CSQA là viết tắt của "Certified Software Quality Analyst" (Chuyên gia Phân tích Chất lượng Phần mềm Chứng nhận). Đây là một chứng chỉ chuyên nghiệp được thiết kế để chứng nhận kiến thức và kỹ năng của các chuyên gia trong lĩnh vực phân tích và đảm bảo chất lượng phần mềm. Chứng chỉ CSQA được cung cấp bởi QAI Global Institute, một tổ chức quốc tế chuyên về đào tạo và chứng nhận trong lĩnh vực chất lượng phần mềm. CSQA nhằm trang bị cho các chuyên gia những kiến thức và kỹ năng cần thiết để đánh giá, kiểm thử, và đảm bảo chất lượng của các sản phẩm phần mềm.
Trang 1C SQA COMMON BODY
OF KNOWLEDGE
Guide to the
Trang 2Copyright © Quality Assurance Institute 20 12 All Rights Reserved
No part of this publication, or translations of it, may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or any other media embodiments now known or hereafter to become known, without the prior written permission of the Quality Assurance Institute
Visit www.qai usa.com for additional courseware and training seminars
Trang 3Increased Confidence by IT Users and Customers .Intro-5 Improved Processes to Build/Acquire/Maintain, Operate and Measure Software Intro-5 Independent Assessment of Quality Assurance Competencies Intro-5 Quality Assurance Competencies Maintained Through Recertification Intro-5 Value Provided to Co-Workers .Intro-6 Mentoring the QA Staff Intro-6 SQA Resource to “IT” Staff Intro-6 Role Model for SQA Practitioners Intro-6
How to Improve Software Quality Assurance Effectiveness
through Certification Intro-6
Meeting the Certification Qualifications Intro-7
Prerequisites for Candidacy .Intro-7Educational and Professional Prerequisites Intro-7
CASQ Intro-7 CSQA Intro-7 CMSQ Intro-8
Expectations of the Certified Professional Intro-8
Professional Skill Proficiency Responsibilities Intro-9 Develop a Lifetime Learning Habit Intro-9
Code of Ethics Intro-9Purpose Intro-10Responsibility Intro-10Professional Code of Conduct Intro-10Grounds for Decertification Intro-11Submitting the Initial Application Intro-11Updating Your On-Line Profile Intro-12
Trang 4Scheduling with Pearson VUE to Take the Examination Intro-13
Arriving at the Examination Site Intro-13No-shows Intro-13
How to Maintain Competency and Improve Value Intro-14
Continuing Professional Education Intro-14 Advanced Software Quality Assurance Designations Intro-14What is the Certification Competency Emphasis? Intro-14
Preparing for the CSQA Examination .Intro-17
Assess Your CSQA CBOK Competency Intro-18
Complete the CSQA Skill Assessment Worksheet Intro-18 Calculate Your CSQA CBOK Competency Rating Intro-20
Understand the Key Principles Incorporated
Into the Examination Intro-22 Review the List of References .Intro-23 Initiate a Self-Study Program .Intro-24 Take the Sample Examination Intro-25
CSQA Skill Assessment Worksheet Eval-1
Assess Your Skills against the CSQA CBOK Eval-1
Skill Category 1 – Quality Principles and Concepts Eval-2 Skill Category 2 – Quality Leadership Eval-3 Skill Category 3 – Quality Baselines Eval-4 Skill Category 4 – Quality Assurance Eval-5 Skill Category 5 – Quality Planning Eval-6 Skill Category 6 – Define, Build, Implement and Improve
Work Processes Eval-7 Skill Category 7 – Quality Control Practices Eval-8 Skill Category 8 – Metrics and Measurement Eval-9 Skill Category 9 – Internal Control and Security Eval-10 Skill Category 10 – Outsourcing, COTS, and Contracting Quality Eval-11
CSQA CBOK Competency Rating Table Eval-12
Trang 5Skill Category 1
Quality Principles 1-1
Vocabulary of Quality 1-1 The Different Views of Quality 1-4
The Two Quality Gaps 1-5 Quality Attributes for an Information System .1-6
Quality Concepts and Practices .1-8
PDCA Cycle 1-9 Cost of Quality .1-11The Three Key Principles of Quality 1-14The Quality Solution 1-14Best Practices 1-15Six Sigma Quality 1-15 Baselining and Benchmarking .1-16 Earned Value 1-16
Quality Control and Quality Assurance .1-17
Quality Control 1-17 Quality Assurance 1-18 Differentiating Between Quality Control and Quality Assurance .1-18 Understanding and Using the Just-In-Time (JIT) Technique 1-19
Quality Pioneers Approach to Quality 1-22
Dr W Edwards Deming 1-22 Philip Crosby 1-25
Dr Joseph Juran 1-28 Total Quality Management 1-29
A Managerial Philosophy Based on the Work of the Pioneers 1-29
Trang 6Competition to Cooperation 2-11 Awareness Training 2-11 Nurturing New Behaviors 2-13
Empowerment of Employees 2-14
Quality Management Infrastructure 2-15
Quality Council 2-16 Management Committees 2-17 Teams and Work Groups 2-17Understanding Team Development Phases 2-18Establishing Group Compatibility 2-19Consensus 2-21Controlling Meetings 2-21Using Task Forces Effectively 2-22Personal Persuasion 2-23Conformity Behavior of Individuals in a Group 2-24Resolving Customer Complaints 2-25Written Reports 2-27Process Improvement Teams 2-29
Quality Environment 2-30
The Six Attributes of an Effective Quality Environment 2-30The Core Values and Concepts Included in the Malcolm Baldrige National Quality Award Model 2-33
Core Values and Concepts 2-34 Visionary Leadership 2-34 Customer-Driven Excellence 2-35 Organizational and Personal Learning 2-35 Valuing Employees and Partners 2-36 Agility 2-37 Focus on the Future 2-38
Trang 7Managing for Innovation 2-38 Management by Fact 2-38 Social Responsibility 2-39
Focus on Results and Creating Value 2-40Systems Perspective 2-40Setting the Proper “Tone” at the Top 2-40 Code of Ethics and Conduct 2-41 Open Communications 2-41Guidelines for Effective Communications 2-42
Providing Constructive Criticism 2-42 Achieving Effective Listening 2-44 The 3-Step Listening Process 2-45
Implementing a Mission, Vision, Goals, Values, and Quality Policy .2-48Mission 2-48Vision 2-49Goals 2-49Values 2-51Quality Policy 2-52Monitoring Compliance to Organizational Policies and Procedures .2-53Four Types of Monitoring 2-54
Monitoring the Tone at the Top 2-54 Monitoring by Individuals 2-55 Ongoing Monitoring 2-55 Independent Monitoring 2-56
Enforcement of Organizational Policies and Procedures 2-57Types of Enforcements 2-58
Automated Enforcement 2-58 Self-Enforcement 2-58 Supervisory Enforcement 2-59
Trang 8Skill Category 3
Quality Baselines 3-1
Quality Baseline Concepts 3-1
Baselines Defined 3-1 Types of Baselines 3-2 Conducting Baseline Studies 3-2Conducting Objective Baseline Studies 3-4Conducting Subjective Baseline Studies 3-5
Planning 3-6 Internal analysis 3-6 Benchmarking 3-6
Methods Used for Establishing Baselines 3-7
Customer Surveys 3-7 Benchmarking to Establish a Baseline Goal 3-7 Assessments against Management Established Criteria 3-10 Assessments against Industry Models 3-12
Model and Assessment Fundamentals 3-12
Purpose of a Model 3-12 Types of Models (Staged and Continuous) 3-13Staged models 3-13Continuous models 3-14Model Selection Process 3-14 Using Models for Assessment and Baselines 3-15Assessments versus Audits 3-15
Industry Quality Models 3-16
Software Engineering Institute Capability Maturity Model Integration MI®) 3-16Maturity Levels 3-16
(CM-Level 1: Initial 3-18 Level 2: Managed 3-18 Level 3: Defined 3-18 Level 4: Quantitatively Managed 3-19 Level 5: Optimizing 3-19
Components of the Maturity Levels 3-20Skipping Maturity Levels 3-20Malcolm Baldrige National Quality Award (MBNQA) 3-21National Institute of Standards and Technology 3-21
Board of Overseers 3-21 Board of Examiners 3-21
Trang 9Award Recipients 3-21
2005 Award Criteria 3-22
1 – Leadership 3-22
2 – Strategic Planning 3-22
3 – Customer and Market Focus 3-22
4 – Information and Analysis 3-23
Management Responsibility 3-27 Resource Management 3-28 Product Realization 3-28 Measurement, Analysis and Improvement 3-29
ISO/IEC 12207: Information Technology – Software Life Cycle
Processes 3-29Model Overview 3-29Target Audience 3-32Views of Software Development 3-32Relationship to Other Standards 3-33
ISO/IEC System and Software Standards 3-33 IEEE/EIA 12207 3-33
ISO/IEC 15504: Process Assessment
(Formerly Known as Software Improvement and Capability Determination (SPICE)) .3-34Model Overview 3-34Reference Models 3-37
Process Dimension 3-37 Process Capability Dimension 3-39
The Assessment Process 3-40Relationship to other International Standards 3-42Post-Implementation Audits 3-42
Trang 10Skill Category 4
Quality Assurance 4-1
Establishing a Function to Promote and Manage Quality 4-1
The Challenges of Implementing a Quality Function 4-3 How the Quality Function Matures Over Time 4-5Three Phases of Quality Function Maturation 4-5
Initial Phase 4-5 Intermediate Phase 4-5 Final Phase 4-6
Drivers that Change the Role of the QA Analyst 4-7
Management Philosophy 4-7 Personal Belief System of Managers 4-8
Quality Function Recommendations 4-8Support in Corporate Quality Management Environment 4-9Support of Corporate Quality Management with Repository
of Quality Information 4-9
IT Management Responsibilities in Corporate Quality Management Environment 4-9Implementing an IT Quality Function 4-10Step 1: Develop a Charter 4-10Step 2: Identify the Quality Manager 4-12Step 3: Locate Organizationally the IT Quality Function 4-13Step 4: Build Support for Quality 4-14Step 5: Staff and Train the Quality Function 4-16Step 6: Build and Deploy the Quality Toolbox 4-18Step 7: Drive the Implementation of the Quality Management Environment 4-19
IT Quality Plan 4-19Long-Term Actions 4-20Short-Term Actions 4-21
Quality Tools 4-23
Management Tools 4-24Brainstorming 4-25Affinity Diagram 4-25Nominal Group Technique 4-26Cause-and-Effect Diagram 4-27Force Field Analysis 4-29Flowchart and Process Map 4-30Benchmarking 4-31
Planning Phase 4-32 Analysis Phase 4-33 Integration Phase 4-33 Action Phase 4-33
Matrix 4-34Quality Function Deployment 4-35
Trang 11Fundamental Deployments 4-37 Horizontal Deployments 4-38 Vertical Deployments 4-38
Playscript 4-39Statistical Tools 4-40Check Sheet 4-40Histogram 4-41Pareto Chart 4-43Run Chart 4-44Control Chart 4-45Scatter Plot 4-47Presentation Tools 4-49Table 4-49Line Chart 4-49Bar Chart 4-50Pie Chart 4-51Stem-and-Leaf Chart 4-52
Process Deployment 4-53
Getting Buy-In for Change through Marketing .4-53Step 1: Identify Customer Needs 4-54Step 2: Present Solution in Terms of Customer Needs 4-54Step 3: Identify Barriers and Obstacles 4-55Step 4: Address Barriers and Obstacles 4-55Step 5: Obtain Approval 4-56The Formula for Effective Behavior Change 4-56 The Deployment Process .4-56Deployment Phase 1: Assessment 4-57Deployment Phase 2: Strategic 4-57Deployment Phase 3: Tactical 4-60Critical Success Factors for Deployment 4-64
Internal Auditing and Quality Assurance 4-66
Types of Internal Audits 4-66 Differences in Responsibilities 4-67
Trang 12Integrating Business and Quality Planning 5-6
The Fallacy of Having Two Separate Planning Processes 5-6 Planning Should be a Single IT Activity 5-6
Prerequisites to Quality Planning 5-8 The Planning Process 5-9
Planning Process Overview 5-9 The Six Basic Planning Questions 5-11 The Common Activities in the Planning Process 5-13Business or Activity Planning 5-13Environment Planning 5-13Capabilities and Opportunities Planning 5-13Assumptions/Potential Planning 5-14Objectives/Goals Planning 5-14Policies/Procedures Planning 5-14Strategy/Tactics Planning 5-15Priorities/Schedules Planning 5-15Organization/Delegation Planning 5-15Budget/Resources Planning 5-16Planning Activities for Outsourced Work 5-16
Planning to Mature IT Work Processes 5-17
QAI Model and Approach to Mature IT Work Processes 5-17Why Six Process Categories Were Chosen 5-19Manage by Process, a Tactical View of Process Maturity 5-19Tactics for Maturing the Management Processes 5-20
Level 1 Product Focus 5-22 Level 2 Process Focus 5-23 Level 3 End User Focus 5-23 Level 4 Team Focus 5-23 Level 5 – World-Class Focus 5-23
Tactics for Maturing the People Management Processes 5-26
Level 1 – Unpredictable 5-28 Level 2 – Process Skills 5-29 Level 3 – Integration 5-30 Level 4 – Quantitative Management 5-31 Level 5 – Innovate 5-31
Tactics for Maturing the Deliverables Processes 5-32
Trang 13Level 1 – Constraint Requirements 5-34 Level 2 – Business Requirements 5-35 Level 3 – Relational Requirements 5-35 Level 4 – Quality Requirements 5-35 Level 5 – Reliability Requirements 5-36
Tactics for Maturing the Technology Processes 5-36
Level 1 – Assessment/Pilot 5-38 Level 2 – Operational 5-39 Level 3 – Predictable 5-39 Level 4 – Technology Optimization 5-39 Level 5 – People Optimization 5-39
Tactics for Maturing the Quality Assurance Processes 5-39
Level 1 – Controlling 5-42 Level 2 Defining 5-42 Level 3 Aligning 5-43 Level 4 Adapting 5-43 Level 5 Champion 5-44
Tactics for Maturing the Quality Control Management Processes 5-45
Level 1 – Validation 5-46 Level 2 – Verification 5-47 Level 3 Defect Management 5-47 Level 4 Statistical Process Control 5-47 Level 5 - Preventive Management 5-47
How to Plan the Sequence for Implementing Process Maturity 5-48Relationship between People Skills and Process Definitions 5-48Relationship of Do and Check Procedures 5-49Relationship of Individuals' Assessment of How They are Evaluated to Work Per-formed 5-50Relationship of What Management Relies on for Success 5-51Relationship of Maturity Level to Cost to Do Work 5-52Relationship of Process Maturity to Defect Rates 5-53Relationship of Process Maturity and Cycle Time 5-54Relationship of Process Maturity and End User Satisfaction 5-54Relationship of Process Maturity and Staff Job Satisfaction 5-55Relationship of Process Maturity to an Organization's Willingness to Embrace Change 5-56
Relationship of Tools to Process Maturity 5-56Relationship of the Control and Test Process Category to Quick Paybacks 5-56Strategy for Moving to Higher Maturity Levels 5-57Skipping Levels and Reverting Back to Lower Levels 5-57
Trang 14Process Management Processes 6-11
Planning Processes 6-12Process Inventory 6-12Process Mapping 6-13Process Planning 6-14
Do Processes 6-15Process Definition 6-15Check Processes 6-19Identify Control Points 6-19
Automatic 6-21 Self-Checking 6-21 Peer Reviews 6-22 Supervisory 6-22 Third Party 6-22
Process Measurement 6-22Testing 6-23Act Processes 6-23Process Improvement Teams 6-25Process Improvement Process 6-26
Identify and Understand the Process 6-26 Improve the Process 6-29
Trang 15Informal Review 7-10 Semiformal Review (or Walkthrough) 7-10 Formal Review (or Inspection) 7-10
In-Process Reviews 7-11Checkpoint Reviews 7-11Phase-End Reviews 7-11
Software Requirements Review 7-12 Critical Design Review 7-12 Test Readiness Review 7-12
Post-Implementation Reviews 7-12Inspections 7-12
Developing Testing Methodologies 7-14
Acquire and Study the Test Strategy 7-14 Determine the Type of Development Project 7-14 Determine the Type of Software System .7-15 Determine the Project Scope 7-16 Identify the Tactical Risks .7-17 Determine When Testing Should Occur 7-18 Build the System Test Plan 7-19
Trang 16Verification and Validation Methods 7-20
Management of Verification and Validation 7-20 Verification Techniques 7-20Feasibility Reviews 7-21Requirements Reviews 7-21Design Reviews 7-21Code Walkthroughs 7-21Code Inspections or Structured Walkthroughs 7-21Requirements Tracing 7-21Validation Techniques 7-22White-Box 7-22Black-Box 7-23
Equivalence Partitioning 7-23 Boundary Analysis 7-23 Error Guessing 7-23
Incremental 7-23
Top-Down 7-24 Bottom-Up 7-24
Thread 7-24Regression 7-24
Unit Regression Testing 7-25 Regional Regression Testing 7-25 Full Regression Testing 7-25
Structural and Functional Testing 7-25Structural Testing 7-26Functional Testing 7-26
Software Change Control 7-27
Software Configuration Management 7-27 Change Control Procedures 7-28
Defect Management 7-29
Defect Management Process 7-29 Defect Reporting 7-29 Severity versus Priority 7-31
A Sample Defect Tracking Process 7-31Using Defects for Process Improvement 7-33
Trang 17Measurement in Software 8-8
Product Measurement 8-9Size 8-9
Lines of Code 8-9 Function Points 8-9
Complexity 8-10
Cyclomatic Complexity v(G) 8-10 Knots 8-10
Quality 8-10
Correctness 8-10 Reliability 8-11 Maintainability 8-11
Customer Perception of Product Quality 8-11Process Measurement 8-11
Variation and Process Capability .8-13
The Measurement Program 8-13
Trang 18Common and Special Causes of Variation 8-18Common Causes of Variation 8-18Special Causes of Variation 8-19Variation and Process Improvement 8-20 Process Capability 8-21
Risk Management 8-22
Defining Risk 8-22 Characterizing Risk 8-22Situational 8-22Time-Based 8-23Interdependent 8-23Magnitude Dependent 8-23Value-Based 8-23Managing Risk 8-23Risk Identification 8-24Risk Analysis 8-25Risk Prioritization 8-28Risk Response Planning 8-29Risk Resolution 8-29Risk Monitoring 8-30Software Risk Management 8-30 Risks of Integrating New Technology 8-31
Implementing a Measurement Program 8-33
The Need for Measurement 8-33 Prerequisites 8-34
Trang 19Skill Category 9
Internal Control and Security 9-1
Principles and Concepts of Internal Control 9-2
Internal Control and Security Vocabulary and Concepts 9-2Internal Control Responsibilities 9-3The Internal Auditor’s Internal Control Responsibilities 9-3Risk versus Control .9-5 Environmental versus Transaction Processing Controls 9-5
Environmental or General Controls 9-6 Transaction Processing Controls .9-8
Preventive, Detective and Corrective Controls 9-9Preventive Controls 9-9
Source-Data Authorization 9-10 Data Input 9-11 Source-Data Preparation 9-11 Turn-Around Document 9-11 Pre-Numbered Forms 9-11 Input Validation 9-11 Computer Updating of Files 9-13 Controls over Processing 9-13
Detective Controls 9-15
Data Transmission 9-15 Control Register 9-16 Control Totals 9-16 Documentation and Testing 9-16 Output Checks 9-16
Corrective Controls 9-17
Error Detection and Resubmission 9-17 Audit Trails 9-18
Cost versus Benefit of Controls .9-18
The Quality Professionals Responsibility for Internal Control and Security 9-19
Risk and Internal Control Models 9-20
COSO Enterprise Risk Management (ERM) Model 9-20The ERM Process 9-20 ERM Components 9-20COSO Internal Control Framework Model .9-22Example of a Transaction Processing Internal Control System 9-24CobiT Model 9-25
Trang 20Model for Building Transaction Processing Controls 9-28Transaction Origination 9-29Transaction Entry 9-29Transaction Communications 9-29Transaction Processing 9-30Database Storage and Retrieval 9-30Transaction Output 9-30
Building Adequate Security 9-31
Where Vulnerabilities in Security Occur 9-31Functional Vulnerabilities 9-31
IT Areas Where Security is Penetrated 9-33Accidental versus Intentional Losses 9-35Establishing a Security Baseline 9-36Creating Baselines 9-36
Step 1: Establish the Team 9-38 Step 2: Set Requirements and Objectives 9-39 Step 3: Design Data Collection Methods 9-41 Step 4: Train Participants 9-43 Step 5: Collect Data 9-44 Step 6: Analyze and Report Security Status 9-44
Using Baselines 9-46 Security Awareness Training 9-46Step 1 – Create a Security Awareness Policy 9-47Step 2 – Develop a Security Awareness Strategy 9-48
Awareness 9-49 Training 9-50 Education 9-50 Professional Development 9-50
Step 3 – Assign the Roles for Security Awareness 9-51
IT Director/CIO 9-51 Information Technology Security Program Manager 9-52
IT Managers 9-52 Users 9-52
Security Practices 9-53
Trang 21Skill Category 10
Outsourcing, COTS and Contracting Quality 10-1
Quality and Outside Software 10-1
Purchased COTS software .10-2Evaluation versus Assessment 10-2Outsourced Software 10-3Additional differences if the contract is with an offshore organization 10-3Quality Professionals Responsibility for Outside Software 10-4
Selecting COTS Software .10-6
Assure Completeness of Needs Requirements 10-6 Define Critical Success Factor 10-7 Determine Compatibility with Hardware, Operating System, and Other COTS Software 10-8Hardware Compatibility 10-9Operating Systems Compatibility 10-9Program Compatibility 10-10Data Compatibility 10-10Assure the Software can be Integrated into Your Business System
Work Flow .10-10 Demonstrate the Software in Operation 10-11 Evaluate People Fit 10-13 Acceptance Test the Software Process 10-14
Selecting Software Developed by Outside Organizations 10-15
Contracting Life Cycle 10-15Selecting an Outside Organization 10-16
Feasibility Study 10-16 Selection of an Outside Organization 10-18
Assure That Requirements and Contract Criteria are Testable 10-19Assure That the Contractor Has an Adequate Software Development Process 10-19Assure That the Contractor Has an Effective Test Process 10-19Define Acceptance Testing Criteria 10-20Contractor’s Status Reporting 10-20Ensure Knowledge Transfer Occurs 10-20Ensure Protection of Intellectual Property Rights of Both Organizations 10-21Developing Selection Criteria 10-21
Contracting for Software Developed by Outside Organizations 10-22
Trang 22Operating for Software Developed by Outside Organizations 10-28
Acceptance Testing 10-28Acceptance Testing Concerns 10-28Operation and Maintenance of the Software 10-29
Operation and Maintenance Concerns 10-30
CSQA Examination Overview C-1
Quality Assurance Theory and Practice C-1
Guidelines to Answer Questions .C-2 Sample CSQA Examination .C-5
Part 1 Multiple-Choice Questions C-5 Part 1 and Part 3 Multiple-Choice Answers C-11 Part 2 Essay Questions and Answers C-12Part 2 – Quality Assurance Theory Essay Questions C-12Part 2 – Quality Assurance Theory Essay Questions C-15Part 2 – Quality Assurance Practice Essay Questions C-18Part 4 – Quality Assurance Practice Essay Answers C-22
Trang 23Software Quality Assurance
profession, the individual, the employer, and co-workers
The CASQ, CSQA, and CMSQ certifications test the level of competence in the principles and practices of software quality assurance and control in the Information Technology (IT) profession These principles and practices are defined by the ISCB as the Software Quality Assurance Body of Knowledge (SQABOK) The ISCB will periodically update the SQABOK
to reflect changing software quality and control, as well as changes in computer technology These updates should occur approximately every three years
Be sure to check the Software Certifications Web site for up-to-date information
on the Software Quality Assurance Certification program at:
www.softwarecertifications.org
Using this product does not constitute, nor imply, the successful passing of the
Scheduling with Pearson VUE to Take the
Examination
Intro-13
T
Trang 24Intro.1 Software Certification Overview
Software Certifications is recognized worldwide as the standard for IT software quality assurance (SQA) professionals Certification is a big step, a big decision Certification identifies an individual as a SQA leader and earns the candidate the respect of colleagues and managers It is formal acknowledgment that the IT recipient has an overall understanding of the disciplines and skills represented in a comprehensive Software Quality Assurance Body of Knowledge (SQABOK) for a respective software discipline
The Software Quality Assurance Certification programs demonstrate the following objectives
to establish standards for initial qualification and continuing improvement of professional competence The certification programs help to:
1 Define the tasks (skill categories) associated with SQA duties in order to evaluate skill mastery
2 Demonstrate an individual’s willingness to improve professionally
3 Acknowledge attainment of an acceptable standard of professional competency
4 Aid organizations in selecting and promoting qualified individuals
5 Motivate personnel having SQA responsibilities to maintain their professional tency
compe-6 Assist individuals in improving and enhancing their organization’s SQA programs (i.e., provide a mechanism to lead a professional)
In addition to Software Quality Assurance Certification, the ISCB also offer the following software certifications
Software Testers
• Certified Associate in Software Testing (CAST)
• Certified Software Tester (CSTE)
• Certified Manager of Software Testing (CMST)
Software Quality Analysts
• Certified Associate in Software Quality (CASQ)
• Certified Software Quality Analyst (CSQA)
• Certified Manager of Software Quality (CMSQ)
Software Business Analysts
• Certified Associate in Business Analysis (CABA)
• Certified Software Business Analyst (CSBA)
Trang 25Intro.1.1 Contact Us
Software Certifications Phone: (407)-472-8100 Fax: (407)-363-1112 Certification questions? E-mail: certify@softwarecertifications.org
Intro.1.2 Program History
QAI was established in 1980 as a professional association formed to represent the software quality assurance industry The first certification began development in 1985 and the first formal examination process was launched in 1990 Today, Software Certifications,
administered by QAI, is global Since its inception, the ISCB has certified over 50,000 IT professionals in 50+ countries world wide
Intro.1.3 Why Become Certified?
As the IT industry becomes more competitive, management must be able to distinguish professional and skilled individuals in the field when hiring Certification demonstrates a level
of understanding in carrying out SQA principles and practices that management can depend upon
Acquiring a CASQ, CSQA, or CMSQ certification indicates a foundation, professional practitioner, or managerial level of competence in SQA respectively Software Quality Analysts become members of a recognized professional group and receive recognition for their competence by businesses and professional associates, potentially more rapid career advancement, and greater acceptance in the role as advisor to management
Intro.1.4 Benefits of Becoming Certified
As stated above, the Software Quality Assurance certifications were developed to provide value to the profession, the individual, the employer, and co-workers The following
information is data collected from CSQAs in the IT industry – a real testimonial to the benefits and reasons to make the effort to become a certified
Trang 26Intro.1.4.1 Value Provided to the Profession
Software quality assurance is often viewed as a software project task, even though many individuals are full-time quality assurance professionals The Software Quality Assurance Certification program was designed to recognize SQA professionals by providing:
• Software Quality Assurance Body of Knowledge (SQABOK)
The ISCB defines the skills upon which the software quality assurance certification isbased The current SQABOK includes 10 skill categories fully described in this book – seeSkill Category 1 through Skill Category 10
• Examination Process to Evaluate Competency
The successful candidate must pass an examination that is based on the SQABOK Youmust receive a grade of 70% or higher The CASQ examination consists of 100 multiplechoice questions; the CSQA examination consists of 100 multiple choice and 12 shortsessays; and the CMSQ examination consists of 12 short essays
• Code of Ethics
The successful candidate must agree to abide by a professional Code of Ethics as specified
by the ISCB See “Code of Ethics” on page 9 for an explanation of the ethical behaviorsexpected of all certified professionals
Intro.1.4.2 Value Provided to the Individual
The individual obtaining the CSQA certification receives the following values:
• Recognition by Peers of Personal Desire to Improve
Approximately seventy-five percent (75%) of all CSQAs stated that a personal desire forself-improvement and peer recognition was the main reason for obtaining the CSQAcertification Fifteen percent (15%) were required by their employer to sit for theexamination, and ten percent (10%) were preparing themselves for an improved qualityassurance related position
Many CSQAs indicated that while their employer did not require CSQA certification, itwas strongly encouraged
• Increased Confidence in Personal Capabilities
Eighty-five percent (85%) of the CSQAs stated that passing the examination increasedtheir confidence to perform their job more effectively Much of that confidence came fromstudying for the examination
• Recognition by IT Management for Professional Achievement
Most CSQAs stated that their management greatly respects those who put forth thepersonal effort needed for self-improvement IT organizations recognized and rewardedindividuals in the following ways:
Trang 27• Thirteen percent (13%) received an immediate average one-time bonus of $610, with arange of $250 to $2,500.
• Twelve percent (12%) received an immediate average salary increase of 10%, with arange of 2% to 50%
Non-monetary recognitions were:
• Thirty-six percent (36%) were recognized in staff meetings
• Twenty percent (20%) in newsletters or e-mail
• Many received rewards, management visits or calls, and lunch with the boss
Within the first 18 months after receiving the CSQA certification:
• Twenty-seven percent (27%) received an average salary increase of 23%, with a range
of 2% to 100%
• Twenty-three percent (23%) were promoted, 25% received a better assignment and13% a new assignment
Intro.1.4.3 Value Provided to the Employer
With the need for increased software quality and reliability, companies employing certified
QA professionals provide value in these ways:
Intro.1.4.3.1 Increased Confidence by IT Users and Customers
IT users and customers expressed confidence in IT to effectively build or acquire software when certified quality assurance practitioners were involved
Intro.1.4.3.2 Improved Processes to Build/Acquire/Maintain, Operate and Measure Software
Certified SQA Analysts use their knowledge and skills to continuously improve the IT work processes They know what to measure, how to measure it, and then prepare an analysis to aid
in the decision-making process
Intro.1.4.3.3 Independent Assessment of Quality Assurance Competencies
The Software Quality Assurance Certification program is directed by the ISCB Through examination and recertification, they provide an independent assessment of one’s quality assurance competencies, based on a continuously strengthening Software Quality Assurance Body of Knowledge
Intro.1.4.3.4 Quality Assurance Competencies Maintained Through Recertification
Yesterday’s quality assurance competencies are inadequate for today’s challenges
Recertification is a process that helps assure one’s skills remain current The recertification
Trang 28From an IT director’s perspective, this is employee-initiated quality assurance training Most,
if not all SQA analysts, do this training during their personal time IT organizations gain three benefits from recertification: 1) employees initiate improvement; 2) quality assurance
practitioners obtain competencies in SQA methods and techniques; and 3) employees train during personal time
Intro.1.4.3.5 Value Provided to Co-Workers
The drive for self-improvement is a special trait that manifests itself in providing these values
to co-workers:
Intro.1.4.3.6 Mentoring the QA Staff
Forty-five percent (45%) of the CSQAs mentor their SQA colleagues by conducting training classes, encouraging staff to become certified, and acting as a resource to the staff on sources
of IT SQA-related information
Intro.1.4.3.7 SQA Resource to “IT” Staff
CSQAs and CMSQs are recognized as experts in SQA and are used heavily for advice, counseling, and for recommendations on software construction, quality assurance and testing
Intro.1.4.3.8 Role Model for SQA Practitioners
CSQAs and CMSQs are the IT role models for individuals with SQA responsibilities to become more effective in performing their job responsibilities
Intro.1.4.4 How to Improve Software Quality Assurance Effectiveness through Certification
A “driver” for improved IT effectiveness is the integration of the Software Quality Assurance certification program in your “IT” career development plan This can be accomplished by:
• Creating an awareness of the Software Quality Assurance Certification and its benefits
to your quality assurance practitioners
• Requiring or encouraging your quality assurance practitioners to become certified
• Recognizing and rewarding successful candidates
• Supporting recertification as a means of maintaining quality assurance competency
QAI, as administrators of the Software Quality Assurance Certification, will
assist you in this effort
Trang 29See www.qaiglobalinstitute.com for detailed information.
Intro.2 Meeting the Certification Qualifications
To become certified in Software Quality Assurance, every candidate must first:
1 Satisfy all of the prerequisites required prior to applying for candidacy – educational and professional prerequisites, and recommendations for preparing for the examination
2 Subscribe to the Code of Ethics as described on page Intro-9
3 Complete the Certification Candidacy Online Application See “Submitting the Initial Application” on page Intro-11 for information on all the materials needed to submit your application
Intro.2.1 Prerequisites for Candidacy
Before you submit your application, first check that you satisfy the educational and
professional prerequisites described below and understand what is expected of Certified Software Quality Analysts after certification
Intro.2.1.1 Educational and Professional Prerequisites
Intro.2.1.1.1 CASQ
To qualify for candidacy, each applicant must meet one of the “rule of 3’s” credentials listed below:
1 A three- or four-year degree from an accredited college-level institution
2 A two-year degree from an accredited college-level institution and one year ofexperience in the information services field
3 Three years of experience in the information services field
Intro.2.1.1.2 CSQA
To qualify for candidacy, each applicant must meet one of the “rule of 6’s” credentials listed below:
Trang 301 A four year degree from an accredited college-level institution and two years of ence in the information services field.
2 A three year degree from an accredited college-level institution and three years of ence in the information services field
3 A two year degree from an accredited college-level institution and four years of ence in the information services field
experi-4 Six years of experience in the information services field
3 Eight years of experience in the information services field
Intro.2.1.2 Expectations of the Certified Professional
Knowledge within a profession doesn't stand still Having passed the certification
examination, a certificant has demonstrated knowledge of the designation's SQABOK at the point in time of the examination In order to stay current in the field, as knowledge and techniques mature, the certificant must be actively engaged in professional practice, and seek opportunities to stay aware of, and learn, emerging practices
The certified SQA analyst is required to submit 120 credit hours of Continuing Professional Education (CPE) every three years to maintain certification or take an examination for recertification Any special exceptions to the CPE requirements are to be directed to Software Certifications Certified professionals are generally expected to:
• Attend professional conferences to stay aware of activities and trends in theprofession
• Take education and training courses to continually update skills and competencies
• Develop and offer training to share knowledge and skills with other professionals andthe public
• Publish information in order to disseminate personal, project, and researchexperiences
• Participate in the profession through active committee memberships and formalspecial interest groups
The certified SQA analyst is expected not only to possess the skills required to pass the certification examination but also to be a change agent: someone who can change the culture
Trang 31and work habits of individuals (or someone who can act in an advisory position to upper management) to make quality in software quality assurance happen.
Intro.2.1.2.1 Professional Skill Proficiency Responsibilities
In preparing yourself for the profession of Software Quality Assurance and to become more effective in your current job, you need to become aware of the three C’s of today's workplace:
• Change – The speed of change in technology and in the way work is performed is
accelerating Without continuous skill improvement, you will become obsolete in themarketplace
• Complexity – Information technology is becoming more complex, not less complex.
Thus, achieving quality, with regard to SQA in the information technologyenvironment, will become more complex You must update your skill proficiency inorder to deal with this increased complexity
• Competition – The ability to demonstrate mastery of multiple skills makes you a more
desirable candidate for any professional position While hard work does not guaranteeyour success, few, if any, achieve success without hard work A software qualityassurance certification is one form of achievement A software quality assurancecertification is proof that you’ve mastered a basic skill set recognized worldwide in theinformation technology arena
Intro.2.1.2.2 Develop a Lifetime Learning Habit
Become a lifelong learner in order to perform your current job effectively and remain
marketable in an era of the three C’s You cannot rely on your current knowledge to meet tomorrow's job demands The responsibility for success lies within your own control
Perhaps the most important single thing you can do to improve yourself
professionally and personally is to develop a lifetime learning habit.
REMEMBER: “If it is going to be—it’s up to me.”
Intro.2.2 Code of Ethics
An applicant for certification must subscribe to the following Code of Ethics that outlines the ethical behaviors expected of all certified professionals Software Certifications includes processes and procedures for monitoring certificant’s adherence to these policies Failure to adhere to the requirements of the Code is grounds for decertification of the individual by the International Software Certifications Board
Trang 32Intro.2.2.1 Purpose
A distinguishing mark of a profession is acceptance by its members of responsibility to the interests of those it serves Those certified must maintain high standards of conduct in order to effectively discharge their responsibility
Intro.2.2.2 Responsibility
This Code of Ethics is applicable to all certified by the ISCB Acceptance of any certification designation is a voluntary action By acceptance, those certified assume an obligation of self-discipline beyond the requirements of laws and regulations
The standards of conduct set forth in this Code of Ethics provide basic principles in the practice of software quality assurance Those certified should realize that their individual judgment is required in the application of these principles
Those certified shall use their respective designations with discretion and in a dignified manner, fully aware of what the designation denotes The designation shall also be used in a manner consistent with all statutory requirements
Those certified who are judged by the ISCB to be in violation of the standards of conduct of the Code of Ethics shall be subject to forfeiture of their designation
Intro.2.2.3 Professional Code of Conduct
Software Certifications certificate holders shall:
1 Exercise honesty, objectivity, and diligence in the performance of their duties and sibilities
respon-2 Exhibit loyalty in all matters pertaining to the affairs of their organization or to whomever they may be rendering a service However, they shall not knowingly be party to any illegal
organi-5 Not accept anything of value from an employee, client, customer, supplier, or business associate of their organization that would impair, or be presumed to impair, their profes-sional judgment and integrity
6 Undertake only those services that they can reasonably expect to complete with sional competence
Trang 33profes-7 Be prudent in the use of information acquired in the course of their duties They shall not use confidential information for any personal gain nor in any manner that would be con-trary to law or detrimental to the welfare of their organization
8 Reveal all material facts known to them that, if not revealed, could either distort reports of operation under review or conceal unlawful practices
9 Continually strive for improvement in their proficiency, and in the effectiveness and ity of their service
qual-10 In the practice of their profession, shall be ever mindful of their obligation to maintain the high standards of competence, morality, and dignity promulgated by this Code of Ethics
11 Maintain and improve their professional competency through continuing education
12 Cooperate in the development and interchange of knowledge for mutual professional efit
ben-13 Maintain high personal standards of moral responsibility, character, and business integrity
Intro.2.2.4 Grounds for Decertification
Revocation of a certification, or decertification, results from a certificant failing to reasonably adhere to the policies and procedures of Software Certifications as defined by the ISCB The ISCB may revoke certification for the following reasons:
• Falsifying information on the initial application and/or a CPE reporting form,
• Failure to abide by and support the Software Certifications Code of Ethics,
Intro.2.3 Submitting the Initial Application
A completed Certification Candidacy Application must be submitted on-line at
www.softwarecertifications.org/portal The ISCB strongly recommends that you submit the application only if you have:
• Satisfied all of the prerequisites for candidacy as stated on page Intro-7
• Subscribed to the Code of Ethics as described on page Intro-9
• Reviewed the SQABOK and identified those areas that require additional studying.The entire SQABOK is provided in Skill Category 1 through Skill Category 10 A
comprehensive list of related references is listed in the appendices
• Current experience in the field covered by the certification designation
• Significant experience and breadth to have mastered the basics of the entire SQABOK
• Prepared to take the required examination and therefore ready to schedule and take theexamination
Trang 34• Are not yet working in the field but who have an interest in obtaining employment inthe field (CSQA and CMSQ).
• Are working in limited areas of the field but would like to expand their work roles toinclude broader responsibilities (CSQA and CMSQ)
• Are working in IT but have only marginal involvement or duties related to thecertification (CSQA and CMSQ)
• Are interested in determining if this certification program will be of interest to them.Candidates for certification who rely on only limited experience, or upon too few or specific study materials, typically do not successfully obtain certification Many drop out without ever taking the examination Fees in this program are nonrefundable
Do not apply for CSQA or CMSQ unless you feel confident that your work
activities and past experience have prepared you for the examination process.
Applicants already holding a certification from the ISCB must still submit a new application when deciding to pursue an additional certification For example, an applicant already holding
a CSTE or CSBA certification must still complete the application process if pursuing the CSQA certification
Intro.2.3.1 Updating Your On-Line Profile
It is critical that candidates keep their on-line profile up-to-date Many candidates change their residence or job situations during their certification candidacy If any such changes occur, it is the candidate's responsibility to login to the Software Certification Customer Portal and update their profile as appropriate
Intro.2.4 Application-Examination Eligibility Requirements
The Certification Candidacy begins the date the application fee is processed in the Customer Portal The candidate then has 12 months from that date to take the initial examination or the
candidacy will officially expire If the application is allowed to expire the individual must
reapply for candidacy and pay the current application fee to begin the certification candidacy again
If the examination is taken inside that 12-month period, then another year is added to the original application length and two more attempts, if required Candidates for certification must pass a two-part examination in order to obtain certification The examination tests the candidate's knowledge and practice of the competency areas defined in the SQABOK
Candidates who do not successfully pass the examination may re-take the examination up to
Trang 35two times by logging into the Software Certification’s Customer Portal and selecting the
retake option and paying all required fees
Technical knowledge becomes obsolete quickly; therefore the board has established these eligibility guidelines The goal is to test on a consistent and comparable knowledge base worldwide The eligibility requirements have been developed to encourage candidates to prepare and pass all portions of the examination in the shortest time possible
Intro.3 Scheduling with Pearson VUE to Take the
Examination
When you have met all of the prerequisites as described above, you are ready to schedule and take the Software Quality Assurance examination
To schedule the Software Quality Assurance Certification examination, every candidate must:
• Satisfy all of the qualifications as described in “Meeting the CertificationQualifications” starting on page Intro-7 Be certain that you are prepared and havestudied the SQABOK and the vocabulary in Appendix A
• After completing your on-line application you will receive within 24 hours anacknowledgment from Pearson VUE Testing Centers that you are eligible to take theexam at a Pearson VUE site You will follow the instructions on that acknowledgmentemail for selecting a testing center location, date and time of your exam
Intro.3.1 Arriving at the Examination Site
Candidates should arrive at the examination location at least 30 minutes before the scheduled start time of the examination To check-in at the testing center, candidates must have with them two forms of identification, one of which must be a photo ID You will receive an email from Pearson VUE regarding arrival instructions
Intro.3.1.1 No-shows
Candidates who fail to appear for a scheduled examination – initial or retake – are marked as
NO SHOW and must submit an on-line Examination Re-sit request to apply for a new
examination date If a candidate needs to change the date and/or time of their certification exam, they must log in directly to the Pearson VUE site to request the change All changes must be made 24 hours before the scheduled exam or a re-sit fee will be required
Trang 36Intro.4 How to Maintain Competency and Improve
Value
Maintaining your personal competency is too important to leave to the sole discretion of your employer In today’s business environment you can expect to work for several different organizations, and to move to different jobs within your own organization In order to be adequately prepared for these changes you must maintain your personal competency in your field of expertise
Intro.4.1 Continuing Professional Education
Most professions recognize that continuing professional education is required to maintain competency of your skills There are many ways to get this training, including attending professional seminars and conferences, on-the-job training, attending professional meetings, taking e-learning courses, and attending professional association meetings
You should develop an annual plan to improve your personal competencies Getting 120 hours
of continuing professional education will enable you to recertify your Software Quality Assurance designation
Intro.4.2 Advanced Software Quality Assurance Designations
You can use your continuing professional education plan to improve and demonstrate your value to your employer Your employer may have difficulty assessing improved competencies attributable to the continuing professional education you are acquiring However, if you can use that continuing education effort to obtain an advanced certification, you can demonstrate
to your employer your increased value to the organization by acquiring an advanced
certification
Intro.4.2.1 What is the Certification Competency Emphasis?
The drivers for improving performance in IT are the quality assurance and quality control (testing) professionals Dr W Edward Deming recognized this “do-check” partnership of quality professionals in his “14 points” as the primary means for implementing the change needed to mature Quality control identifies the impediments to quality and quality assurance facilitates the fix Listed below is the certification level, emphasis of each certification, and how you can demonstrate that competency
• CASQ
Demonstrate competency in knowing what to do
Study for, and pass, a one-part examination designed to evaluate the candidate’sknowledge of the principles and concepts incorporated into the SQABOK
Trang 37• CSQA
Demonstrate competency in knowing what to do and how to do it
Study for, and pass, a two-part examination designed to evaluate the candidate’sknowledge of the principles and concepts incorporated into the SQABOK, plus the ability
to relate those principles and concepts to the challenges faced by IT organizations
Demonstrate competency in knowing how to solve management level challenges
Candidates must demonstrate their ability to develop real solutions to challenges in their
IT organizations, by proposing a solution to a real-world management problem
Trang 39Preparing for the CSQA
Examination
he CSQA examination is designed to evaluate your knowledge of the principles andpractices of software quality analysis The principles primarily will involve vocabulary.This is to ensure that you understand what quality in an IT function is attempting toaccomplish The second half of the examination is on the application of those principles.This is to ensure that you can recognize good software quality practices when they occur
Preparing for any standardized examination should be considered a serious undertaking Beginpreparing and studying well in advance Remember that the minimum requirement for submitting
your application is 60 calendar days prior to the exam date When you know you will be applying
for the examination, submit your application and fees and begin studying Avoid “cramming,” as it
is rarely beneficial in the long term See the “Introduction” for detailed information on submittingyour application
Assess Your CSQA CBOK Competency Intro-18Understand the Key Principles Incorporated
Review the List of References Intro-23Initiate a Self-Study Program Intro-24Take the Sample Examination Intro-25
T
Trang 40Assess Your CSQA CBOK Competency
The Common Body of Knowledge (CBOK) for the CSQA is, in effect, a job description for aworld-class IT quality assurance analyst The CSQA Certification Board has defined the skillswithin the CBOK as those skills that would enable an IT quality assurance analyst to perform thetasks needed to meet today’s IT quality challenges
Many human resource organizations use the CSQA CBOK as the basis for writing job descriptionsfor IT quality assurance analysts To properly prepare yourself to be proficient in the practice of ITquality assurance, you should develop a personal plan of action that would enable you to assessyour competency in the CSQA CBOK It is recognized that many software quality analysts do notneed to be competent in all of the skill categories to fulfill their current job responsibilities
The current CBOK includes 10 skill categories that are fully described in this guide:
Skill Category 1 Quality Principles and Concepts
Skill Category 2 Quality Leadership
Skill Category 3 Quality Baselines (Assessments and Audits)
Skill Category 4 Quality Assurance
Skill Category 5 Quality Planning
Skill Category 6 Define, Build, Implement and Improve Work Processes
Skill Category 7 Quality Control Practices
Skill Category 8 Metrics and Measurements
Skill Category 9 Internal Control and Security
Skill Category 10 Outsourcing, COTS, and Contracting Quality
The 10 CSQA CBOK Skill Categories are common to all quality-related assignments andtherefore, the certification examination focuses equally on all of them
Complete the CSQA Skill Assessment Worksheet
To assess your competency of the CSQA CBOK, complete the worksheet, “CSQA SkillAssessment Worksheet” starting on Eval-2 Follow these guidelines on how to use the worksheet
to rate your competency and identify those areas that you need to better understand to successfullypass the CSQA examination:
1 Assess your competency of each skill listed on the worksheet Carefully read each skillwithin the skill category Based on your reading of the skill, assess your competency in