This document provides an overview of software quality assurance. It defines key SQA concepts like quality, quality management, and the four elements of SQA - SQA, SQP, SQC, and SQM. It discusses standards, quality models like ISO 9001 and CMMI, documentation, quality control methods like reviews, tests, and audits. It also covers quality metrics, defect prevention, and the software development lifecycle. The document is intended to acquaint readers with the fundamental aspects of establishing and implementing an SQA program.
Internal Controls over Financial Reporting in the Indian Context Bharath Rao
Section 143 of the Indian Companies Act 2013 has rewarded auditors with additional auditing responsibilities wherein assurance must be provided on the Internal Controls present in a Company's Business Environment. The Auditor must provide an opinion on the operating effectiveness of these Internal Financial Controls.
The Institute of Chartered Accountants of India has released a Guidance Note which provides the required guidance to an Auditor to conduct an Audit of the same.
This presentation deals with the legal requirement of IFCs, Auditing Responsibilities and Implementation Guides from guidance note.
This presentation was presented at the Study Circle conducted by the Mangalore Branch of SIRC of ICAI on 23rd June 2016.
The document outlines the risk assessment process recommended by NIST, which includes 9 steps: 1) system characterization, 2) threat identification, 3) vulnerability identification, 4) control analysis, 5) likelihood determination, 6) impact analysis, 7) risk determination, 8) control recommendations, and 9) results documentation. The goal is to identify risks, determine their likelihood and impact, and recommend controls to mitigate risks to protect the organization's mission.
ISO 37001 Implementation - The Key to Protecting Your Company’s ReputationPECB
No organization can afford to take the risk of bribery lightly. Investors need assurance that they have made every possible effort to prevent bribery at all levels of the organization. The webinar will list some of the measures, which must be implemented if an organization wants to prevent and detect bribery appropriately.
Presenter:
The presenter of this topic is Mr. Jacob Mc Clean, PECB Trainer and the Principal and Managing Director of Kaizen Training & Management Consultants Limited.
Organizer: Alba Keqa
Date: November 17, 2016
Link of the recorded session published on YouTube: https://youtu.be/Aa-yNO74HRY
Corporate governance is the system by which companies are directed and controlled. It involves balancing the interests of stakeholders like shareholders, management, customers, and society. The document discusses the obligations of corporate governance to various groups, including society, investors, and employees. It notes obligations to society include legal compliance, ethical conduct, and social responsibility. For investors, obligations are transparency and accurate financial reporting. For employees, obligations are fair employment practices, equal opportunities, and humane treatment.
Navigating the complex Risk Management Framework (RMF) requirements can be daunting. Learn best practices and gain a better understanding of NIST's RMF.
This document discusses HR planning and issues in the Indian banking sector. It provides background on the evolution of banking in India from the 1950s onwards, including nationalization efforts and reforms since 1991. It defines public sector banks and discusses their emergence. The document outlines the importance of HR planning for banks given their people-focused business. It lists major HR challenges as hiring, retention, development, salary inflation, and changing work conditions. Tables compare staff expenses and strength over time between public and private sector banks. In summary, the document examines the transformation of Indian banking, highlights the critical role of HR, and identifies challenges in planning and managing human resources for banks.
This document discusses human resource accounting and the value of human resources. It begins by asking what value human resources provide in an organization. It then provides definitions of human resource accounting as quantifying the costs and value of employees. Key points made include that human resource accounting involves identifying and reporting investments made in employees, including training costs. Models are discussed for calculating the cost of human resources as well as their future value based on earnings and age. Examples are given of calculating costs and future values. The importance of human resource accounting is that it allows for better decision making regarding training, manpower planning, and motivation of employees.
The document discusses the Strategic Position and Action Evaluation (SPACE) matrix, which is a tool used to evaluate strategic plans and determine a company's strategic posture in the market. It involves assessing factors related to an organization's competitive advantage, industry strength, environmental stability, and financial strength to plot the company's position on the SPACE matrix. The position will indicate which of four strategic postures - defensive, conservative, competitive, or aggressive - the company should pursue.
Internal Controls over Financial Reporting in the Indian Context Bharath Rao
Section 143 of the Indian Companies Act 2013 has rewarded auditors with additional auditing responsibilities wherein assurance must be provided on the Internal Controls present in a Company's Business Environment. The Auditor must provide an opinion on the operating effectiveness of these Internal Financial Controls.
The Institute of Chartered Accountants of India has released a Guidance Note which provides the required guidance to an Auditor to conduct an Audit of the same.
This presentation deals with the legal requirement of IFCs, Auditing Responsibilities and Implementation Guides from guidance note.
This presentation was presented at the Study Circle conducted by the Mangalore Branch of SIRC of ICAI on 23rd June 2016.
The document outlines the risk assessment process recommended by NIST, which includes 9 steps: 1) system characterization, 2) threat identification, 3) vulnerability identification, 4) control analysis, 5) likelihood determination, 6) impact analysis, 7) risk determination, 8) control recommendations, and 9) results documentation. The goal is to identify risks, determine their likelihood and impact, and recommend controls to mitigate risks to protect the organization's mission.
ISO 37001 Implementation - The Key to Protecting Your Company’s ReputationPECB
No organization can afford to take the risk of bribery lightly. Investors need assurance that they have made every possible effort to prevent bribery at all levels of the organization. The webinar will list some of the measures, which must be implemented if an organization wants to prevent and detect bribery appropriately.
Presenter:
The presenter of this topic is Mr. Jacob Mc Clean, PECB Trainer and the Principal and Managing Director of Kaizen Training & Management Consultants Limited.
Organizer: Alba Keqa
Date: November 17, 2016
Link of the recorded session published on YouTube: https://youtu.be/Aa-yNO74HRY
Corporate governance is the system by which companies are directed and controlled. It involves balancing the interests of stakeholders like shareholders, management, customers, and society. The document discusses the obligations of corporate governance to various groups, including society, investors, and employees. It notes obligations to society include legal compliance, ethical conduct, and social responsibility. For investors, obligations are transparency and accurate financial reporting. For employees, obligations are fair employment practices, equal opportunities, and humane treatment.
Navigating the complex Risk Management Framework (RMF) requirements can be daunting. Learn best practices and gain a better understanding of NIST's RMF.
This document discusses HR planning and issues in the Indian banking sector. It provides background on the evolution of banking in India from the 1950s onwards, including nationalization efforts and reforms since 1991. It defines public sector banks and discusses their emergence. The document outlines the importance of HR planning for banks given their people-focused business. It lists major HR challenges as hiring, retention, development, salary inflation, and changing work conditions. Tables compare staff expenses and strength over time between public and private sector banks. In summary, the document examines the transformation of Indian banking, highlights the critical role of HR, and identifies challenges in planning and managing human resources for banks.
This document discusses human resource accounting and the value of human resources. It begins by asking what value human resources provide in an organization. It then provides definitions of human resource accounting as quantifying the costs and value of employees. Key points made include that human resource accounting involves identifying and reporting investments made in employees, including training costs. Models are discussed for calculating the cost of human resources as well as their future value based on earnings and age. Examples are given of calculating costs and future values. The importance of human resource accounting is that it allows for better decision making regarding training, manpower planning, and motivation of employees.
The document discusses the Strategic Position and Action Evaluation (SPACE) matrix, which is a tool used to evaluate strategic plans and determine a company's strategic posture in the market. It involves assessing factors related to an organization's competitive advantage, industry strength, environmental stability, and financial strength to plot the company's position on the SPACE matrix. The position will indicate which of four strategic postures - defensive, conservative, competitive, or aggressive - the company should pursue.
The document discusses risk-based auditing (RBIA) and its key concepts. RBIA requires internal audit to be strategically linked to an organization's risk management and assurance frameworks. It also discusses applying RBIA methodology to internal audit assignments and linking an organization's risk framework to the stages of RBIA. The document provides information on introducing RBIA to an organization and adapting it based on the organization's structures, processes and risk maturity.
Celonis has achieved TISAX AL3 certification, the highest level, which requires a full on-site audit of all IT security controls. This certification demonstrates that Celonis securely handles customer data within its Intelligent Business Cloud platform. The TISAX assessment was conducted by an independent auditor and focused on Celonis' Munich data centers. Customers can verify Celonis' certification status and details on the ENX portal using the provided Assessment ID and Scope ID.
This document provides an introduction to enterprise risk management (ERM). It discusses how ERM aims to protect and increase value for an organization by taking an integrated approach to managing risks across the entire enterprise. ERM calls for high-level oversight of all risks on a portfolio basis. The document provides background on the evolution of risk management and outlines some of the key risks organizations face today from globalization and other factors. It also notes that chief risk officers and risk committees are important for overseeing ERM.
A structured approach to Enterprise Risk Management (ERM) and the requirement...Hassan Zaitoun
This document provides a structured approach to implementing enterprise risk management (ERM) based on ISO 31000. It discusses key risk management principles, including defining risk, establishing a risk management process, and creating a risk-aware culture. The document advocates developing a risk architecture, strategy, and protocols to provide proper context for risk activities. It also summarizes ISO 31000's risk management process of risk identification, evaluation, response, resourcing, reaction planning, and reporting.
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
COSO, which has provided global thought leadership and guidance on internal control, enterprise risk management, and fraud deterrence for over three decades, recently released a draft update to the original COSO ERM Framework. This framework is widely used by organizations to enhance their ability to manage uncertainty, gauge risk, and increase stakeholder value. However, significant new risks have emerged since the Framework was released, demanding heightened board awareness and oversight of risk management, as well as improved risk reporting. For those organizations exploring ESRM – these themes will be strikingly familiar and the lessons learned, highly relevant.
Presentation by: Bob Hirth, Global Chairman of COSO.
Human Resource Management - Bhel vs Tata steelHari Kumar
The document compares the human resource management practices of BHEL and Tata Steel, two major manufacturing companies in India. BHEL is a large public sector company with 46,274 employees while Tata Steel is a private sector company with 81,622 employees. Some key differences are that BHEL offers more job security but lower pay, while Tata Steel offers higher pay but less job security. Both companies focus on training and development but Tata Steel provides more special benefits to employees. The document recommends practices like performance-linked bonuses, feedback systems, and knowledge sharing to improve human resource management.
This document discusses strategic audits and provides information about conducting one. It begins with definitions of strategy, strategic management, and audits. It then explains that a strategic audit assesses a company's current business strategy and execution to determine suitability and identify risks. The document outlines the steps in a strategic audit, including asking questions, evaluating current strategy, highlighting risks, and assessing resource needs. It also discusses when strategic audits should be used and provides dimensions and examples of companies that perform them. In conclusion, it states that a strategic audit is an in-depth review to determine if a company is meeting objectives efficiently and using resources fully.
This document discusses risk management in the life insurance industry. It provides an overview of enterprise risk management (ERM), how risk management has evolved globally and in India, and the future of risk management. Key points include:
- ERM takes a holistic approach to risk management across the entire company rather than operating in silos. It helps optimize business performance through risk-based decision making.
- Globally, risk management is increasingly important with the adoption of solvency regulations like Solvency II in Europe and risk-based capital standards. India currently follows a formula-based Solvency I approach but is showing increased interest in risk management.
- The future of risk management in India involves greater
Organisation Appraisal and Strategy FormulationDr. Pinki Insan
This document summarizes Mr. Kapil Dev's presentation on internal and external environments and strategic formulation. It discusses how analyzing the external environment helps firms decide what they can do, while the internal environment helps them decide what they might do. It also outlines the basic steps in strategic formulation as developing a vision and mission, setting objectives, crafting a strategy, executing the strategy, and evaluating and adjusting. Finally, it notes that a strong mission statement includes the organization's values and nature of business to guide its plans.
The document outlines a risk governance framework with the CEO responsible for establishing systems to identify and manage risk. The Board reviews these systems and their effectiveness. The Risk & Audit Committee oversees risk management and reviews internal controls and risk management systems.
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
This document outlines an agenda for a security awareness seminar on ISO27k standards and compliance regulations. It discusses the causes of security incidents, defines risk as a vulnerability that could be exploited by a threat, and examines threat agents like humans, machines, and nature. It also summarizes objectives of compliance programs to reduce risks and meet standards, provides an overview of regulations like Sarbanes-Oxley (SOX) and Basel II, and notes SOX applies to public companies in the US and internationally.
This document discusses business analysis and its strategic role. It explains that business analysis involves three key components: 1) situation analysis to define challenges and identify critical realities, 2) developing a solution approach to overcome obstacles, and 3) defining coherent actions to implement the solution. It also notes that good strategy focuses choice and priorities rather than trying to accommodate all demands. The document promotes community involvement with the International Institute of Business Analysis and provides contact information.
On average organizations spend $10M+ responding to third-party security breaches each year. Third-Party Risk Management (TPRM) is the process of analyzing and controlling risks presented to your organization by outsourcing to third-party service providers (TPSP). TPSP relationships can introduce strategic, financial, operational, regulatory, and reputational risks.
For example, some TPSPs are involved in the storage, processing, and/or transmission of cardholder data (CHD), while others are involved in securing cardholder data, or securing the cardholder data environment (CDE).
Digital relationships with third-party providers increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said they had experienced a data breach caused by one of their third-party providers (up 12% since 2016).
Learn more about:
• TPSP lifecycle,
• The effects of due diligence,
• The five critical control objectives, and
• How to build an effective risk assessment questionnaire.
To learn more, visit: https://bit.ly/3vQ4DjC
Information technology is a complex business, at best. While IT can provide amazing benefits, it still requires vigilance and diligence to ensure it is running correctly and that it is secure. A security framework can be an excellent tool to evaluate what you might be missing and confirm that what you are already doing is spot-on correct. This session will discuss the importance of using security frameworks and walk attendees through the NIST Cyber Security Framework to review how the framework functions, how to use a framework, and most importantly, how the use of a framework can and will benefit their organization.
Human resource information system HIRSDavid Jaison
An HRIS is a system that uses technology to manage human resource information and functions. It automates processes like payroll and timekeeping and allows users like HR professionals and employees of all levels to access HR data and tools. Key HRIS modules help with tasks such as online recruiting, training administration, benefits tracking, and HR management. Successful implementation of an HRIS provides benefits like faster information processing, greater accuracy, and improved communication, while challenges can include lack of commitment, improper needs analysis, and failure to communicate effectively during the project.
Enterprise risk management frameworks help organizations manage uncertainty and introduce strategic management frameworks to address risks. These include frameworks for corporate foresight, business planning, enterprise architecture, risk management, and performance management. Futures studies techniques like horizon scanning and analyzing drivers of change can provide insights to inform risk management and strategic decision making.
This document discusses corporate governance and corporate social responsibility. It defines corporate governance as maximizing shareholder value while ensuring fairness to all stakeholders. It also discusses the importance of transparency and trust between owners, managers, and shareholders. The document also discusses the need for businesses to serve society given that society provides the basis for businesses. It outlines some of the phases of development of corporate social responsibility in India and examples of CSR programs at companies like Apple, Tata, and Renault.
This document provides a summary of recent developments from COSO related to internal control and risk management. It discusses the history and mission of COSO, focusing on its work updating the internal control framework in 2013 and efforts to enhance enterprise risk management. The key points are:
1) COSO was formed in 1985 and its mission is to provide frameworks and guidance on internal control, enterprise risk management, and fraud deterrence.
2) It updated its internal control framework in 2013 to reflect changes in business environments and expanded its focus beyond financial reporting to also cover operations and compliance objectives.
3) COSO has also worked to enhance enterprise risk management through a series of thought papers addressing challenges with implementation and emerging risks.
This document provides an overview of software quality assurance. It defines key terms like quality, quality management, SQA, SQP, SQC, and SQM. It describes the software development process and cycle. It discusses standards, quality models like ISO and CMM, and documentation. It covers software quality control methods like reviews, tests, and audits. It also addresses quality metrics, defect prevention, and configuration management. The document is a comprehensive introduction to the different elements of software quality assurance.
This document discusses various aspects of software quality assurance including definitions of quality, quality management, and the different elements of software quality assurance such as quality assurance, quality planning, quality control, and quality metrics. It provides explanations of standards, quality models like ISO and CMM, documentation, the software development lifecycle, methods for quality control like reviews and tests, metrics collection, and defect prevention techniques.
The document discusses risk-based auditing (RBIA) and its key concepts. RBIA requires internal audit to be strategically linked to an organization's risk management and assurance frameworks. It also discusses applying RBIA methodology to internal audit assignments and linking an organization's risk framework to the stages of RBIA. The document provides information on introducing RBIA to an organization and adapting it based on the organization's structures, processes and risk maturity.
Celonis has achieved TISAX AL3 certification, the highest level, which requires a full on-site audit of all IT security controls. This certification demonstrates that Celonis securely handles customer data within its Intelligent Business Cloud platform. The TISAX assessment was conducted by an independent auditor and focused on Celonis' Munich data centers. Customers can verify Celonis' certification status and details on the ENX portal using the provided Assessment ID and Scope ID.
This document provides an introduction to enterprise risk management (ERM). It discusses how ERM aims to protect and increase value for an organization by taking an integrated approach to managing risks across the entire enterprise. ERM calls for high-level oversight of all risks on a portfolio basis. The document provides background on the evolution of risk management and outlines some of the key risks organizations face today from globalization and other factors. It also notes that chief risk officers and risk committees are important for overseeing ERM.
A structured approach to Enterprise Risk Management (ERM) and the requirement...Hassan Zaitoun
This document provides a structured approach to implementing enterprise risk management (ERM) based on ISO 31000. It discusses key risk management principles, including defining risk, establishing a risk management process, and creating a risk-aware culture. The document advocates developing a risk architecture, strategy, and protocols to provide proper context for risk activities. It also summarizes ISO 31000's risk management process of risk identification, evaluation, response, resourcing, reaction planning, and reporting.
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceResolver Inc.
COSO, which has provided global thought leadership and guidance on internal control, enterprise risk management, and fraud deterrence for over three decades, recently released a draft update to the original COSO ERM Framework. This framework is widely used by organizations to enhance their ability to manage uncertainty, gauge risk, and increase stakeholder value. However, significant new risks have emerged since the Framework was released, demanding heightened board awareness and oversight of risk management, as well as improved risk reporting. For those organizations exploring ESRM – these themes will be strikingly familiar and the lessons learned, highly relevant.
Presentation by: Bob Hirth, Global Chairman of COSO.
Human Resource Management - Bhel vs Tata steelHari Kumar
The document compares the human resource management practices of BHEL and Tata Steel, two major manufacturing companies in India. BHEL is a large public sector company with 46,274 employees while Tata Steel is a private sector company with 81,622 employees. Some key differences are that BHEL offers more job security but lower pay, while Tata Steel offers higher pay but less job security. Both companies focus on training and development but Tata Steel provides more special benefits to employees. The document recommends practices like performance-linked bonuses, feedback systems, and knowledge sharing to improve human resource management.
This document discusses strategic audits and provides information about conducting one. It begins with definitions of strategy, strategic management, and audits. It then explains that a strategic audit assesses a company's current business strategy and execution to determine suitability and identify risks. The document outlines the steps in a strategic audit, including asking questions, evaluating current strategy, highlighting risks, and assessing resource needs. It also discusses when strategic audits should be used and provides dimensions and examples of companies that perform them. In conclusion, it states that a strategic audit is an in-depth review to determine if a company is meeting objectives efficiently and using resources fully.
This document discusses risk management in the life insurance industry. It provides an overview of enterprise risk management (ERM), how risk management has evolved globally and in India, and the future of risk management. Key points include:
- ERM takes a holistic approach to risk management across the entire company rather than operating in silos. It helps optimize business performance through risk-based decision making.
- Globally, risk management is increasingly important with the adoption of solvency regulations like Solvency II in Europe and risk-based capital standards. India currently follows a formula-based Solvency I approach but is showing increased interest in risk management.
- The future of risk management in India involves greater
Organisation Appraisal and Strategy FormulationDr. Pinki Insan
This document summarizes Mr. Kapil Dev's presentation on internal and external environments and strategic formulation. It discusses how analyzing the external environment helps firms decide what they can do, while the internal environment helps them decide what they might do. It also outlines the basic steps in strategic formulation as developing a vision and mission, setting objectives, crafting a strategy, executing the strategy, and evaluating and adjusting. Finally, it notes that a strong mission statement includes the organization's values and nature of business to guide its plans.
The document outlines a risk governance framework with the CEO responsible for establishing systems to identify and manage risk. The Board reviews these systems and their effectiveness. The Risk & Audit Committee oversees risk management and reviews internal controls and risk management systems.
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
This document outlines an agenda for a security awareness seminar on ISO27k standards and compliance regulations. It discusses the causes of security incidents, defines risk as a vulnerability that could be exploited by a threat, and examines threat agents like humans, machines, and nature. It also summarizes objectives of compliance programs to reduce risks and meet standards, provides an overview of regulations like Sarbanes-Oxley (SOX) and Basel II, and notes SOX applies to public companies in the US and internationally.
This document discusses business analysis and its strategic role. It explains that business analysis involves three key components: 1) situation analysis to define challenges and identify critical realities, 2) developing a solution approach to overcome obstacles, and 3) defining coherent actions to implement the solution. It also notes that good strategy focuses choice and priorities rather than trying to accommodate all demands. The document promotes community involvement with the International Institute of Business Analysis and provides contact information.
On average organizations spend $10M+ responding to third-party security breaches each year. Third-Party Risk Management (TPRM) is the process of analyzing and controlling risks presented to your organization by outsourcing to third-party service providers (TPSP). TPSP relationships can introduce strategic, financial, operational, regulatory, and reputational risks.
For example, some TPSPs are involved in the storage, processing, and/or transmission of cardholder data (CHD), while others are involved in securing cardholder data, or securing the cardholder data environment (CDE).
Digital relationships with third-party providers increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said they had experienced a data breach caused by one of their third-party providers (up 12% since 2016).
Learn more about:
• TPSP lifecycle,
• The effects of due diligence,
• The five critical control objectives, and
• How to build an effective risk assessment questionnaire.
To learn more, visit: https://bit.ly/3vQ4DjC
Information technology is a complex business, at best. While IT can provide amazing benefits, it still requires vigilance and diligence to ensure it is running correctly and that it is secure. A security framework can be an excellent tool to evaluate what you might be missing and confirm that what you are already doing is spot-on correct. This session will discuss the importance of using security frameworks and walk attendees through the NIST Cyber Security Framework to review how the framework functions, how to use a framework, and most importantly, how the use of a framework can and will benefit their organization.
Human resource information system HIRSDavid Jaison
An HRIS is a system that uses technology to manage human resource information and functions. It automates processes like payroll and timekeeping and allows users like HR professionals and employees of all levels to access HR data and tools. Key HRIS modules help with tasks such as online recruiting, training administration, benefits tracking, and HR management. Successful implementation of an HRIS provides benefits like faster information processing, greater accuracy, and improved communication, while challenges can include lack of commitment, improper needs analysis, and failure to communicate effectively during the project.
Enterprise risk management frameworks help organizations manage uncertainty and introduce strategic management frameworks to address risks. These include frameworks for corporate foresight, business planning, enterprise architecture, risk management, and performance management. Futures studies techniques like horizon scanning and analyzing drivers of change can provide insights to inform risk management and strategic decision making.
This document discusses corporate governance and corporate social responsibility. It defines corporate governance as maximizing shareholder value while ensuring fairness to all stakeholders. It also discusses the importance of transparency and trust between owners, managers, and shareholders. The document also discusses the need for businesses to serve society given that society provides the basis for businesses. It outlines some of the phases of development of corporate social responsibility in India and examples of CSR programs at companies like Apple, Tata, and Renault.
This document provides a summary of recent developments from COSO related to internal control and risk management. It discusses the history and mission of COSO, focusing on its work updating the internal control framework in 2013 and efforts to enhance enterprise risk management. The key points are:
1) COSO was formed in 1985 and its mission is to provide frameworks and guidance on internal control, enterprise risk management, and fraud deterrence.
2) It updated its internal control framework in 2013 to reflect changes in business environments and expanded its focus beyond financial reporting to also cover operations and compliance objectives.
3) COSO has also worked to enhance enterprise risk management through a series of thought papers addressing challenges with implementation and emerging risks.
This document provides an overview of software quality assurance. It defines key terms like quality, quality management, SQA, SQP, SQC, and SQM. It describes the software development process and cycle. It discusses standards, quality models like ISO and CMM, and documentation. It covers software quality control methods like reviews, tests, and audits. It also addresses quality metrics, defect prevention, and configuration management. The document is a comprehensive introduction to the different elements of software quality assurance.
This document discusses various aspects of software quality assurance including definitions of quality, quality management, and the different elements of software quality assurance such as quality assurance, quality planning, quality control, and quality metrics. It provides explanations of standards, quality models like ISO and CMM, documentation, the software development lifecycle, methods for quality control like reviews and tests, metrics collection, and defect prevention techniques.
SE - Lecture 7 - Software Quality Reliability Mgmt - in lecture.pptxTangZhiSiang
This document discusses key concepts related to software quality including software quality assurance, software quality planning, software quality control, and software quality metrics. It defines software quality as having desirable attributes and approaches it through defect management and quality attributes. It explains that software quality management ensures the required level of product quality is achieved through procedures, standards, and quality data collection. Specifically, it outlines that software quality assurance is a monitoring process used throughout development to facilitate quality, software quality planning creates project-level quality plans, and software quality control ensures procedures are followed by development teams.
The document discusses software quality assurance. It defines quality assurance, quality management, and their key aspects. It also describes the different elements of software quality assurance - software quality planning, software quality control, and software quality metrics. Under software quality control, it discusses various quality control methods like reviews, tests, and audits. It then covers topics like standards, quality models, capability maturity model, and process improvement methods like six sigma. Finally, it provides examples of software metrics that can be used to measure quality.
The document discusses software quality and quality assurance. It focuses on two fundamentals of quality - quality of design and quality of conformance. It describes various software quality models including McCall's and Boehm's models. It defines software quality assurance as providing adequate confidence that software products and processes conform to requirements. Key aspects of quality assurance plans, life cycles, and the need for verification and validation are outlined. Maturity models like CMM and standards like ISO 9000 are introduced as ways to improve software quality and processes.
This document discusses various topics relating to software quality management. It defines quality management as ensuring the required level of quality is achieved in a software product by defining quality standards and procedures. It discusses what quality means for software and some challenges in specifying quality requirements. It also covers the scope and key activities of quality management including quality assurance, planning, and control. Quality standards, reviews, and metrics are described as important aspects of quality management.
The document discusses software quality assurance (SQA) and quality control (QC). It defines SQA as a planned set of activities to evaluate the development process and ensure software meets requirements. QC focuses on reviews, inspections, and tests to find and remove defects before product release. Formal technical reviews (FTRs) are important QC activities that involve evaluation of work products by other engineers to uncover errors early. The goal is to improve quality and catch the majority of defects in a cost-effective manner.
The document discusses software quality management. It describes how quality management is concerned with ensuring quality at the organizational, project, and process levels. It also discusses establishing a quality plan, defining quality attributes, using standards like ISO 9001, and performing reviews and inspections to check quality.
The document discusses software quality management. It describes how quality management is concerned with ensuring quality at the organizational, project, and process levels. It also discusses establishing a quality plan, defining quality attributes, using standards like ISO 9001, and performing reviews and inspections to check quality.
In this technique, test cases are developed using the use cases of the system. A use case encompass the various actors and their interactions with the system. Use cases cover the complete transactions from start to finish. These test cases depict the actual use of software by the end user.
SQA (Software Quality Assurance) involves planned and systematic activities to ensure quality of software products and processes. This includes establishing standards and procedures for development, continuous monitoring of products and processes, and conducting audits. Key SQA activities include product evaluation to ensure adherence to standards, process monitoring to ensure procedures are followed correctly, and product audits to thoroughly review products and processes. The SQA plan documents the quality assurance approach and controls quality throughout the project.
This document provides an overview of quality management in software engineering. It discusses software quality, standards, reviews, and measurements. Specifically, it covers three key areas:
1) Software quality management is concerned with ensuring software meets required quality levels through organizational processes and standards, applying quality processes at the project level, and establishing quality plans.
2) Quality management activities include independent checks on the development process and deliverables to ensure consistency with standards and goals.
3) Reviews and inspections allow groups to examine software and documentation to identify potential problems and approve progress between development stages.
The document discusses software quality management. It covers quality fundamentals like culture, costs and models. It describes quality management processes like quality assurance, verification and validation, reviews and audits. It discusses quality requirements, defect characterization and management techniques like static, people-intensive and dynamic techniques. The document provides details on quality measurement and testing to ensure software quality.
The document discusses software quality assurance and defines quality as meeting customer requirements within agreed timescales and costs, and providing customer satisfaction. It discusses standard definitions of software quality, views of quality, and quality criteria. Large software projects often fail due to quality problems. Software quality engineering aims to meet quality expectations through validation and verification activities. Its main tasks include quality planning, execution of quality assurance activities like testing, and measurement and analysis. A quality engineering process manages these activities to achieve preset quality goals.
Software quality assurance (SQA) involves planning and implementing activities throughout development to ensure quality. SQA includes standards, reviews, testing, defect tracking, and risk management. Statistical SQA categorizes defects and identifies their root causes to improve processes. Reviews are important for uncovering errors and should involve preparation, focus on the work product, and result in accepting or rejecting the product. Metrics collected from reviews indicate their effectiveness at defect detection and removal.
This document discusses quality standards and quality management processes for surveying projects. It defines key terms like quality, standards, quality assurance and quality control. It describes the benefits of standards and outlines the Plan-Do-Check-Act model for quality processes. Quality standards help ensure accurate, reliable survey results and monitoring is needed to check that standards and requirements are met. The three main quality management processes are quality planning, quality assurance and quality control.
Quality control is an important part of quality management that aims to identify errors and ensure products and services meet requirements. Key aspects of quality control include inspection at receiving, in-process, and final stages to check for defects. Tools like gauges and measuring equipment are used to inspect for conformance to specifications. For services, important quality characteristics are identified and measured through checklists and data collection. Approaches like HACCP focus on preventing hazards rather than final inspection. Project quality management involves quality planning, assurance, and control activities to satisfy quality standards. Overall, quality control aims to eliminate errors and improve processes.
This document provides an overview of techniques for going beyond automated vulnerability scanning when performing security assessments. It discusses the importance of reconnaissance, mapping systems and content, and focusing on manual testing techniques like identifying all areas of user input and fuzzing, abusing features, and combining findings from automated tools. The document then provides examples of manual testing techniques, including feature abuse, combining multiple low-risk findings into a high-risk vulnerability, proxy-based firewall bypassing, file inclusion leading to remote code execution, and email spoofing. It emphasizes going beyond just running scans and focusing on manual techniques.
This document provides an introduction to conceptual modeling in database design. It discusses the stages of database design including data analysis, conceptual design, logical design, and physical design. The conceptual and logical models are explained using an example of a university database. Key aspects of conceptual modeling using the entity-relationship model are covered, including entities, attributes, relationships, keys, participation constraints, and weak/strong entities. Design principles are presented for reducing redundancy and choosing between entities and attributes.
Direct infection: virus can infect files every time a user opens that specif...BUSHRASHAIKH804312
Cyber security is important to protect networks, devices, programs, and data from unauthorized access and cyber attacks. Common cyber threats include phishing scams, malware like viruses and ransomware, and business email compromise. To protect the confidentiality, integrity, and availability of information, organizations must implement security best practices like strong passwords, software updates, backups, and user training. While perfect security is impossible, following cyber security fundamentals can help organizations achieve an appropriate level of protection against modern cyber risks.
This document discusses iterative software development and its benefits over traditional waterfall development. It notes that iterative development addresses risks earlier through incremental deliverables. Each iteration includes integration, testing, and assessment. This allows problems to be identified and addressed sooner. In contrast, waterfall development delays testing until late in the project and does not allow for feedback and changes between phases. The document recommends iterative development as a best practice to address common problems like changing requirements and late discovery of issues.
The chapter discusses control flow testing, which involves generating test inputs to execute different paths through a program. It covers generating a control flow graph to represent program flow, criteria for selecting paths like statement and branch coverage, and techniques for producing test data to execute specific paths, including solving path conditions. The goal is to design inputs that exercise the structure and logic of the program based on its control flow.
The document provides an overview of knowledge portals and their use in knowledge management. It discusses what knowledge and knowledge management are, defines different types of portals, and introduces the concept of a knowledge portal. It describes the key functions, design, and tools of a knowledge portal, including features for gathering, categorizing, distributing, publishing, personalizing, and searching knowledge. It demonstrates a knowledge portal built using a content management system and discusses challenges for librarians in managing knowledge through a portal.
This document summarizes a lecture on file system implementation. It discusses:
- File system structure including logical file system, file organization module, basic file system, and device drivers.
- Key data structures including file control blocks, mount table, directory cache, open file tables.
- Allocation methods like contiguous, linked, and indexed allocation.
- Free space management techniques like bit vectors, linked lists, and grouping.
- Caching strategies to improve performance like disk caching, read-ahead, and memory mapping.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
How to Manage Your Lost Opportunities in Odoo 17 CRMCeline George
Odoo 17 CRM allows us to track why we lose sales opportunities with "Lost Reasons." This helps analyze our sales process and identify areas for improvement. Here's how to configure lost reasons in Odoo 17 CRM
How to Fix the Import Error in the Odoo 17Celine George
An import error occurs when a program fails to import a module or library, disrupting its execution. In languages like Python, this issue arises when the specified module cannot be found or accessed, hindering the program's functionality. Resolving import errors is crucial for maintaining smooth software operation and uninterrupted development processes.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
How to Setup Warehouse & Location in Odoo 17 InventoryCeline George
In this slide, we'll explore how to set up warehouses and locations in Odoo 17 Inventory. This will help us manage our stock effectively, track inventory levels, and streamline warehouse operations.
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
4. 4
What is Quality?
Quality – developed product meets it’s specification
Problems:
• Development organization has requirements exceeding customer's
specifications (added cost of product development)
• Certain quality characteristics can not be specified in
unambiguous terms (i.e. maintainability)
• Even if the product conforms to it’s specifications, users may
not consider it to be a quality product (because users may not be involved in
the development of the requirements)
5. 5
Quality Management – ensuring that required level of
product quality is achieved
• Defining procedures and standards
• Applying procedures and standards to the product and process
• Checking that procedures are followed
• Collecting and analyzing various quality data
Problems:
• Intangible aspects of software quality can’t be standardized
(i.e elegance and readability)
What is Quality Management?
6. 6
What are SQA, SQP, SQC, and SQM?
SQA includes all 4 elements…
• Software Quality Assurance – establishment of network of
organizational procedures and standards leading to high-
quality software
2. Software Quality Planning – selection of appropriate
procedures and standards from this framework and adaptation
of these to specific software project
3. Software Quality Control – definition and enactment of
processes that ensure that project quality procedures and
standards are being followed by the software development
team
4. Software Quality Metrics – collecting and analyzing quality
data to predict and control quality of the software product
being developed
9. 9
Software Development Cycle
Software Development Phase
• Software requirements
• Preliminary Design
• Detailed Design
• Code
• Unit Test
• Software integration
• Software Component Test
• Software System Test
• Maintenance and Support
End product
• SRS, IRS
• SDD, PQT/FAT/SAT
Plans & Proc.’s, ICD, IDD
• PDL, User Manuals
• Code, UT Plan & Proc.’s
• UT Results
•VDD
• PQT Report
• FAT & SAT Reports
• ECP’s leading to updates
14. 14
Why are Standards Important?
• Standards provide encapsulation of best, or at least most
appropriate, practice
• Standards provide a framework around which the quality
assurance process may be implemented
• Standards assist in continuity of work when it’s carried out by
different people throughout the software product lifecycle
Standards should not be avoided. If they are too extensive
for the task at hand, then they should be tailored.
15. 15
SDS a Simplistic approach
In most mature organizations:
• ISO is not the only source of SDS
• Process and Product standards are derived independently
• Product standards are not created by SQA
16. 16
Process Standards
Process Standards – standards that define the process
which should be followed during software development
ISO CMM CMMI
Organizational
Quality Manual
Organizational
SD Process STD’s
IPDS
Project SD Process STD’s
(SDP, IP, Method Sheets)
Project
SQP
Project
SCMP
17. 17
Product Standards
Product Standards – standards that apply to software
product being developed
ISO
STD’s
MIL/ Industry
STD’s
Organizational
Product STD’s
COTS
STD’s
Project Product STD’s
(SDP, IP, Method Sheets)
19. 19
ISO - 9001 Elements
• Quality System Requirements
• Management Responsibility
• Quality system
• Contract review
• Design Control
• Document control
• Purchasing
• Purchaser supplied product
• Product identification and traceability
• Process control
• Inspection and testing
• Inspection, measuring and test equipment
• Inspection and test status
• Control of non-conforming product
• Corrective action
• Handling, storage, preservation, packaging
and shipping
• Quality records
• Internal quality audits
• Training
• Servicing
• Statistical techniques
• Software Quality Responsibilities
• Management Responsibility
• Quality system
• Contract review
• Design Control
• Document control
• Purchasing
• -
• Product identification and traceability
• Process control
• Inspection and testing
• -
• Inspection and test status
• -
• Corrective action
• -
• Quality records
• Internal quality audits
• Training
• -
• Statistical techniques
25. 25
Documentation Hierarchy
• Documents are not the only tangible way of representing software
products. The working software system is the most tangible way of
representing software products.
• Documents are the best way to ensure software products’
understandability
26. 26
Process and Product Quality
Quality of development process directly affects the quality of
delivered products.
This is the factory approach. It doesn’t work because software is
designed rather then manufactured.
27. 27
Process and Product Quality Creative Approach
• Quality Improvement – identifying good quality products,
examining the processes used to develop these products, and then
generalizing these processes so that they can be applied everywhere
29. 29
Quality Improvement – Six Sigma Process
• Visualize – Understand how it works now and imagine how it
will work in the future
• Commit – Obtain commitment to change from the stakeholders
• Prioritize – Define priorities for incremental improvements
• Characterize – Define existing process and define the time
progression for incremental improvements
• Improve – Design and implement identified improvements
• Achieve – Realize the results of the change
30. 30
Continuity and Independence of SQA
• Software Quality Assurance team must be independent in order to
take an objective view of the process and report problems to senior
management directly
• If prescribed process is inappropriate for the type of software
product which is being developed, then it should be tailored
• The standards must be upheld no matter how small the task.
Prototyping doesn’t mean no standards. It means tailored standards.
• Quality is FREE, if it’s Everyone’s Responsibility!
32. 32
Software Quality Plan
• Tailoring - SQP should select those organizational standards that
are appropriate to a particular product
• Standardization - SQP should use (call out) only approved
organizational process and product standards
• If new standards are required a quality improvement should be
initiated
• Elements - SQP elements are usually based on the ISO-9001
model elements
• SQP is not written for software developers. It’s written for SQE’s
as a guide for SQC and for the customer to monitor development
activities
• Things like software production, software product plans and risk
management should be defined in SDP, IP
• Quality Factor’s shouldn’t be sacrificed to achieve efficiency.
Don’t take the job if quality process can’t be upheld
34. 34
Methods of Software Quality Control
SQC involves overseeing the software development process to ensure that the
procedures and STD’s are being followed
The following activities constitute SQC:
• Quality Reviews - in-process reviews of processes and products
Reviews are the most widely used method of validating the quality of processes and
products. Reviews make quality everyone's responsibility. Quality must be built-in.
SQE is responsible for writing Quality Engineering Records (QERs) documenting their
participation in these reviews.
• Tests - end-result verifications of products. These verifications are conducted after the
software has been developed. Test procedures are followed during conduct of these
activities. SQE is responsible for keeping the logs and some times for writing the test
report.
• Quality Audits - in-process verifications of processes. These audits are conducted
periodically (twice a month) to assess compliance to the process STD’s.
35. 35
Quality Reviews
• Peer reviews - reviews of processes and products by groups of people. These
reviews require pre-review preparation by all participants. If a participant is not
prepared, then the review is not effective. This type of review requires
participation of the SQE, moderator, recorder, author(s), and one or more critical
reviewers. All issues found during these reviews are documented on AR forms.
• Walkthroughs - reviews of products by groups of people mostly without
preparation. For example a requirements traceability review is a walkthrough. It
involves tracing a requirement from customer requirements to the test procedures.
All issues found during these reviews are documented on CAR forms.
• Desk inspections - reviews of products by individuals. These reviews involve
people reviewing products by themselves (not in a group) and then submitting
their comments to the author(s). The issues found during these reviews are
treated in informal manner.
36. 36
Tests
• Engineering Dry-run - test conducted by engineering without SQE. These tests
include Unit Tests and engineering dry-runs of the formal tests. These engineering dry-
runs are used to verify correctness and completeness of the test procedures. Also, these
is the final engineering verification of the end-product before sell-off to SQE. All
issues found during these tests are documented on STR forms.
• SQE Dry-run - test conducted by SQE. These tests include PQT, FAT and SAT dry-
runs. These tests are used to verify the end-product before the formal test with the
customer. An SQE is sometimes responsible for writing the test report. However, if a
separate test group is available, then SQE is relived of this obligation. All issues found
during these tests are documented on STR forms.
• TFR - test conducted as “RFR - run-for-record” with the SQE and the customer.
These tests include FAT and SAT. These tests are conducted to sell the end-product off
to the customer. SQE is present at all such tests. All issues found during these tests are
documented on STR forms.
37. 37
Quality Audits
• SQE Audits - audits conducted by SQE to verify that the process STD’s are
being followed. Examples of these audits are IPDS compliance, Configuration
Control, and Software Engineering Management. All findings for these audits are
documented on QER forms. The results of the audits are distributed to the next
level of management (above project level). If the issue(s) are not fixed then the
findings are elevated to upper management.
• Independent Audits - audits conducted by ISO generalists or other independent
entities to verify that the process STD’s are being followed. These audits are
usually conducted on a division/facility level. The results of these audits are
distributed to upper management.
38. 38
Defect Detection
Formal bug finding activities include Quality Reviews and Tests
From
Baseline
Capture
System
Requirem
ents
Analysis
Softw
are
Requirem
ents
Analysis
Prelim
inary
Design
Detailed
D
esign
Code
Unit Test
Softw
are
Integration
Softw
are
Q
ualific
S
T
A
G
E
D
E
T
E
C
T
E
D
At Baseline Capture 0
System Requirements Analysis 0 79
Software Requirements Analysis 0 0 1
Preliminary Design 0 6 2 10
Detailed Design 1 0 0 0 42
Code 0 0 0 1 2 37
Unit Test 0 0 0 0 0 0 0
Software Integration 1 0 0 0 4 1 0 0
Software Qualification Test 0 0 0 0 0 0 0 0 0
System Integration 1 0 0 0 4 5 0 0 0
System Test 0 0 0 0 0 0 0 0
Post System Test 0 0 0 0 0 0 0 0 0
93% 33% 91% 81% 86%
93% 11% 95% 79% 74% 0% 36% 0%
44% 2% 6% 27% 22% 0% 0% 0%
Chart Data Last Updated: 10/3/01
S
T
A
G
E
D
E
T
E
C
T
E
D
% Defects Originated In This Phase Out Of All Defects
% Defects Originated in This Phase That Were Contained By This Phase
% Defects Originated in This Phase Plus Defects
That Escaped From Earlier Phases That Were Contained By This Phase
39. 39
A Bug’s Life
V
Verified
SCCB
Engineer
Engineer
Resolves STR
N A O
D
P
New Assigned
Postponed
Open
Duplicate
Tested
Approves STR Accepts STR
Software Lead
Plans Merge
Integrator
Performs Merge
R M
Resolved Merged
T
Tester
Verifies Fix
SCCB
Agrees Closure
X
Rejected
40. 40
Software Configuration Management
SCM – activities assuring that software products are properly
identified and their transition is tracked. In many mature
organizations SCM is not part of SQA responsibilities.
• Baseline Identification – identification of initial state of the
product
• Change Identification – identification of changes made to the
baseline
• Change Control – documentation of changes via revision history,
change summary, or using automated development tools
(ClearCase or Apex)
• Status Accounting – reporting changes to others and monitoring
completeness of the project archives
• Preservation – keeper of the software products
42. 42
Metrics Collection
• Software measurement - the process of deriving a numeric value
for some attribute of a software product or a software process. Comparison of these
values to each other and to STD’s allows drawing conclusions about the quality of
software products or the process.
• The focus of the metrics collecting programs is usually on collecting metrics on
program defects and the V&V process.
• Metrics can be either Control Metrics or Predictor Metrics
• Most of the “Ilities” can not be measured directly unless there’s historical data.
Instead tangible software product attributes are measured and the “Ility” factors are
derived using predefined relationships between measurable and synthetic attributes.
• The boundary conditions for all measurements should be established in advance
and then revised once a large databank of historical data has been established
43. 43
The Process of Product Measurement
1. Decide what data is to be collected
2. Assess critical (core) components first
3. Measuring component characteristics might require automated tools
4. Look for consistently (unusually only works in a factory) high or low values
5. Analysis of anomalous components should reveal if the quality of product is
compromised
44. 44
Predictor and Control Metrics
Examples of Predictor Analysis:
• Code Reuse: SLOC = ELOC = Ported Code
• Nesting Depth: ND > 5 = Low Readability
• Risk Analysis: # STR P1 > 0 at SAT = Low Product Reliability
Examples of Control Analysis:
• STR aging: Old STRs = Low Productivity
• Requirements Volatility: High Volatility = Scope Creep
45. 45
Software Product Metrics
There are two categories of software product metrics:
1. Dynamic metrics – this metrics is collected by measuring elements
during program’s execution. This metrics help to asses efficiency and
reliability of a software product. The parameters collected can be
easily measured (i.e. execution time, mean time between failures)
2. Static metrics – this metrics is collected by measuring parameters of
the end products of the software development. This metrics help to
asses the complexity, understandability, and maintainability of a
software product. The SLOC size and ND are the most reliable
predictors of understandability, complexity, and maintainability.
46. 46
The Ilities
The specific metrics that are relevant
depend on the on the project, the goals of
the SQA, and the type of SW that is being
developed.
49. 49
Defect Prevention
Defect Prevention – establishment of practices that lower the reliance
on defect detection techniques to find majority of the bugs
• Lessons learned – learning from other peoples experiences and sharing own
experiences with the other projects
• Managing With Metrics – collecting the metrics, understanding it, and making
changes to the product or process based on analysis. Metrics must be standardized to
be effective.
• Risk Analysis – identifying potential risks and opportunities early in the program
and tracking them to realization.
• Build freeze – no changes are made to the code during formal tests.
• Unit-level testing guidelines – test plans and procedures for each UT
• Baseline acceptance criteria – establishment of closure criteria in advance (i.e. no
P1 STRs at FAT TRR)