Introduction to the CSQA Program Software Certification Overview Contact Us Program History Why Become Certified?

Benefits of Becoming a CSQA Value Provided to the Profession Value Provided to the Individual Value Provided to the Employer Increased Confidence by IT Users and Customers Improved Processes to Build/Acquire/Maintain, Operate and Measure Software Independent Assessment of Quality Assurance Competencies Quality Assurance Competencies Maintained Through Recertification Value Provided to Co-Workers Mentoring the Staff Testing Resource to IT Staff Role Model for Quality Assurance Practitioners How to Improve Quality Assurance Effectiveness Through CSQA Certification Meeting the CSQA Qualifications Prerequisites for Candidacy Educational and Professional Prerequisites Non-U.S. Prerequisites Expectations of the CSQA Professional Skill Proficiency Responsibilities Develop a Lifetime Learning Habit Code of Ethics Purpose Responsibility Professional Code of Conduct Grounds for Decertification Submitting the Initial Application Correcting Application Errors Submitting Application Changes Examination Requirements Filing a Retake Application Arranging to Sit and Take the Examination Scheduling to Take the Examination Rescheduling the Examination Sitting Receiving the Confirmation Letter Checking Examination Arrangements Arriving at the Examination Site No-shows How to Maintain Competency and Improve Value Continuing Professional Education Advanced CSQA Designations What is the Certification Competency Emphasis?

Intro-1 Intro-2 Intro-3 Intro-3 Intro-3 Intro-3 Intro-4 Intro-4 Intro-5 Intro-5 Intro-5 Intro-5 Intro-6 Intro-6 Intro-6 Intro-6 Intro-6 Intro-6 Intro-8 Intro-8 Intro-8 Intro-8 Intro-9 Intro-9 Intro-10 Intro-10 Intro-10 Intro-11 Intro-11 Intro-12 Intro-12 Intro-14 Intro-14 Intro-15 Intro-15 Intro-15 Intro-16 Intro-17 Intro-17 Intro-17 Intro-17 Intro-17 Intro-18 Intro-18 Intro-18 Intro19

Preparing for the CSQA Examination Assess Your CSQA CBOK Competency Complete the CSQA Skill Assessment Worksheet Calculate Your CSQA CBOK Competency Rating Understand the Key Principles Incorporated Into the Examination Review the List of References Initiate a Self-Study Program Take the Sample Examination CSQA Skill Assessment Worksheet Assess Your Skills against the CSQA CBOK Skill Category 1 Quality Principles and Concepts Skill Category 2 Quality Leadership Skill Category 3 Quality Baselines Skill Category 4 Quality Assurance Skill Category 5 Quality Planning Skill Category 6 Define, Build, Implement and Improve Work Processes Skill Category 7 Quality Control Practices Skill Category 8 Metrics and Measurement Skill Category 9 Internal Control and Security Skill Category 10 Outsourcing, COTS, and Contracting Quality CSQA CBOK Competency Rating Table

Intro-21 Intro-22 Intro-22 Intro-24 Intro-26 Intro-27 Intro-28 Intro-29 Eval-1 Eval-1 Eval-2 Eval-3 Eval-4 Eval-5 Eval-6 Eval-7 Eval-8 Eval-9 Eval-10 Eval-11 Eval-12

Skill Category 1
Quality Principles Vocabulary of Quality The Different Views of Quality The Two Quality Gaps Quality Attributes for an Information System Quality Concepts and Practices PDCA Cycle Cost of Quality The Three Key Principles of Quality The Quality Solution Best Practices Six Sigma Quality Baselining and Benchmarking Earned Value Quality Control and Quality Assurance Quality Control Quality Assurance Differentiating Between Quality Control and Quality Assurance Understanding and Using the Just-In-Time (JIT) Technique Quality Pioneers Approach to Quality Dr. W. Edwards Deming Philip Crosby Dr. Joseph Juran Total Quality Management A Managerial Philosophy Based on the Work of the Pioneers 1-1 1-1 1-4 1-5 1-6 1-8 1-9 1-11 1-14 1-14 1-15 1-15 1-16 1-16 1-17 1-17 1-18 1-18 1-19 1-22 1-22 1-25 1-28 1-29 1-29

Skill Category 2
Quality Leadership Leadership Concepts Executive and Middle Management Commitment Executive Management Commitment Middle Management Commitment Quality Champion New Behaviors for Management Traditional Management versus Quality Management Leadership The Importance of Establishing Mentoring Relationships Establishing Trust Competition to Cooperation Awareness Training Nurturing New Behaviors Empowerment of Employees Quality Management Infrastructure Quality Council Management Committees Teams and Work Groups Understanding Team Development Phases Establishing Group Compatibility Consensus Controlling Meetings Using Task Forces Effectively Personal Persuasion Conformity Behavior of Individuals in a Group Resolving Customer Complaints Written Reports Process Improvement Teams Quality Environment The Six Attributes of an Effective Quality Environment The Core Values and Concepts Included in the Malcolm Baldrige National Quality Award Model Core Values and Concepts Visionary Leadership Customer-Driven Excellence Organizational and Personal Learning Valuing Employees and Partners Agility Focus on the Future Managing for Innovation Management by Fact Social Responsibility Focus on Results and Creating Value Systems Perspective Setting the Proper Tone at the Top Code of Ethics and Conduct Open Communications Guidelines for Effective Communications Providing Constructive Criticism Achieving Effective Listening The 3-Step Listening Process 2-1 2-1 2-2 2-4 2-4 2-5 2-5 2-5 2-7 2-10 2-11 2-11 2-11 2-13 2-14 2-15 2-16 2-17 2-17 2-18 2-19 2-21 2-21 2-22 2-23 2-24 2-25 2-27 2-29 2-30 2-30 2-33 2-34 2-34 2-35 2-35 2-36 2-37 2-38 2-38 2-38 2-39 2-40 2-40 2-40 2-41 2-41 2-42 2-42 2-44 2-45

Implementing a Mission, Vision, Goals, Values, and Quality Policy Mission Vision Goals Values Quality Policy Monitoring Compliance to Organizational Policies and Procedures Four Types of Monitoring Monitoring the Tone at the Top Monitoring by Individuals Ongoing Monitoring Independent Monitoring Enforcement of Organizational Policies and Procedures Types of Enforcements Automated Enforcement Self-Enforcement Supervisory Enforcement

2-48 2-48 2-49 2-49 2-51 2-52 2-53 2-54 2-54 2-55 2-55 2-56 2-57 2-58 2-58 2-58 2-59

Skill Category 3
Quality Baselines Quality Baseline Concepts Baselines Defined Types of Baselines Conducting Baseline Studies Conducting Objective Baseline Studies Conducting Subjective Baseline Studies Planning Internal analysis Benchmarking Methods Used for Establishing Baselines Customer Surveys Benchmarking to Establish a Baseline Goal Assessments against Management Established Criteria Assessments against Industry Models Model and Assessment Fundamentals Purpose of a Model Types of Models (Staged and Continuous) Staged models Continuous models Model Selection Process Using Models for Assessment and Baselines Assessments versus Audits Industry Quality Models Software Engineering Institute Capability Maturity Model Integration (CMMI) Maturity Levels Level 1: Initial Level 2: Managed Level 3: Defined Level 4: Quantitatively Managed Level 5: Optimizing Components of the Maturity Levels 3-1 3-1 3-1 3-2 3-2 3-4 3-5 3-6 3-6 3-6 3-7 3-7 3-7 3-10 3-12 3-12 3-12 3-13 3-13 3-14 3-14 3-15 3-15 3-16 3-16 3-17 3-18 3-18 3-18 3-19 3-19 3-20

Skipping Maturity Levels Malcolm Baldrige National Quality Award (MBNQA) National Institute of Standards and Technology Board of Overseers Board of Examiners Award Recipients 2005 Award Criteria 1 Leadership 2 Strategic Planning 3 Customer and Market Focus 4 Information and Analysis 5 Human Resources 6 Process Management 7 Business Results 2005 Award Scoring System Process The Application Review Process Other National and Regional Awards ISO 9001:2000 Model Overview Management Responsibility Resource Management Product Realization Measurement, Analysis and Improvement ISO/IEC 12207: Information Technology Software Life Cycle Processes Model Overview Target Audience Views of Software Development Relationship to Other Standards ISO/IEC System and Software Standards IEEE/EIA 12207 ISO/IEC 15504: Process Assessment (Formerly Known as Software Improvement and Capability Determination (SPICE) Model Overview Reference Models Process Dimension Process Capability Dimension The Assessment Process Relationship to other International Standards Post-Implementation Audits

3-20 3-21 3-21 3-21 3-21 3-21 3-22 3-22 3-22 3-22 3-23 3-23 3-23 3-23 3-23 3-24 3-25 3-25 3-25 3-26 3-27 3-28 3-28 3-29 3-29 3-29 3-32 3-32 3-33 3-33 3-33 3-34 3-34 3-37 3-37 3-39 3-40 3-42 3-42

Skill Category 4
Quality Assurance Establishing a Function to Promote and Manage Quality The Challenges of Implementing a Quality Function How the Quality Function Matures Over Time Three Phases of Quality Function Maturation Initial Phase Intermediate Phase Final Phase Drivers that Change the Role of the QA Analyst Management Philosophy Personal Belief System of Managers 4-1 4-1 4-3 4-5 4-5 4-5 4-5 4-6 4-7 4-7 4-8

Quality Function Recommendations Support in Corporate Quality Management Environment Support of Corporate Quality Management with Repository of Quality Information IT Management Responsibilities in Corporate Quality Management Environment Implementing an IT Quality Function Step 1: Develop a Charter Step 2: Identify the Quality Manager Step 3: Locate Organizationally the IT Quality Function Step 4: Build Support for Quality Step 5: Staff and Train the Quality Function Step 6: Build and Deploy the Quality Toolbox Step 7: Drive the Implementation of the Quality Management Environment IT Quality Plan Long-Term Actions Short-Term Actions Quality Tools Management Tools Brainstorming Affinity Diagram Nominal Group Technique Cause-and-Effect Diagram Force Field Analysis Flowchart and Process Map Benchmarking Planning Phase Analysis Phase Integration Phase Action Phase Matrix Quality Function Deployment Fundamental Deployments Horizontal Deployments Vertical Deployments Playscript Statistical Tools Check Sheet Histogram Pareto Chart Run Chart Control Chart Scatter Plot Presentation Tools Table Line Chart Bar Chart Pie Chart Stem-and-Leaf Chart Process Deployment Getting Buy-In for Change through Marketing Step 1: Identify Customer Needs Step 2: Present Solution in Terms of Customer Needs Step 3: Identify Barriers and Obstacles Step 4: Address Barriers and Obstacles Step 5: Obtain Approval The Formula for Effective Behavior Change The Deployment Process

4-8 4-9 4-9 4-9 4-10 4-10 4-12 4-13 4-14 4-16 4-18 4-19 4-19 4-20 4-21 4-23 4-24 4-25 4-25 4-26 4-27 4-29 4-30 4-31 4-32 4-33 4-33 4-33 4-34 4-35 4-37 4-38 4-38 4-39 4-40 4-40 4-41 4-43 4-44 4-45 4-47 4-49 4-49 4-49 4-50 4-51 4-52 4-53 4-53 4-54 4-54 4-55 4-55 4-56 4-56 4-56

Deployment Phase 1: Assessment Deployment Phase 2: Strategic Deployment Phase 3: Tactical Critical Success Factors for Deployment Internal Auditing and Quality Assurance Types of Internal Audits Differences in Responsibilities

4-57 4-57 4-60 4-64 4-66 4-66 4-67

Skill Category 5
Quality Planning Planning Concepts -1 The Management Cycle The Planning Cycle Integrating Business and Quality Planning The Fallacy of Having Two Separate Planning Processes Planning Should be a Single IT Activity Prerequisites to Quality Planning The Planning Process Planning Process Overview The Six Basic Planning Questions The Common Activities in the Planning Process Business or Activity Planning Environment Planning Capabilities and Opportunities Planning Assumptions/Potential Planning Objectives/Goals Planning Policies/Procedures Planning Strategy/Tactics Planning Priorities/Schedules Planning Organization/Delegation Planning Budget/Resources Planning Planning Activities for Outsourced Work Planning to Mature IT Work Processes QAI Model and Approach to Mature IT Work Processes Why Six Process Categories Were Chosen Manage by Process, a Tactical View of Process Maturity Tactics for Maturing the Management Processes Level 1 -- Product Focus Level 2 -- Process Focus Level 3 -- End User Focus Level 4 -- Team Focus Level 5 World-Class Focus Tactics for Maturing the People Management Processes Level 1 Unpredictable Level 2 Process Skills Level 3 Integration Level 4 Quantitative Management Level 5 Innovate Tactics for Maturing the Deliverables Processes Level 1 Constraint Requirements Level 2 Business Requirements Level 3 Relational Requirements 5-1 5-2 5-4 5-6 5-6 5-6 5-8 5-9 5-9 5-11 5-13 5-13 5-13 5-13 5-14 5-14 5-14 5-15 5-15 5-15 5-16 5 -16 5-17 5-17 5-19 5-19 5-20 5-22 5-23 5-23 5-23 5-23 5-26 5-28 5-29 5-30 5-31 5-31 5-32 5-34 5-35 5-35

Level 4 Quality Requirements Level 5 Reliability Requirements Tactics for Maturing the Technology Processes Level 1 Assessment/Pilot Level 2 Operational Level 3 Predictable Level 4 Technology Optimization Level 5 People Optimization Tactics for Maturing the Quality Assurance Processes Level 1 Controlling Level 2 -- Defining Level 3 -- Aligning Level 4 -- Adapting Level 5 -- Champion Tactics for Maturing the Quality Control Management Processes Level 1 Validation Level 2 Verification Level 3 -- Defect Management Level 4 -- Statistical Process Control Level 5 - Preventive Management How to Plan the Sequence for Implementing Process Maturity Relationship between People Skills and Process Definitions Relationship of Do and Check Procedures Relationship of Individuals' Assessment of How They are Evaluated to Work Performed Relationship of What Management Relies on for Success Relationship of Maturity Level to Cost to Do Work Relationship of Process Maturity to Defect Rates Relationship of Process Maturity and Cycle Time Relationship of Process Maturity and End User Satisfaction Relationship of Process Maturity and Staff Job Satisfaction Relationship of Process Maturity to an Organization's Willingness to Embrace Change Relationship of Tools to Process Maturity Relationship of the Control and Test Process Category to Quick Paybacks Strategy for Moving to Higher Maturity Levels Skipping Levels and Reverting Back to Lower Levels

5-35 5-36 5-36 5-38 5-39 5-39 5-39 5-39 5-39 5-42 5-42 5-43 5-43 5-44 5-45 5-46 5-47 5-47 5-47 5-47 5-48 5-48 5-49 5-50 5-51 5-52 5-53 5-54 5-54 5-55 5-56 5-56 5-56 5-57 5-57

Skill Category 6
Define, Build, Implement, and Improve Work Processes Process Management Concepts Definition of a Process Why Processes Are Needed Process Workbench and Components Process Categories The Process Maturity Continuum Product and Services Continuum Work Process Continuum Check Processes Continuum Customer Involvement Continuum How Processes Are Managed Process Template Process Management Processes 6-1 6-1 6-2 6-2 6-3 6-5 6-7 6-7 6-8 6-8 6-9 6-9 6-10 6-11

Planning Processes Process Inventory Process Mapping Process Planning Do Processes Process Definition Check Processes Identify Control Points Automatic Self-Checking Peer Reviews Supervisory Third Party Process Measurement Testing Act Processes Process Improvement Teams Process Improvement Process Identify and Understand the Process Improve the Process

6-12 6-12 6-13 6-14 6-15 6-15 6-19 6-19 6-21 6-21 6-22 6-22 6-22 6-22 6-23 6-23 6-25 6-26 6-26 6-29

Skill Category 7
Quality Control Practices Testing Concepts The Testers Workbench Test Stages Integration Testing System Testing User Acceptance Testing Independent Testing Static versus Dynamic Testing Verification versus Validation Computer System Verification and Validation Examples The V Testing Concept Example Stress versus Volume versus Performance Test Objectives Reviews and Inspections Review Formats Informal Review Semiformal Review (or Walkthrough) Formal Review (or Inspection) In-Process Reviews Checkpoint Reviews Phase-End Reviews Software Requirements Review Critical Design Review Test Readiness Review Post-Implementation Reviews Inspections Developing Testing Methodologies Acquire and Study the Test Strategy Determine the Type of Development Project 7-1 7-1 7-2 7-2 7-3 7-3 7-3 7-3 7-5 7-5 7-5 7-7 7-9 7-9 7-10 7-10 7-10 7-10 7-10 7-11 7-11 7-11 7-12 7-12 7-12 7-12 7-12 7-14 7-14 7-14

Determine the Type of Software System Determine the Project Scope Identify the Tactical Risks Determine When Testing Should Occur Build the System Test Plan Build the Unit Test Plans Verification and Validation Methods Management of Verification and Validation Verification Techniques Feasibility Reviews Requirements Reviews Design Reviews Code Walkthroughs Code Inspections or Structured Walkthroughs Requirements Tracing Validation Techniques White-Box Black-Box Equivalence Partitioning Boundary Analysis Error Guessing Incremental Top-Down Bottom-Up Thread Regression Unit Regression Testing Regional Regression Testing Full Regression Testing Structural and Functional Testing Structural Testing Functional Testing Software Change Control Software Configuration Management Change Control Procedures Defect Management Defect Management Process Defect Reporting Severity versus Priority A Sample Defect Tracking Process Using Defects for Process Improvement

7-15 7-16 7-17 7-18 7-19 7-19 7-20 7-20 7-20 7-21 7-21 7-21 7-21 7-21 7-21 7-22 7-22 7-23 7-23 7-23 7-23 7-23 7-24 7-24 7-24 7-24 7-25 7-25 7 -25 7-25 7-26 7-26 7-27 7-27 7-28 7-29 7-29 7-29 7-31 7-31 7-33

Skill Category 8
Metrics and Measurement Measurement Concepts Standard Units of Measure Metrics Objective and Subjective Measurement Types of Measurement Data Nominal Data Ordinal Data Interval Data Ratio Data Measures of Central Tendency Attributes of Good Measurement 8-1 8-1 8-2 8-2 8-2 8-3 8-3 8-4 8-4 8-4 8-4 8-5

Reliability Validity Ease of Use and Simplicity Timeliness Calibration Using Quantitative Data to Manage an IT Function Measurement Dashboards Statistical Process Control Key Indicators Measurement in Software Product Measurement Size Lines of Code Function Points Complexity Cyclomatic Complexity -- v(G) Knots Quality Correctness Reliability Maintainability Customer Perception of Product Quality Process Measurement Variation and Process Capability The Measurement Program Installing the Measurement Program Common and Special Causes of Variation Common Causes of Variation Special Causes of Variation Variation and Process Improvement Process Capability Risk Management Defining Risk Characterizing Risk Situational Time-Based Interdependent Magnitude Dependent Value-Based Managing Risk Risk Identification Risk Analysis Risk Prioritization. Risk Response Planning Risk Resolution Risk Monitoring Software Risk Management Risks of Integrating New Technology Implementing a Measurement Program The Need for Measurement Prerequisites

8-5 8-5 8-5 8-5 8-6 8-6 8-6 8-7 8-7 8-8 8-9 8-9 8-9 8-9 8-10 8-10 8-10 8-10 8-10 8-11 8-11 8-11 8-11 8-13 8-13 8-15 8-18 8-18 8-19 8-20 8-21 8-22 8-22 8-22 8-22 8-23 8-23 8-23 8-23 8-23 8-24 8-25 8-28 8-29 8-29 8-30 8-30 8-31 8-33 8-33 8-34

Skill Category 9
Internal Control and Security Principles and Concepts of Internal Control Internal Control and Security Vocabulary and Concepts Internal Control Responsibilities The Internal Auditors Internal Control Responsibilities Risk versus Control Environmental versus Transaction Processing Controls Environmental or General Controls Transaction Processing Controls Preventive, Detective and Corrective Controls Preventive Controls Source-Data Authorization Data Input Source-Data Preparation Turn-Around Document Pre-Numbered Forms Input Validation Computer Updating of Files Controls over Processing Detective Controls Data Transmission Control Register Control Totals Documentation and Testing Output Checks Corrective Controls Error Detection and Resubmission Audit Trails Cost versus Benefit of Controls The Quality Professionals Responsibility for Internal Control and Security Risk and Internal Control Models COSO Enterprise Risk Management (ERM) Model The ERM Process ERM Components COSO Internal Control Framework Model Example of a Transaction Processing Internal Control System CobiT Model Building Internal Controls Perform Risk Assessment Model for Building Transaction Processing Controls Transaction Origination Transaction Entry Transaction Communications Transaction Processing Database Storage and Retrieval Transaction Output Building Adequate Security Where Vulnerabilities in Security Occur Functional Vulnerabilities IT Areas Where Security is Penetrated Accidental versus Intentional Losses Establishing a Security Baseline 9-1 9-2 9-2 9-3 9-3 9-5 9-5 9-6 9-8 9-9 9-9 9-10 9-11 9-11 9-11 9-11 9-11 9-13 9-13 9-15 9-15 9-16 9-16 9-16 9-16 9-17 9-17 9-18 9-18 9-19 9-20 9-20 9-20 9-20 9-22 9-24 9-25 9-27 9-27 9-28 9-29 9-29 9-29 9-30 9-30 9 -30 9-31 9-31 9-31 9-33 9-35 9-36

Creating Baselines Step 1: Establish the Team Step 2: Set Requirements and Objectives Step 3: Design Data Collection Methods Step 4: Train Participants Step 5: Collect Data Step 6: Analyze and Report Security Status Using Baselines Security Awareness Training Step 1 Create a Security Awareness Policy Step 2 Develop a Security Awareness Strategy Awareness Training Education Professional Development Step 3 Assign the Roles for Security Awareness IT Director/CIO Information Technology Security Program Manager IT Managers Users Security Practices

9-36 9-38 9-39 9-41 9-43 9-44 9-44 9-46 9-46 9-47 9-48 9-49 9-50 9-50 9-50 9-51 9-51 9-52 9-52 9-52 9-53

Skill Category 10
Outsourcing, COTS and Contracting Quality Quality and Outside Software Purchased COTS software Evaluation versus Assessment Outsourced Software Additional differences if the contract is with an offshore organization Quality Professionals Responsibility for Outside Software Selecting COTS Software Assure Completeness of Needs Requirements Define Critical Success Factor Determine Compatibility with Hardware, Operating System, and Other COTS Software Hardware Compatibility Operating Systems Compatibility Program Compatibility Data Compatibility Assure the Software can be Integrated into Your Business System Work Flow Demonstrate the Software in Operation Evaluate People Fit Acceptance Test the Software Process Selecting Software Developed by Outside Organizations Contracting Life Cycle Selecting an Outside Organization Feasibility Study Selection of an Outside Organization Assure That Requirements and Contract Criteria are Testable Assure That the Contractor Has an Adequate Software Development Process Assure That the Contractor Has an Effective Test Process Define Acceptance Testing Criteria Contractors Status Reporting Ensure Knowledge Transfer Occurs 10-1 10-1 10-2 10-2 10-3 10-3 10-4 10-6 10-6 10-7 10-8 10-9 10-9 10-10 10-10 10-10 10-11 10-13 10-14 10-15 10-15 10-16 10-16 10-18 10-19 10-19 10-19 10-20 10-20 10-20

Ensure Protection of Intellectual Property Rights of Both Organizations Developing Selection Criteria Contracting for Software Developed by Outside Organizations What Contracts Should Contain Contract Negotiations Operating for Software Developed by Outside Organizations Acceptance Testing Acceptance Testing Concerns Operation and Maintenance of the Software Operation and Maintenance Concerns Contractual Relations Contractual Relation Concerns Appendix A Vocabulary Appendix B References How to Take the CSQA Examination CSQA Examination Overview Quality Assurance Theory Quality Assurance Practice Guidelines to Answer Questions Sample CSQA Examination Part 1 and Part 3 Multiple-Choice Questions Part 1 and Part 3 Multiple-Choice Answers Part 2 and Part 4 Essay Questions and Answers Part 2 Quality Assurance Theory Essay Questions Part 2 Quality Assurance Theory Essay Questions Part 4 Quality Assurance Practice Essay Questions Part 4 Quality Assurance Practice Essay Answers

10-21 10-21 10-22 10-22 10-23 10-28 10-28 10-28 10-29 10-30 10-31 10-32 A-1

B-1 C-1 C-1 C-1 C-2 C-2 C-5 C-5 C-11 C-12 C-12 C-15 C-18 C-22