3.4.11 Quality Assurance
| No: 43028139 | Date(g): 4/11/2021 | Date(h): 29/3/1443 |
Effective from 2021-11-04 - Nov 03 2021
To view other versions open the versions tab on the right
Principle
The quality assurance process should be defined, approved, communicated and implemented to independently ascertain quality of the changes or development in the information assets in line with the business/user requirements prior moving them to the production environment.
Control Requirements
| 1. | The quality assurance process should be defined, approved, implemented and communicated by the Member Organizations. | |
| 2. | The quality assurance process should be monitored and periodically evaluated. | |
| 3. | The quality assurance process should address the following, but not limited to: | |
| a. | clear roles and responsibilities for personnel carrying out quality assurance activities; | |
| b. | minimum quality requirements sets by the Member Organizations including business and any other applicable regulatory requirements; and | |
| c. | process for identification, maintenance and retirement of quality related records. | |
| 4. | The quality assurance function/department should have independent existence and reporting with authority to provide objective evaluation. | |
| 5. | All changes or development to information system should be assessed by the quality assurance team prior releasing to the production environment. | |
| 6. | The quality assurance function should report the reviewed results to the relevant stakeholder(s) within the Member Organizations and initiate improvements where appropriate. | |