Quality Policy

Version: 1.00Issue Date: 2/2/2015

This Quality Policy Cycle ensures that information technology activity quality goals and objectives are set and results are measured.

1.0 Overview

This Quality Policy will help ensure that information technology activity is performed to required standards to meet the business needs.

2.0 Purpose

This Quality Policy requires that a quality assurance plan is developed and enforced along with quality standards. It requires that quality is measured where possible, reviewed, and improved upon where possible.

3.0 Scope

This Quality Policy applies to all information technology activities and projects and all personnel managing or working on any information technology activities or projects. This policy is effective as of the issue date and does not expire unless superceded by another policy.

4.0 Quality Standards and Planning

  • Upper management must create the quality assurance plan and methodology using input from all stakeholders and affected parts of the organization.
  • The quality plan must include processes used to achive the quality objectives.
  • Upper management is responsible for establishing and maintaining this quality policy and quality standards.
  • The quality plan must include quality assurance activities that are project specific and activities that are general. General quality activities include peer code reviews and various testing including Quality Assurance(QA) testing and user acceptance testing.
  • The quality plan must include specific QA activities including objectives, success factors, observable attributes or measurable criteria, and expected test results where they are applicable.
  • Each quality assurance process must have set objectives and associated activities along with success factors, and observable attributes or measurable criteria.
  • The quality plan must include methods and tools that can be used to perform quality testing and aid analysis of the results.
  • The quality plan must support the business processes.
  • *The quality policy must cover quality assurance, quality control, and quality improvement.
  • *The quality policy must define roles, authority, and responsibilities.
  • *The quality policy must be approved by all stakeholders.
  • Upper management is responsible for establishing a quality plan. (within timeframe)
  • Upper management is responsible for establishing quality standards which are compatable with the quality policy.
  • Quality assurance measurements useful to the business strategy must be identified and included in the quality plan.
  • Responsibility for remediation when QA measurements are found below expectations must be delegated.
  • Methods for collecting quality assurance measurement data must be identified.
  • The responsibility for the collection of the data must be delegated.
  • A quality assurance plan must be created for each critical and important business process or objective.
  • The quality plan must be communicated to all staff affected by it including management. Upper management is responsible for ensuring that the quality plan is properly authorized and communicated.
  • Quality training must be used to communicate the benefits of the quality plan and improve awareness of the plan.
  • The quality plan should include goals, objectives and measurements that show the objectives were achieved. This creates a balanced scorecard which includes objectives supporting combinations of learning and growth processes, internal processes, the customer, and financial.
  • Quality assurance report requirements including the format and content requirements for the reports should be defined. Use of quality measurements and requirements should be applied along with monitoring and unbiased conclusions regarding QA effectiveness and methods to improve the program.
  • The quality assurance plan should define the required content of QA reports for various project types and services. It should define the timing of quality assurance reviews relative to the project completion and when services are rendered.
  • A process for distribution of reports to stakeholders must be created.
  • Service level agreements should be considered when measuring quality and determining what should go into the plan.
  • The development life cycle should provide the ability for customers and project implementers to communicate and work together during each project phase especially during planning, design, implementation, and testing phases.
  • Procedures must be developed for the SDLC which define what is done during a quality assurance review to assure that development standards are followed.
  • Customer satisfaction surveys should be implemented by management so customer satisfaction levels may be measured.
  • Results of customer satisfaction surveys must be reviewed by quality assurance management and discussed with customers to determine actions to take for improvement.

5.0 Quality Plan Review

  • A review process to allow for review of the quality plan should be created by a management team created by upper management.
  • The quality plan must be reviewed annually to determine its effectiveness and modified as necessary. Whether organizational objectives are being met must be considered along with the efficiency of the quality assurance processes.
  • Elements of the quality plan that should be reviewed include objectives, measurable metrics and their usefulness, value, and validity.
  • The quality plan should be reviewed against industry standards and guidelines.
  • After major changes to the quality plan, quality assurance activities should be performed.
  • Include training for both management and workers as part of the quality plan.
  • The quality metrics used by the quality plan should be used to evaluate it based on its effectiveness, usefulness, and value. Objectives, success factors, observable attributes or measurable criteria, and expected test results where they are applicable should be used to evaluate the quality assurance process.
  • The annual quality plan review should evaluate communication and coordination efforts to determine their effectiveness and determine methods of improvement.

6.0 Quality Environment

  • The designers of the quality process must understand the business processes and how they affect quality. The quality process must consider improvements to the business process.
  • The quality plan should be focused on prevention of defects and problems more than detection.
  • The quality plan must consider improvements to the system to remove problems.
  • The quality plan must foster an environment that encourages sharing of knowledge so management can learn about problems from the workers and apply knowledge of the system to fix the problems/system by improving processes.
  • The quality plan should consider defined business processes and include activities, objectives, and practices which can be improved to deliver higher quality.
  • The quality plan should focus on quality rather than cost.
  • The quality plan should utilize principles from proven methodologies such as William Edwards Deming or the capability maturity model integration.
  • Management must ensure close cooperation between information technology customers and those who make information technology decisions and provide support including steering committees, designers and implementers of systems, and project teams and developers.
  • Clear definition of staff roles and responsibilities regarding quality assurance should be communicated to each staff member.
  • Combinations of user group meetings, project dashboards with status, and service level reports should be used to increase quality awareness and knowledge about performance.
  • The Development Life Cycle Policy should require project review to determine whether quality assurance standards were upheld for the project.
  • Quality assurance staff must be qualified for their job roles through a combination of training and experience.

7.0 Quality Resources

  • Those who are responsible for managing quality resources must be defined and the extent of authority must be defined including management of human resources, tools, equipment, and financial authority.
  • All relevant parties must be informed about and understand who is responsible for managing quality assurance resources.

8.0 Quality Reviews

  • Reviews of projects or services provided to customers must be performed in a timely manner by quality assurance staff.
  • Individuals responsible for performing quality reviews must be aware of their roles and responsibilities.
  • Quality assurance review scopes and objectives must be defined for various types of information technologies such as project development or services provided. The scope and objectives or reviews must be documented and approved by management. Expected benefits must be considered when determining the scope and objectives of reviews.
  • Quality assurance reviews should evaluate whether IT standards and procedures were applied and followed for projects and services provided.
  • Quality assurance reviews must include relevant metrics such as defect frequencies or system availability.
  • When quality assurance reports are issued, a process for ensuring that quality assurance report results and recommendations are addressed and appropriate actions are taken must be in place.
  • Quality assurance review results must be discussed with relevant parties.
  • The effectiveness and usefulness of quality assurance reporting must be monitored with methods to improve the process as the main consideration.
  • Quality assurance reports must be sent to stakeholders in a timely fashion.
  • Quality assurance reports must be sent to all relevant staff including upper management, quality management and team members.
  • Remedial action must be taken based on QA reports when significant gaps are found. A follow up must be scheduled to ensure that remedial action was taken and someone must be responsible for the follow up.
  • Quality assurance management must assess all quality assurance reviews on a quarterly basis to be sure quality issues are being properly addressed and resolved. Upper information technology management should review these reports quarterly and follow up to be sure issues are addressed and that appropriate quality management and other staff have appropriate authority to get issues addressed.
  • Training and modifications to quality standards should be implemented where quality assurance reports indicate these actions are helpful.
  • Quality assurance review results should be compared with industry guidelines.
  • The results of quality assurance reviews should be used to improve compliance to standards.
  • A program (continuous improvement program) to improve compliance should be created with specific tasks listed in the plan. The results of reviews should provide for additional tasks or indicate that current tasks are complete.

9.0 Enforcement

Since following the Quality Policy is important to meet the business needs of the organization, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

10.0 Other Policies

  • Change Management Policy
  • Development Life Cycle Policy

11.0 Additional Requirements

  • Procedures must be developed for the SDLC which define what is done during a quality assurance review to assure that development standards are followed.

Approval

Approved by:__________________________ Signature:_____________________ Date:_______________