Is there a testing procedure? Does the testing process include requirements for testing types e. Are Test Plans used? Do Test Plans defines the approaches, data, scenarios, conditions, responsibilities, and documentation needed to establish the adequate performance of the system? Are Test Summaries available? Are there test protocols and results?
Were the tests protocols approved prior to execution? Do tests include sufficient details, such as data checks, calculations, security? Were the test results reviewed and approved? Are there traceability matrices between specifications and programs? Between specifications and tests? Are system changes tested? Does testing include regression testing of unmodified functionality? System Documentation Good documentation practices by the vendor will increase the likelihood that the vendor will be able to support the version of their software that you implement — even after the staff that created the version has moved on to other projects or other companies.
Is the documentation updated each time a change is made? Is documentation managed using change control? What is the retention time period for all system related documentation?
How are paper records protected from loss? How are electronic records protected from loss? How are source code, programs, and configuration settings managed and protected? Who has access? Describe how the source code for a given release is controlled. Are back-ups retained in a separated, secure location? Are back-ups retained for the duration required? Has the plan been executed tested? Is there an adequate security system to prevent unauthorized modification of source code, builds, and distribution copies of software?
What are the security measures? Are the development and manufacturing facilities adequately secured against unauthorized entry? Is there a documented authorization list? How is access authorized? Procedures Check to see if the vendor has adequate procedures in place. Is the system supported by approved procedures?
Do procedures include disaster recovery, back up, maintenance if hosted , information security, incident management, system change control, and configuration management? Are procedures under change control? Are the procedures periodically reviewed? Are system changes documented? Are system changes approved? Are changes evaluated for the degree of testing needed? Are configuration changes documented? Is system documentation updated when changes are made?
Are users and support personnel retrained when changes are made? If yes, what software product elements are maintained and supported? Are prior releases adequately supported?
How long are prior releases supported? What is the availability of the help desk? Does the documentation for new releases of the product provide enough information to allow the customer to determine the impact of every change in the release? Incident Management Incidents will occur. Are system incidents documented?
Are errors, bugs, and defects categorized by severity, urgency, and priority? Are records maintained of all known problems for each revision? Are system incidents evaluated to determine correction and prevention activities?
Are system users made aware of critical system defects? How quickly? Does the vendor have an effective program for resolving documented defects? Is the system secured by unique user-ids and passwords?
Are there controls to ensure that data can only be entered and changed by authorized personnel? Getting to a short list efficiently. Many buyers make the mistake of starting their software selection projects by talking to vendors. Our software selection consultants, on the other hand, shorten the list of candidate vendors in a three-step qualification funnel that gets you to the right solution without taking up inordinate amounts of time from your project team.
Evaluating implementation consultants as well as software vendors. Too many software projects fail, not because the customer chooses the wrong system but because the implementation consulting firm is not qualified. Our vendor introduction and reference-checking phases ensure that you not only have the right system but the right system implementation consultants as well.
Absolute and total independence. Because we do not sell software or partner with technology vendors for implementation services, our software selection consultants have the independence and objectivity necessary to give unbiased advice.
We sit on your side of the table only. No conflicts of interest. They make their money by selling your contact information to vendors as sales leads. In contrast, we only provide management consulting and research services.
We are not in the business of generating leads for vendors. Good source code ensures that your software is safe, secure, and reliable. While code quality can be subjective, a good source code is generally one that follows a consistent style, is easy to understand, has been documented, and can be tested. You should also check that the code is easy to maintain, test, and integrate with other software.
Keep an eye out for high numbers of defect reports or long defect identification times, which can demonstrate lower quality source code. A usable software program is one that is easy to learn and operate on a day to day basis, saving end users time and stress. This can be a highly subjective process and varies from person to person, but there are some key features you can look at to gauge usability, such as user interface and documentation.
If an interface is intuitive, users will naturally gravitate toward the appropriate buttons and sections to complete tasks because these areas are clearly labeled. If they need help, clear documentation can quickly solve usability issues, allowing users to complete their work instead of spending time searching for answers. All businesses deal with sensitive information from customers and employees alike, making security an important feature of any software.
Testing the security of your software helps you protect this data and avoid a serious and expensive breach.
0コメント