managing standards compliance
TRANSCRIPT
1
1© we acwf cm (sa)2 & rs 1997
Managing Standards Compliance
Wolfgang Emmerich, Anthony Finkelstein, CarloMontangero, Stefano Antonelli, Steve Armitage
and Richard StevensDept. of Computer Science
University CollegeGower Street, London WC1E 6BT, UK
http://www.cs.ucl.ac.uk/staff/W.Emmerich
2© we acwf cm (sa)2 & rs 1997
Overview
2 A Model of Standard Compliance
3 Formalising System Engineering Standards
4 Tool Support
5 Related and Further Work
1 What is Standard Compliance?1 What is Standard Compliance?
2
3© we acwf cm (sa)2 & rs 1997
What are Standards?
ÒStandards are documented agreementscontaining technical specifications or otherprecise criteria to be used consistently asrules, guidelines, or definitions ofcharacteristics, to ensure that materials,products, processes and services are fit fortheir purpose.Ó [ISO 1997]
4© we acwf cm (sa)2 & rs 1997
Software Engineering Standards
n Software & System Engineering Standards¥ PSS-05 (ESA)
¥ ISO-12207
¥ DoD Mil-Std 2915
¥ IEEE 1074-1995
n Software Process Improvement Standards¥ CMM
¥ ISO-15504 (SPICE)
¥ BOOTSTRAP
¥ Quality Improvement Paradigm
3
5© we acwf cm (sa)2 & rs 1997
Compliance
n Compliance is the extent to which softwaredevelopers have acted in accordance withpractices set down in the standard
n Consistency between actual developmentprocess and normative models embeddedin standards.
6© we acwf cm (sa)2 & rs 1997
Overview
2 A Model of Standard Compliance
3 Formalising System Engineering Standards
4 Tool Support
1 What is Standard Compliance?
5 Related and Further Work
4
7© we acwf cm (sa)2 & rs 1997
Model of Compliance
standard
state
is_in
updatescheck
evaluates
mode has a eventmonitors
diagnosticinforms
Standards
Support
rationalejustified by
identify
composed of *
practice
prescribes*
property
entails*
documentconcerns*
diagnosis
produces
assesses *
policy
triggers*
occurs on
*
8© we acwf cm (sa)2 & rs 1997
States of Compliance
defined
not checked checked
noncompliant
compliant
unsafe
not required
undefined
guidelineignored
guidelineignored
check
check
formalize
check
5
9© we acwf cm (sa)2 & rs 1997
Sample Practices (PSS-05)
UR04: For incremental delivery each userrequirement shall include a measure ofpriority so that the developer candecide the production schedule.
UR10: An output of the User Requirementsphase shall be the User RequirementsDocument.
UR04: For incremental delivery each userrequirement shall include a measure ofpriority so that the developer candecide the production schedule.
UR10: An output of the User Requirementsphase shall be the User RequirementsDocument.
UR04: For incremental delivery each userrequirement shall include a measure ofpriority so that the developer candecide the production schedule.
UR10: An output of the User Requirementsphase shall be the User RequirementsDocument.
10© we acwf cm (sa)2 & rs 1997
Policy Modes
n Error: Prevent the developer fromcompleting the action that would result innon-compliance
n Warning: Indicate to the developer that theresult of the action is non-compliance
n Guideline: Suggest to the developer thatcompliance to a practice should be checked
6
11© we acwf cm (sa)2 & rs 1997
Diagnostics
Statistics: Indicate percentage of non-compliant document components.
List: Indicate the non-compliantdocument components.
Traversal: Generate an iteration of all non-compliant document components.
12© we acwf cm (sa)2 & rs 1997
Overview
2 A Model of Standard Compliance
3 Formalising System Engineering Standards
4 Tool Support
1 What is Standard Compliance?
5 Related and Further Work
7
13© we acwf cm (sa)2 & rs 1997
What needs to be specified formally?
unnecessary
necessary
state
is_in
updatescheck
evaluates
mode has a eventmonitors
diagnosticinforms
rationalejustified by
identify
documentconcerns*
diagnosis
produces
assesses *
policy
triggers*
occurs on
*
practice
prescribes*
standardcomposed of *
property
entails*
14© we acwf cm (sa)2 & rs 1997
Document Schema Specification
n Formalisation of practices must assume acertain document type structure
n Defined in document schema specification
n Notation: Subset of UML class diagrams
n Exploited for checking¥ consistency of the standard formalisation
¥ compliance of developed documents todocument templates prescribed by standards
8
15© we acwf cm (sa)2 & rs 1997
Document Schema Sample
SPMP
Organisation
Model
Deliverymode:{waterfal,incremental,evolutionary}
...
...
...
org
model
delivery
URD
Reqs
CapReqs
Requirement
priority:int=0
...
...
... fr
capabilities
reqs
*
16© we acwf cm (sa)2 & rs 1997
Practices and Properties
n Properties are specified in first-order logic.
n Formulae use vocabulary of documentschema specification
n Example:(spmp.org.model.delivery.mode=incremental) ⇒ ∀ r∈ urd.reqs.capabilities.fr: r.priority ≠ 0
n Practices are conjunctions of properties
n Composite practices are conjunctions ofcomponent practices.
9
17© we acwf cm (sa)2 & rs 1997
Event Specification
n Atomic Events:¥ Update¥ Close¥ Open¥ Baseline
n Logical Event Composition:¥ Open(doc) OR Update(att)
n Temporal Event Composition (as in FLEA):¥ Open(doc) THEN Update(att)¥ Update(att) IN-TIME(5h) Baseline(doc)¥ Open(doc) TOO-LATE(5h) Close(doc)
18© we acwf cm (sa)2 & rs 1997
Policy Specification
n Policies are tuples P=(E,P,M,D) where¥ E is an event specification¥ P is a practice¥ M is a policy mode¥ D is a diagnostic function
n Example:
Update(spmp.org.model.delivery.mode), UR04 ,WARNING, STAT
10
19© we acwf cm (sa)2 & rs 1997
Overview
2 A Model of Standard Compliance
3 Formalising System Engineering Standards
4 Tool Support
5 Related and Further Work
1 What is Standard Compliance?
20© we acwf cm (sa)2 & rs 1997
Prototype Architecture
FLEA
AP5
propertydescription
policydescription
eventbus
notifi-cation
documentupdates
DOORS
11
21© we acwf cm (sa)2 & rs 1997
Document Management
22© we acwf cm (sa)2 & rs 1997
Compliance Management
noncompliant
compliant
unsafe
notrequired
undefined
12
23© we acwf cm (sa)2 & rs 1997
Compliance Overview
24© we acwf cm (sa)2 & rs 1997
Overview
2 A Model of Standard Compliance
3 Formalising System Engineering Standards
4 Tool Support
5 Related and Further Work
1 What is Standard Compliance?
13
25© we acwf cm (sa)2 & rs 1997
Related Work
n Software Process Technology¥ Merlin
¥ Marvel, Oz, OzWeb, ...
¥ SPADE
¥ ...
n SPI Standards (SPICE, BOOTSTRAP, CMM)
n SENTINEL (Cugola et. al 96)
n Event Data Analysis (Cook and Wolf 97)
n Yeast (Barghouti and Krishnamurthy 95)
26© we acwf cm (sa)2 & rs 1997
Further Work
n Provide efficient implementation byreplacing FLEA and AP5
n Evaluate approach in industrial setting(at GTE)
n Provide feedback to standards committees