180 likes | 194 Views
Learn about ISO 9001 and its application in software development. Explore quality management, management responsibility, resources, product realization, and more.
E N D
ISO 9001 – an overview Tor Stålhane IDI / NTNU
ISO 9001 and software development ISO 9001 is a general standard – equally applicable to software development and cooking. The standard originated in the production industry. In order to simplify the introduction of ISO 9001 to software development, ISO has developed a guide – ISO 90003. This is, however, not a standard
The main part The standard ISO 9001 has five main parts. In this part of the course, we will focus on the first four of them. • Quality management – part 4 • Management responsibility – part 5 • QA resources – part 6 • Product realization – part 7 • Measurement, analysis and improvement – part 8
Quality management • Establish, document, implement and maintain a quality system • Requirements for • what the quality system shall contain – not how things should be done • development and maintenance of a quality manual • control over the documents specified in the quality system
Management responsibility - 1 First and foremost – quality is the management’s responsibility. Management shall • show that they take QA seriously. This goes for both introduction and maintenance of the quality system • make sure that the QA system is adapted to the needs of the company One person in the management shall have responsibility for everything pertaining to QA.
Management responsibility - 2 Management shall periodically check how the QA system function. Important input is • Reviews of the QA system • Feedback from the customers • Status on preventive and corrective actions • Changes that may influence the QA system • Suggested improvements in general
QA resources The organization shall • Make available the resources needed to implement the QA system • Have an overview over the need for competence and provide the training necessary • Provide the infrastructure such as office space, equipment and services that are needed to make products that satisfies all requirements
Product realization - 1 The organization shall plan and develop a process for product realization. The process shall take into considerations • Quality goals • The needs for validation and verification • The needs for proof of conformance
Product realization - 2 The organization shall identify • Explicit and implicit customer requirements • Requirements related to laws and regulations • Organizational specific requirements, such as requirements pertaining to reuse and documentation
Product realization - 3 The organization shall evaluate all requirements before they sign a contract for development and delivery. The evaluation shall ensure that • All requirements are defined • All problems and TBDs are solved • The organization will be able to fulfill all requirements
Product realization - 4 The organization shall establish communication channels with the customer pertaining to • Product information • Contract questions and problems • Feedback – e.g. complaints - from the customer
Product realization - 5 The organization shall plan and design the product. This includes plans for • Design and development • Inspection, verification and validation • Communication between those who make the design and those who do the development in order to establish a clear line of responsibility. The plan shall be updated during the project as needed.
Product realization - 6 Input to the requirements phase shall, in addition to the customer’s requirements, also include • Government rules and regulations • Experience from earlier, similar projects Output from design and development shall be documented in such a way that verification and validation against input is simple to perform.
Product realization - 7 • We shall perform inspections and reviews according to plan. This is necessary to check that we have met all requirements for • Design and development – have worked as promised • Product – delivered as promised • The organization shall control that all products that we buy from a third party are according to our requirements
Product realization - 8 If we identify process steps where we cannot verify the results based on measurement or control, these steps need to be re-validated. The validation shall show that the process step can achieve the planned / specified results.
Proof of conformance - 1 Proof of conformance – PoC – is a problem for many companies that want to be ISO certified. The purpose of PoC is to prove that we have followed the defined processes • PoC has no value for the company – it is only needed for the audits • It will always be a matter of opinion what should be accepted as PoC
Proof of conformance - 2 The problem with PoC is that it do not give the companies anything of value – it is just an extra cost. This creates a negative attitude towards QA plans and against QA in general. We should carefully assess how much extra work we will give the company here. It must • Be sufficient to satisfy the auditors • Not be so much that it creates strong negative attitudes among the developers
Proof of conformance - 3 As an example, we will consider some PoCs for the activity “Update project risk analysis”. • Meeting minutes – OK • Meeting plan or agenda – not so OK • The risk plan is updated on the right date according to the project plan – OK but not alone