance items identified Status of action items open/closed/on-hold Number of days to correct and close a non-conformance item Customer satisfaction levels relating to product and service quality Trends for process improvement Lessons learned

14 Jokealot.org QA Checklists

The checklists below are the guidelines that the QA team should follow when conducting QAservices. The checklist can be altered and updated as needed to reflect any growth or businessexpansion.


18/21


Page | 18

14.1 Management Plan

Yes No Check List Description___ ___ Are project tracking activities evident?___ ___ Are project tracking and oversight being conducted?___ ___ Are all plan reviews conducted according to plan?___ ___ Are all issues arising from peer reviews addressed and closed?___ ___ Are status and review meetings conducted according to the

schedule?___ ___ Is a WBS that supports all deliverables/long term projects

developed?

___ ___ Is change managed according to the Configuration ManagementPlan?

___ ___ Have all deviations from standards and proceduresdocumentation been approved?

__ ____ Are project roles and responsibilities defined?

14.2 Configuration Management

Yes No Check List Descriptions___ ___ Does a Configuration Management Plan (CMP) exist?___ ___ Is CMP being used?___ ___ Does the CMP contain a list of configuration items to be

managed?___ ___ Does the CMP contain change control procedures?___ ___ Does the CMP contain the process to evaluate changes,

including estimates and impact?

___ ___ Does the CMP identify the person/group who can approvechanges to the CMP?

___ ___ Has the CMP been added under the configuration managementbaseline?


19/21


20/21


Page | 20

___ ___ Are LAN drops available?___ ___ Do the LAN drops work?___ ___ Are all necessary physical connections available?___ ___ Is there adequate power supply?___ ___ Is an UPS needed?___ ___ Have testing procedures been developed?___ ___ Has there been a peer review on the implementation plan?___ ___ Have the necessary requisitions been prepared?___ ___ Has all necessary procurement been received?___ ___ Are tools necessary for assembly/disassembly available?

14.6 Desktop Computer Support Help Desk

Yes No Description

___ ___ Does the help desk use problem reporting and trackingprocedures?

___ ___ Is there a problem escalation process?___ ___ Do the help desk technicians have a standard set of tools that

may enable them to resolve a call on the first visit?___ ___ Are security procedures for equipment followed?___ ___ Are there testing procedures in place to verify that changes to a

user environment did not adversely affect other applications?___ ___ Are virus detection procedures used?


21/21


Page | 21

15 References

Capella University (2007). Capellitis Sample Project. Retrieved October 9, 2007 fromhttp://www.capella.edu

Capella University (2007). PMA Inc , Software Quality Assurance Management System Retrieved October 17, 2007 from http://www.capella.edu

Clark, T. J. (1999). Success through quality: Support guide for the journey to continuousimprovement. Milwaukee: ASQ Quality Press Books.

Department of Defense. (2006).Risk Management Guide for DoD Acquisition. RetrievedNovember 16, 2007 from http://www.sei.cmu.edu/risk/dod-risk.pdf

Environmental Management and Enrichment Facilities (1997). Risk Assessment ProgramQuality Assurance Plan Retrieved October 20, 2007 fromhttp://rais.ornl.gov/homepage/tm/tm117.pdf

HUD.Gov (2007). HUD quality assurance plan checklist. Retrieved November 2, 2007 fromwww.hud.gov/offices/cio/sdm/devlife/tempchecks/qapchecklist.doc

Smith, G. F. (1998). Quality problem solving. Milwaukee: ASQ Quality Press Books

Wold, G. H. and Shriver, R. F. (1997) Risk Analysis Techniques. Retrieved November 14, 2007from http://www.drj.com/new2dr/w3_030.htm

kevin flowers qa plan

Documents