ISO9001
Devi Annisetty
Hemalatha Dama
Jump to first page
Introduction






ISO9001
Evolution & History
Importance
Statistics
Implementation In IT
Relation to CMM
Jump to first page
ISO9001







"International Organization for
Standardization"
Equal (Greek)
network of the national standards
institutes of 148 countries
Central Secretariat in Geneva
non-governmental organization
position between the public and private
sectors
bridging organization between
requirements of business and broader
needs of society
Jump to first page
History





voluntary technical standards for sectors of
business, industry and technology since 1947
documented agreements containing technical
specifications or other precise criteria to be
used consistently as rules, guidelines, or
definitions of characteristics to ensure that
materials, products, processes and services
are fit for their purpose.
ISO brought to the attention of a much wider
business in 1987
Generic management system standards
ISO 9000 is primarily concerned with "quality
management".
Jump to first page
Benefits to the Society from Standards

For businesses



For customers





level playing field for all competitors

technical barriers to trade
For developing countries

provides assurance about their quality, safety and reliability
For everyone


international consensus of technological know-how
right decisions in investing their scarce resources
For consumers


health, safety and environmental legislation
For trade officials


worldwide compatibility of technology
wide choice of offers & competitor prices
For governments


suppliers can base the development of their products and
services on specifications that have wide acceptance in their
sectors
free to compete on many more markets around the world
quality of life in general
For the planet

International Standards on air, water and soilJump
quality,
and
on
to first
page
Examples of Benefits






Standardization of screw threads helps to keep
chairs, children's bicycles and aircraft together
freight containers, international trade would be
slower and more expensive without standards
public transport and buildings is a problem if the
dimensions of wheel-chairs and entrances are
not standardized
Standardized symbols to provide danger
warnings and information across linguistic
frontiers.
Standardized protocols allow computers from
different vendors to "talk" to each other
More than half a million organizations in more 60
countries are implementing ISO
Jump to first page
Administration of ISO

Membership of ISO is open to national standards
institutes or similar organizations most
representative of standardization in their country






Member bodies
Correspondent members
Subscriber members
individuals or enterprises are not eligible for
membership
ISO's national members pay subscriptions
that meet the operational cost of ISO's
Central Secretariat
ISO standards are developed by technical
committees comprising experts on loan from
the industrial, technical and business sectors
which have asked for the standards, and
which subsequently put them to use.
Jump to first page
Statistics

Members





Technical Committee structure






148 national standards bodies
97 member bodies
36 correspondent members
15 subscriber members
2981 technical bodies
188 technical committees
546 subcommittees
2224 working groups and
23 ad hoc study groups
Staff
Technical secretariats

37 member bodies provide the administrative and technical
services for the secretariats of technical committees (TC) and
subcommittees (SC) These services equal a full-time staff
of 500 persons
Central Secretariat
Geneva


151 full-time staff
from 24 countries coordinate
140 million CHF per year is estimated as the
operational expenditure for the ISO work
Jump to first page
Definitions




Certification : refers to the issuing of
written assurance (the certificate) by an
independent, external body that has
audited an organization's management
system and verified that it conforms to
the requirements specified in the
standard.
Registration: means that the auditing
body then records the certification in its
client register
Accreditation: refers to the formal
recognition by a specialized body - an
accreditation body
Certification is not compulsory
Jump to first page
Committees(JCT1) for IT







SO/IEC 2382-7:2000 Information technology -Vocabulary -- Part 7: Computer programming
ISO/IEC 2382-20:1990 Information technology -Vocabulary -- Part 20: System development
ISO/IEC 9126:1991 Software engineering -Product quality
ISO/IEC 12207:1995 Information technology -Software life cycle processes
ISO/IEC TR 14471:1999 Information technology - Software engineering -- Guidelines for the
adoption of CASE tools
ISO/IEC 14764:1999 Information technology -Software maintenance
ISO/IEC 15026:1998 Information technology -System and software integrity levels
Jump to first page
Applicability of ISO 9001 to Software Development

ISO 9001's focus is on all factors except
"technology".


ISO 9000-3 provides "guidance" on implementing
an ISO 9001 compliant set of processes (QMS)
Guidance is for software development, supply
and maintenance environments
Jump to first page
Quality
Totality of characteristics of an entity that bear on its ability to
satisfy stated and implied needs.
Quality system requirements
The quality system requirements for ISO 9001 consist of
twenty standards. In each case, the people involved specify
who does what, how, and who is responsible.

Management responsibility

Quality policy
 Defined by executive management
 Establishes objectives and commitment to quality
 Considers organizational goals and customer


needs
Understood and carried out throughout the
organization.
Organization
 Responsibility and authority is defined for people
whose work affects product and service quality
Jump to first page


Resources
 Adequate resources are provided ,including
qualified people, materials, equipment and
internal quality auditors
Management representative

Appointed by executive management
 Ensures the requirements of Iso9001 are met
 Reports on the performance of the Quality system
 Acts as liaison with the registration agency

Management review
 To ensure the continuing suitability in satisfying:


 The iso9001 requirements
 The quality policy
At defined intervals
Maintain review records
Jump to first page
 Quality system

Quality manual:
 Defines the scope of the quality system
 Outlines documentation related to the standard

Documented Procedures:
 Meet all the requirements of the Standard.
 Describe which tasks affecting product and
service quality each process must carry out.

Quality plan
 To improve overall performance
Jump to first page
 Contract Review
Reviewed to ensure that:
 Requirements are clearly defined and



documented
Verbal order requirements are agreed before
being accepted any differences from the
original offer are resolved
you have the capability to meet the contract
requirements carry out amendments to the
contract in a prescribed manner and
communicate the changes within your
organization.
Maintain records of contract review
Jump to first page
 Design Control System
 Carry out design projects according to
established procedures
 Plan design projects
 Assign each design and development task
to qualified personnel
 Identify the organizations involved, and describe the
information flow to carry out the design project.
 Transmit the necessary information among
organizations
 Create clear design input requirements:
 written, complete, clear, reviewed
 Create design output that meets design stage input
requirements
 Review design results with representatives concerned
with the design stage
 Verify the design to establish that design output meets
design input requirements
 Validate that the product meets defined user needs
and requirements
 Review and approve all design changes
 Document and Data control:
 The documents and data shall be reviewed and
approved for adequacy by authorized personnel prior
to issue
Jump to first page
 Purchasing:
 Purchasing procedures ensure that purchased


products and services conform to requirements
Select vendors based on their ability to meet
requirements, including quality requirements.
 define controls over vendors based on the type
of product, it's impact on the final product , and
the vendor performance record.
 maintain records of acceptable vendors.
Purchasing documents clearly describe the product
ordered:
 Clearly specified type, class, grade, etc.
 Identification of product, applicable drawings,
technical data, approval requirements, etc.
 Relevant quality system standard.
 Reviewed prior to release
 Arrangements may be made for you or your
customer to verify the product at the vendor's site.
Jump to first page
 Control of customer-supplied product:
 Verify, store and maintain customer-supplied product
provided for incorporation into the final product.
Record and report to the customer any lost and
damaged product.
 Product identification and traceability:
 Identify the product from receipt and during all
stages of production, delivery and installation.
 process control:
Carry out processes under control conditions.
 Documented procedures define the manner of
production, installation and servicing.
 Suitable production, installation and servicing
equipment
 Suitable working environment
 Compliance with :
 reference standards and codes
 quality plans or procedures
 Monitoring and control of suitable process
parameters and product characteristics
Jump to first page
 Approval of processes and equipment
 Criteria for workmanship stipulated in the clearest

practical manner.
Suitable maintenance of equipment
 Inspection and testing:
 Verify incoming material before use
 Identify and maintain inspection and test status
 Maintain inspection and test records
 Complete testing before releasing the product
 Control of inspection ,measuring and test
equipment :
 All equipment used for inspection, measurement and
testing, has to fulfill the specified quality
requirements( for instance, calibration of measuring
instruments, or verifying software dependability).
 Inspection and test status:
 The firm ensures that the article concerned has
passed all the specified inspections and tests in(10) ,
and that the tests have been satisfactorily conducted
and completed.
Jump to first page
 Control of nonconforming product:
 This standard involves the recognition that no matter
how tight the firm's control systems are, something
may go wrong. What is important is to establish that
the error has occurred, and to have procedures to
deal with the situation.
 Corrective and preventive action:
 For non-conformities, the firm specifies how it
determines what went wrong, who should fix it, how
that person is to be accurately informed, when the
problem is to be solved, how it controls that the
problem is solved, and how to prevent reoccurence.
 Handling, storage, packaging,
preservation and delivery:
 Prevent damage during product handling
 Prevent damage or deterioration during product



storage
Control product packaging
Preserve the product
Protect product during delivery
Jump to first page
 Control of quality records:
 The firm defines what documents are classified as
quality records, as well as how, and by whom, a
record should be stored. This includes all records
that provide evidence that the quality system itself is
functioning as it should.
 Internal quality audits:
 Verify whether quality activities and related results
comply with planned arrangements.
.Determine the effectiveness of the quality
system
 Schedule on the basis of status and importance of
the activity being audited
Auditors:
 Observe work practices
 Examine quality records
 Identify non compliances
Audit results are:
 recorded
 brought to the attention of those having
responsibility for the area audited.
 Executive management reviews the effectiveness of
the quality system
Jump to first page
 Training
 Identify training needs
 Quality workers before assigning them to

tasks
Maintain training records
 Servicing:
 Perform, verify and report servicing to meet
specified servicing requirements
 Statistical techniques:
 Identify the need for statistical techniques to

establish, control and verify process capability and
product characteristics
Carry out and control the application of
identified statistical techniques
Jump to first page
Jump to first page
Similarities between ISO9001 & SEICMM

Management Responsibility



Quality System



ISO: Documents quality system, including procedure and instructions be
established
CMM: Quality primarily addressed in Software Quality Assurance
distributed thru KPA’s
Contract Review



ISO: Quality Policy be define, documented, understood, implemented
and Maintained.
CMM:Management responsibility for quality policy and verification
activities primarily addresses in Software Quality Assurance.
ISO:contracts be reviewed to determine whether the requirements are
adequately defined, agree with bid and can be implemented
CMM: Review customer requirement is spanned in Requirement mgnt.
Design Control


ISO: Procedure to control& verify Design be established(planning, Inputs,
outputs, design)
CMM:Life cycle activities , design , code, test are described in Software
Project Planning
Jump to first page
Continued..


Document Control

ISO:Distribution & modification of documents be controlled

CMM:Document control are described in configuration mgmt
Purchasing



Purchaser -supplied product



ISO: purchaser supplied material verified and maintained
CMM:Activity 6.3 in integrated software mgmt in using purchased software
Product identification & Traceability



ISO:purchased products conform their specified requirements(assessment of
subcontractors, verification of purchased products)
CMM:Addressed in Activity 2 & 12 of acceptance testing of subcontracted software
ISO: during all stages of production delivery & installation
CMM:covering Software Configuration Mgmt
Process Control


ISO:Production process be defined & planned
CMM: Software Production process controlled in thru KPA’ in various actvites
Jump to first page
Continued..

Inspection & Test Status



Corrective Action



ISO: causes of non conforming product be identified,products eliminated,
procedures are changed from corrective action
CMM: Analysis, updates, patches
Training



ISO:Inspection and test be maintained for items as they progress through various
processing steps
CMM: Testing practices in software product Engineering
ISO:Training needs be identified and training provided
CMM:Training program, Orientation practices
Servicing


ISO:servicing activities be performed as specified
CMM:maintenance
Jump to first page
Summary




What is ISO and its benefits
How is it applicable in IT industry
Detail explanation of Quality
management system
Its comparison to CMM
Jump to first page
Reference






http://www.palaulive.com/iso/
http://www.asq.org/stand/types/iso9000.html
http://www.iso9000data.com/ISO9000.html
http://www.tantara.ab.ca/iso_list.htm
http://www.tantara.ab.ca/iso90003.htm
http://www.sei.cmu.edu/pub/documents/94.report
s/pdf/tr12.94.pdf
Jump to first page
No Questions please :-)
Jump to first page
Descargar

ISO9001 - University of North Florida