Software Quality and Security Testing Frequently Asked Questions What is Software Quality and Security Testing Services? SQS Testing Services is a subscription-fee based, managed shared service that offers a highly reliable, scalable, secure, and cost-effective testing service that state agencies and local government entities (within North Carolina) can leverage 24 x 7 for managing and fulfilling their functional and performance testing projects and requirements. SQS Testing Services maintains a full range of Micro Focus software testing tools to meet the testing demands for today's evolving and highly complex IT business and public-facing applications. These tools include Application Lifecycle Management Quality Center, Load Runner Enterprise, ALM Octane, Unified Functional Test, LeanFT, Sprinter, SiteScope, Mobile Center, Network Virtualization, Fortify, APM tool Dynatrace and visual regression testing tool ApplitoolsEyes. Our testing professionals are also available on a time and materials basis to perform testing on behalf of a subscribing customer. What are the benefits of using Software Quality and Security Testing Services? The ability to access and leverage a “best in class” SQS software solution as a shared service utility without having to fund the significant up-front investment that would be associated with the acquisition and deployment of a comparable in-house solution On-demand access to SQS subject matter experts, methods, techniques, and best practices when needed by subscribing customers Significant economies of scale associated with a shared service approach, which yields a low cost of use for each subscribing customer Low cost access to this testing technology will encourage and support SQS tasks within agency software development life cycles that will ultimately produce better performing applications that also meet functional expectations. This in turn leads to improved end-user satisfaction and lower costs for IT application development, maintenance and support. What testing tools are available with Software Quality and Security Testing Services? SQS Testing Services supports and maintains the Micro Focus software testing tools Application Lifecycle Management Quality Center, Load Runner Enterprise, ALM Octane, Unified Functional Test, LeanFT, Sprinter, SiteScope, Mobile Center, Network Virtualization, Fortify, APM tool Dynatrace and visual regression testing tool ApplitoolsEyes. What are the agency's responsibilities? Security and other related access privileges to the SQS Testing Services environment for any given agency's personnel will be requested and authenticated by a named agency employee. Any and all changes to access privileges will be requested by this named employee who will fulfill the local “security administrator” role. Best practices, methods, and related techniques for utilizing the SQS Testing Service will be followed. Support requests relating to the use of the SQS Testing Service will be initiated via the NCDIT Service Desk for opening an incident or request ticket. If an increase in utilization or demand for the SQS Testing Services is expected (near term or long term), beyond the levels outlined in the service level choices above, a given agency will make every effort to notify the SQS Testing Services Product Manager as soon as possible so that adjustments can be made to accommodate the anticipated increase in infrastructure and/or human resource demand. On an annual basis, provide a forecast for anticipated use of the service prior to the state budgeting cycle so that human resources and other incremental infrastructure requirements can be budgeted accordingly (if necessary). Provide a qualified person to participate as needed in the governance and oversight process for the SQS Testing Service. This person will represent the interests of the agency via a governance process for defining and shaping the strategic and tactical evolution of the service. How much does it cost? SQS Testing Services will apply the following fees on a monthly basis to each subscribing agency according to their service level tier outlined in their MOU agreement. Any optional time and materials hours worked will also be charged on a monthly basis. Please see our billing rates for details on the breakdown of the service tiers offered and rates respectively. What are the hours of availability? This service is available 24 x 7, excluding planned outages, maintenance windows and unavoidable events. Maintenance windows are used only when needed for planned changes that have gone through the NCDIT change management process. In addition to NCDIT's standard maintenance windows, site-specific and service-specific changes may be coordinated with customers at non-standard times. The current planned maintenance window is from 4:00 a.m. to noon on Sundays. What is the service-level agreement? View the SQS Testing Services service-level agreement. Is our data backed up and stored during testing? Only data and test scripts stored in Quality Center and Performance Center will be backed up daily. Each agency is responsible for saving and backing up any data used while accessing any Functional workstation. In addition, any data used for testing is the sole responsibility of each agency in terms of content, security, and encryption. Once a test is completed and no longer needed, the respective agency is responsible for cleanup and removal of any data or applicable test scripts by following the Statewide Information Security Manual for disposing of sensitive data and software from equipment or media when transferred for the purpose of testing. Is the service secure? As part of the security management criteria, SQS Testing Services requires an NCID account and virtual private network profile for the applicable test tool requiring authentication. Agencies are shielded from one another by domains. Users are assigned logins and projects by domain to ensure that each agency's data is isolated from any other. SQS Testing Service subscribers must comply with any applicable policies and procedures set forth by the Statewide Information Security Manual when dealing with physical storage and output of data and sensitive messages. This includes physical records, data transmissions and any data stored offsite. For further information, refer to section 3.4 Ensure Service Security in the SQS Testing Services Governance document. How are changes to the service determined? The SQS Testing Services Governance Council will review and prioritize any allocation of IT resources, software, hardware, licensing, infrastructure, and support maintenance agreements or other recommendations that may affect changes to the current cost model. SQS Testing Services staff will comply with any applicable policies and procedures set forth by Change Management and contained in the Change Management Library within NCDIT as it pertains to any of the following criteria: Impact assessment, prioritization, and authorization Emergency changes Change closure and documentation How many North Carolina state agencies and local government entities subscribe to the service today? N.C. Department of Information Technology N.C. Department of Health and Human Services N.C. Department of Transportation N.C. Department of Public Safety N.C. Division of Employment Security State Board of Elections N.C. Office of State Human Resources N.C. Department of Water Infrastructure N.C. Department of Environment Quality N.C. Department of the Secretary of State N.C. Office of the Commissioner of Banks N.C. Department of Insurance Charlotte-Mecklenburg Schools How do I find out additional information about Software Quality and Security Testing Services? Submit a request to Tulasi Maddi, SQS service owner. How do I sign up for Software Quality and Security Testing Services? Submit a request to Tulasi Maddi, SQS service owner.