Practical Support for ISO 900 1 Software Project Documentation
IEEE~ COMPUTER SOCIETY +IEEE Press Operating Committee Chair Roger U. Fujii, Vice President Northrop Grumman Mission Systems Editor-in-Chief Donald F. Shafer Chief Technology Officer Athens Group, Inc. Board Members John Horch, Independent Consultant Mark J. Christensen, Independent Constultant Ted Lewis, Professor Computer Science, Naval Postgraduate School Hal Berghel, Professor and Director, School of Computer Science, University of Nevada Phillip Laplante, Associate Professor Software Engineering, Penn State University Richard Thayer, Professor Emeritus, California State University, Sacramento Linda Shafer, Professor Emeritus University of Texas at Austin James Conrad, Associate Professor UNC- Charlotte Deborah Plummer, Manager- Authoredbooks IEEE Computer Society Executive Staff David Hennage, Executive Director Angela Burgess, Publisher IEEE Computer Society Publications The world-renowned IEEE Computer Society publishes, promotes, and distributes a wide variety of authoritative computer science and engineering texts. These books are available from most retail outlets. Visit the CS Store at http://computer.org/cspress for a list of products. IEEE Computer Society / Wiley Partnership The IEEE Computer Society and Wiley partnership allows the CS Press authored book program to produce a number of exciting new titles in areas ofcomputer science and engineering with a special focus on software engineering. IEEE Computer Society members continue to receive a 15% discount on these titles when purchased through Wiley or at wiley.com/ieeecs To submit questions about the program or send proposals please e-mail dplummer@computer.org or write to Books, IEEE Computer Society, 100662 Los Vaqueros Circle, Los Alamitos, CA 90720-1314. Telephone +1-714-821-8380. Additional information regarding the Computer Society authored book program can also be accessed from our web site at http://computer.org/cspress
Practical Support for ISO 9001 Software Project Documentation Using IEEE Software Engineering Standards Susan K. Land John W Walz IEEE~ COMPUTER SOCIETY ~WILEY \VINTERSCIENCE A WILEY-INTERSCIENCE PUBLICATION
Copyright 2006 by IEEE Computer Society. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada. No part ofthis publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or.:j.erwise, except as permitted under Section 107 or 108 ofthe 1976 United States Copyright Act, without either the prior written permission ofthe Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-646-8600, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008. Limit of Liability/Disc1aimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representation or warranties with respect to the accuracy or completeness ofthe contents ofthis book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993 or fax 317-572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print, however, may not be available in electronic format. LibraryofCongress Cataloging-in-Publication Data is available. ISBN-13978-0-471-76867-8 ISBN-IO 0-471-76867-7 Printed in the United States of America. 10 9 8 7 6 5 4 3 2 I
Contents Preface XlII 1 Introduction and Overview 1 Introduction 1 What is ISO 9001? 3 What ISO 9001 is Not 4 What are Standards? 5 2 Summary of ISO 9001 7 ISO 9001 Principles 7 Why Should My Organization Implement ISO 9001? 8 How Does the ISO 9001 Model Work? 8 What If My Organization Implements ISO 9001? 9 ISO 9001 Audits 9 ISO 9001 Conformance, Registration, and Accreditation 10 Basic Business Model for Software Engineering Organizations 10 Conformance Pathways 11 ISO 9001 Benefits 11 3 Relationship to Software Engineering Standards 15 Standards Organizations 15 ISO Technical Committee 176 on Quality Management and 15 Quality Assurance International Electrotechnical Commission 16 ISO/IECloint Technical Committee 001 16 ISO/IEC ITC 1 SC7 Software and Systems Engineering Standards 16 Committee American National Standards Institute 17 Institute ofelectrical and Electronics Engineers 18 IEEE S2ESC Software and Systems Engineering Standards 19 Committee ISO/IEC IIC1 SC7 Software and Systems Engineering Standards 20 Committee (S2ESC) Relationships Among ISO 9001, ISO 90003, IEEE 12207 and 20 ISO/IEC 15504 v
vi Contents Software Engineering Body of Knowledge (SWEBOK) 21 Capability Maturity Model Integrated (CMMI) 22 4 Implementation Guidance 25 Improvement Frameworks Selection 25 Plan, Do, Check, Act (PDCA) Cycle 25 IDEAL (Initiating, Diagnosing, Establishing, Acting, and Learning) 25 Model Set Context 26 Business Improvement through ISO 9001 Implementation 27 Customer and Investor Confidence through ISO 9001 Implementation 27 Build Sponsorship 28 Improvement Project Stakeholders 28 Charter Infrastructure 28 Establish Steering Committee and Process Group 29 Software Engineering Training 29 Characterize Current and Desired States 30 Perform Gap Analysis 31 Perform Self-Audit Using ISO 9001 Criteria 31 Develop Recommendations 32 Set Priorities 32 Develop the Approach 33 Goal-Driven Implementation 33 Plan Actions 33 Baseline Processes 34 Create Solution 36 Pilot/Test Solution 36 Refine Solution 37 Implement Solution 37 Analyze and Validate 37 ISO 9001 Registration Steps 37 Propose Future Actions 38 Implementation Pitfalls 38 Being Overly Prescriptive 38 Remaining Confined to a Specific Stage 39 Documentation, Documentation 39 Lack of Incentives 39 No Measurements 39 Conclusion 40 5 12207 Primary Life Cycle Processes and ISO 9001 43 Software Life Cycle (SLC) Selection and Design 43 Waterfall 44 Modified Waterfall 44 V-Shaped 44 Incremental 44
Contents vii Spiral 45 Synchronize and Stabilize 45 Rapid Prototype for New Projects 45 Code-and-Fix 45 IEEE 12207 Processes 46 Acquisition 47 ISO 9001 Goals 47 Software Acquisition Plan 50 Software Acquisition Plan Document Guidance 50 Concept ofoperations 53 Concept ofoperations (ConOps) Document Guidance 53 Decision Tree Analysis 57 Supply 58 ISO 9001 Goals 60 Request for Proposal 61 Request for Proposal (RFP) Guidance 61 Joint Customer Technical Reviews 63 Software Project Management Plan 65 Software Project Management Plan Document Guidance 65 Development 069 ISO 9001 Goals 70 System Requirements Analysis 75 System Requirements Specification 75 System Requirements Specification Document Guidance 75 Software Requirements Analysis 80 Software Requirements Specification 80 Software Requirements Specification Document Guidance 80 Software Design Document 84 Software Design Document Guidance 84 Interface Control Document 88 Interface Control Document Guidance 88 Operation 91 ISO 9001 Goals 92 User's Manual 93 User's Manual Document Guidance 93 Maintenance 95 ISO 9001 Goals 96 Transition Plan 96 6 12207 Supporting Life Cycle Processes and ISO 9001 103 Supporting Processes 103 ISO 9001 Goals 103 Documentation 105 ISO 9001 Goals 105 Quality Manual 106 Configuration Management Record 108
viii Contents Configuration Management 108 ISO 9001 Goals 109 Software Configuration Management Plan 110 Software Configuration Management Plan Document Guidance 110 Quality Assurance 121 ISO 9001 Goals 122 Software Quality Assurance Plan 122 Software Quality Assurance Plan Document Guidance 123 Verification 134 ISO 9001 Goals 134 Inspections 135 Walk-throughs 140 Validation 144 ISO 9001 Goals 144 Software Test Plan 144 Software Test Plan Document Guidance 144 System Test Plan 155 Joint Review 172 ISO 9001 Goals 172 Technical Reviews 173 Management Reviews 176 Audit 179 ISO 9001 Goals 180 Audits 180 Software Measurement and Measures Plan 184 Software Measurement and Measures Plan Document Guidance 184 Problem Resolution 191 ISO 9001 Goals 191 Risk Management Plan 192 Probability/Impact Risk Rating Matrix 196 7 12207 Organizational Processes and ISO 9001 197 ISO 9001 Goals 197 Management 197 ISO 9001 Goals 199 Software Requirements Management Plan 201 Software Requirements Management Plan Document Guidance 202 Software Project Management Plan 212 Software Project Management Plan Document Guidance 212 Stakeholder Involvement 218 Work Breakdown Structure (WBS) 218 Work Breakdown Structure (WBS) for Postdevelopment Stage 219 Infrastructure 220 ISO 9001 Goals 220 Organization's Set ofstandard Processes 222
Contents ix Improvement ISO 9001 Goals Engineering Process Group Charter Process Action Plan (PAP) Tailoring Guidelines Training ISO 9001 Goals Training Plan 8 ISO 9001 for Small Projects Introduction to ISO 9001 for Small Projects Project Management Plan-Small Projects Appendix A. IEEE Standards Abstracts Appendix B. Comparison of ISO 9001 to IEEE Standards Appendix C. Work Products Acquisition Make/Buy Decision Matrix Alternative Solution Screening Criteria Matrix Cost-Benefit Ratio Supply Recommendations for Software Acquisition Organizational Acquisition Strategy Checklist Supplier Evaluation Criteria Supplier Performance Standards Development Requirements Traceability Software Development Standards Description System Architectural Design Description Software Architectural Design Description Database Design Description Software Architecture Design Success Factors and Pitfalls UML Modeling Unit Test Report Unit Test Report Document Guidance System Integration Test Report System Integration Test Report Document Guidance Operation Product Packaging Information Maintenance Change Enhancement Requests Baseline Change Request Work Breakdown Structure for Postdeployment 222 222 225 226 227 229 229 229 235 235 236 247 259 269 269 269 269 269 272 272 272 272 273 274 274 274 279 279 280 280 281 282 283 290 290 294 294 294 294 294 297
x Contents Software Change Request Procedures Quality Assurance Example Life Cycle Minimum Set of Software Reviews SQA Inspection Log Inspection Log Description Verification Inspection Log Defect Summary Inspection Log Defect Summary Description Inspection Report Inspection Report Description Requirements Walk-through Form Software Project Plan Walk-through Checklist Preliminary Design Walk-through Checklist Detailed Design Walk-through Checklist Program Code Walk-through Checklist Test Plan Walk-through Checklist Walk-through Summary Report Classic Anomaly Class Categories Validation Examples of System Testing Test Design Specification Test Case Specification Test Procedure Specification Test Item Transmittal Report Test Log Test Incident Report Test Summary Report Joint Review Open Issues List Audit Status Reviews Critical Dependencies Tracking List ofmeasures for Reliable Software Example Measures Measurement Information Model in ISO/IEC 15939 Problem Resolution Risk Taxonomy Risk Taxonomy Questionnaire Risk Action Request Risk Mitigation Plan Risk Matrix Sample Management Work Breakdown Structure Work Flow Diagram 306 309 309 316 317 317 319 319 319 319 321 322 322 322 323 323 324 324 325 326 331 332 333 334 335 336 337 338 339 339 339 339 341 341 341 364 364 364 364 364 364 366 366 366 367
Contents xi Stakeholder Involvement Matrix Infrastructure Organizational Policy Examples Definition Form Asset Library Catalog Improvement Organizational Improvement Checklist Organization Process Appraisal Checklist Lessons Learned Measures Definition for Organizational Processes Training Training Log Appendix D. ISO/IEC Guidance ISO 9001:2000 Mapping to ISO/IEC Standards Appendix E. ISOIIEC 90003 Mapping to ISO/IEC 12207 Appendix F. CD ROM Reference Summary References IEEE Publications ISO Publications Other References Index About the Authors 372 373 373 375 375 377 377 377 377 382 384 384 387 387 391 399 401 401 403 404 407 417
Preface The IEEE Computer Society Software and Systems Engineering Standards Committee (S2ESC) is the governing body responsible for the development of software and systems engineering standards. S2ESC has conducted several standards users' surveys. The results of these surveys revealed that standards users found the most value in the guides and standards that provided the specific detail that they needed for the development of their process documentation. Users consistently responded that they used the guides in support of software process definition and improvement (ISO 9001 or CMMI ) but that these standards and guides required considerable adaptation when applied as an integrated set of software process documentation. This book was written to support software engineering practitioners who are responsible for producing the process documentation, and work products or artifacts, associated with support of software process definition and improvement. This book will be most useful to organizations with multiple products and having business customer relationships. In addition to members of project development and test teams working on products with multiple versions, this book is also useful to members of organizations supporting software project development and testing, such as project management, configuration management, risk management, human resources, and information technology. It is the hope of the authors that this book will help members of organizations who are responsible for developing or maintaining their software processes in order to support ISO 9001 documentation requirements (ISO 9001:2000, Quality Management Systems-Requirements). Software process definition, documentation, and improvement should be an integral part of every software engineering organization. This book addresses the specific documentation requirements in support of ISO 9001 by providing detailed documentation guidance in the form of: Detailed organizational policy examples. An integrated set ofover 40 deployable document templates. Examples of over 100 common work products required in support of assessment activities. Examples oforganizational delineation ofprocess documentation. xiii
xiv Preface This book provides a set of templates based on IEEE software engineering standards that support the documentation required for all activities associated with software development projects. The goal is to provide practical support for individuals responsible for the development and documentation of software processes and procedures. The objective is to present the reader with an integrated set of documents that support the requirements of ISO 9001. It is hoped that this book will provide specific support for organizations pursuing software process definition and improvement. For organizations that do not wish to pursue ISO 9001 accreditation, this text will show how the application of IEEE standards can facilitate the development of sound software engineering practices. ACKNOWLEDGMENTS Susan K. Land I would like to acknowledge my company, Northrop Grumman Information Technology TASC, and thank them for their continued support of my IEEE Computer Society volunteer activities. In these days of continued corporate cutbacks, I feel privileged to work within an organization that supports standardization and the pursuit of software engineering excellence. I would also like to acknowledge my colleagues within the volunteer organizations ofthe IEEE Computer Society and thank them for their constant encouragement, their dedication to quality, and their friendship. I would specifically like to thank James Moore, J. Fernando Naveda, and Alan Clements. I would like to thank my husband for his unwavering support and encouragement and my father for his years ofgood advice and good example. John W. Walz Without the support of Ann, my wife, this book would not have been a realitythank you. I would like to acknowledge my company, The Sutton Group, and thank Stan Flowers for his continued support of my IEEE Computer Society volunteer activities. Also I would like to thank my previous managers who guided my professional development: Thomas J. Scurlock, Jr. and Terry L. Welsher, both retired from Lucent Technologies, and James R. McDonnell, SBC. For my long involvement in software engineering standards, I would like to thank the leadership of HelenM. Wood. Both authors would like to thank Andrew Prince ofjohn Wiley & Sons for his outstanding ability see past each grammatical error and into what we really meant to say. We would also like to thank Angela Burgess and Deborah Plummer of the IEEE Computer Society for their support and encouragement.