ISO 9000 The ISO 9000 certification provides a level of quality management few software companies ever achieve. It may not be worth attempting until a defined software process exists and is well documented. In terms of the Capability Maturity Model ISO 9000 is most suited to CMM level 3 organizations. "This is a summary of principle requirements of ISO 9000. Use it to explain to managers and others what ISO requires and why. Most of these requirements are just common sense, and yet, many organizations fail to use that common sense. The requirements for written documentation under ISO 9000 are often exaggerated. The standard unconditionally requires documentation for only a few items. However, common sense, experience, and the Auditors may demand documentation beyond the minimum requirements. 1. Management Responsibility The quality policy shall be defined, documented, understood, implemented and maintained. Responsibilities and authorities for all personnel specifying, achieving and monitoring quality shall be defined. In-house verification resources shall be defined, trained and funded. A designated management person sees that the Q91 program is implemented and maintained. 2. Quality System Procedures shall be prepared. Procedures shall be implemented. 3. Contract Review Incoming contracts (and purchase orders) shall be reviewed to see whether the requirements are adequately defined, agree with the bid and can be supplied. 4. Design Control The design project shall be planned. Design input parameters shall be defined. Design output, including crucial product characteristics shall be documented. Design output shall be verified to meet input requirements. Design changes shall be controlled. 5. Document Control Generation of documents shall be controlled. Distribution of documents shall be controlled. Changes to documents shall be controlled. 6. Purchasing Potential subcontractors and sub-suppliers shall be evaluated for their ability to provide stated requirements. Requirements shall be clearly defined in contracting data. Effectiveness of the subcontractor's quality assurance system shall be assessed. 7. Customer-Supplied Material Any customer-supplied material shall be protected against loss or damage. 8. Product Identification & Tracability The products shall be identified and traceable by item, batch or lot during all stages of production, delivery and installation. 9. Process Control Production (and installation) processes shall be defined and planned. Production shall be carried out under controlled conditions: documented instructions, in-process controls, approval of processes and equipment, and criteria for workmanship. Special processes that cannot be verified after the fact shall be monitored and controlled throughout the processes. 10. Inspection and Testing Incoming materials shall be inspected or verified before use. In-process inspection and testing shall be performed. Final inspection and testing shall be performed prior to release of finished product. Records of inspection and test shall be kept. 11. Inspection/Measuring/Test Equipment Equipment used to demonstrate conformance shall be controlled, calibrated and maintained. Identify measurements to be made. Identify affected instruments. Calibrate instruments (procedures and status indicators). Periodically check calibration. Assess measurement validity if found out of calibration. Control environmental conditions in metrology lab. Measurement uncertainty and equipment capability shall be known. Where test hardware or software is used, it shall be checked before use and rechecked during use. 12. Inspection and Test Status Status of inspections and tests shall be maintained for items as they progress through various processing steps. Records shall show who released conforming product. 13. Control of Nonconforming Product Nonconforming product shall be controlled to prevent inadvertent use or installation. Review and disposition of nonconforming product shall be formalized. 14. Corrective Action Problem causes shall be identified. Specific problems and their causes shall be corrected. Effectiveness of corrective actions shall be assessed. 15. Handling, Storage, Packaging & Delivery Procedures for handling, storage, packaging and delivery shall be developed & maintained. Handling controls shall prevent damage and deterioration. Secure storage shall be provided. Product in stock shall be checked for deterioration. Packing, preservation and marking processes shall be controlled. Quality of the product after final inspection shall be maintained. This might include delivery controls." 16. Quality Records Quality records shall be identified, collected, indexed, filed, stored, maintained and dispositioned. 17. Internal Quality Audits Audits shall be planned and performed. Results of audits shall be communicated to management. Any deficiencies found shall be corrected. 18. Training Training needs shall be identified. Training shall be provided. Some tasks may require qualified individuals. Records of training shall be maintained. 19. Servicing Servicing activities shall be performed to written procedures. Servicing activities shall meet requirements. 20. Statistical Techniques Statistical techniques shall be identified. Statistical techniques shall be used to verify acceptability of process capability and product characteristics. Advantages Highest Quality when process is followed. Predictability of release based on detailed documentation at every step in the process, testing requirements and verification. ISO 9000 customers prefer ISO 9000 vendors. Disadvantages Not suited to short deadline based projects due to long development cycles. Not appropriate for an environment with constantly changing requirements. Large overhead due to large number of artifacts (documents, designs and plans). May not be cost effective unless documentation is reimbursted. Testing at end of project can reveal basic flaws if requirements or design are not thorough. Load and Capacity must be tested early to avoid issues. Recommendations Use for large development project teams with large requirements and quality based requirements for deliverables. Useful when customers are ISO 9000 certified. Not recommended for time constrained projects. Description Taken from Taken from http://www.strategosinc.com/iso.htm |