*********************************************************
Following is the full text of the speech delivered by the Director of Information Technology Services, Mr Lau Kam-hung, at a conference on quality software today (October 30):
Mr Tang, Dr Tse, Dr Chen, Ladies and Gentlemen,
I am delighted to address the Conference this morning. The presence of so many information technology (IT) professionals here has shown that we are striving for opportunities to stay in touch with the latest quality developments.
Quality in simple terms means "meeting the requirement", "fit for the purpose" and "value for money". It is one of the most important criteria that we in the Hong Kong Special Administrative Region Government have to consider in our system delivery.
To compete in the global arena, Hong Kong has to demonstrate its ability to be competent in quality management. IT quality and standards are always highly valued not only by the industry but also by the Government. It is important to know that no matter how fast and how innovatively we develop our high-tech business, the quality of deliverables cannot be neglected in order to sustain our competitive advantage in the international market.
I would like to take this opportunity to talk about IT quality and standards and how they are applied in the Government. To start with, I will briefly summarise our quality journey. I will then talk about the methodologies adopted and at the end the quality requirement on new technologies.
We have stated in the Quality Policy of the Information Technology Services Department (ITSD), my department, that quality products and services can be achieved by Continuous Improvement, Constant Measurement, Responsible Performance, Responsive Actions, High Creativity, and Achievable Total Quality. We believe quality will have IMPACT on our products and services. Effective provision of public services and return on IT investments would then be maximised.
We have put in place a quality management system (QMS) modelled on the ISO 9001 standard to ensure the delivery of quality services which, I believe, has been the key to our success. The QMS, based on international and de facto standards, is used to systematically address standards and procedures for the effective development of computer systems. A set of quality planning and assurance procedures has been introduced in our system development projects to ensure that the predefined product and service quality can be achieved.
Management commitment is the key to the success of the implementation of the QMS. Take ITSD as an example, senior management participates in the Quality Management Committee, the highest authority of all quality-related issues within ITSD. It was formed in 1993 and is chaired by me personally. It is responsible for the endorsement of quality procedures and standards, monitoring of the quality system implementation, and the periodic review and improvement on the quality system.
For the introduction, endorsement and monitoring of the government IT standards and guidelines, the Standards & Methods Group was established even before the Quality Management Committee was set up. The government IT standards and guidelines are required to be reviewed and endorsed by the Group prior to the approval by senior management.
With the endorsement from the Standards and Methods Group, we have been progressively adopting a number of international standards since the late eighties in software development, including Projects IN Controlled Environments (PRINCE), Function Point Analysis (FPA), Structured Systems Analysis and Design Methodology (SSADM) and Rapid Application Development (RAD).
To improve our effectiveness on project management, we have adopted PRINCE. PRINCE was originally developed by the Central Computer and Telecommunications Agency (CCTA) in the United Kingdom. A customised version of PRINCE was introduced for government IT projects in 1994. It became the standard IT project management methodology and was upgraded to the latest version of the CCTA standard in 1999. Since its adoption, over 200 IT projects in the Government have been completed using PRINCE. This year, we have adopted PRINCE in the management of over 60 projects. It is expected that more projects would be launched using PRINCE in the future.
PRINCE is actually a project management framework composed of practical procedures, techniques and guidelines, which can be tuned to suit the needs of all kinds of projects. It focuses mainly on three major areas of project management, namely, Organization, Planning and Control. Other practices such as Risk Management and Change Control for a project are also addressed.
The benefits brought about by PRINCE are numerous, including better project management & control, more realistic planning, lessening the impact of risks, enforcing quality standards and the establishment of proper change control procedures.
Over the years, the methodology has been supported by a Project Management Support Team, which provides a variety of support services to project teams and departmental users. Their services cover general enquiries, quality reviews, upgrade and maintenance of the methodology and training. We have also been invited by external bodies to conduct PRINCE training courses for their employees.
Structured Systems Analysis and Design Methodology (SSADM), which originated in the United Kingdom, is being used in the Government for developing computer application systems.
SSADM has been widely adopted as a systems analysis and design methodology for most government IT projects since 1991.
SSADM is one of the most widely used application development methods in the United Kingdom and is increasingly being adopted in Europe and internationally as well. In view of its comprehensiveness, SSADM is particularly suitable for large-scale projects. As a public domain method, SSADM is also frequently used as the basis of organisation-specific standards for application development.
SSADM is an integrated set of standards and guidelines consisting of "Structural Standards", "Techniques Guide" and "Documentation Standards". The Structural Standards define the structure of a development project in the form of explicitly defined tasks, with clearly defined interfaces and tangible products. The Techniques Guide provides development staff with a set of proven and usable techniques and tools, and detailed rules and guidelines on when and how to use them. The Documentation Standards provide the means of recording the products of development activity at a detailed level.
Developing information systems to meet the real needs of organisations in a more effective and efficient way is always one of the goals of information system developers.
Rapid Application Development (RAD) methodology, as an alternative to SSADM, is another system development methodology adopted in 1997 by ITSD based on a proprietary methodology. It has become one of our standards for systems development.
RAD refers to a development life cycle designed to deliver systems that are directed towards the needs of the business in a shorter time-scale while ensuring high quality and usability. It is also designed to take advantage of powerful development software like Computer Aided Software Engineering (CASE) tools, prototyping tools and code generators to speed up system delivery.
A typical RAD life cycle comprises four stages, namely, requirements planning, user design, rapid construction and transition. The methodology itself covers step-by-step processes, deliverables of each process and techniques for producing such deliverables. RAD is especially suitable for small to medium-sized projects.
RAD is a people-centered and incremental development approach. Active user involvement, as well as collaboration and co-operation between all stakeholders, is imperative. Testing is integrated throughout the development life cycle so that the system is tested and reviewed by both developers and users incrementally.
Regarding software measurement, we adopted the Function Point Analysis (FPA) in 1988 as a formal method of measuring the size of software. Since then, we have been upgrading it to cope with new developments in the IT industry. With the information on the utilisation of resources on hand, we are able to calculate our productivity factor. Furthermore, project teams are able to project the resources and costs required for building software of any size using the resource estimation model derived from FPA. They can even compare the costs quoted by various vendors using the resource estimation model during tender evaluations. So far we have applied the method to over 400 projects of different nature. They include projects which are based on different platforms, such as mainframe, client-server, PC/LAN and the Web.
FPA measures the functionality of a piece of software from the user's point of view. Therefore, it can be considered as technology neutral. It can also facilitate resource estimation at an early stage of the system development cycle. These are the reasons why it is widely adopted in the IT industry. Several organisations have been established to promote and further develop the method, e.g. the International Function Point User Group (IFPUG). We have joined the IFPUG as a corporate member so as to keep our use of the method up-to-date.
To maintain our software measurement standard, an FPA Support Team was established to provide consultancy, hotline inquiry and training services to project teams. The team has also developed an FPA Counting and Resources Estimation Worksheet for project teams to speed up the resources estimation process. To maintain high quality on the FPA counting and resources estimation, the team also review relevant deliverables at different stages of system development by project teams.
Although we have the Quality Management System and a number of standards in place, we never stop improving ourselves. My department obtained its first ISO 9001 certificate in 1998. The certificate was awarded to our Professional Support Services, which cover both Quality Management and Standards and Methods work. The scope of support services includes methodology development, support, training, and quality assurance. In 2000, another ISO 9001 certification was obtained on the helpdesk services of our Central Computer Centre, which is one of the largest computer installations in Hong Kong.
The certification ascertains our conformance to the international quality requirements through formal examination by the external certification bodies. The ISO award has demonstrated an international recognition of our conformance to an international quality standard.
The quality of products and services delivered is the concern of every staff member of my department. With more development and maintenance works now being and continuing to be outsourced, we would expect services of a similar quality from our contractors as well. Our certification status should motivate them to provide a similar level of quality services. It will in turn benefit our user departments which then will be enabled to provide the community with quality services. As we have entered the new millennium, we face a new challenge, the brand new ISO 9001:2000 standard. We plan to upgrade our existing quality system to align with the new standard, which we understand will be issued by the end of this year.
Nowadays, we are all talking about the web, electronic commerce, and electronic business. A number of factors should be taken into account when developing quality Internet-based applications in these areas.
One way to ensure quality is to base on open standards set by international bodies like the World Wide Web Consortium and the Internet Engineering Task Force. The World Wide Web Consortium intends to lead the World Wide Web to its full potential by developing common protocols that promote its evolution and ensure its interoperability. The Internet Engineering Task Force is the body that defines standard Internet operating protocols. Its members are drawn from the Internet Society's individual and organisation membership. By following standards proposed by these international bodies, interoperability among different computer systems can be ensured.
In addition, traditional project development considerations such as organisational and business needs are still very important factors. Security, performance and personalised services in an Internet environment merit further consideration.
Security is one of the key components in the design stage of electronic transaction applications. Depending on the sensitivity of information, we have to consider measures such as encryption during transmission, removal from the users' cache when the application completes processing, and secured application servers and backup devices. Based on international standards, the Government has developed a set of policy and guidelines on the management of information security, which includes security risk assessment, ongoing monitoring and review, as well as incident responses.
The Government has already started to engage in electronic transactions with the community. Public Key Infrastructure (PKI) is the state-of-the-art technology to provide a secure environment for electronic transactions. In its adoption of the PKI technology, the Government would comply with open international standards. Phase I of Electronic Services Delivery scheme to provide public services over the internet will be launched before the end of this year, and is a milestone of the Government in stepping into the e-century.
In the past few years, we have witnessed fast and extensive advances in IT. These advances are bringing fundamental changes to the way we work and to the way we live. To take on this challenge, my department has broadened its role from serving only the internal computing needs of the Government to one that also supports the use of IT by the community. However, it is not sufficient for the Government to do it alone. All of us - businesses, industries, academics and the Government should continue to maintain quality improvement initiatives. This will help us a long way in enhancing our competitiveness globally to drive our overall economic growth.
Thank you.
End/Monday, October 30, 2000
NNNN