4.6. Quality management

Generally, all of the above steps will be wrapped in a Quality Management Framework. That is, you’ll have a process for testing your code. You’ll have a process for checking the security of your code. You’ll have a process for capturing the requirements. A quality management system gets you to write down what each of these processes is, and how you sign off that they’ve been done. The quality management approach is thus a wrapper around the documentation you put in place to support the software lifecycle.

There are international standards for how to implement quality management, mainly:

• ISO 9001 for general systems.

• ISO 13485 for medical devices.

For safety critical applications, independent auditors will look at your quality control processes, that they’re up to standard, and that you’ve followed them, before letting you sell your software. Even for less critical applications, it’s often beneficial to be certified against ISO 9001 to show that good attention to quality is present. This will make customers more likely to choose you.

A focus on quality and signing off that parts have been tested appropriately won’t mean that your software is bug free. That’s not a realistic expectation for any non-trivial project. It will, help ensure that the impact of any residual bugs is small. Moreover, if something goes wrong, the documentation helps you identify what went wrong and why. You can then change the quality management process so that similar issues are captured in the future and won’t happen again. This continuous improvement is particularly important for shipping high quality products that customers want to buy and trust.