Guideline: Test Policy
Relationships
Related Elements
Main Description

The test policy defined within the organisation determines which elements of the test process are allocated to the permanent test organisation and the structure of the permanent test organisation.

The test policy must apply to all types of systems, infrastructures and development methods. Since testing is one of the tools to ensure quality, the test policy will have to be in line with the other policy measures and initiatives in relation to quality management. We recommend making sure that the test policy is in line with the strategic, tactical and operational policy of the organisation. At the strategic level, the impact of the organisation policy in relation to testing for the entire organisation must be determined. This results in the strategic test policy, which must be imposed and actively supported from this level. At the tactical level, the test policy must be translated to the setup per organisation component, department, product group, programme or project (depending on the setup of the organisation in question). This also involves the resources and budgets to guarantee unequivocal implementation of the test policy. Consistent implementation of the test policy results in a uniform test approach at the operational level.

Strategic

The strategic policy of an (IT) organisation has an impact on all of the underlying organisation components and its activities, including testing. The strategic policy can have many forms. For instance, it may defi ne conditions for the internal (IT) organisation, but also for the quality objectives and the possibilities to realise these. The strategic policy can be shaped by wishes and requirements from within the organisation. But factors outside the organisation may also play a role. Examples are requirements set by external monitors and regulators, (local) legal requirements that must be complied with, or industry agreements.

Tactical

At the tactical level, the strategic policy is translated to its operational implementation. This is achieved by creating regulations that specify the preconditions and standards to which the deployment of people, resources and methods must comply to realise the strategically defined objectives. They describe how the content of a structured test approach must be set up within an organisation, department, product group, programme or project (depending on the setup of the organisation in question).

Operational

At the operational level, a distinction can be made between support of the test process and the actual execution of the test process. Examples of support are issues relating to method, technical and functional advice to the testers. Examples of the execution are testing itself and test management, which each can be organised their own way. For instance, they can be executed in a matrix organisation, but also on a project basis, or partly in the line.

Example 1

A ministry has several organisational components that each offer and execute their own services autonomously. Each organisational component has its own local IT department to support these services (each with their own test approach). At the strategic level, the policy was formulated to enable fast changes (such as legal
changes) in supporting IT. At the tactical level, this was translated into the consolidation of all local IT departments and their centralisation into one large IT department. In the new IT department, testing was assigned to a permanent organisation that works according to fixed methods and techniques.

Example 2

A package supplier states, in its strategic quality policy, that the quality of all (software) products delivered to clients is verified by an independent external organisation. This policy has an impact on the organisation of testing at the tactical level. For instance, an overall test coordinator was appointed that acts as the liaison to the external organisation.

Example 3

As an external monitor, the central bank inspects the solidity and integrity of financial institutions. An important part of its activities involves defining requirements for the quality of the IT of financial institutions and its verification. A financial institution expresses the enforcement of these requirements in its policy. At the tactical level, this is translated to requirements specified for the use of production data. For instance, these data have to be depersonalised before using them as test data.

Copyright © 2006, Sogeti Nederland B.V. All rights reserved.