Quality Control: Software
As described below, the Inflammation and Host Response
PGA maintains a variety of computer systems and software programs for
the collection, storage and presentation of scientific and educational
information.
Section I identifies the systems we are using. Section
II describes the management infrastructure that ensures the application of effective
quality controls. Section III describes the operational controls
that keep our systems physically secure.
1 System Identification
1.1 System Name
Bioinformatics tools for the Inflammation and the Host
Response PGA.
1.2 Responsible Organization
Massachusetts General Hospital (MGH)
1.3 Information Contacts
1.3.1 System Owner
Dr. Brian Seed
Professor of Genetics
Department of Molecular Biology
Massachusetts General Hospital
50 Blossom Street
Wellman Building 911
Boston, MA 02114
Ph (617)726-5975
Fax (617)726-6893
seed@molbio.mgh.harvard.edu
1.3.2 Business Steward
Charles Cooper
Sr. Director of Bioinformatics
Department of Molecular Biology
Massachusetts General Hospital
38 Sidney Street
Suite 100
Cambridge, MA 02139
Ph (617)726-0091
Fax (617)726-0077
cooper@molbio.mgh.harvard.edu
1.3.3 Technical Stewards
Charles Cooper
Sr. Director of Bioinformatics
Department of Molecular Biology
Massachusetts General Hospital
38 Sidney Street
Suite 100
Cambridge, MA 02139
Ph (617)726-0091
Fax (617)726-0077
cooper@molbio.mgh.harvard.edu
Adam Boc
Director of Software Quality Assurance
Department of Molecular Biology
Massachusetts General Hospital
38 Sidney Street
Suite 100
Cambridge, MA 02139
Ph (617)726-0095
Fax (617)726-0077
boc@molbio.mgh.harvard.edu
Daniel Park
Bioinformatics Programmer
Department of Molecular Biology
Massachusetts General Hospital
38 Sidney Street
Suite 100
Cambridge, MA 02139
Ph (617)726-0094
Fax (617)726-0077
dpark@molbio.mgh.harvard.edu
1.3.4 Assignment of Security Responsibility
The Security Stewards are:
Jonathan Delgado
Systems Manager
Department of Molecular Biology
Massachusetts General Hospital
38 Sidney Street
Suite 100
Cambridge, MA 02139
Ph (617)726-0089
Fax (617)726-0077
delgado@molbio.mgh.harvard.edu
Norman tenBroek
Systems Manager
Department of Molecular Biology
Massachusetts General Hospital
50 Blossom Street
Wellman Building 807a
Boston, MA 02114
Ph (617)726-2359
Fax (617)726-6893
tenbroek@molbio.mgh.harvard.edu
1.3.5 System Operational Status
The system is under development.
1.3.6 General Description
1.3.6.1 Application Overview
The Inflammation and the Host Response PGA maintains a
variety of computer systems and software programs for the collection,
storage and presentation of scientific and educational information.
1.3.6.2 Platform
The system is developed and maintained on Linux 7.3 servers
using the following tools: Java Standard Edition 1.3.1, JSP 1.1, JUnit
3.7, HTTP Unit 1.3, Perl 5.5, PHP 4.07 and MySQL 3.24. For stand-alone
Windows software development we use Microsoft Visual C++ Version 6 service
pack 3.
This software runs on our identical development and production
dual processor Linux servers.
Project schedules are developed and maintained using
Microsoft Project 2000.
We use Perforce 2001 for version control and Bugzilla
2.14.1 for anomaly tracking.
1.3.6.3 Data Storage and Security
Data is stored on our Escalade disk array as flat files
and as part of our DMBS listed above. Access to data is controlled as
described below.
1.3.6.4 Production Monitoring
Scientists and Technical Stewards monitor research, coding,
documentation and data quality as it is created or acquired using standard
testing and data validation procedures described in related experimental
quality control documents. Software Development and Maintenance Controls
are described below.
1.3.7 System Environment
The Bioinformatics tools for the Inflammation and the
Host Response PGA reside within the local area network of the Molecular
Biology Department at MGH.
Access to system software and data is restricted to identified
collaborators. Systems are secured from intentional and accidental access
by username and passwords.
1.3.8 Interconnection and Information Sharing
Collaborators exchange protected experimental data using
encrypted transfer protocols. Collaborators exchange unprotected information
using email systems.
Development systems are protected by firewalls. The Department's
information security experts configure production systems outside the
firewall as high security servers.
2 Management Controls
2.1 Application Software Development and Maintenance
Controls
We use a modified waterfall methodology including extensive
developer unit testing using manual and automated testing tools.
The Project Lifecycle proceeds through the following
steps. All participants must agree that each step satisfies their requirements
and that all required contributors have been included. At the end of each
step the project may be canceled or re-factored into component projects
if the group can't reach consensus.
A. A project starts with analysis of a User Problem Description
provided by the intended users of the software under development. Development
and User groups are identified from available Bioinformaticians selected
from the Bioinformatics group.
B. The team performs a literature search to identify
existing tools that may meet the needs of the project. Existing tools
are evaluated for complete or partial use based on several factors. In
addition to the specific needs of the project, these factors include:
- cost
- availability of source code
- ease of testing and modification
- licensing considerations
C. The development and user groups agree on an initial,
non-binding schedule. The Development team updates version control, anomaly
tracking, coding and testing standards and formally agrees to follow them
during the course of the project.
D. The development team derives a list of User Requirements
from this description then creates a Functional Specification that details
the User Requirements at a level of detail needed for continuing development
and testing. The team creates Feasibility Studies and Prototypes as necessary
to validate the Functional Specification. The development and user groups
agree on a binding schedule for continuing development.
E. The team then creates a Software Design that satisfies
each element of the Functional Specification. They create a Test Plan
that describes the testing necessary to verify the functionality of each
design element and of the system as a whole. The design includes extensive
planning of integrated unit testing to allow regular automated test runs
of the entire system.
F. The Development team creates Implementation and Test
Plans for each element of the design. These plans include regular code,
testing and documentation reviews by Bioinformaticians and scientists
not on the team.
G. The Development team documents, implements and tests
the software under development per the appropriate plans. Implementation
proceeds in a series of documentation/development/testing exercises. No
functionality is added to the version control system until it passes integrated
unit tests. Periodic builds of the software under development subjected
to extensive testing per the relevant Test Plans.
H. Retrospective information on the project is captured
in postpartum discussions to identify areas of particularly effective
work and areas that could use improvement.
I. The lifecycle may start again with Revision User Problem
Description as needed.
3 Operational Controls
3.1 Physical and Environmental Protection
Computer systems and servers are housed in a humidity
controlled, regulated power environment. Servers are protected from power
loss by batter backup units.
Regular backups protect system configuration, software
and experimental data from loss. Data access is tracked by operating system
logging.
3.1.1 Physical Security
Computer systems and servers are housed in a card key
access facility.
Back to Quality Control |