QCC ITSV 001 001 IT Software Validation
QCC ITSV 001 001 IT Software Validation
QCC ITSV 001 001 IT Software Validation
Index
1. Introduction ...................................................................................................................1
2. Aim .............................................................................................................................. 2
3. Scope ........................................................................................................................... 2
4. Definitions ................................................................................................................... 2
5. Software categories ..................................................................................................... 3
5.1 Commercial off-the-shelf (COTS) software .................................................. 3
5.2 Modified off-the-shelf (MOTS) software ...................................................... 3
5.3 Custom software (self-developed software) .................................................. 4
6. Software life cycle ....................................................................................................... 4
7. Validation .................................................................................................................... 5
7.1 Validation diagram ........................................................................................ 5
7.2 Software checklist ......................................................................................... 6
7.3 Validation report ............................................................................................ 6
7.4 Good practices ............................................................................................... 7
8. Configuration management ......................................................................................... 7
9. References ................................................................................................................... 8
Appendix 1 ...................................................................................................................... 9
Appendix 2 .................................................................................................................... 13
1. Introduction
This document presents general validation principles that QCC considers applicable to the
validation of software used in a forensic laboratory. It is based on generally recognized
software validation principles and could therefore be applicable to any software.
Validation is an activity that answers the question “Is the software suitable for its intended
purpose?” Provided the verification activity has been properly performed, that question
translates roughly to “Does the software meet its requirements when it's run?” [11].
It is recommended that validation activities be conducted throughout the entire software life
cycle. The level of validation effort to be applied and validation techniques to be used must be
determined for each software project.
3. Scope
The scope of this document is validation of all types of software used in forensic laboratories.
4. Definitions
Computer system
A group of hardware components and associated software designed and assembled to perform
a specific function or group of functions.
Software
A collection of programs, routines, and subroutines that controls the operation of a computer
or a computerized system.
Software product
The set of computer programs, procedures and associated documentation and data.
Software item
Any identifiable part of software product.
Testing
The process of exercising or evaluating a system component by manual or automated means
to verify that it satisfies requirements or to identify differences between expected and actual
results.
Verification
Confirming that the output from a development phase meets the input requirements for that
phase.
Validation
Establishing by objective evidence that all software requirements have been implemented
correctly and completely and are traceable to system requirements.
It should especially be noted that spreadsheets are programs, and that they as such require
validation. Spreadsheets may be validated as other programs. Special attention should be paid
to the fact that spreadsheets have a wide-open user interface what makes them very vulnerable
to unintentional changes.
1
A walkthrough is a term describing the consideration of a process at an abstract level. The term is often
employed in the software industry to describe the process of inspecting algorithms and source code by following
paths through the algorithms or code as determined by input conditions and choices made along the way. The
purpose of such code walkthroughs is generally to provide assurance of the fitness for purpose of the algorithm
or code; and occasionally to assess the competence or output of an individual or team.
Something akin to walkthroughs are used in very many forms of human endeavour since the process is a thought
experiment that seeks to determine the likely outcome(s) of an affair based on starting conditions and the effects
of decisions taken (http://www.encyclopedia.laborlawtalk.com).
7. Validation
Software validation should not be left to the end of a project; in fact quite the reverse is
required. The validation should start at the beginning of a project as it is shown in the diagram
below.
A template of such report has been published by Nordtest Software [Method of Software
Validation, NT Techn. Report 535]
8. Configuration management
Configuration management ensures that all changes to software/hardware are controlled. It
also ensures that all software installations are known, and have periodic checks. To achieve
this, software used in accredited laboratories should be considered with regard to where it fits
into the computing hardware. A software product can be installed on many computer systems.
Many laboratories have one version of software product that is installed on many computer
systems. It is important to separately consider each installation. In all cases, the software
should be under, software configuration management, version and access control. The labs
should have records indicating what versions are current. They should also know which
computer systems have what software products installed. They should also control access to
them so that only authorised individuals have access. There should be a “check” that is
performed periodically to ensure that the correct version is installed and no unauthorised
modifications have occurred [10].
MS Excel is one of the most commonly used computer programs to perform automatic or
semiautomatic calculation and visualisation of data. Excel spreadsheets may be used
whenever a standard calculation has to be repeated over a long period of time. It should be
noted that spreadsheets are programs, and that they as such require validation.
The validation of spreadsheets should ensure that all data generated and all operations and
checks performed with the spreadsheet, as well as online-generated graphs, are valid.
or formula auditing:
OpenOffice.org Calc offers Similar tools, though the functions may have different names:
- data validation: