Professional Documents
Culture Documents
HB90.92000
Software Development
COPYRIGHT
Standards Australia International All rights are reserved. No part of this work may be reproduced or copied in any form or by any means, electronic or mechanical, including photocopying, without the written permission of the publisher. Published by Standards Australia International Ltd GPO Box 5420, Sydney, NSW 2001, Australia
ISBN 0 7337 3711 0
HB 90.92000
PREFACE
This Handbook is a revision of AS/NZS 3905.8:1996, Quality system guidelines, Part 8: Guide to AS/NZS ISO 9001:1994 for the software industry, which is now withdrawn. The objective of this Handbook is to provide software developers with guidance on the application of ISO 9001:2000, Quality management systemsRequirements in both the software development and associated hardware industry in order to assist those wanting to develop quality management systems complying with this standard.
Acknowledgments
This Handbook was prepared by
This is a free 14 page sample. Access the full version at http://infostore.saiglobal.com.
Further input was sought from the members of Standards Australia Committees QR-003 Software Quality Systems and IT-015, Software Engineering, to whom the Handbook was submitted for review and comment prior to publication. The contribution of all these parties is gratefully acknowledged.
HB 90.92000
CONTENTS
Page FOREWORD .................................................................................................................... 5
INTRODUCTION ...................................................................................................................... 8 0.1 General............................................................................................................................. 8 0.2 Process approach............................................................................................................ 10 0.3 Relationship with ISO 9004 ........................................................................................... 12 0.4 Compatibility with other management systems .............................................................. 12 1 SCOPE ................................................................................................................................ 13 1.1 General........................................................................................................................... 13 1.2 Application..................................................................................................................... 14 2 NORMATIVE REFERENCE .............................................................................................. 15 3 TERMS AND DEFINITIONS ............................................................................................. 16 4 QUALITY MANAGEMENT SYSTEM .............................................................................. 17 4.1 General requirements ..................................................................................................... 17 4.2 Documentation requirements.......................................................................................... 18 5 MANAGEMENT RESPONSIBILITY ................................................................................ 24 5.1 Management commitment .............................................................................................. 24 5.2 Customer focus .............................................................................................................. 24 5.3 Quality policy................................................................................................................. 25 5.4 Planning ......................................................................................................................... 26 5.5 Responsibility, authority and communication................................................................. 27 5.6 Management review ....................................................................................................... 30 6 RESOURCE MANAGEMENT ........................................................................................... 31 6.1 Provision of resources .................................................................................................... 31 6.2 Human resources............................................................................................................ 31 6.3 Infrastructure.................................................................................................................. 32 6.4 Work environment ......................................................................................................... 32 7 PRODUCT REALIZATION ............................................................................................... 33 7.1 Planning of product realization ...................................................................................... 33 7.2 Customer-related processes ............................................................................................ 34 7.3 Design and development ................................................................................................ 37 7.4 Purchasing...................................................................................................................... 46 7.5 Production and service provision ................................................................................... 48 7.6 Control of monitoring and measuring devices ................................................................ 55 8 MEASUREMENT, ANALYSIS AND IMPROVEMENT ................................................... 56 8.1 General........................................................................................................................... 56 8.2 Monitoring and measurement ......................................................................................... 56 8.3 Control of nonconforming product ................................................................................. 60 8.4 Analysis of data.............................................................................................................. 61 8.5 Improvement .................................................................................................................. 62 BIBLIOGRAPHY .................................................................................................................. 64
HB 90.92000
Page APPENDICES A EXPLANATION OF TERMS USED IN THIS GUIDE...................................................... 66 B SAMPLE ORGANIZATION CHART ................................................................................ 69 C TYPICAL QUALITY MANAGER JOB DESCRIPTION................................................... 70 D TYPICAL INTERNAL AUDIT PROCEDURE................................................................. 71
E ADVICE FOR AUDITORS ................................................................................................ 72 F WHAT IS ISO 9001, AND HOW DOES IT AFFECT ME?................................................ 73
This is a free 14 page sample. Access the full version at http://infostore.saiglobal.com.
HB 90.92000
FOREWORD
This Handbook is intended for the software development industry to provide guidance on the application of ISO 9001:2000 to the computer software development and allied hardware industry. It discusses the requirements of ISO 9001 in terms appropriate for the industry, together with relevant examples. This Handbook is intended for use by those who need to know how to implement a quality management system for software development and may include the following: Senior managers. Software developers, who need to participate in quality management system implementation. Quality assurance professionals needing to know how to apply ISO 9001 to software development. It may also be used by auditors who wish to know how the software development industry interprets ISO 9001. ISO 9001:2000 is divided into an Introduction, eight clauses and Annex A (an informative bibliography). The eight clauses address the following: 1 2 3 4 5 6 7 8 Scope Normative reference Terms and definitions Quality management system Management responsibility Resource management Product realization Measurement, analysis and improvement
The main body of ISO 9001:2000 is contained in clauses 4 to 8. These set out what is required, but do not specify how the requirements are to be achieved. Therefore, the software developer has the flexibility to evolve a quality management system tailored to suit the developers method of operation. In this Handbook, the Introduction and Clauses of ISO 9001:2000 are shown in a box followed by relevant guidance. The extent of guidance varies, depending on the nature of the clause and its complexity. In the guidance to the Introduction, a number of quality management terms are explained briefly in the context where they first appear (shown in bold italic type). Other terms used in this Handbook are given in Appendix A. The new version of the standard is based on the concept of process, including, among others, the processes of design, product realization, and testing. In software development, the distinction between these operations is often blurred. For example, some may consider coding to be part of the design process, while others may consider coding to be the implementation of the design and therefore part of the product realization process. Testing may be carried out at all phases of the particular development. Each developer will need to establish the breakdown of these operations that best suits the business. The main requirement is that, however the breakdown is made, a consistent approach is taken and this is reflected in the resultant documentation.
www.standards.com.au
Standards Australia
HB 90.92000
MAJOR CHANGES
There are a number of fundamental changes that have taken place during the current revision process. The major changes are
Process approach
A process model approach has been used to develop the 2000 version of ISO 9001. As a result, the old 20 clause structure of the 1994 version has gone and the standard structure is now more closely aligned to business working practices. While at first glance it would appear that the 2000 version has been completely rewritten, what has actually happened is that the most of the content of the 1994 version has been redistributed into the new process model structure. In doing so, the text may have been changed but in many cases the intent of the clause has not. However it is true that new requirements have been added, and the major ones are discussed briefly here.
This is a free 14 page sample. Access the full version at http://infostore.saiglobal.com.
One beneficial outcome of this approach is that the weighting given to the content via a main clause and subclause structure is more appropriate to business needs. In the old 20 clause approach the clause numbering gave undue weight to some aspects of relatively minor importance.
Terminology
organization The standard now identifies the supplier business practice. (This replaces the subcontractor supplier version.) The term subcontractor has now disappeared.
Continual improvement
Organizations are now required to have a process of continual improvement built into their quality management system.
Customer satisfaction
The 2000 version now requires an organization to have a customer focus and to monitor customer satisfaction which is one of the means to be used in evaluating the performance of the quality management system.
Internal communication
There is a clause which requires an organization to have an internal communication process to provide information on the quality management system and its effectiveness.
Competency
In assessing human resources and in training, the issue of competency has been introduced and will need to be addressed within the organization.
Standards Australia
www.standards.com.au
HB 90.92000
Outsourcing
The standard now requires that where any process is outsourced, the organization describes how it exercises control over the outsourced process(es).
Other changes
There are a number of other changes, which are either a new requirement within a clause or an extension of the requirement(s) of the 1994 version.
www.standards.com.au
Standards Australia
HB 90.92000
Standard
Introduction
0.1 General
The adoption of a quality management system should be a strategic decision of an organization. The design and implementation of an organizations quality management system is influenced by varying needs, particular objectives, the products provided, the processes employed and the size and structure of the organization. It is not the intent of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation. The quality management system requirements specified in this International Standard are complementary to requirements for products. Information marked NOTE is for guidance in understanding or clarifying the associated requirement. This International Standard can be used by internal and external parties, including certification bodies, to assess the organizations ability to meet customer, regulatory and the organizations own requirements. The quality management principles stated in ISO 9000 and ISO 9004 have been taken into consideration during the development of this International Standard.
Guidance
The intention of ISO 9001:2000 is to provide a system which can enable organizations in hardware, software, processed materials and service industries to have a better way to organize, manage, document and control the way they do things. This should mean that the quality (in terms of the conformance to specifications) of their products will be more consistent. There are a number of advantages to this approach for software development, a major one being that the software development process becomes less variable. Another advantage is that any nonconformities result not just in adjustments to the particular products in which they are found, but also to the processes that caused the problem in the first place. So, for example, an error in a piece of software can be traced back to the methods used to develop the software and its specifications. These methods can be fixed (by means of corrective action) so that the same type of problem does not recur. Another source of improvements is called preventive action, in which the software development organization is required to consider improvements to each part of the process on a regular basis. Certification to ISO 9001 provides customers with assurance that the organization is capable of developing software of a consistent quality. Each certification carries with it a scope, which defines the areas of software development to which the organization has been certified. Certification also means that the customer can be assured that the organizations procedures and policies are actually being used. To maintain certification, regular external audits have to be carried out by a third-party organization. This involves the evaluation, not only of the procedures, but also of the quality records of the developer, which provide evidence that the procedures are being followed, and provide an audit trail. An external audit is a two-stage process. First, the policies and procedures are looked at to make sure they meet the Standard, then the quality records, code, documentation and other work are checked. Auditors may also discuss the work with staff.
Standards Australia
www.standards.com.au
HB 90.92000
Internal audits also look at quality records, but they are usually carried out by someone within the development organization who is independent of the actual development. They are usually carried out more frequently than external audits. There are several kinds of documents which, together with the people in an organization, form a quality management system. These include the following: A quality policy statement, which is a statement by the executive management of the company. The quality policy is implemented through a series of quality objectives. A quality manual, which may contain policy statements on a number of areas, and also contains or refers to the procedures used in the organizations quality management system, making it the central point of reference for staff and for auditors. Quality records, of various kinds, differing from organization to organization which may include training records, software change request forms and even databases.
It is important for auditing purposes that the quality manual covers all of the requirements of the standard. If there are requirements which are not appropriate to a particular organization, they should be dealt with by stating their inappropriateness in the quality manual. A statement should be also added that these requirements will be covered at a later date, if necessary. ISO 9001 does not specify the way in which software (or any other product) should be developed. The standard specifies the elements of the quality management system itself, the areas to be covered by the quality manual, and that it is distributed, controlled and given authority.
NOTE It is not enough merely to do what the standard says. To gain certification, an organization must be able to demonstrate that the quality management system procedures and policies are being followed and objectives are being achieved. By having written procedures and documents covering the relevant requirements of the standard, and keeping quality records to show that the procedures are in use will facilitate the necessary demonstration. The procedures and documents also have to be kept up-to-date and relevant.
www.standards.com.au
Standards Australia
HB 90.92000
10
Standard
An advantage of the process approach is the ongoing control that it provides over the linkage between the individual processes within the system of processes, as well as over their combination and interaction. When used within a quality management system, such an approach emphasizes the importance of a) b) c) d) understanding and meeting requirements, the need to consider processes in terms of added value, obtaining results of process performance and effectiveness, and continual improvement of processes based on objective measurement.
The model of a process-based quality management system shown in Figure 1 illustrates the process linkages presented in clauses 4 to 8. This illustration shows that customers play a significant role in defining requirements as inputs. Monitoring of customer satisfaction requires the evaluation of information relating to customer perception as to whether the organization has met the customer requirements. The model shown in Figure 1 covers all the requirements of this International Standard, but does not show processes at a detailed level.
NOTE In addition, the methodology known as Plan-Do-Check-Act (PDCA) can be applied to all processes. PDCA can be briefly described as follows. Plan:
establish the objectives and processes necessary to deliver results in accordance with customer requirements and the organizations policies. implement the process. monitor and measure processes and product against policies, objectives and requirements for the product and report the results. take actions to continually improve process performance.
Do: Check:
Act:
Standards Australia
www.standards.com.au
11
HB 90.92000
Guidance
ISO/IEC 12207, Information Technology Software life cycle processes provides a suitable set of such processes and will be referred to in this document. The processes are divided into primary processes, which directly contribute to developing software, management processes, which manage the resources necessary for developing software, and supporting processes, which provide necessary services but do not directly develop software. This is not the only set of processes suitable for software development and an organization may decide on an alternative set of processes. An organization should assure itself that the processes adopted cover all necessary software development activities.
www.standards.com.au
Standards Australia
HB 90.92000
12
Standard
Guidance
This document gives guidance in relation to ISO 9001 and does not address matters raised in ISO 9004.
Standard
Guidance
Standards Australia
www.standards.com.au
13
HB 90.92000
Standard
1 Scope
1.1 General
This International Standard specifies requirements for a quality management system where an organization a) b) needs to demonstrate its ability to consistently provide product that meets customer and applicable regulatory requirements, and aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable regulatory requirements.
In this International Standard, the term product applies only to the product intended for, or required by, a customer
NOTE:
Guidance
This clause identifies the areas where the standard is expected to be applicable. In particular, it emphasizes the key role that the quality management system is expected to play in meeting customer satisfaction A significant addition to the 2000 version of the standard is the idea of enhancing customer satisfaction. This is to counter the claim (widely made, and accepted even by some quality management consultants) that it was possible to have a quality system compliant with the old version of the standard which delivered poor-quality product consistently. The insistence of continual improvement aimed at customer satisfaction (and documented as part of the quality management system) will close the loop on customer satisfaction. The standard can be used in a variety of situations, as follows: The development of software as part of a system including hardware. As part of a contractual agreement between two organizations, e.g. a developer and a customer. In-house development, where the customer becomes that part of the organization requesting the development. An organization that carries out project work for its customers. A single-product company, in which case each major release of the product may be treated as a project.
Wherever the word software appears in this part of the standard, it refers not just to source code and executable programs, but also to the associated user documentation (both paper and on-line), training material and maintenance documentation.
NOTE
www.standards.com.au
Standards Australia
This is a free preview. Purchase the entire publication at the link below:
HB 90.9-2000, Software Development - Guide to ISO 9001:2000 Software Development - Guide to ISO 9001:2000
Looking for additional Standards? Visit SAI Global Infostore Subscribe to our Free Newsletters about Australian Standards in Legislation; ISO, IEC, BSI and more Do you need to Manage Standards Collections Online? Learn about LexConnect, All Jurisdictions, Standards referenced in Australian legislation Do you want to know when a Standard has changed? Want to become an SAI Global Standards Sales Affiliate? Learn about other SAI Global Services: LOGICOM Military Parts and Supplier Database Metals Infobase Database of Metal Grades, Standards and Manufacturers Materials Infobase Database of Materials, Standards and Suppliers Database of European Law, CELEX and Court Decisions