1 / 18

ISO 9001 – an overview

ISO 9001 – an overview. Tor Stålhane IDI / NTNU. ISO 9001 and software development. ISO 9001 is a general standard – equally applicable to software development and cooking. The standard originated in the production industry.

wwinter
Download Presentation

ISO 9001 – an overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISO 9001 – an overview Tor Stålhane IDI / NTNU

  2. ISO 9001 and software development ISO 9001 is a general standard – equally applicable to software development and cooking. The standard originated in the production industry. In order to simplify the introduction of ISO 9001 to software development, ISO has developed a guide – ISO 90003. This is, however, not a standard

  3. The main part The standard ISO 9001 has five main parts. In this part of the course, we will focus on the first four of them. • Quality management – part 4 • Management responsibility – part 5 • QA resources – part 6 • Product realization – part 7 • Measurement, analysis and improvement – part 8

  4. Quality management • Establish, document, implement and maintain a quality system • Requirements for • what the quality system shall contain – not how things should be done • development and maintenance of a quality manual • control over the documents specified in the quality system

  5. Management responsibility - 1 First and foremost – quality is the management’s responsibility. Management shall • show that they take QA seriously. This goes for both introduction and maintenance of the quality system • make sure that the QA system is adapted to the needs of the company One person in the management shall have responsibility for everything pertaining to QA.

  6. Management responsibility - 2 Management shall periodically check how the QA system function. Important input is • Reviews of the QA system • Feedback from the customers • Status on preventive and corrective actions • Changes that may influence the QA system • Suggested improvements in general

  7. QA resources The organization shall • Make available the resources needed to implement the QA system • Have an overview over the need for competence and provide the training necessary • Provide the infrastructure such as office space, equipment and services that are needed to make products that satisfies all requirements

  8. Product realization - 1 The organization shall plan and develop a process for product realization. The process shall take into considerations • Quality goals • The needs for validation and verification • The needs for proof of conformance

  9. Product realization - 2 The organization shall identify • Explicit and implicit customer requirements • Requirements related to laws and regulations • Organizational specific requirements, such as requirements pertaining to reuse and documentation

  10. Product realization - 3 The organization shall evaluate all requirements before they sign a contract for development and delivery. The evaluation shall ensure that • All requirements are defined • All problems and TBDs are solved • The organization will be able to fulfill all requirements

  11. Product realization - 4 The organization shall establish communication channels with the customer pertaining to • Product information • Contract questions and problems • Feedback – e.g. complaints - from the customer

  12. Product realization - 5 The organization shall plan and design the product. This includes plans for • Design and development • Inspection, verification and validation • Communication between those who make the design and those who do the development in order to establish a clear line of responsibility. The plan shall be updated during the project as needed.

  13. Product realization - 6 Input to the requirements phase shall, in addition to the customer’s requirements, also include • Government rules and regulations • Experience from earlier, similar projects Output from design and development shall be documented in such a way that verification and validation against input is simple to perform.

  14. Product realization - 7 • We shall perform inspections and reviews according to plan. This is necessary to check that we have met all requirements for • Design and development – have worked as promised • Product – delivered as promised • The organization shall control that all products that we buy from a third party are according to our requirements

  15. Product realization - 8 If we identify process steps where we cannot verify the results based on measurement or control, these steps need to be re-validated. The validation shall show that the process step can achieve the planned / specified results.

  16. Proof of conformance - 1 Proof of conformance – PoC – is a problem for many companies that want to be ISO certified. The purpose of PoC is to prove that we have followed the defined processes • PoC has no value for the company – it is only needed for the audits • It will always be a matter of opinion what should be accepted as PoC

  17. Proof of conformance - 2 The problem with PoC is that it do not give the companies anything of value – it is just an extra cost. This creates a negative attitude towards QA plans and against QA in general. We should carefully assess how much extra work we will give the company here. It must • Be sufficient to satisfy the auditors • Not be so much that it creates strong negative attitudes among the developers

  18. Proof of conformance - 3 As an example, we will consider some PoCs for the activity “Update project risk analysis”. • Meeting minutes – OK • Meeting plan or agenda – not so OK • The risk plan is updated on the right date according to the project plan – OK but not alone

More Related