Chapter 4 – Information Technology

It is the policy of the Department to provide Quality Assurance (QAQuality Assurance) and Quality Control (QCQuality Control) functions to ensure the usability and effectiveness of all EDPElectronic Data Processing (see IT) applications and processes.

The purpose of the QAQuality Assurance function is to facilitate the continuous review and improvement of processes which underlie the creation and maintenance of automated systems and databases. The purpose of the QCQuality Control function is to implement methods and practices that allow EDPElectronic Data Processing (see IT) products and processes to be measured against predefined standards. Together, QAQuality Assurance and QCQuality Control ensure that automated systems and their products better meet user needs.

CDC recognizes that maintaining adequate, correct and current offender data is critical to departmental operations that directly affect staff, inmate, and public safety. OISBOffender Information Services Branch, in the ASDSee Division of Administrative Services (DAS) (see ASB), is responsible for major current, proposed, and future statewide offender ITS. QAQuality Assurance procedures to be applied to these departmental ITS include:

• Continual monitoring of the validity and currency of data contained in offender ITS;

• Establishment of methods to identify errors or inadequacies in these data; and

• Development of appropriate procedures and solutions to correct inaccuracies or out-of-date data.

The OISBOffender Information Services Branch does not directly implement most procedures and solutions. Rather, once a problem has been identified the OISBOffender Information Services Branch provides the owners of the data with tools and procedures aimed at eliminating the problem. After the owners of the data have implemented these tools and procedures, the OISBOffender Information Services Branch provides ongoing review of the data to ensure its accuracy, currency, and completeness.

A QAQuality Assurance council shall be established to ensure that departmental QAQuality Assurance policies, standards, and procedures are implemented and maintained. Responsibility for implementing QAQuality Assurance resides with each entity (i.e., division, branch, or unit) that develops and maintains systems.

QAQuality Assurance Council

• The QAQuality Assurance council shall be comprised of the departmental Information Security Officer (Chairperson) and representatives from each division responsible for the development and maintenance of ITS. The QAQuality Assurance council shall:

  • Develop departmental QAQuality Assurance policies, standards, and procedures.

  • Develop and implement an annual QAQuality Assurance plan in support of the Department’s strategic plan.

  • Ensure that systems developed or maintained in the Department adhere to CDC QAQuality Assurance/QCQuality Control standards and procedures.

  • Support programs that educate CDC staff in the importance of quality concepts and in the tools, techniques, methods, and practices that facilitate QAQuality Assurance and QCQuality Control.

  • Act as a source of information on processing quality data and on the need for continued commitment to an improvement effort.

  • Review industry standards (e.g., ANSI/IEEE, FIPS) to facilitate the development of departmental EDPElectronic Data Processing (see IT) standards.

• The QAQuality Assurance council shall meet quarterly or as needed.

Division/Branch/Unit

• Accountability for QAQuality Assurance and QCQuality Control is fixed on a system by system basis. See DOMDepartment Operations Manual 47000, Departmental Systems, for ownership designation and fixed responsibility for QCQuality Control.

• OISBOffender Information Services Branch is responsible for data integrity in major, statewide offender ITS.

• In fulfilling QAQuality Assurance/QCQuality Control responsibilities each entity shall, where applicable, ensure that:

  • ITS projects are reviewed during all phases of the systems development life cycle (SDLCSystems Development Life Cycle).

  • Data integrity is developed and maintained, both in the SDLCSystems Development Life Cycle and by the unit designated responsible for QCQuality Control, on each application or database.

  • User requirements are well-defined (for systems development or maintenance projects), all objectives of the work effort have been met, and results are appropriate keeping in mind each project’s overall objectives.

  • The ITS processes are monitored and measured for the purpose of improving these processes.

  • Quality improvement programs are established and quality concepts are promoted throughout Department branches that develop and maintain ITS.

Acceptance Testing

• Testing that insures a computer system meets the needs of the organization and the end-user.

Client (User)

• The individual or organization that utilizes a product.

Correctness

• The extent to which software conforms to its specifications and standards; (2) the extent to which software is free from design and coding defects (i.e., “fault-free”); and (3) the extent to which software meets user expectations.

Cost of Quality

• The cost of quality for a product is the sum of prevention, detection, correction, and client costs. Prevention cost is the total cost incurred during product development prior to general release. Detection, correction, and client costs are post-release costs associated with reworking due to defects. QAQuality Assurance shall be considered cost-effective when post-release costs are reduced by an amount greater than any increase in prevention costs resulting from the inclusion of QAQuality Assurance in the development process.

Data Base Integrity

• The accuracy, completeness, and timeliness of information contained in a database.

Defect

• A variance from specifications/standards or attribute/function not contained in the software requirements specifications.

Defect-Prone Process

• A process/activity during which a high number of defects occur.

Desk Checking

• An informal evaluation technique in which the person who developed a unit of code inspects it visually to identify possible errors or violations of development standards.

Failure

• Inability of a product or service to perform its required functions within previously established limits.

Integration Testing

• Testing performed on groups of modules to ensure data and control are passed properly between modules.

Long-Term Capacity Planning

• The objective of long-term capacity planning is to develop methods and means for ensuring that hardware, system software, communications, and system design shall meet the long-term objectives for additional processing required by new applications, integration of new processors and platforms, and new generations of software. This plan encompasses a five- to seven- year period and is designed to help determine budget requirements and goals for the Department.

Post Implementation Evaluation Report

• The review of a computer, computer system, or computer network that has been in operation for at least six months and no longer than two years for the purpose of matching the requirements of the system against what has been produced, so as to ensure that stated requirements have been met.

Problem Reporting/ Tracking

• A process of reporting outstanding problems, having them assigned for resolution, and closing them out when the user has been notified that the problems have been solved.

Process

• The work activities that produce products, including the efforts of people and equipment.

Product

• The output of a process including the goods and services produced by individuals and the organization.

Quality

• The extent to which a product meets the expectations and requirements of the user.

QAQuality Assurance

• A staff function designed to support line management in performing the QCQuality Control function. As such, QAQuality Assurance identifies those processes, both good and bad, that affect quality, and is used to advise management of such effects. A management decision may then be necessary to ensure that QCQuality Control techniques are implemented and maintained; and

• The function that uses measurement and analysis to continually improve processing, procedures, and standards so that management can be “assured” of their staff following such methods, procedures, and standards, as well as their ability to produce products that meet specified requirements.

QCQuality Control

• The collection of activities to ensure that defects are neither made nor implemented. While QAQuality Assurance monitors the processes involved in the production cycle, QCQuality Control is an integral part of work and is the responsibility of each employee; and

• A line function used to measure quality associated with specific products or services. QCQuality Control is the responsibility of each ITS area and is the function responsible for the quality of the work being done within a specific area or for a specific project.

Quality Improvement Program

• A program designed to reduce the number of defects produced.

Regression Testing

• Testing applied after changes have been made to ensure that no unwanted changes have been introduced.

Requirement

• The specification(s) for satisfying a user need; is associated with a standard by which the satisfaction of that need can be measured.

Resource Management

• The determination of current and short-term needs for hardware, system performance, and communications, and the allocation of such resources to meet the overall goals and current short-term plans of the Department. Resource Management requires the gathering of data about new processing needs and applications not addressed in longrange planning, as well as any other information that impacts current system resources.

System Testing

• A generic term that differentiates various types of higher order testing from unit testing.

Total Quality Management

• Consists of continuous process improvement activities involving everyone in an organization-managers and workers-in a totally integrated effort toward improving performance at every level. This improved performance is directed toward satisfying such crossfunctional goals as quality, cost, schedule, mission, need, and suitability. Total Quality Management, or TQM, integrates fundamental management techniques, existing improvement efforts, and technical tools under a disciplined approach focused on continuous process improvement. The activities are focused ultimately on increased client/user satisfaction.

Unit Testing

• Testing performed on a single, standalone module or unit of code.

Validation

• The process of comparing a product in any stage of its development with specified requirements in order to determine whether the correct product is being produced.

Walk-Through

• A review process in which a designer or programmer leads one or more members of the development team through a segment of documentation or code that he or she has written, and other team members ask questions and make comments about technique, style, possible errors, violation of development standards, and other issues.

The Assistant Secretary, EISEnterprise Information Services (formerly Information Services Division), or designee shall be responsible for ensuring that the contents of this Article are kept current and accurate.

Quality Assurance Institute: Effective Methods For Quality Assurance In Information Systems.

DOMDepartment Operations Manual § 47000.