Quality Control: Software

As described below, the Inflammation and Host Response PGA maintains a variety of computer systems and software programs for the collection, storage and presentation of scientific and educational information.

Section I identifies the systems we are using. Section II describes the management infrastructure that ensures the application of effective quality controls. Section III describes the operational controls that keep our systems physically secure.

1 System Identification

1.1 System Name

Bioinformatics tools for the Inflammation and the Host Response PGA.

1.2 Responsible Organization

Massachusetts General Hospital (MGH)

1.3 Information Contacts

1.3.1 System Owner

Dr. Brian Seed
Professor of Genetics
Department of Molecular Biology
Massachusetts General Hospital
50 Blossom Street
Wellman Building 911
Boston, MA 02114
Ph (617)726-5975
Fax (617)726-6893
seed@molbio.mgh.harvard.edu

1.3.2 Business Steward

Charles Cooper
Sr. Director of Bioinformatics
Department of Molecular Biology
Massachusetts General Hospital
38 Sidney Street
Suite 100
Cambridge, MA 02139
Ph (617)726-0091
Fax (617)726-0077
cooper@molbio.mgh.harvard.edu

1.3.3 Technical Stewards

Charles Cooper
Sr. Director of Bioinformatics
Department of Molecular Biology
Massachusetts General Hospital
38 Sidney Street
Suite 100
Cambridge, MA 02139
Ph (617)726-0091
Fax (617)726-0077
cooper@molbio.mgh.harvard.edu

Adam Boc
Director of Software Quality Assurance
Department of Molecular Biology
Massachusetts General Hospital
38 Sidney Street
Suite 100
Cambridge, MA 02139
Ph (617)726-0095
Fax (617)726-0077
boc@molbio.mgh.harvard.edu

Daniel Park
Bioinformatics Programmer
Department of Molecular Biology
Massachusetts General Hospital
38 Sidney Street
Suite 100
Cambridge, MA 02139
Ph (617)726-0094
Fax (617)726-0077
dpark@molbio.mgh.harvard.edu

1.3.4 Assignment of Security Responsibility

The Security Stewards are:

Jonathan Delgado
Systems Manager
Department of Molecular Biology
Massachusetts General Hospital
38 Sidney Street
Suite 100
Cambridge, MA 02139
Ph (617)726-0089
Fax (617)726-0077
delgado@molbio.mgh.harvard.edu

Norman tenBroek
Systems Manager
Department of Molecular Biology
Massachusetts General Hospital
50 Blossom Street
Wellman Building 807a
Boston, MA 02114
Ph (617)726-2359
Fax (617)726-6893
tenbroek@molbio.mgh.harvard.edu

1.3.5 System Operational Status

The system is under development.

1.3.6 General Description

1.3.6.1 Application Overview

The Inflammation and the Host Response PGA maintains a variety of computer systems and software programs for the collection, storage and presentation of scientific and educational information.

1.3.6.2 Platform

The system is developed and maintained on Linux 7.3 servers using the following tools: Java Standard Edition 1.3.1, JSP 1.1, JUnit 3.7, HTTP Unit 1.3, Perl 5.5, PHP 4.07 and MySQL 3.24. For stand-alone Windows software development we use Microsoft Visual C++ Version 6 service pack 3.

This software runs on our identical development and production dual processor Linux servers.

Project schedules are developed and maintained using Microsoft Project 2000.

We use Perforce 2001 for version control and Bugzilla 2.14.1 for anomaly tracking.

1.3.6.3 Data Storage and Security

Data is stored on our Escalade disk array as flat files and as part of our DMBS listed above. Access to data is controlled as described below.

1.3.6.4 Production Monitoring

Scientists and Technical Stewards monitor research, coding, documentation and data quality as it is created or acquired using standard testing and data validation procedures described in related experimental quality control documents. Software Development and Maintenance Controls are described below.

1.3.7 System Environment

The Bioinformatics tools for the Inflammation and the Host Response PGA reside within the local area network of the Molecular Biology Department at MGH.

Access to system software and data is restricted to identified collaborators. Systems are secured from intentional and accidental access by username and passwords.

1.3.8 Interconnection and Information Sharing

Collaborators exchange protected experimental data using encrypted transfer protocols. Collaborators exchange unprotected information using email systems.

Development systems are protected by firewalls. The Department's information security experts configure production systems outside the firewall as high security servers.

2 Management Controls

2.1 Application Software Development and Maintenance Controls

We use a modified waterfall methodology including extensive developer unit testing using manual and automated testing tools.

The Project Lifecycle proceeds through the following steps. All participants must agree that each step satisfies their requirements and that all required contributors have been included. At the end of each step the project may be canceled or re-factored into component projects if the group can't reach consensus.

A. A project starts with analysis of a User Problem Description provided by the intended users of the software under development. Development and User groups are identified from available Bioinformaticians selected from the Bioinformatics group.

B. The team performs a literature search to identify existing tools that may meet the needs of the project. Existing tools are evaluated for complete or partial use based on several factors. In addition to the specific needs of the project, these factors include:

• cost
• availability of source code
• ease of testing and modification
• licensing considerations

C. The development and user groups agree on an initial, non-binding schedule. The Development team updates version control, anomaly tracking, coding and testing standards and formally agrees to follow them during the course of the project.

D. The development team derives a list of User Requirements from this description then creates a Functional Specification that details the User Requirements at a level of detail needed for continuing development and testing. The team creates Feasibility Studies and Prototypes as necessary to validate the Functional Specification. The development and user groups agree on a binding schedule for continuing development.

E. The team then creates a Software Design that satisfies each element of the Functional Specification. They create a Test Plan that describes the testing necessary to verify the functionality of each design element and of the system as a whole. The design includes extensive planning of integrated unit testing to allow regular automated test runs of the entire system.

F. The Development team creates Implementation and Test Plans for each element of the design. These plans include regular code, testing and documentation reviews by Bioinformaticians and scientists not on the team.

G. The Development team documents, implements and tests the software under development per the appropriate plans. Implementation proceeds in a series of documentation/development/testing exercises. No functionality is added to the version control system until it passes integrated unit tests. Periodic builds of the software under development subjected to extensive testing per the relevant Test Plans.

H. Retrospective information on the project is captured in postpartum discussions to identify areas of particularly effective work and areas that could use improvement.

I. The lifecycle may start again with Revision User Problem Description as needed.

3 Operational Controls

3.1 Physical and Environmental Protection

Computer systems and servers are housed in a humidity controlled, regulated power environment. Servers are protected from power loss by batter backup units.

Regular backups protect system configuration, software and experimental data from loss. Data access is tracked by operating system logging.

3.1.1 Physical Security

Computer systems and servers are housed in a card key access facility.

  Back to Quality Control