ISO 9001 and ISO 9000-3 Standards
Cybermate Infotek Limited
ISO 9001 Quality system Model
for quality assurance in design, development, production, installation and servicing
ISO 9000-3 Quality management and quality assurance standards
Part
3 Guidelines for the application of ISO 9001 : 1994 to the development, supply, installation and maintenance of computer software.
Quality system requirements Management
responsibility Quality system Contract review Design control Document and data control Purchasing Control of customer supplied product
Quality system requirements (contd) Product
identification and traceability Process control Inspection and testing Control of inspection, measuring and test equipment Inspection and test status Control of non conforming product Corrective and preventive action
Quality system requirements (contd) Handling,
storage, packaging, preservation and delivery Control of quality records Internal quality records Training Servicing Statistical techniques
4.1 Management responsibility Quality
policy Organisation - Responsibility and authority Resources Management representative Management review
4.2 Quality system Quality
manual Quality procedures Work Instructions or Guidelines Quality record formats
4.2 Quality system (contd) Quality planning consists Quality requirements Life cycle model to be used Criteria for start and end of phase Verification and validation activities reviews, tests etc.,
4.3 Contract review Before
submission of tender or acceptance of order, reviews are done to ensure that Requirements are defined and documented Any differences between contract and tender are resolved Supplier has the capability to meet contractual requirements Contract review records
4.3 Contract review (contd) Contract review issues Customer related Technical Managerial Legal, security and confidentiality
4.4 Design control Development
consists of - Requirements analysis, architectural design, detailed design and coding. Development to be done as per project plans Development to be organised as per life cycle model.
4.4 Design control (contd) Design and development planning Definition of project Resource requirements Project schedules Review methods Related plans - quality plan, test plan, configuration management plan, installation and maintenance plan.
4.4 Design control (contd) Organisational and technical interfaces Define the interfaces between different groups which input into the design process Customer Testing, installation, maintenance, training depts. Subcontractors, regulatory bodies, associated development projects, help desk
4.4 Design control (contd) Design input Software Requirements Specification may be provided by the customer or prepared by the supplier. SRS to cover functionality, reliability, usability, efficiency, maintainability, portability etc., Hardware and software aspects.
4.4 Design control (contd) Design output Shall meet design input requirements Refer to the acceptance criteria Consist of architectural design, detailed design, source code, user manual etc.,
4.4 Design control (contd) Design
review Design verification Design validation Design changes
4.5 Document and data control Documents
- Quality system documents, Project documents (SRS, SDD, Test plan etc.,) Document preparation, review and approval Right documents at the right place. Document change control
4.6 Purchasing Evaluation
of subcontractors Purchasing data - Specs, inspection instructions etc., Verification of purchased product - Supplier verification at subcontractor’s premises and customer verification of subcontracted product
4.7 Control of customer supplied product Verification,
storage and maintenance of customer supplied products like software, tools, test data, design documents etc.,
4.8 Product identification and traceability Identification
of software items during development phases Configuration management plan for each project Version control Build status and Baseline Change control
4.9 Process control Replication Backups
and disaster recovery plans Network control Hardware maintenance Virus control
4.10 Inspection and testing Test
plans for unit, integration, system and acceptance tests. Receiving inspection and testing Unit testing Module testing Integration testing System testing
4.10 Inspection and testing (contd) Tests
to be performed - functional, boundary, performance, usability etc., Acceptance testing as per acceptance criteria Inspection and tests records
4.11Control of inspection, measuring and test equipment Environment
used for testing software Validation of test tools used in testing
4.12 Inspection and test status Untested,
tested with error, tested successfully or approved for release Movement of software between development and testing.
4.13 Control of nonconforming product Transfer
non conforming product to a separate environment Review and disposition of non conforming product
4.14 Corrective and preventive action Corrective action Handling of customer complaints Investigate causes of non conformities relating to product, process and quality system. Corrective action to eliminate cause of actual non conformities.
4.14 Corrective and preventive action (contd) Preventive action Analyse test, review, audit, service reports to identify and eliminate potential causes of non conformities. Root cause analysis
4.15 Handling, storage, packaging, preservation and delivery Avoid damage to media Virus control Storage in protected environment Delivery by physical media or electronic transfer.
4.16 Control of quality records Identification,
collection, indexing, access, filing, storage, maintenance and disposition of quality records. Quality records demonstrate conformance to specified requirements and effective operation of quality system.
4.17 Internal quality audits Plan
and implement internal quality audits Auditors are independent of the area being audited. Results of audits are recorded and brought to the notice of the auditee. Corrective action taken to close deficiencies. Follow up audits
4.18 Training Training
to enhance skills and knowledge Training needs are identified Training provided as per plans
4.19 Servicing Maintenance
and customer support Problem resolution Interface modifications Functional expansion Performance improvement
4.20 Statistical techniques Establishing,
controlling and verifying process capability and product characteristics Product characteristics - testability, usability, reliability, maintainability, availability
4.20 Statistical techniques (contd) Process
capability - process maturity, defect density, defect removal efficiency, milestone slippage Metric reporting and actions for improvement.