What is the relationship between IV&V professionals, Testers and QA engineers?

Question

In the context of SDLC, I know that Verification and Validation is about verifying the deliverable input from previous phase and validating the output of the current one. And that testing is a phase among the SDLC phases.

Based on my research, I found from UToronto lecture notes that:

V&V performed by a separate contractor

Which means that IV&V (Independent Verification and Validation) professionals are externally involved in SDLC, and thus have nothing to do with the testing phase.

On the other hand, I find on another course that:

Testing is the most common, but not the only form of V&V

Which means testers are involved in IV&V.

This makes me confused about whether both testing phase and IV&V are made by same person (let's say QA engineer) or the persons doing IV&V are not involved in the testing stage.

Does the job V&V professional exist in the software industry? What relationship exists between QA engineers, testers and IV&V?

How is the V&V process involved during the project management: is it performed continuously within SDLC in the early stages or in the last stages?

Also does the SDLC include IV&V as a stage?

Answer 1

Software verification and validation are all the activities that ensure that the software fulfils all the needs and requirements for its intended purpose. As such V&V is part of the larger set of Quality Assurance activities (the latter also include activities to improve the quality, beyond the area of quality control to which V&V belongs)

The best known of these activities is of course testing, which verifies that the software works well, produces the expected results, is usable, and with acceptable performance. Of course this activity can be highly automated, even if usability tests and acceptance tests may require human involvement in near operating conditions.

But testing is not the only verification. Code review for example is another QA activity, that verifies if the code is robust, and meets some quality criteria that are expected to facilitate future maintenance. Another kind of verification is related to security. These kind of code reviews might be required to ensure that no undesired stealth behavior was hidden in the software (e.g. spying functions sending data to a foreign country once it is in operation), or that no vulnerability was implanted on purpose.

Nowadays, the V&V should no longer be considered as being necessarily a sequential step in a waterfall-like SDLC. These activities can be integrated smoothly in the day-to-day activities (e.g. embedded in the definition of done) in agile processes.

Independent V&V is another (expensive) thing. This is often found in the context of mission critical systems (e.g. aircraft systems, factory system in a pharmacological company, etc..) and government acquisition process. The reason is that team members (or staff members of a supplier) may have unconscious bias, or apply incomplete verification procedures (procedure might even be flawed because of purely economic consideration that are not appropriate for systems on which human lives depend on). This is why an independent team might be required. It is to ensure that V&V is carried out as objectively as possible and with state of the art expertise.

So V&V and IV&V are highly related. It is just that the second must be performed by a different economic operator in view of a proper segregation of duties. Note that in some cases V&V or even independent V&V could be subject of legal requirements.

Answer 2

The relationship... doesn’t exist.

Modern software development generally doesn’t have discrete phases where you take and validate some input, do some work, and then pass it down the assembly line. And these days even having a separate role for testers or other quality assurance work is more and more rare.

At the scale necessary for most software, the verification process is automated and included in the continual deployment process. There are occasionally dedicated professionals that automate those tests, but they are just QA engineers or Software Develoment Engineer in Test (SDETs). The labels don’t much matter, but I’ve never heard V&V used.