Before joining Industrial Scientific in July 2013, I was VP & Director of Quality Assurance for PNC’s Risk Management Technology group where we focused on making a deliberate distinction between Quality Assurance and Quality Control activities. This was an important distinction for us as the term QA had become synonymous with “testing.” Quality Assurance is much more than testing. Quality Assurance is focused on reducing the amount of defects that get created in the first place. This is achieved through focusing on upstream processes such as requirement management (are the requirements detailed enough and testable?), testing management (breadth/depth of test coverage), change management (communication/impact to other systems), and actual deployment processes. Our belief, which I still subscribe to, was that good requirements + good change management + good testing practices + good deployment activities = a successful implementation of a high quality solution. Quality Assurance begins very early and delivers increasing value through the development process. In comparison, Quality Control is the actual act of testing. It is a downstream end-of-the line activity where you are finding defects, which ultimately will determine how good your Quality Assurance actually is.
"We are committed to eliminating death on the job. Today, the primary way we do this is by outfitting industrial workers with portable gas detection devices."
Within Industrial Scientific’s Software Quality Assurance group, we were on a similar path where we had been focused on Quality Control and as a result, we were extremely good at testing execution, finding defects, and fixing defects. However, we had a lot of opportunity to improve our overall Quality Assurance. From an organizational perspective, we knew that we also needed end-to-end accountability across the software development lifecycle. Recognizing this, we recently made some Software Quality Assurance organizational changes and re-branded the team as Software Product Quality reporting to the Senior Global Director, Software Products who is also responsible for our Software Product Development group. We now have a single Software Products group responsible and accountable for developing and delivering quality software.
Additionally, we are looking closely at our outsourced vendor relationships in an effort to ensure that we have partners that are strong in Quality Assurance and not just Quality Control.
Two significant challenges that top the list are cyber-security and data privacy. Two years ago, I would have added establishing a cloud strategy to that list. However, that challenge has subsided for us as the Cloud has really materialized as another value-add tool in the toolbox to help extend our traditional IT landscape in a flexible and scalable manner. We are working with some of our core technology partners to make smart decisions that leverage the cloud effectively. Of course, with Cloud offerings the issues of cyber security and data privacy remain as relevant as ever. When you consider mobile and IoT and the fact that the internet has now moved from anytime, anywhere to all the time, everywhere, it really magnifies the security and data privacy risks.
To combat this, we’ve made some deliberate investments in IT Security with regard to people, process, and technology. However, the biggest tool we are using to combat IT Security is employee education and awareness. We are taking a multi-pronged approach on this front that includes standing up a new Info Sec intranet site, quarterly newsletters, monthly face-to-face meetings where our head of IT Security attends every Director level staff meeting once per quarter, and “lunch-and-learn” sessions. Additionally, to address data privacy issues, our Legal department and IT Security teams have begun to formally partner on ensuring that regulations and/or customer concerns are understood and that we are taking the appropriate steps as a company to address those issues.
Bringing it back to Quality Assurance, we have also made a pointed effort to include IT Security items within our QA processes and testing activities including OWASP (Open Web Application Security Project) testing of our software solutions and penetration testing.
Embracing the new wave: Big Data
At Industrial Scientific, we are committed to eliminating death on the job. Today, the primary way we do this is by outfitting industrial workers with portable gas detection devices. While we have millions of these devices in use throughout the world, roughly 200,000 devices are part of our connected device Software-as-a-Service (SAAS) monitoring solution. With that, we are firmly planted in the IoT and big data space. The QA implications are immense when you consider that people are betting their lives on our instruments and the fact that we are remotely monitoring the health of the sensors within the device to ensure it is working properly and also capturing all the gas readings that it encounters.
Our technology team recently met to discuss our roadmap for this solution and it became very clear that as the system grows into a larger distributed architecture, the breadth and depth of testing required will continue to increase significantly. To ensure the highest levels of quality, we need to include QA and the ability to perform QA activities across the ecosystem as a primary input into our architectural designs and decisions.
Within our company, I see a future trend of continuing to focus on maturing and establishing upstream QA processes into both our software development and new product development processes. It will be critical that we maintain the correct breadth and depth of testing, traceability across requirements, design, and development, and that we can perform end-to-end testing on our distributed systems. Additionally, automation testing in the areas of UI, system, load, and stress testing is something that we will continue to invest in, given the exponential growth of our IoT solution and the resulting performance demands that are placed on the system.
QA aside, some of the best advice that I was given and that I have also observed firsthand is what I like to call the “softer side of IT.” Not to be cliché, but I am convinced that we are often better served by focusing on “people and process” and less on the technology. Success is tied to our ability to effectively understand and manage expectations around our customers’ wants and needs and then implementing IT solutions that meet those needs.
We have all seen best-in-class technologies implemented unsuccessfully or that have not delivered the desired value to the business. Typically, it is not because of the technology; rather, we may have missed business requirements, underestimated the testing effort, had inadequate communication or disengaged stakeholders, or unknowingly overcommitted, because we didn’t understand the full scope of the effort. To counter this, invest in learning the business of your internal customers, maintain strong partner relationships with those customers, never short cut or underestimate the need for good requirements, and recognize that Quality Assurance wraps around all of this, as it is so much more than testing.