ISO/IEC 90003:2004 covers all aspects



Similar documents
Small tech firms. Seizing the benefits of software and systems engineering standards

Selection and use of the ISO 9000 family of standards

Software Product Quality Practices Quality Measurement and Evaluation using TL9000 and ISO/IEC 9126

ISO/IEC Information & ICT Security and Governance Standards in practice. Charles Provencher, Nurun Inc; Chair CAC-SC27 & CAC-CGIT

ISO 9001: 2008 Boosting quality to differentiate yourself from the competition. xxxx November 2008

RESEARCH PAPERS FACULTY OF MATERIALS SCIENCE AND TECHNOLOGY IN TRNAVA SLOVAK UNIVERSITY OF TECHNOLOGY IN BRATISLAVA

Software Quality Assurance: VI Standards

16) QUALITY MANAGEMENT SYSTEMS

ISO 9000 Quality Management System and Accessibility. Sean MacCurtain ISO/CASCO Secretary

ISO 9001:2008 The Standard for World-Class Quality

Correlation matrices between 9100:2009 and 9100:2016

Programinės įrangos inžinerija. ISO 9001:2008 taikymo kompiuterio programinei įrangai rekomendacijos (tapatus ISO/IEC 90003:2014)

Softwareudvikling Retningslinjer for anvendelse af ISO 9001:2008 til computersoftware

Software and IT Asset Management Standards: Benefits for Organizations and Individuals

EDUCORE ISO Expert Training

Reviewers of proposed revision to ISO/IEC :2006 SAM Processes. Call for feedback on draft of revised Tiered SAM Processes

A COMPARISON OF FIVE APPROACHES TO SOFTWARE DEVELOPMENT. David J. Schultz. January 21, 2000

The Evolution of ISO 9000 Software

ISO/IEC/IEEE The New International Software Testing Standards

TIPA : services based on standards

SPICE International Standard for Software Process Assessment

(Draft) Transition Planning Guidance for ISO 9001:2015

How To Understand The Differences Between The 2005 And 2011 Editions Of Itil 20000

ISO OR CMM: WHICH IS MORE EXTENSIVE FOR THE QUALITY SYSTEMS IN A SOFTWARE INDUSTRY?

IAF Informative Document. Transition Planning Guidance for ISO 9001:2015. Issue 1 (IAF ID 9:2015)

DIS (DRAFT INTERNATIONAL STANDARD) EN ISO 9001:2015

The Software Quality Star: A conceptual model for the software quality curriculum


CONSOLIDATED VERSION IEC Medical device software Software life cycle processes. colour inside. Edition

Document: ISO/TC 176/SC 2/N 1147

Systems and software engineering Lifecycle profiles for Very Small Entities (VSEs) Part 5-6-2:

Evaluation and Integration of Risk Management in CMMI and ISO/IEC 15504

ISO/IEC 27001:2013 webinar

Making A Case For Project Management

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

Quick Guide: Meeting ISO Requirements for Asset Management

0. 0 TABLE OF CONTENTS

Treasury Board of Canada Secretariat (TBS) IT Project Manager s Handbook. Version 1.1

An Overview of ISO/IEC family of Information Security Management System Standards

The Emerging ISO International Standard for Certification of Software Engineering Professionals

ISO 19600: The development

Controlling software acquisition: is supplier s software process capability determination enough?

Lecture 8 About Quality and Quality Management Systems

MTAT Software Engineering Management

An integrated life cycle quality model for general public market software products

ISO INTERNATIONAL STANDARD. Health informatics Requirements for an electronic health record architecture

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

Integrated Information Management Systems

DRAFT TABLE OF CONTENTS 1. Software Quality Assurance By Dr. Claude Y Laporte and Dr. Alain April

Improving global standard to be a key driver of innovation. Colin MacNee. 2012, 2013, 2014 Duncan MacNee Limited.

International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research)

ISO 9001:2008 Quality Management System Requirements (Third Revision)

Moving from ISO 9001:2008 to ISO 9001:2015

How to implement an ISO/IEC information security management system

Software Process Maturity Model Study

SOFTWARE QUALITY MANAGEMENT THROUGH IMPLEMENTATION OF SOFTWARE STANDARDS

HP ITSM Assessment Services Helping you reach the levels of service your business requires

Manual on the Quality Management System for the Provision of Meteorological Service for International Air Navigation

Standards Initiatives for Software Product Line Engineering and Management within the International Organization for Standardization

A STRUCTURED METHODOLOGY FOR MULTIMEDIA PRODUCT AND SYSTEMS DEVELOPMENT

Selection and use of ISO 9000

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

Quality Systems Frameworks. SE 350 Software Process & Product Quality 1

How To Choose A Test Maturity Assessment Model

ISO 9000 Introduction and Support Package: Guidance on the Documentation Requirements of ISO 9001:2008

International Workshop Agreement 2 Quality Management Systems Guidelines for the application of ISO 9001:2000 on education.

Information technology Security techniques Information security management systems Overview and vocabulary

Transcription:

Huge potential user base for ISO/IEC 90003 the state of the art for improving quality in software engineering ISO/IEC 90003:2004, Software engineering Guidelines for the application of ISO 9001: 2000 to computer software, is a new ISO/IEC standard that has a huge worldwide potential due to the penetration of just about every business sector, as well as many aspects of social life, by information technology. BY WITOLD SURYN, VICTORIA A. HAILEY AND ANDY COSTER ISO/IEC 90003:2004 covers all aspects of software quality, from acquisition to supply, including development, operation, and maintenance of computer software, and provides guidance on how to implement the highly successful ISO 9001:2000 process approach in a software environment. The publication of ISO/IEC 90003 1) heralds an important era for the software engineering community by bringing a consolidated approach to the development and the application of software engineering standards. In recent years, the adoption of such an approach has become crucial due to 34 ISO Management Systems July-August 2004

the multitude of standards developed that were becoming more willingly embraced by both the industry and the users of its products. Background to ISO/IEC 90003 The first ISO 9000 standards were published in 1987, but it was not until 1991 that a software guidance document was created for the industry. ISO/IEC 90003 s history is a colourful one, starting in 1991. At that time, there were few software engineering standards documents and even fewer documents related to software quality. The creators of what was then ISO 9000-3, part of the ISO 9000 family and under the wing of ISO technical committee ISO/TC 176, disagreed with the structure of ISO 9001:1987 because it did not reflect a software life cycle. They therefore decided to create a document which mirrored the processes that should be followed when creating quality software. They recognized early on that for quality to be built into software, the necessary processes that were part of the software life cycle had to be identified and developed. At that time, ISO/IEC 12207:1995, Software life cycle processes, had yet to be written, so the authors of the earliest version of ISO 9000-3 were somewhat ahead of their time. Unfortunately, users of the early ISO 9000-3 had a difficult time matching up to the requirements of ISO 9001/2/3:1987 and so the structure became a contentious issue when ISO 9001 was revised in 1994. In 1997, ISO 9000-3 was revised to align it with ISO 9001:1994 and was subsequently published as ISO 9000-3, Quality management and quality assurance standards Part 3: Guidelines for the application of ISO 9001:1994 to the development, supply and maintenance of computer software. ISO/IEC 90003 heralds an important era for the software engineering community Notice the addition of computer as a descriptor of software. Software had evolved to a degree significant enough to need this clarification. With this 1997 revision, the guidance contained in ISO 9000-3 was structured to match each and every requirement of ISO 9001:1994. By this time, ISO/IEC 12207:1995 had been published and since it was generally accepted internationally as the baseline for software processes, the guidance information in ISO 9000-3 was based heavily on ISO/IEC 12207 content. Users were happier with the usability of the revised ISO 9000-3 since they could relate each ISO 9001:1994 requirement to ISO/ IEC 12207 and their own needs. When ISO 9001:2000 was published in December 2000, the software engineering standards community had progressed significantly, with additional core standards being available to support ISO 9001:2000 s requirements. ISO then took the decision to transfer ISO 9000-3 to the joint technical committee ISO/IEC JTC 1, Information technology, in which the specific expertise of subcommittee SC 7 is software engineering. This has permitted the guidance to be synchronized with the most current developments within the software community. New standards have been developed to support various aspects of quality, such as ISO/IEC 15504 (process assessment), ISO/IEC 9126 (product quality), ISO/IEC 14598 (product quality evaluation), ISO/IEC 15939 (measurement process), ISO/ IEC 14764 (software maintenance), ISO/IEC 12119 (software packages requirements and testing), and ISO/ IEC 14143 (functional size measurement), among others. With the revision of ISO 9000-3 and the adoption of its own ISO/IEC number, 90003, this software guidance has became an independent software engineering document able to direct This standard offers practical guidance for the implementation of an ISO 9001:2000 quality system that is dedicated to software engineering 1) ISO/IEC 90003:2004 costs 150 Swiss francs and is available from ISO national member institutes (a complete list with contact details is posted on ISO s Web site : www.iso.org) and from ISO Central Secretariat (sales@iso.org). It was developed by the joint technical committee established by ISO (International Organization for Standardization) and the IEC (International Electrotechnical Committee) ISO/IEC JTC 1, Information technology, subcommittee SC 7, Software and system engineering, working group WG 18, Quality management. ISO Management Systems July-August 2004 35

Figure 1: The structure of ISO/IEC 90003 the user to rich sources of advice. ISO/ IEC 90003 makes extensive use of these other documents by cross-referencing, where available, the applicable supporting standards, rather than repeating these software best practices. This approach provides guidance where needed and offers detailed sources from which to incorporate better quality practices. Content and structure The best description of the content of ISO/IEC 90003 is a direct quote from its Scope clause : This International Standard specifies requirements for a quality management system where an organization needs to demonstrate its ability to consistently provide product that meets customer and applicable regulatory requirements, and Guidance is provided in the core process areas of software realization and in measurement, analysis, and improvement aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable regulatory requirements. From the perspective of the user, both the content and structure of this standard offer practical guidance for the implementation of an ISO 9001:2000 quality system that is dedicated to software engineering. This particular approach has well-founded merit: software engineering rapidly gains its value as a socially critical engineering discipline, and, as such, requires appropriate guidance and support in the form of dedicated standards. A first glance at the structure of the standard (Figure 1) demonstrates the comprehensiveness of the five perspectives from which the application of quality in software engineering is addressed. ISO/IEC 90003 Quality Management System Management Responsibility Resource Management Product Realization Measurement, Analysis and Improvement General requirements (for quality system) Documentation requirements Management commitment Customer focus Quality policy Planning Responsibility, authority and communication Management review Provision of resources Human resources Infrastructure Work environment Planning of product realization Customer related processes Design and development Purchasing Production and service provision Control of monitoring and measuring devices General Monitoring and measurement Control of nonconforming product Analysis of data Improvement 36 ISO Management Systems July-August 2004

1. The systemic perspective (Quality Management System) helps the user in verifying and/or establishing the structure and type of processes, together with necessary documentation, required and appropriate for the organization to build an effective quality system. 2. The management perspective (Management Responsibility) allows for identifying, defining and setting up the corporate policy and culture that supports the overall objective of producing quality products. 3. The resource perspective (Resource Management) focuses on dedicated quality resources (a very pioneering approach) indicating to users of the standard those specific issues that should be taken into consideration when building a professional team of quality specialists. 4. The product perspective (Product Realization) goes into exhaustive detail on establishing the matrix of processes that support the creation of the software product (generic development process, purchasing), the planning and management of the realization process, the relationship with the customer and the production and post-delivery support. 5. Finally, the improvement perspective (Measurement, Analysis and Improvement) helps identify the monitoring, measurement and analysis activities required to maintain and improve the quality of products. The above five perspectives give the user a complete and relatively simple analysis mechanism allowing for rather precise definition of quality-related process requirements that, when satisfied, should result in an effective corporate quality system for high quality software products. For each of these perspectives, ISO/IEC 90003 provides guidelines on the topics that are important to ISO 9001:2000 ISO/IEC 90003, Software 15504, Process assessment Available guidance : 15939, Software measurement 9126, Product quality 14143, Functional size measurement 16326, Project management 15504, Supplier selection/management 15846/10007, Configuration management 15504, Process improvement 14598, Software product evaluation 12207, Software life cycle processes software engineers, including planning, configuration management and software testing, supported by cross references to other ISO/IEC standards (see Figure 2). Figure 2 shows how the standards interrelate: ISO/IEC 12207 software life cycle processes are the core of the software engineering model since they typify the processes and best practices that should be used to develop good software. ISO/IEC 12207 processes are then supported by the best practice guidance in the available standards, such as ISO/IEC 15939, ISO/IEC 14143, ISO/IEC 15504. A measurement programme can be established for ongoing monitoring of products, processes and services to ensure that each process is achieving its objectives. The ISO/IEC 15504 process assessment model provides a repeatable framework for determining the maturity or capability of the entire set, or of individual processes. ISO/IEC 90003 in turn provides the overall software guidance needed to interpret and meet the requirements of ISO 9001:2000 as the overall generic quality model. 14102, Evaluation and selection of case tools 15026, Systems and software integrity levels 14764, Software maintenance 15910, Software user documentation process Figure 2: Model showing the relationships between ISO/IEC software engineering standards and ISO 9001: 2000. ( Victoria A. Hailey reprinted with permission) ISO Management Systems July-August 2004 37

Applicability, uses and benefits ISO/IEC 90003 is applicable to software that forms part of either a commercial contract or part of a product s development (including where it is embedded in systems), as well being useful as guidance for process improvement and service delivery. For software that is part of a commercial contract with another organization, ISO/IEC 90003 is clearly applicable, since ISO 9001: 2000 was originally conceived to fit this requirement. This was one of the main intended applications of ISO/IEC 12207 as well. Both ISO/ IEC 12207 and ISO/IEC 90003 are oriented toward (software) projects. ISO/IEC 90003 helps the software organization focus on software requirements and customer satisfaction by providing detailed guidance on the requirements of ISO 9001:2000. For software being developed as a product available for a market sector, since ISO/IEC 90003 is life cycle independent, it is equally applicable to projects and product acquisition, development, operation, and maintenance. For software embedded in a hardware product, ISO/IEC 90003 can be used for the software development since the relationship to ISO 9001: 2000 is strong and provides linkages to the system in which the software may be embedded. Additionally, ISO/IEC 90003 may be used to support, develop and improve the processes of an organization, especially since the requirements of ISO 9001:2000 place such a heavy It is the first document to integrate the various aspects that must be considered in order to build quality into software products focus on these aspects of a quality management system. Guidance is provided in the core process areas of software realization and in measurement, analysis, and improvement, together with the software aspects of human and infrastructure resources, which should all be of benefit in defining or refining business processes. ISO/IEC 90003 has some applicability to service delivery in providing the guidance about software development useful in the provision of software services and also specific advice on operation and maintenance services. Service development and delivery aspects are not specifically covered. Among the many uses for ISO/IEC 90003, the following should be recognized as the most important : guidance in the interpretation of ISO 9001:2000, particularly to support the certification process for an organization ; process improvement programme : as a model to compare the organization s processes against organizational development (similar to improvement but for organizational aspects such as resources and infrastructure) ; and professional development : to gain an appreciation of good practice and the factors affecting quality software development, operation, and maintenance. The benefits of both using and applying ISO/IEC 90003 standard are multiple, with some being of special importance. The following examples should be tremendously appreciated by the standard s users : the interpretation of ISO 9001:2000 for software that is in the language of software specialists ; 38 ISO Management Systems July-August 2004

About the authors Andy Coster was international project editor for the ISO/IEC 90003 project and has participated in international software and systems standards for the past 15 years. He is Managing Director of CosterA Consulting Ltd., a United Kingdom organization specializing in quality management and related consultancy. E-mail mail@acoster.fsnet.co.uk a process framework that can be tailored to suit business needs, while fitting all kinds of organization ; a basis for communication and coordination of software development, operation and maintenance that reduces development risk. This world-class approach to software engineering and software quality management, integrated with ISO/IEC 12207 s software life cycle management and other ISO/IEC JTC 1/SC 7 software standards, offers the mechanisms to improve the processes of quality for software design, development, operations and maintenance and helps an organization to improve customer focus and satisfaction. Conclusions Victoria A. Hailey was the Convenor ISO/IEC JTC 1/SC 7 Working Group 18, Quality management, that developed ISO/IEC 90003. She is a Certified Management Consultant and Senior Consultant of VHG, The Victoria Hailey Group Corporation, which focuses on helping the software, systems, and service industries manage their own and their supplier risk, as well as improving their processes via standards such as SPICE (ISO/IEC 15504), ISO 9000, and CMM. Tel. + 1 416 410 3400. E-mail vah@vhg.com The publication of ISO/IEC 90003 heralds an important and new era of development in software engineering since it is the first document to integrate the various aspects that must be considered in order to build quality into software products. The complexity of software demands both more rigour in the approach to its development, as well as a higher benchmark toward which organizations must strive as they operate its processes. As users of software become more demanding, more sophisticated and less forgiving of defects, the benchmarks will continually be raised as reflected in the increasingly more mature demands that ISO 9001:2000 places on adherents to its philosophy. The evolution of software quality is evident throughout ISO/IEC 90003 as more emphasis is placed on the determination and satisfaction of customers requirements. Moreover, it is no longer acceptable to maintain the status quo. The quality of software products and software processes must continually improve. That is the everadvancing benchmark that the software organization seeks to surpass. With ISO/IEC 90003 as a guide, the task becomes easier. Dr. Witold Suryn is Secretary of ISO/IEC JTC 1/ SC 7, Software engineering. He is a Professor at the École de technologie supérieure, Montreal, Canada (engineering school of the Université du Québec network of institutions) where he teaches graduate and undergraduate software engineering courses and conducts research in the domain of software quality engineering, software engineering body of knowledge and software engineering fundamental principles. Tel. + 1 514 396 8652. E-mail wsuryn@ele.etsmtl.ca Web www.ele.etsmtl.ca/prof/wsuryn/ The quality of software products and software processes must continually improve. With ISO/IEC 90003 as a guide, the task becomes easier ISO Management Systems July-August 2004 39

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information