ISO9001

Devi Annisetty
Hemalatha Dama
Jump to first page
Introduction
 ISO9001
 Evolution & History
 Importance
 Statistics
 Implementation In IT
 Relation to CMM

Jump to first page

ISO9001
 "International Organization for
Standardization"
 Equal (Greek)
 network of the national standards
institutes of 148 countries
 Central Secretariat in Geneva
 non-governmental organization
 position between the public and private
sectors
 bridging organization between
requirements of business and broader
needs of society
Jump to first page
 History
 voluntary technical standards for sectors of
business, industry and technology since 1947
 documented agreements containing technical
specifications or other precise criteria to be
used consistently as rules, guidelines, or
definitions of characteristics to ensure that
materials, products, processes and services
are fit for their purpose.
 ISO brought to the attention of a much wider
business in 1987
 Generic management system standards
 ISO 9000 is primarily concerned with "quality
management".

Jump to first page

Benefits to the Society from Standards
 For businesses
 suppliers can base the development of their products and
services on specifications that have wide acceptance in their
sectors
 free to compete on many more markets around the world
 For customers
 worldwide compatibility of technology
 wide choice of offers & competitor prices
 For governments
 health, safety and environmental legislation
 For trade officials
 level playing field for all competitors
 technical barriers to trade
 For developing countries
 international consensus of technological know-how
 right decisions in investing their scarce resources
 For consumers
 provides assurance about their quality, safety and reliability
 For everyone
 quality of life in general
 For the planet
 International Standards on air, water and soilJump
quality, and
to first on
page
Examples of Benefits
 Standardization of screw threads helps to keep
chairs, children's bicycles and aircraft together
 freight containers, international trade would be
slower and more expensive without standards
 public transport and buildings is a problem if the
dimensions of wheel-chairs and entrances are
not standardized
 Standardized symbols to provide danger
warnings and information across linguistic
frontiers.
 Standardized protocols allow computers from
different vendors to "talk" to each other
 More than half a million organizations in more 60
countries are implementing ISO

Jump to first page

Administration of ISO
 Membership of ISO is open to national standards
institutes or similar organizations most
representative of standardization in their country
 Member bodies
 Correspondent members
 Subscriber members
 individuals or enterprises are not eligible for
membership
 ISO's national members pay subscriptions
that meet the operational cost of ISO's
Central Secretariat
 ISO standards are developed by technical
committees comprising experts on loan from
the industrial, technical and business sectors
which have asked for the standards, and
which subsequently put them to use.

Jump to first page

Statistics
 Members
 148 national standards bodies
 97 member bodies
 36 correspondent members
 15 subscriber members
 Technical Committee structure
 2981 technical bodies
 188 technical committees
 546 subcommittees
 2224 working groups and
 23 ad hoc study groups
 Staff
Technical secretariats
 37 member bodies provide the administrative and technical
services for the secretariats of technical committees (TC) and
subcommittees (SC) These services equal a full-time staff
of 500 persons
Central Secretariat
Geneva
 151 full-time staff
from 24 countries coordinate
 140 million CHF per year is estimated as the
operational expenditure for the ISO work
Jump to first page
Definitions
 Certification : refers to the issuing of
written assurance (the certificate) by an
independent, external body that has
audited an organization's management
system and verified that it conforms to
the requirements specified in the
standard.
 Registration: means that the auditing
body then records the certification in its
client register
 Accreditation: refers to the formal
recognition by a specialized body - an
accreditation body
 Certification is not compulsory
Jump to first page
Committees(JCT1) for IT
 SO/IEC 2382-7:2000 Information technology --
Vocabulary -- Part 7: Computer programming
 ISO/IEC 2382-20:1990 Information technology --
Vocabulary -- Part 20: System development
 ISO/IEC 9126:1991 Software engineering --
Product quality
 ISO/IEC 12207:1995 Information technology --
Software life cycle processes
 ISO/IEC TR 14471:1999 Information technology -
- Software engineering -- Guidelines for the
adoption of CASE tools
 ISO/IEC 14764:1999 Information technology --
Software maintenance
 ISO/IEC 15026:1998 Information technology --
System and software integrity levels
Jump to first page
Applicability of ISO 9001 to Software Development
 ISO 9001's focus is on all factors except
"technology".

 ISO 9000-3 provides "guidance" on implementing

an ISO 9001 compliant set of processes (QMS)
 Guidance is for software development, supply
and maintenance environments
Jump to first page
Quality
Totality of characteristics of an entity that bear on its ability to
satisfy stated and implied needs.

Quality system requirements

The quality system requirements for ISO 9001 consist of
twenty standards. In each case, the people involved specify
who does what, how, and who is responsible.

 Management responsibility
 Quality policy
 Defined by executive management
 Establishes objectives and commitment to quality
 Considers organizational goals and customer
needs
 Understood and carried out throughout the
organization.

 Organization
 Responsibility and authority is defined for people
whose work affects product and service quality

Jump to first page

 Resources
 Adequate resources are provided ,including
qualified people, materials, equipment and
internal quality auditors
 Management representative
 Appointed by executive management
 Ensures the requirements of Iso9001 are met
 Reports on the performance of the Quality system
 Acts as liaison with the registration agency
 Management review
 To ensure the continuing suitability in satisfying:
 The iso9001 requirements
 The quality policy
 At defined intervals
 Maintain review records

Jump to first page

 Quality system
 Quality manual:
 Defines the scope of the quality system
 Outlines documentation related to the standard

 Documented Procedures:
 Meet all the requirements of the Standard.
 Describe which tasks affecting product and
service quality each process must carry out.
 Quality plan
 To improve overall performance

Jump to first page

 Contract Review
Reviewed to ensure that:
 Requirements are clearly defined and
documented
 Verbal order requirements are agreed before
being accepted any differences from the
original offer are resolved
 you have the capability to meet the contract
requirements carry out amendments to the
contract in a prescribed manner and
communicate the changes within your
organization.
 Maintain records of contract review

Jump to first page

 Design Control System
 Carry out design projects according to
established procedures
 Plan design projects
 Assign each design and development task
to qualified personnel
 Identify the organizations involved, and describe the
information flow to carry out the design project.
 Transmit the necessary information among
organizations
 Create clear design input requirements:
 written, complete, clear, reviewed
 Create design output that meets design stage input
requirements
 Review design results with representatives concerned
with the design stage
 Verify the design to establish that design output meets
design input requirements
 Validate that the product meets defined user needs
and requirements
 Review and approve all design changes

 Document and Data control:

 The documents and data shall be reviewed and
approved for adequacy by authorized personnel prior
to issue
Jump to first page
 Purchasing:
 Purchasing procedures ensure that purchased
products and services conform to requirements
 Select vendors based on their ability to meet
requirements, including quality requirements.
 define controls over vendors based on the type
of product, it's impact on the final product , and
the vendor performance record.
 maintain records of acceptable vendors.
 Purchasing documents clearly describe the product
ordered:
 Clearly specified type, class, grade, etc.
 Identification of product, applicable drawings,
technical data, approval requirements, etc.
 Relevant quality system standard.
 Reviewed prior to release

 Arrangements may be made for you or your

customer to verify the product at the vendor's site.

Jump to first page

 Control of customer-supplied product:
 Verify, store and maintain customer-supplied product
provided for incorporation into the final product.
Record and report to the customer any lost and
damaged product.

 Product identification and traceability:

 Identify the product from receipt and during all
stages of production, delivery and installation.

 process control:
Carry out processes under control conditions.
 Documented procedures define the manner of
production, installation and servicing.
 Suitable production, installation and servicing
equipment
 Suitable working environment
 Compliance with :
 reference standards and codes
 quality plans or procedures
 Monitoring and control of suitable process
parameters and product characteristics

Jump to first page

  Approval of processes and equipment
 Criteria for workmanship stipulated in the clearest
practical manner.
 Suitable maintenance of equipment

 Inspection and testing:

 Verify incoming material before use
 Identify and maintain inspection and test status
 Maintain inspection and test records
 Complete testing before releasing the product

 Control of inspection ,measuring and test

equipment :
 All equipment used for inspection, measurement and
testing, has to fulfill the specified quality
requirements( for instance, calibration of measuring
instruments, or verifying software dependability).

 Inspection and test status:

 The firm ensures that the article concerned has
passed all the specified inspections and tests in(10) ,
and that the tests have been satisfactorily conducted
and completed.

Jump to first page

 Control of nonconforming product:
 This standard involves the recognition that no matter
how tight the firm's control systems are, something
may go wrong. What is important is to establish that
the error has occurred, and to have procedures to
deal with the situation.

 Corrective and preventive action:

 For non-conformities, the firm specifies how it
determines what went wrong, who should fix it, how
that person is to be accurately informed, when the
problem is to be solved, how it controls that the
problem is solved, and how to prevent reoccurence.

 Handling, storage, packaging,

preservation and delivery:
 Prevent damage during product handling
 Prevent damage or deterioration during product
storage
 Control product packaging
 Preserve the product
 Protect product during delivery

Jump to first page

 Control of quality records:
 The firm defines what documents are classified as
quality records, as well as how, and by whom, a
record should be stored. This includes all records
that provide evidence that the quality system itself is
functioning as it should.

 Internal quality audits:

 Verify whether quality activities and related results
comply with planned arrangements.
.Determine the effectiveness of the quality
system
 Schedule on the basis of status and importance of
the activity being audited
Auditors:
 Observe work practices
 Examine quality records
 Identify non compliances
Audit results are:
 recorded
 brought to the attention of those having
responsibility for the area audited.
 Executive management reviews the effectiveness of
the quality system

Jump to first page

 Training
 Identify training needs
 Quality workers before assigning them to
tasks
 Maintain training records

 Servicing:
 Perform, verify and report servicing to meet
specified servicing requirements

 Statistical techniques:
 Identify the need for statistical techniques to
establish, control and verify process capability and
product characteristics
 Carry out and control the application of
identified statistical techniques

Jump to first page

Jump to first page
Similarities between ISO9001 & SEICMM
 Management Responsibility
 ISO: Quality Policy be define, documented, understood, implemented
and Maintained.
 CMM:Management responsibility for quality policy and verification
activities primarily addresses in Software Quality Assurance.
 Quality System
 ISO: Documents quality system, including procedure and instructions be
established
 CMM: Quality primarily addressed in Software Quality Assurance
distributed thru KPA’s
 Contract Review
 ISO:contracts be reviewed to determine whether the requirements are
adequately defined, agree with bid and can be implemented
 CMM: Review customer requirement is spanned in Requirement mgnt.
 Design Control
 ISO: Procedure to control& verify Design be established(planning, Inputs,
outputs, design)
 CMM:Life cycle activities , design , code, test are described in Software
Project Planning

Jump to first page

Continued..
 Document Control
 ISO:Distribution & modification of documents be controlled
 CMM:Document control are described in configuration mgmt

 Purchasing
 ISO:purchased products conform their specified requirements(assessment of
subcontractors, verification of purchased products)
 CMM:Addressed in Activity 2 & 12 of acceptance testing of subcontracted software
 Purchaser -supplied product
 ISO: purchaser supplied material verified and maintained
 CMM:Activity 6.3 in integrated software mgmt in using purchased software
 Product identification & Traceability
 ISO: during all stages of production delivery & installation
 CMM:covering Software Configuration Mgmt
 Process Control
 ISO:Production process be defined & planned
 CMM: Software Production process controlled in thru KPA’ in various actvites

Jump to first page

 Continued..

 Inspection & Test Status

 ISO:Inspection and test be maintained for items as they progress through various
processing steps
 CMM: Testing practices in software product Engineering
 Corrective Action
 ISO: causes of non conforming product be identified,products eliminated,
procedures are changed from corrective action
 CMM: Analysis, updates, patches
 Training
 ISO:Training needs be identified and training provided
 CMM:Training program, Orientation practices
 Servicing
 ISO:servicing activities be performed as specified
 CMM:maintenance

Jump to first page

Summary
 What is ISO and its benefits
 How is it applicable in IT industry
 Detail explanation of Quality
management system
 Its comparison to CMM

Jump to first page

Reference
 http://www.palaulive.com/iso/
 http://www.asq.org/stand/types/iso9000.html
 http://www.iso9000data.com/ISO9000.html
 http://www.tantara.ab.ca/iso_list.htm
 http://www.tantara.ab.ca/iso90003.htm
 http://www.sei.cmu.edu/pub/documents/94.report
s/pdf/tr12.94.pdf

Jump to first page

No Questions please :-)

Jump to first page