K-12 School Computer Networking/Chapter 28
Example Quality Assurance Plan (QAP) 
Introduction to the Plan (Choice of Scenario):
The company I intend to write a Quality Assurance proposal for will be for a university setting. I shall refer to the university throughout this proposal as University of X. University of X has one of the largest campuses in the Nation. Security is always an issue, and the result of what dreadfully occurred on the campus of Virginia Polytechnic Institute and State University has and will for ever be a turning point for security measures on campuses nationwide. This proposal serves only as an example. I furthermore hope this information may be used in practicality to serve the better good to aid in supplying more efficient safety and security to students, faculty and staff.
The purpose of this plan is to provide a quality assurance method to assist local security and police officers with specific means to broadcast critical safety information in real-time to a large number of students, faculty and staff.
Introduction of the Project for the Plan:
The project will involve researching available communications technologies and understanding the practicality of such devices and their means of transmitting and receiving information (data). Furthermore I will create an online survey and distribute it to Chiefs of Security at 25 comparable universities nation wide. The results of this survey will help me to compare security procedures and the uses of technology which are in practice by these universities. ADD PIC
The University was established in the early 1800’s and is nationally and internationally ranked. Though being a public institution, the out-of-state cost of tuition for graduates and undergraduates is one of the most expensive in the nation. The University enrolls over 36,000 students annually and employs over 10,000 faculty and staff. The campus is divided into two sections, South Campus and North Campus. Combined they measure over 1,400 acres (5.7 km²).
Areas for the Company to Improve (Strengths and Weaknesses):
The main area for improvement within University of X is within the Department of Security. The connection between campus security, local Police and Fire Departments needs to be defined. For the safety of students, faculty and staff, critical safety information needs to be supplied to these persons in real-time. There exist many different procedures and ways of doing so, though many different topics need to be taken into consideration. Such considerations are as follows:
Budget Technology User-ability of such technology Practicality of such technology Overall Quality Assurance of such technology Efficiency
Scope of the Plan:
To begin the project I need to appoint a team which will consist of five to six persons. This team will brainstorm and devise a series of thirty questions. The questions will then be placed into an online survey and then submitted to 15 Universities. When the universities Department of Security fills out the survey, the information is submitted in real time. At this point I will collaborate with one or more experienced Security officers to extrapolate the data. This data will allow me to know the types of security technology and methods which are used and set in place at different universities.
While this plan will involve a great deal of research there will exist limitations. Such limitations may include but are not limited to:
• Retrieving information regarding private security procedures. • Retrieving data from my survey and incorporating it prior to the end of this course. • Deciphering the data and collaborating with one or more campus security specialists.
Outline Quality Assurance issues and problems. Determine what the problem includes and what it does not include.
There does not seem to exist a plausible method for distributing specific accurate information wirelessly and in real-time to a dense population. Technologies exist such as the Internet, Cell Phones, Text Messaging, and Digital/Analog Radio. For example: A mass email is sent to the entire campus population consisting of safety information pertaining to a possible hurricane warning. Some students may be in transit and may not be able to check their email. Therefore this process concludes to be partially non-effective. Another example: A Text Message was sent to the population of students pertaining to a water main which has broken. Some students may have their cellular devices on silent, or may not own a cellular device. Furthermore many students may not have subscribed to such a service allowing security to alert them via text messaging pertaining to campus wide safety alerts.
Objectives of the QA Plan:
The primary objective of this Quality Assurance Plan (QAP) will be to provide statistical and comparative information to College and University Campus Security Departments Nationwide. The QAP is focused on one hypothetical University, though the data which I will provide will be used for practical purposes. This QAP will serve as the foundation for my project and I intend to build upon this idea up to and surpassing the completion of this course.
Approach (outline the methodologies or work to be done):
The primary approach I will need to take is to devise a survey consisting of specific questions (open ended and closed) and to submit to several different educational institutions. The process is then dependent on the Institution to fill out the survey and to then submit it. I will be using a survey engine (Surveymonkey) which will allow me to obtain the data in real time as well as other options such as exporting data into Excel for quick review and comparisons. After most more then 50% of the institutions have filled out the survey and submitted it, I will then be able to review the data. This data will be reviewed by myself as well as A institution security officer professional. As far as disclosing the schools involved in this project, I am uncertain at this time that listing names is possible.
Purpose of the plan:
The purpose of this plan is to allow any number of educational institutions to analyze and learn many approaches regarding the ability to broadcast communications to students, faculty and staff on a campus-wide scale. Due to the nature of our world today, crime on campuses is inevitable. Natural disasters on campus are as well an issue. In order to broadcast a message in real-time campus wide, some new technology may need to be implemented. The overall conclusion and most cost effective method may be the use of cellular phones, and the requirement to list your number with the local security office. I hope to review alternative and possible more effective methods. The overall information from this QA Plan can serve as a foundation for institutions nationwide to become familiar with alternative means of distributing information wirelessly.
Define the QA plan for the Company:
The Quality Assurance Plan (QAP) will assure educational institutions with the processes needed to disperse information quickly and accurately. This includes but is not limited to specific technological devices. This plan will also serve as a basis for allowing institutions nationwide to become familiar with alternative means of communications disbursing.
Determine the process and procedures for your plan (design, development, implementation, maintenance, revisions):
The main part of the QAP will be the survey. The survey will consist of several questions which will hopefully be answered in a timely fashion. I may not be able to determine some data such as: • How many cell phones are on campus? • How many handheld PDA devices are on campus? • How many MP3 devices are on campus?
For the most part I feel it is plausible to assume in this day and age, over 95% of students, faculty and staff on campus own a cellular device.
Reviews (how will reviews be conducted):
The reviews will be conducted by myself and possibly someone with a significant background in campus security. The reviews will be for educational purposes only. I may take the data a step further and allow more professionals to analyze the data and allow constructive feedback. The simple notion I am aiming for is what alternative sources are available today which are cost effective and easily implemented. I will be conducting research via Internet to venture into the world of different types of wireless devices. This data will be included.
Define the standards for your organization (ISO, IEEE…etc)
List and identify the specific standards that you will use for the QA plan:
My organization(s) will be using the ISO/IEC 15408 standard for their new QA process. This standard is defined as Evaluation Criteria for Information Technology Security (Wikipedia, ISO ISO/IEC 1540).
Explain the methods and techniques that will be used to meet standards
While transmitting confidential information wirelessly, the standards set in place insure the correct method of doing so is accurate and safe. The methods and techniques may seem tedious, though will be proven effective. Information submitted campus wide needs to be overlooked by three Security personnel as well as the president of the institution. This insures the accuracy of the information being transmitted. If an emergency occurs, the approval of the president of the institution is only needed. The method for transmitting this information will be by:
Email Cellular text messages (MMS, SMS) CCTV (Closed Circuit Television) Verbal announcements (via PA system)
Describe the procedures and explain the goals or purpose of procedures:
The procedures will ensure that accurate information is distributed effectively throughout a dense institutional population. The goals of this procedure will be to distribute accurate information with the correct approvals using sufficient technology and strategies. Having a universal means for broadcasting information is of severe need in many institutions. Thus allowing this QAP to strengthen their security procedures ad overall operations.
Describe the activities or tasks for each procedure:
The activities involved for my primary procedure for creating a survey will be to utilize a survey creation program and service called Surveymonkey. This will be an intricate process as I need to devise the right questions and take note of the length of the survey. Since the persons I will be asking to fill out the survey may be busy, I need to assure the questions are to the point, precise and will allow me to obtain the right information.
Explain when and how the activity will be executed, recorded, who will participate, reporting and follow-up for corrective action:
The activity will be executed by submitting a mass survey to the Department of Security at twenty-five different educational institutions. This activity will supply valuable information pertaining to security procedures. Security can be a life or death situation whereas implementing the standards which I have set within the QAP may or may not be applicable for some institutions. The goal as reiterated is to supply accurate information with hope to implement a set of standards and practices relating to that of distributing accurate information wirelessly to a set group within the institution.
One of the possible testing activities is to mentor the effectiveness of a newly implemented means for broadcasting information wirelessly and accurately within a given institution. This activity can allow trial and error data for other institutions who wish to implement the same or similar system.
A second testing activity will be to privately test equipment which may be used in a practical situation. The only draw back here will be the funding to do so. This method may be a safer approach as performing mock trials is better then the possibility of risking life or death.
What type of documentation will be created to support management (user guides, computer system guides, interim reports, progress reports, final reports)
There will be several documents which will be created to support management. The most important document which will be created will be contingency plan guidelines. A troubleshooting guide for operating the equipment will as well be created. The technology is computer based, so understanding the operating system is a must and will be included within the ISO/IEC standards. For implementation purposes, there will be a final report which will be needed to fill out upon the completion of a security procedure.
Explain how the documentation will be created, used and the guidelines and maintenance of the reports Contingency Plan guideline: This plan will list step-by-step the process necessary to carry out the correct action(s).
Troubleshooting Guide: This guide will supply technical information for troubleshooting the central computer system and other technologies.
Final Report: This report will ensure the correct measures were taken and will be reviewed and analyzed for future reference. This data will also allow for the future development of my QAP.
Documentation for testing activities
The documentation for testing activities will be provided by the technical writer who is appointed to the QA Team. The step-by-step procedures and trial and error occurrences will be recorded by and filed appropriately. The information may or may not be included in the final phase of the QAP.
Purpose of Measurements
The purpose of the measurements will be to record the effectiveness of the new technology and implemented procedures. The process of distributing emergency information to a dense population in real-time can mislead people if the information is incorrect. These overall measurements will strengthen the QAP.
Type of Measurements (example – calibration)
The main type of measurements I will be using will be calibration. This will allow me to review the before and after. This calibration will continue on a quarterly scale and will determine the effectiveness of the QAP. Following is a list of other applicable testing methods which may or may not be used: • Unit Testing: This testing will ensure the source code within the software used to launch mass information will work. • Functional testing: This testing will insure that all the functions of the software and product will operate according to the products advertised capabilities. • End-to-End testing: This type of testing may be used to mimic real life situation with regards to cellular, internet, intranet, and WiFi situations. • Regression testing: This type of testing will ensure the modification from a previous software or hardware was corrected. When and how Measurements will be used
The measurements will be used at the start of the QAP. Following, these measurements will continue on a quarterly scale.
Reporting Measurements and checking for adequacy:
The QAP Team will assess and extrapolate the data from the testing measurements. The information will be used to strengthen the testing process. Errors will be corrected such as the shift from one type of computer hardware, or software to a more efficient type. Corrective Action Process If there is an error within the trials or the QAP, this will be assessed and corrected by the QAP team. With this type of QAP, there are many errors which can default, though having a Team in place will hopefully catch these inefficiencies before they occur, or correct them immediately before the data is interrupted.
Risk Management 
Type of Risk management plan, methodology, process, tools:
The Risk Management Plan will include all known risks involved with the plan and will be created by the analysis team. The following six steps will be used to create the plan in full:
Define Risk Management, as it applies to your project Identify the categories of risk List all of the types of risks which may occur Determine the likelihood of the risks occurring Calculate the impact on the project if risk does occur Rank the risks identified in order or priority (Method123, 2003).
Determining risk is a very difficult task and involves many different types of processes. Nonetheless risk management is a crucial part of a Quality Assurance Plan (QAP).
Procedures and methods to be used to identify and analyze the collected data to determine risk:
A system will be implemented which will record the amount of broadcasted transmissions from the Central Security Offices. This system will work to improve the quality of the newly implemented technology. I will be using a Risk Priority Number (RPN) to analyze the risk identified during the Failure Mode and Effects Analysis (FMEA). According to the following three rating scales will conclude tot the severity of a potential risk.
• Severity, which rates the severity of the potential effect of the failure. • Occurrence, which rates the likelihood that the failure will occur. • Detection, which rates the likelihood that the problem will be detected before it reaches the end-user/customer.
The risk will then be calculate on a five point severity scale which will allow the true acknowledgment of the severity for the risk and the Analysis Team will then be able to correct the risk.
Determine the level of risk and tools used to manage risk in the project (risk matrix, risk mitigation plan:
When the Risk Priority Number (RPN) is identified and then used to determine the Failure Mode and Effects Analysis (FMEA), the collected data will be included into a final Risk Mitigation Plan. This plan will identify the severity of the risks, types of risks, and will address all possible solutions.
Describes the performance criteria for the analysis procedures: The project team will be involved in the analysis procedures. The data will be presented and the team will view the Matrix and the mitigation plan, as well as the survey answers. The types of pertinent technology will be discussed and a plan to implement it will be created. Section 7 concludes the performance criteria for the analysis procedures.
Corrective Action for Risks:
As issues arise such as possible software failure, hardware failure, or user error a Corrective Actions Plan will be created. This plan will include a detailed list of the problems and will have an associated number as well as an implementation date.
Define and describe the training plans for the project:
The training plan will assure that all personnel are on the same level and understand how to effectively use the equipment as well as troubleshooting and error reporting. A training manual will be designed which will consist of procedures and troubleshooting chapters.
Special training or certification that may be required to implement the plan:
There will not be any required certification though the following certifications are recommended:
• Certified Software Quality Analyst (CSQA) • Certified Software Tester (CSTE) • Certified Software Project Manager (CSPM) • COPC Registered Coordinator Training • CBTL SM- 1 • CBQASM • Six Sigma Black Belt • Six Sigma Green Belt • Accredited ITIL Foundation Course • Foundation Certificate in ITSM
Training for the personnel:
All personnel within the Security Department will be trained on the Quality Assurance Plan. Troubleshooting and error reporting procedures will be included.
Training process for corrective action and procedures (frequency of reports to management, plans for closeout activities to document lessons learned):
All staff will participate in error reporting and will contribute to the Bi-weekly Corrective Actions and Procedures Plan. This plan will consist of the problems that occurred and the corrective actions to take. The chosen committee will review this plan and upon approval the corrective actions will be implemented.
Analysis and Milestones 
Determine the milestones and process for overall corrective action:
The implemented technology will be monitored for a period of 12 months and all known issues will be recorded and transmitted real time to a central database. After 12 months, if all known software quarks and/or issues are not corrected and the issues do not lie in fault with the personnel, an alternative technology may be implemented which would start the QAP over at the beginning.
Results, Conclusion and Follow-Up 
Determine how results will be collected, reviewed, and list the different types of corrective action:
The results will be reviewed via a central database designed to retrieve data from the security offices with the implemented system. Each Security Office will have personnel who will be in charge of the troubleshooting and recording the issues. The types of possible corrective actions are as follow:
1. Implement an entirely new system 2. Use different wireless devices 3. Change the training procedures 4. Correct the issues and continue with current infrastructure
Clark, J. T. (1999). Success Through Quality: Support Guide for the Journey to Continuous Improvement. Milwaukee, WI: Quality Press.
Method123, (2003). Risk Plan. Retrieved April 4, 2009, from Method 123 Empowering Managers to Succeed Web site: http://www.method123.com/risk-management-plan.php
Realsoft Corporation, (2007). Examining Risk Priority Numbers in FMEA. Retrieved April 6, 2009, from Realsoft Web site: http://www.reliasoft.com/newsletter/2q2003/rpns.htm
Smith F. G. (1998). Quality Problem Solving: Conformance Performance Efficiency Product Design Process Design. Milwaukee, WI: Quality Press.
Stamatis, D.H., Failure Mode and Effect Analysis: FMEA from Theory to Execution. American Society for Quality (ASQ), Milwaukee, Wisconsin, 1995.