+ All Categories
Home > Documents > HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO...

HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO...

Date post: 05-Apr-2018
Upload: sai-global-apac
View: 222 times
Download: 0 times
Share this document with a friend

of 15

  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000



    Software Development

    Guide to ISO 9001:2000

  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000



    GUIDE TO ISO 9001:2000


    Standards Australia International

    All rights are reserved. No part of this work may be reproduced or copied in any form or by anymeans, electronic or mechanical, including photocopying, without the written permiss ion of the


    Published by Standards Australia International LtdGPO Box 5420, Sydney, NSW 2001, Australia

    ISBN 0 7337 3711 0

  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000


    HB 90.92000 2


    This Handbook is a revision of AS/NZS 3905.8:1996, Quality system guidelines, Part 8: Guide to

    AS/NZS ISO 9001:1994 for the software industry, which is now withdrawn.

    The objective of this Handbook is to provide software developers with guidance on the application of

    ISO 9001:2000, Quality management systemsRequirements in both the software development and

    associated hardware industry in order to assist those wanting to develop quality management systems

    complying with this standard.


    This Handbook was prepared by

    Tom McBride Lucent Technologies, Australia

    Phil Cohen HCi

    Vincent Sheehan HCiShashi Laverick HCi

    Further input was sought from the members of Standards Australia Committees QR-003 Software

    Quality Systems and IT-015, Software Engineering, to whom the Handbook was submitted for review

    and comment prior to publication.

    The contribution of all these parties is gratefully acknowledged.

  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000


    HB 90.920003



    FOREWORD .................................................................................................................... 5

    INTRODUCTION ...................................................................................................................... 8

    0.1 General............................................................................................................................. 8

    0.2 Process approach............................................................................................................ 10

    0.3 Relationship with ISO 9004 ........................................................................................... 12

    0.4 Compatibility with other management systems .............................................................. 12

    1 SCOPE ................................................................................................................................ 13

    1.1 General........................................................................................................................... 13

    1.2 Application..................................................................................................................... 14

    2 NORMATIVE REFERENCE.............................................................................................. 15

    3 TERMS AND DEFINITIONS............................................................................................. 16

    4 QUALITY MANAGEMENT SYSTEM.............................................................................. 17

    4.1 General requirements ..................................................................................................... 17

    4.2 Documentation requirements.......................................................................................... 18

    5 MANAGEMENT RESPONSIBILITY ................................................................................ 24

    5.1 Management commitment .............................................................................................. 24

    5.2 Customer focus .............................................................................................................. 24

    5.3 Quality policy................................................................................................................. 255.4 Planning ......................................................................................................................... 26

    5.5 Responsibility, authority and communication................................................................. 27

    5.6 Management review ....................................................................................................... 30

    6 RESOURCE MANAGEMENT ........................................................................................... 31

    6.1 Provision of resources .................................................................................................... 31

    6.2 Human resources............................................................................................................ 31

    6.3 Infrastructure.................................................................................................................. 32

    6.4 Work environment ......................................................................................................... 32

    7 PRODUCT REALIZATION ............................................................................................... 33

    7.1 Planning of product realization ...................................................................................... 33

    7.2 Customer-related processes............................................................................................ 34

    7.3 Design and development ................................................................................................ 37

    7.4 Purchasing...................................................................................................................... 46

    7.5 Production and service provision ................................................................................... 48

    7.6 Control of monitoring and measuring devices ................................................................ 55

    8 MEASUREMENT, ANALYSIS AND IMPROVEMENT ................................................... 56

    8.1 General........................................................................................................................... 56

    8.2 Monitoring and measurement ......................................................................................... 56

    8.3 Control of nonconforming product................................................................................. 60

    8.4 Analysis of data.............................................................................................................. 618.5 Improvement .................................................................................................................. 62

    BIBLIOGRAPHY .................................................................................................................. 64

  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000


    HB 90.92000 4



    A EXPLANATION OF TERMS USED IN THIS GUIDE...................................................... 66

    B SAMPLE ORGANIZATION CHART................................................................................ 69

    C TYPICAL QUALITY MANAGER JOB DESCRIPTION................................................... 70

    D TYPICAL INTERNAL AUDIT PROCEDURE................................................................. 71

    E ADVICE FOR AUDITORS ................................................................................................ 72

    F WHAT IS ISO 9001, AND HOW DOES IT AFFECT ME?................................................ 73

  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000


    HB 90.92000

    www.standards.com.au Standards Australia



    This Handbook is intended for the software development industry to provide guidance on the

    application of ISO 9001:2000 to the computer software development and allied hardware industry. It

    discusses the requirements of ISO 9001 in terms appropriate for the industry, together with relevantexamples.

    This Handbook is intended for use by those who need to know how to implement a quality

    management system for software development and may include the following:

    Senior managers.

    Software developers, who need to participate in quality management system implementation.

    Quality assurance professionals needing to know how to apply ISO 9001 to software


    It may also be used by auditors who wish to know how the software development industry interprets

    ISO 9001.

    ISO 9001:2000 is divided into an Introduction, eight clauses and Annex A (an informative

    bibliography). The eight clauses address the following:

    1 Scope

    2 Normative reference

    3 Terms and definitions

    4 Quality management system

    5 Management responsibility

    6 Resource management7 Product realization

    8 Measurement, analysis and improvement

    The main body of ISO 9001:2000 is contained in clauses 4 to 8. These set out what is required, but do

    not specify how the requirements are to be achieved. Therefore, the software developer has the

    flexibility to evolve a quality management system tailored to suit the developers method of operation.

    In this Handbook, the Introduction and Clauses of ISO 9001:2000 are shown in a box followed by

    relevant guidance. The extent of guidance varies, depending on the nature of the clause and its


    In the guidance to the Introduction, a number of quality management terms are explained briefly in thecontext where they first appear (shown in bold italic type). Other terms used in this Handbook are

    given in Appendix A.

    The new version of the standard is based on the concept of process, including, among others, the

    processes of design, product realization, and testing. In software development, the distinction between

    these operations is often blurred. For example, some may consider coding to be part of the design

    process, while others may consider coding to be the implementation of the design and therefore part of

    the product realization process. Testing may be carried out at all phases of the particular development.

    Each developer will need to establish the breakdown of these operations that best suits the business.

    The main requirement is that, however the breakdown is made, a consistent approach is taken and this

    is reflected in the resultant documentation.

  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000


    HB 90.92000

    Standards Australia www.standards.com.au



    There are a number of fundamental changes that have taken place during the current revision process.

    The major changes are

    Process approachA process model approach has been used to develop the 2000 version of ISO 9001. As a result, the old

    20 clause structure of the 1994 version has gone and the standard structure is now more closely

    aligned to business working practices.

    While at first glance it would appear that the 2000 version has been completely rewritten, what has

    actually happened is that the most of the content of the 1994 version has been redistributed into the

    new process model structure. In doing so, the text may have been changed but in many cases the intent

    of the clause has not. However it is true that new requirements have been added, and the major ones

    are discussed briefly here.

    One beneficial outcome of this approach is that the weighting given to the content via a main clause

    and subclause structure is more appropriate to business needs. In the old 20 clause approach the clausenumbering gave undue weight to some aspects of relatively minor importance.

    One standard for certification

    ISO 9001:2000 is the only standard on which certification can now be based. ISO 9001:1994, ISO

    9002:1994 and ISO 9003:1994 are now superseded and no longer available as a basis for certification.

    Provision has been made for those who had or were contemplating certification to ISO 9002 or ISO

    9003 through a permissible exclusions approach discussed in detail on page 14.


    The standard now identifies the supplier organization customer which is in line with

    business practice. (This replaces the subcontractor supplier customer terminology of the 1994

    version.) The term subcontractor has now disappeared.

    Continual improvement

    Organizations are now required to have a process of continual improvement built into their quality

    management system.

    Customer satisfaction

    The 2000 version now requires an organization to have a customer focus and to monitor customer

    satisfaction which is one of the means to be used in evaluating the performance of the quality

    management system.

    Internal communication

    There is a clause which requires an organization to have an internal communication process to provide

    information on the quality management system and its effectiveness.


    In assessing human resources and in training, the issue of competency has been introduced and will

    need to be addressed within the organization.

    Less documented procedures demanded

    The 2000 version of ISO 9001 contains less requirements for documented procedures but in turn shifts

    the responsibility for adequate documentation to the organization. The requirement is now that the

    organization has adequate documentation to control its processes and operations. This documentation

    forms part of the quality management system.

  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000


    HB 90.92000

    www.standards.com.au Standards Australia



    The standard now requires that where any process is outsourced, the organization describes how it

    exercises control over the outsourced process(es).

    Interaction between processes

    There is a requirement for the organization to describe its processes and how they interact.

    Other changes

    There are a number of other changes, which are either a new requirement within a clause or an

    extension of the requirement(s) of the 1994 version.

  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000


    HB 90.92000

    Standards Australia www.standards.com.au


    Standard Introduction

    0.1 General

    The adoption of a quality management system should be a strategic decision of

    an organization. The design and implementation of an organizations qualitymanagement system is influenced by varying needs, particular objectives, theproducts provided, the processes employed and the size and structure of theorganization. It is not the intent of this International Standard to imply uniformity inthe structure of quality management systems or uniformity of documentation.

    The quality management system requirements specified in this InternationalStandard are complementary to requirements for products. Information markedNOTE is for guidance in understanding or clarifying the associated requirement.

    This International Standard can be used by internal and external parties, includingcertification bodies, to assess the organizations ability to meet customer,regulatory and the organizations own requirements.

    The quality management principles stated in ISO 9000 and ISO 9004 have beentaken into consideration during the development of this International Standard.

    Guidance The intention of ISO 9001:2000 is to provide a system which can enableorganizations in hardware, software, processed materials and service industries to

    have a better way to organize, manage, document and control the way they do


    This should mean that the quality (in terms of the conformance to specifications)

    of their products will be more consistent.

    There are a number of advantages to this approach for software development, a

    major one being that the software development process becomes less variable.

    Another advantage is that anynonconformities result not just in adjustments to the

    particular products in which they are found, but also to the processes that caused the

    problem in the first place. So, for example, an error in a piece of software can be

    traced back to the methods used to develop the software and its specifications.

    These methods can be fixed (by means ofcorrective action) so that the same type of

    problem does not recur. Another source of improvements is called preventive

    action, in which the software development organization is required to consider

    improvements to each part of the process on a regular basis.

    Certification to ISO 9001 provides customers withassurance that the organizationis capable of developing software of a consistent quality. Each certification carries

    with it a scope, which defines the areas of software development to which the

    organization has been certified.

    Certification also means that the customer can be assured that the organizations

    procedures and policies are actually being used. To maintain certification, regular

    external audits have to be carried out by a third-party organization. This involves

    the evaluation, not only of the procedures, but also of the quality records of the

    developer, which provide evidence that the procedures are being followed, and

    provide an audit trail.

    An external audit is a two-stage process. First, the policies and procedures arelooked at to make sure they meet the Standard, then the quality records, code,

    documentation and other work are checked. Auditors may also discuss the work

    with staff.

  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000


    HB 90.92000

    www.standards.com.au Standards Australia


    Internal audits also look at quality records, but they are usually carried out by

    someone within the development organization who is independent of the actual

    development. They are usually carried out more frequently than external audits.

    There are several kinds ofdocuments which, together with the people in an

    organization, form a quality management system. These include the following: A quality policy statement, which is a statement by the executive

    management of the company. The quality policy is implemented through a

    series ofquality objectives.

    A quality manual, which may contain policy statements on a number of

    areas, and also contains or refers to the procedures used in the organizations

    quality management system, making it the central point of reference for staff

    and for auditors.

    Quality records, of various kinds, differing from organization to

    organization which may include training records, software change request

    forms and even databases.It is important for auditing purposes that the quality manual covers all of the

    requirements of the standard. If there are requirements which are not appropriate to

    a particular organization, they should be dealt with by stating their inappropriateness

    in the quality manual. A statement should be also added that these requirements will

    be covered at a later date, if necessary.

    ISO 9001 does not specify the way in which software (or any other product) should

    be developed. The standard specifies the elements of the quality management

    system itself, the areas to be covered by the quality manual, and that it is distributed,

    controlled and given authority.

    NOTE It is not enough merely to do what the standard says. To gain certification, anorganization must be able to demonstrate that the quality management system

    procedures and policies are being followed and objectives are being achieved.

    By having written procedures and documents covering the relevant

    requirements of the standard, and keeping quality records to show that the

    procedures are in use will facilitate the necessary demonstration. The

    procedures and documents also have to be kept up-to-date and relevant.

  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000


    HB 90.92000

    Standards Australia www.standards.com.au


    Standard 0.2 Process approach

    This International Standard promotes the adoption of a process approach whendeveloping, implementing and improving the effectiveness of a qualitymanagement system, to enhance customer satisfaction by meeting customer

    requirements.For an organization to function effectively, it has to identify and manage numerouslinked activities. An activity using resources, and managed in order to enable thetransformation of inputs into outputs, can be considered as a process. Often theoutput from one process directly forms the input to the next.

    The application of a system of processes within an organization, together with theidentification and interactions of these processes, and their management, can bereferred to as the process approach.

    An advantage of the process approach is the ongoing control that it provides overthe linkage between the individual processes within the system of processes, aswell as over their combination and interaction.

    When used within a quality management system, such an approach emphasizesthe importance of

    a) understanding and meeting requirements,

    b) the need to consider processes in terms of added value,

    c) obtaining results of process performance and effectiveness, and

    d) continual improvement of processes based on objective measurement.

    The model of a process-based quality management system shown in Figure 1illustrates the process linkages presented in clauses 4 to 8. This illustration showsthat customers play a significant role in defining requirements as inputs.Monitoring of customer satisfaction requires the evaluation of information relating

    to customer perception as to whether the organization has met the customerrequirements. The model shown in Figure 1 covers all the requirements of thisInternational Standard, but does not show processes at a detailed level.

    NOTE In addition, the methodology known as Plan-Do-Check-Act (PDCA) can be

    applied to all processes. PDCA can be briefly described as follows.

    Plan: establish the objectives and processes necessary to deliverresults in accordance with customer requirements and theorganizations policies.

    Do: implement the process.

    Check: monitor and measure processes and product against policies,objectives and requirements for the product and report the

    results.Act: take actions to continually improve process performance.

  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000


    HB 90.92000

    www.standards.com.au Standards Australia


    Figure 1 Model of a process-based quality management system

    Guidance ISO/IEC 12207,Information TechnologySoftware life cycle processes provides asuitable set of such processes and will be referred to in this document.

    The processes are divided into primary processes, which directly contribute to

    developing software, management processes, which manage the resources necessary

    for developing software, and supporting processes, which provide necessary

    services but do not directly develop software.

    This is not the only set of processes suitable for software development and an

    organization may decide on an alternative set of processes. An organization should

    assure itself that the processes adopted cover all necessary software development


  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000


    HB 90.92000

    Standards Australia www.standards.com.au


    Standard 0.3 Relationship with ISO 9004

    The present editions of ISO 9001 and ISO 9004 have been developed as aconsistent pair of quality management system standards which have beendesigned to complement each other, but can also be used independently.

    Although the two International Standards have different scopes, they have similarstructures in order to assist their application as a consistent pair.

    ISO 9001 specifies requirements for a quality management system that can beused for internal application by organizations, or for certification, or for contractualpurposes. It focuses on the effectiveness of the quality management system inmeeting customer requirements.

    ISO 9004 gives guidance on a wider range of objectives of a quality managementsystem than does ISO 9001, particularly for the continual improvement of anorganizations overall performance and efficiency, as well as its effectiveness. ISO9004 is recommended as a guide for organizations whose top managementwishes to move beyond the requirements of ISO 9001, in pursuit of continualimprovement of performance. However, it is not intended for certification or for

    contractual purposes.

    Guidance This document gives guidance in relation to ISO 9001 and does not address mattersraised in ISO 9004.

    Standard 0.4 Compatibility with other management systems

    This International Standard has been aligned with ISO 14001:1996 in order toenhance the compatibility of the two standards for the benefit of the usercommunity.

    This International Standard does not include requirements specific to othermanagement systems, such as those particular to environmental management,occupational health and safety management, financial management or riskmanagement. However, this International Standard enables an organization toalign or integrate its own quality management system with related managementsystem requirements. It is possible for an organization to adapt its existingmanagement system(s) in order to establish a quality management system thatcomplies with the requirements of this International Standard.

    Guidance No further guidance is needed.

  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000


    HB 90.92000

    www.standards.com.au Standards Australia


    Standard 1 Scope

    1.1 General

    This International Standard specifies requirements for a quality management

    system where an organizationa) needs to demonstrate its ability to consistently provide product that meets

    customer and applicable regulatory requirements, and

    b) aims to enhance customer satisfaction through the effective application of thesystem, including processes for continual improvement of the system and theassurance of conformity to customer and applicable regulatory requirements.

    NOTE: In this International Standard, the term product applies only to the product

    intended for, or required by, a customer

    Guidance This clause identifies the areas where the standard is expected to be applicable. Inparticular, it emphasizes the key role that the quality management system is

    expected to play in meeting customer satisfaction

    A significant addition to the 2000 version of the standard is the idea ofenhancing

    customer satisfaction. This is to counter the claim (widely made, and accepted even

    by some quality management consultants) that it was possible to have a quality

    system compliant with the old version of the standard which delivered poor-quality

    product consistently. The insistence of continual improvement aimed at customer

    satisfaction (and documented as part of the quality management system) will close

    the loop on customer satisfaction.

    The standard can be used in a variety of situations, as follows:

    The development of software as part of a system including hardware.

    As part of a contractual agreement between two organizations, e.g. a

    developer and a customer.

    In-house development, where the customer becomes that part of the

    organization requesting the development.

    An organization that carries out project work for its customers.

    A single-product company, in which case each major release of the product

    may be treated as a project.

    NOTE Wherever the word software appears in this part of the standard, it refers not

    just to source code and executable programs, but also to the associated user

    documentation (both paper and on-line), training material and maintenance


  • 7/31/2019 HB 90.9-2000 Software Development - Guide to ISO 9001-2000 Software Development - Guide to ISO 9001-2000


    This is a free preview. Purchase the entire publication at the link below:

    Looking for additional Standards? Visit SAI Global Infostore

    Subscribe to ourFree Newsletters about Australian Standards in Legislation; ISO, IEC, BSI and more

    Do you need to Manage Standards Collections Online?

    Learn about LexConnect, All Jurisdictions, Standards referenced in Australian legislation

    Do you want to know when a Standard has changed?

    Want to become an SAI Global Standards Sales Affiliate?

    Learn about other SAI Global Services:

    LOGICOM Military Parts and Supplier DatabaseMetals Infobase Database of Metal Grades, Standards and Manufacturers

    Materials Infobase Database of Materials, Standards and Suppliers

    Database of European Law, CELEX and Court Decisions

    Need to speak with a Customer Service Representative - Contact Us

    HB 90.9-2000, Software Development - Guide toISO 9001:2000 Software Development - Guide toISO 9001:2000

