ISO 9001 implementation in IT Companies
Transcript of ISO 9001 implementation in IT Companies
Introduction
How to get certified for ISO 9001?
ISO 9001 in software industry
ISO 9001 V/S CMM
Why to get ISO 9001:2000 certified?
Issues
Conclusions
Evolution of ISO 9001:2000
BS 5750
World War II
ISO 9000:1987
1987
1994
2000
2008
ISO 9000:1994
ISO 9001:2000
ISO 9001:2008
•ISO 9001 is a family of standards for quality management systems. It is maintained by ISO- International Organization for Standardization and is administered by accreditation and certification bodies.
•Some of the requirements in ISO 9001 include:
a set of procedures that cover all key processes in the business; monitoring processes to ensure they are effective; keeping adequate records; checking output for defects, regularly reviewing individual processes and the quality
system itself for effectiveness; and facilitating continual improvement
Although the standards originated in manufacturing, they are now
employed across a wide range of other types of organizations. A
"product", in ISO vocabulary, can mean a physical object, or services,
or software.
• AS 9000 - Aerospace
• PS 9000 – Pharmaceuticals Packaging
• QS 9000 - Automotives
• TL 9000 – Telecom Quality Management
• ISO 13485:2003 – Medical
• ISO/IEC JTC1/SC7 – Software Engineering standards
The ISO 9001:2000 DocumentThis is a document of approximately 30 pages which is available from the national standards organization in each country. Outline contents are as follows :
Section 1: ScopeTalks about the standard and how it applies to organizationsSection 2: Normative ReferenceReferences another document that should be used along with the standard, ISO 9000:2000, Quality Management Systems-Fundamentals and VocabularySection 3: Terms and DefinitionsGives a few new definitionsSection 4: General RequirementsGives requirements for the overall Quality Management SystemSection 5: Management ResponsibilityGives requirements for Management and their role in the Quality Management SystemSection 6: Resource ManagementGives requirements for resources including personnel, training, the facility and work environmentSection 7: Product RealizationGives requirements for the production of the product or service, including things like planning, customer related processes, design, purchasing and process controlSection 8: Measurement, Analysis and ImprovementGives requirements on monitoring processes and improving those processes
• Internal Audit
• External Audit …….Bureau Veritas Certification
• Audits are based on ISO 19011
•Under the 1994 standard, the auditing process could be adequately addressed by performing "compliance auditing":•Say what you do (describe the business process)•Do what you say (reference the procedure manuals)•Prove that that is what happened (exhibit evidence in documented records)
•Continually improve
•The 2000 version uses a process approach•Auditors are expected to focus on risk, status and importance• They are expected to make judgments on what is effective rather than what is formally prescribed
Clauses Description Liability
1 ManagementResponsibility
President/CEO, VP Quality & Admin
2 Quality System VP Quality & Admin
3 Contract Review VP Finance
4 Design Control VP R&D
5 Document & DataControl
VP Quality & Admin
6 Purchasing VP Finance
7 Control of Customer Supplied Product
8 Product Identification & Traceability
9 Process Control
10 Inspection & Testing VP R&D
Organizational Roles & Responsibilities
Clause Description Liability
11 Inspection, Measuring & Test Control
Manager – Technical Services
12 Inspection & Test Status VP Operations
13 Control of Non-Conforming Product
14 Corrective & PreventiveAction
15 Handling, storage, packaging, preservation & delivery
16 Control of Quality Records
VP Quality & Admin
17 Internal Quality Audits VP Quality & Admin
18 Training VP Operations
19 Servicing VP Operations
20 Statistics VP Quality & Admin
• Creates an efficient, effective operation
•Increases customer satisfaction and retention
•Reduces audits
•Enhances marketing
•Improves employee motivation, awareness, and morale
•Promote international trade
•Reduce waste and increases productivity
ISO 9001:2000 in Software Industry
Functionality
Portability
Maintainability
Efficiency
Usability
Reliability
• Suitability• Accurateness• Interoperability• Compliance• Security
• Maturity• Fault Tolerance• Recoverability
• Understandability• Learning Ability• Operability
• Time Behavior• Resource Behavior
• Analyzability• Changeability• Stability• Testability
• Adaptability• Instalability
ISO 9001:2000 certified Software Cos
•Accenture Technology Solutions, Italy• BirlaSoft• Infosys• Microsoft
ISO 9001:2000 V/S CMM
• Functionality Difference
CMM - Systems Engineering, Software Engineering, Integrated Product and Process Development, and Supplier SourcingISO – Generic
• Dissimilar Scope & FocusCMM – determines maturityISO – Conformance• Documentation Size
CMM – 729 pagesISO – 30 pages
Common themes between ISO & CMM Emphasis on process
Documented processes
Practiced processes
How, not What
What ISO misses compared to CMMI? Institutionalization
Focus on Organizational Training
Maintaining Process Asset Library
Discipline of Risk Management
Causal Analysis
Concept of Stakeholders
What level in the Software CMM would9001 compliant organization be at?
Conceivably at Level 1 (INITIAL) , if the focus is strictly on getting the ISO 9001 certificate
In principle, should be at least a strong Level 2 (REPEATABLE) organization and probably Level 3 (DEFINED)
Issues with ISO 9001:2000 Common criticism of time & paperwork
Opponents Take – only for documentation
Promotes specifications, control & procedures rather than understanding & improvement
Often done for customer contractual requirements
Since external auditors are required, the auditors tend to have a softer approach
•ISO/IEC 20000:2005 IT Service Management System
•ISO/IEC DIS 25961 Recommended Practice for Architectural Description of Software-Intensive Systems
•ISO/IEC 27001 Information security management systems
Some of the newly created ISO Standards for IT
Certification to an ISO 9000 standard does not guarantee the compliance (and therefore the quality) of end products and services; rather, it certifies that consistent business processes are being applied. Indeed, some companies enter the ISO 9001 certification as a marketing tool.
Conclusion
Thank You