LARION QM Process And Product Quality Assurance Process PDF
Document Details
Uploaded by LuckyChalcedony1151
2024
San Ho-Thi-Nguyet
Tags
Related
- Quality Assurance & Quality Control in Biotechnology (BNN 20303) PDF
- Quality Service Management in Tourism and Hospitality PDF
- Target Product Safety & Quality Assurance Process Manual PDF
- Bernalillo County Fire & Rescue EMS Report Quality Assurance and Quality Improvement (QA/QI) Policy PDF
- Learning Session - Quality Assurance Operations CY2024 PDF
- Process Improvement - PDF
Summary
This document details the LARION QM Process and Product Quality Assurance Process, version 2.5, effective September 11, 2024. It outlines security classifications, document codes, last updated information, and version details. This document does not contain any questions.
Full Transcript
----------------------------------------------- QM Process and Product Quality Assurance Process ----------------------------------------------- -- -------------------------- ------------------------------ Security classification: INTERNAL Document code: LARION.QM.PR...
----------------------------------------------- QM Process and Product Quality Assurance Process ----------------------------------------------- -- -------------------------- ------------------------------ Security classification: INTERNAL Document code: LARION.QM.PRO.009 Last Updated by: San Ho-Thi-Nguyet Effective date: Sep 11, 2024 Version: 2.5 Template ID: Process\_Base\_Template-1\_7 -- -------------------------- ------------------------------ Document Control +-----------+-----------+-----------+-----------+-----------+-----------+ | 2.0 | Approve | N/A | N/A | HuyNQ | Dec 04, | | | | | | | 2017 | +-----------+-----------+-----------+-----------+-----------+-----------+ | 2.1 | Delete | LanLH | Jan 09, | TrucDTT | Jan 09, | | | metrics | | 2018 | | 2018 | +-----------+-----------+-----------+-----------+-----------+-----------+ | 2.2 | \- Update | TrucDTT | Aug 03, | HuyNQ | Sep 28, | | | section " | | 2018 | | 2018 | | | NC | | | | | | | Handling | | | | | | | Procedure | | | | | | | " | | | | | | | for Minor | | | | | | | NCs | | | | | | | | | | | | | | \- Update | | | | | | | section " | | | | | | | Unit / | | | | | | | Projects | | | | | | | Quality | | | | | | | Weekly | | | | | | | Report": | | | | | | | Update | | | | | | | criteria | | | | | | | to | | | | | | | evaluate | | | | | | | GREEN / | | | | | | | AMBER / | | | | | | | RED | | | | | | | status | | | | | | | | | | | | | | \- Update | | | | | | | section | | | | | | | "Escalati | | | | | | | on | | | | | | | Mechanism | | | | | | | " | | | | | +-----------+-----------+-----------+-----------+-----------+-----------+ | 2.3 | \- Update | TrucDTT | Mar 01, | TrucDTT | Mar 01, | | | detail | | 2023 | | 2023 | | | activitie | | | | | | | s | | | | | | | and add | | | | | | | template | | | | | | | Internal | | | | | | | Audit | | | | | | | Program | | | | | | | | | | | | | | \- Merge | | | | | | | Project | | | | | | | Security | | | | | | | Audit | | | | | | | Checklist | | | | | | | on file | | | | | | | Project | | | | | | | Audit | | | | | | | Checklist | | | | | | | | | | | | | | \- Update | | | | | | | NC | | | | | | | Classific | | | | | | | ation: | | | | | | | Remove | | | | | | | Critical | | | | | | | NC | | | | | +-----------+-----------+-----------+-----------+-----------+-----------+ | 2.4 | \- | TrucDTT | Jun 28, | TrucDTT | Jun 28, | | | Activity | | 2023 | | 2023 | | | Details | | | | | | | "Initiate | | | | | | | The Audit | | | | | | | Program": | | | | | | | Update | | | | | | | input and | | | | | | | activity | | | | | | | | | | | | | | \- Update | | | | | | | severity | | | | | | | of NC | | | | | | | | | | | | | | \- At | | | | | | | section | | | | | | | "Escalati | | | | | | | on | | | | | | | Mechanism | | | | | | | ": | | | | | | | Update | | | | | | | due date | | | | | | | of | | | | | | | correctiv | | | | | | | e | | | | | | | action | | | | | +-----------+-----------+-----------+-----------+-----------+-----------+ | 2.5 | Update | SanHTN | Sep 11, | TrucDTT | Sep 11, | | | "ISO | | 2024 | | 2024 | | | 27001:201 | | | | | | | 3" | | | | | | | to "ISO | | | | | | | 27001:202 | | | | | | | 2" | | | | | +-----------+-----------+-----------+-----------+-----------+-----------+ Table of Contents Index of Tables Index of Illustration []{#anchor}Introduction ======================= []{#anchor-1}Purpose -------------------- The purpose of PPQA Process is to: - Evaluate performed policies, standards, processes and work products against the Organization Standard Process (OSP) by independent group - Ensure OSP is complied with the international standards: ISO 27001:2022, ISO 9001:2015, CMMI,\... []{#anchor-2}Scope ------------------ The process is applied for all audit activities at projects, units in LARION. []{#anchor-3}Risks ------------------ -- -- -- -- ::: {.caption} Table 1: Initial risks ::: []{#anchor-4}Abbreviations & Definitions ---------------------------------------- - BDM: Business Development Manager - BoD: Board of Directors - CAR: Corrective Action Request - CDO: Chief Development Officer - CR: Change Request - FA: Finance and Accounting - GD: General Department - HR: Human Resource - ISMS: Information Security Management System - IT: Information Technology - KPI: Key Performance Indicator - NC: Non-compliance, Non-conformity - Offline audit (document review): One of steps QA Engineer have to operate before auditing to get findings as well as to understand thoroughly the compliance of projects through tracking checklists application of projects, auditing work products and processes - Any documents immediately presented by the auditee should be reviewed to gather relevant information that might not have been available before (an example would be a process improvement that is being used on a trial basis, but is not yet in the documentation) - Onsite audit (interview): QA will conduct the meeting with responsible people in projects or QA will interview directly auditees at their workplace and collects their affirmations about their own records and their demonstration of process understanding - OSP: Organization / Organizational Standard Process(es) - PDP: Project\'s Defined Processes - PM: Project Manager - PMO: Project Profile Tool - PPQA: Process and Product Quality Assurance - QA: Quality Assurance - QM: Quality Management - QMS: Quality Management System - SAD: Software Architecture Design - SAE: Sales Admin Executive - SDD: Software Development Department - SLA: Standard Level Agreement - SOW: Statement of Work - Head of Departments / Units: Manager who is accountable for the functions and responsibilities of an operational unit, such as: HR, IT, FA,\... - WBS: Work Breakdown Structure []{#anchor-5}References ----------------------- ### []{#anchor-6}Policies -- Regulations 1. Quan\_Diem\_Quan\_Ly\_Chat\_Luong\_2.0 ### []{#anchor-7}Forms -- Templates 1. []{#anchor-8}QA\_Plan\_And\_Schedule\_For\_Projects\_Template 2. []{#anchor-9}Internal\_ Audit\_Program\_Template 3. []{#anchor-10}Internal\_Audit\_Plan\_For\_Corporation\_Template 4. []{#anchor-11}Noncompliance\_Log\_Template 5. []{#anchor-12}Audit\_Report\_Template 6. []{#anchor-13}Quality\_Weekly\_Report\_Template ### []{#anchor-14}Processes -- Work Instructions -- Guidelines -- Checklists -- Conventions 1. []{#anchor-15}PPQA\_Guideline 2. []{#anchor-16}Project\_Audit\_Checklist 3. Functional\_Dept\_Audit\_Checklist 4. []{#anchor-17}Release\_Process 5. []{#anchor-18}Final\_Inspection\_For\_Release\_yyyymmdd\_Checklist 6. Standard\_Work\_Product\_Level\_Agreement ### []{#anchor-19}External Sources 1. CMMI Product Team. *CMMI® for Development, Version 1.3*. Software Engineering Institute, Carnegie Mellon University, 2010. [www.sei.cmu.edu/library/abstracts/reports/10tr033.cfm](http://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfm) 2. Burwick, D.M. *How to implement the CMMI*^*®*^. Business & Personal Solutions (BPS), 2008 3. ISO 9001:2015 Quality Management Systems -- Requirements 4. ISO 27001:2022 Information security, cybersecurity and privacy protection - Information security management systems - Requirements []{#anchor-20}Policies ====================== 1. The company / project shall provide required resources for PPQA process 2. QA will select released products to check based on QA experiences 3. All NCs with policies, standards and procedures shall be documented and tracked to closure by QA 4. Project status shall be escalated to higher manager follow "Escalation Path" 5. Department / Unit must be audited at least once a year []{#anchor-21}Roles & Responsibilities ====================================== ------------------------------------ -- PM or Unit Heads QA Manager / Internal Audit Leader QA / Internal Auditor BoD ------------------------------------ -- ::: {.caption} Table 2: Roles & Responsibilities ::: []{#anchor-22}Process Characteristics ===================================== -------------------- ------------- Characteristic Description Entry Criteria Inputs Outputs Exit Criteria Related Processes Tools & Techniques -------------------- ------------- ::: {.caption} Table 3: Process Characteristics ::: []{#anchor-23}Process Flow ========================== ![Illustration 1: Processes and Products Quality Assurance Flowchart](Pictures/10000000000009CF00000A5A0F189C85.jpg "fig:") =========================================================================================================================== []{#anchor-24}Process Details ============================= []{#anchor-25}Activity Details: Initiate The Audit Program ---------------------------------------------------------- ------------- -- Accountable Input Output Activity ------------- -- ::: {.caption} Table 4: Activity Details: Initiate the Audit Program ::: []{#anchor-26}Activity Details: Establish Audit Plan And Assign Work -------------------------------------------------------------------- ------------- -- Accountable Input Output Activity ------------- -- ::: {.caption} Table 5: Activity Details: Establish Audit Plan and Assign Work ::: []{#anchor-27}Activity Details: Prepare For Audit Activities ------------------------------------------------------------ ------------- -- Accountable Input Output Activity ------------- -- ::: {.caption} Table 6: Activity Details: Prepare For Audit Activities ::: []{#anchor-28}Activity Details: (Optional) Conduct Opening Meeting ------------------------------------------------------------------ ------------- -- Accountable Input Output Activity ------------- -- ::: {.caption} Table 7: Activity Details: (Optional) Conduct Opening Meeting ::: []{#anchor-29}Activity Details: Perform Auditing ------------------------------------------------ -------------------------- -- Accountable Input Output Activity Guidelines & Conventions -------------------------- -- ::: {.caption} Table 8: Activity Details: Perform Auditing ::: []{#anchor-30}[]{#anchor-31}Activity Details: Report Audit Result ----------------------------------------------------------------- ---------- -- Input Output Activity ---------- -- ::: {.caption} Table 9: Activity Details: Report Audit Result ::: []{#anchor-32}Activity Details: Review Audit Result --------------------------------------------------- ---------- -- Input Output Activity ---------- -- Table 10: Review audit results []{#anchor-33}[]{#anchor-34}Activity Details: Perform CAR --------------------------------------------------------- Based on NC Log, units / projects which are audited and found NC(s) shall perform CAR in according to Nonconformity\_And\_Corrective\_Action\_Process. []{#anchor-35}NC Classification =============================== NC issues are problems identified in evaluations that reflect a lack of adherence of applicable standards, process descriptions, or procedures. NC is classified based on levels of its severity as below: - Category of NC: -------------- --------------------- Process The NC is found on: Work product The NC is found on: Security The NC is found on: -------------- --------------------- Table 11: Category of NC - Severity of NC: ------- -- Major Minor ------- -- ::: {.caption} Table 12: Severity of NC ::: []{#anchor-36}[]{#anchor-37}NC Handling Procedure ================================================= - Deadline for fixing NC: - In general, NC shall be fixed within 5 working days - For some special cases, deadline is set upon agreements on both of QA and PMs / Head of Units: - If the delivery date \< 5 working days from NCs found date, the Ncs, which may impact scope, quality, schedule of the release, must be set before the date of delivery - Other cases are based on unit / project characteristic ***Notes:** Any violations on NC Handling action will impacted to unit / project status report of the project in the end of the week, refer "Unit / Project Quality Weekly Report" section.* []{#anchor-38}Units / Projects Quality Weekly Report ==================================================== - Status of project is reported in GREEN / AMBER / RED color to be easy focus. The guideline below instructs how to identify project status in the week. Project status is GREEN if it does not meet RED / AMBER criteria - In Tuesday of next week, the project with AMBER / RED of the last week will be sent to PM or escalated to higher manager in according with "Escalation Mechanism" guidelines ---------------------------------------- ----- ------- Criteria / Project status RED AMBER Customer\'s complaint Treatment Action for Identified Threat Threat from QA Project Objectives Status of Release Status of Noncompliance ---------------------------------------- ----- ------- ***Note:** Threat from QA\'s view: Threats (will be impacted to Project Scope / Schedule / Cost / Quality) which were raised to PM but they were not agreed or / and managed to mitigate / avoid.* []{#anchor-39}Escalation Mechanism ================================== - At Project Level ------------------------------- -- -- Criteria When Who escalates Escalate to Due date of corrective action ------------------------------- -- -- Table 13: Escalation Mechanism - **At Company / Unit Level**: NCs have over due date will be escalated to BoD - Regarding to **MEDIUM / HIGH Threat** from QA\'s view, threats will be escalated to higher managers in order CDO, BoD until having an agreement between the higher managers and QA Manager - If higher managers decide the threats raised are LOW / NO threat, QM will re-update project status again - If higher managers are agree the threats raised, PM shall define plan to manage risk follow General Risk Management Process