Functionality assurance

From Wikipedia, the free encyclopedia

In computers, functionality assurance is a form of continuous testing to assure a working system remains functional.

From a technology risk point of view, there are a number of long-term risks (difficult to envisage) that might result in unacceptable application functionality status. The functionality assurance model asserts that it is not acceptable to detect reduced functionality through user interaction and is cost beneficial both from a functionality and a risk management point of view to assure that the applications within scope operate at full functionality. There are many states that can produce reduced functionality, such as security updates to operating systems, internal system errors, changes to the external application context and even application updates. Functionality assurance is not performed with automated vulnerability scanning as such scans cannot detect introduced or undetected vulnerabilities.

Anomalous application states include:

• OS (Operating System) not functional and application 100% disabled
• OS partially functional and application partially disabled
• Application 100% disabled through internal fault
• Application partially disabled through internal fault
• OS or application vulnerability introduced

To perform effective functionality assurance, a two level approach is taken. Regressions test are undertaken by different areas, such as:

• From an OS point of view, tests to verify required functionality (OS build team).
• From an application point of view, test to verify the application functionality (Application developers).
• The regression tests should be layered and should focus on providing a system "green light" if all required functionality is present or if not, identify the subsystem that failed the tests.
• Trouble shooting should be a separate programme (too long a piece of string to be contained in a programme like this and very dependent on maturity of software engineering team).
• Software programmers should provide "call-back" functionality so that system monitors can verify the application functionality.
• The operations management team develop regression tests to verify the status of the OS
• The operations management team schedule the automated running of these regression tests to verify that both the application and the OS is still providing the required functionality after security updates, patch updates etc.