3.4.11 Quality Assurance
| No: 43028139 | Date(g): 4/11/2021 | Date(h): 29/3/1443 | Status: In-Force |
Principle
The quality assurance process should be defined, approved, communicated and implemented to independently ascertain quality of the changes or development in the information assets in line with the business/user requirements prior moving them to the production environment.
Control Requirements
| 1. | The quality assurance process should be defined, approved, implemented and communicated by the Member Organizations. | |
| 2. | The quality assurance process should be monitored and periodically evaluated. | |
| 3. | The quality assurance process should address the following, but not limited to: | |
| a. | clear roles and responsibilities for personnel carrying out quality assurance activities; | |
| b. | minimum quality requirements sets by the Member Organizations including business and any other applicable regulatory requirements; and | |
| c. | process for identification, maintenance and retirement of quality related records. | |
| 4. | The quality assurance function/department should have independent existence and reporting with authority to provide objective evaluation. | |
| 5. | All changes or development to information system should be assessed by the quality assurance team prior releasing to the production environment. | |
| 6. | The quality assurance function should report the reviewed results to the relevant stakeholder(s) within the Member Organizations and initiate improvements where appropriate. | |