Verify+Compliance

=12. Verify Compliance= This section covers the topic of verifying compliance. Verifying compliance is making sure that everyone is being compliant and also to show where toc there’s space for improvement. Verifying Compliance increases quality assurance. The next sections covers the topics needed to verify compliance.

12.1 Review the Risk Management Plan
Reviewing the risk management plan ensures the quality of the process, because that directly affects the result. You should review the plan:
 * Completeness. Make sure that nothing is missing from the risk management plan.
 * Understandability. Check how easy it is to read the plan. If it’s hard to read people could make mistakes by misinterpreting it.
 * Level of detail. The plan must have detail on the steps that needs to take place, and whom should be in charge of making it happen.
 * Consistency. The plan cannot contradict itself, check for inconsistencies.
 * Realistic. The plan has to be practical, make sure that it makes sense.

12.2 Audit Agents and Artifacts
Using an independent inspection is an effective way to make verify compliance. Use audit agents from different chain of commands. Using an outside eye will help find potential issues that weren’t noticed by the people on the project. At my job, we have outside auditors come in all the time to check our CMMI process and our safety process. I know that all of our contractors are IS09001 compliant, which ensures quality from them. An ISO9001 company has a quality management process in place monitored by reviews and audits. The DOD MIL-STD-498 establishes a requirement for software development and documentation. It includes ISO/IEC DIS 12207 for development and documentation, and MIL-Q-9858A for quality program requirements. SEI CMM for software is what describes an effective software process. My organization is CMMI level 5. SEI CMM describes the auditing process of software quality assurance at level 2.

12.3 Generate an Audit Report
An audit report is the documentation of all the findings or violations that the audit team found. The audit report shows where current and future issues are, and where you are not being compliant. The ISO9001 recommends preventive action. If you are ISO9001 you have to take action to fix the issues. MIL-STD-498 requires analysis to detect trends in reported problems. Mil-STD-498 tries to reverse the trend. SEI CMM requires SQA to review and audit activities and work products for defect prevention and reports the results. CMM ties to address the problem within the software project first.

12.4 Track Action Item
Quality assurance is responsible for tracking audit actions until the item closes. The quality assurance team has to respond in a timely manner. The quality team has to retain records of the issue and how it was fixed. ISO9001 requires identifying, collect and cataloging all records relating to quality management system. MIL-STD-498 requires preparation and maintenance of records for each SQU activity. The SEI CMM requires the item to be assigned, reviewed, and tracked through the oversight KPA.