III.D.6 Quality Assurance and Quality Control
Quality assurance (QA) is a process intended to ensure that a product or service under development meets specified requirements. Management should oversee the establishment of a QA process and update future planning with the results. QA may include internal performance measures, focus groups, and customer surveys. Management should assess whether QA testing is conducted on new or updated systems before implementation. Testing should be independent of any programming function and should incorporate user acceptance testing programs. The thorough QA testing of a new system can identify vulnerabilities or poor functionality.
Quality control (QC) is a procedure intended to ensure that a product or application adheres to a defined set of quality criteria that meet the requirements of the end user. QC includes activities that can be used to identify weaknesses or vulnerabilities in work products and to avoid the resource drain and expense of repeating a task. The traditional goal of QC activities is to ensure that a product conforms to specifications and is fit to use. QC helps to determine the following about a product:
- Whether the product works.
- Whether the product does what it is designed to do.
- Whether the product is fit for use.
QA and QC reports are valuable tools for management and help document the control process for the production environment.
III.D.5 Effectiveness of Controls