ISO 9001 Standard / ISO 9001 Standards – ISO 9000 Standard / ISO 9000 Standards Certification & Implementation

Configuration management is about managing change of the multiple items composing an information system. This article puts in reference the configuration management function andthe ISO 9001 standard. This standard offers a wide range of advice on how todeal with this important, but often neglected, aspect of software engineering.

The software engineering practices associated with software configuration management (SCM or CM) offer a number of opportunities to addressrequirements found in the International Standard, ISO 9001. From a managementperspective, the principles and practices of CM represent an accepted andunderstood foundation for implementing ISO-compliant processes in softwareengineering organizations. In addition, the growing number of tools forautomating CM practices is chance for improving the efficiency and effectiveness of these processes.

This article begins with brief, general definitions of configuration management and of ISO 9001.

While there is no single definition of CM, there are three widely disseminated views from three different sources: the Institute ofElectrical and Electronics Engineers (IEEE), The International Organisation forStandardisation (ISO), and the Software Engineering Institute (SEI) at Carnegie Mellon University.

A most widely understood description of the practices associated with configuration management is found in the IEEE Standard 828-1990,Software Configuration Management Plans.

[Numbers in brackets are added]

“SCM activities are traditionally grouped into four functions: [1] configuration identification, [2] configuration control, [3]status accounting, and [4] configuration audits and reviews.”

IEEE Standard 828-1990 goes on to list specific activities associated with each of the four functions (the number of the paragraphcontaining the reference appears in parentheses):

• Identification: identify, name, and describe the documented physical and functional characteristics of the code, specifications, design, and data elements to be controlled for the project. (Paragraph 2.3.1)
• Control: request, evaluate, approve or disapprove, and implement changes (Paragraph 2.3.2)
• Status accounting: record and report the status of project configuration items [initial approved version. status of requested changes, implementation status of approved changes] (Paragraph 2.3.3)
• Audits and reviews: determine to what extent the actual configuration item reflects the required physical and functional characteristics (Paragraph 2.3.4)

This list is similar to the set of activities noted by Pressman:

“Software configuration management is an umbrella activity … developed to (1) identify change, (2) control change, (3) ensure that change is being properly implemented, and (4) report change to others who may have an interest.”

In the guideline document, ISO 9000-3:1991 Guidelines for the application of ISO 9001 to the development, supply and maintenance of software, the International Organisation for Standardisation identifies a similar set of practices as CM:

“Configuration management provides a mechanism for identifying, controlling and tracking the versions of each software item. In many cases earlier versions still in use must also be maintained and controlled.

“The [CM] system should

“a) identify uniquely the versions of each software item;

“b) identify the versions of each software item which together constitute a specific version of a complete product;

“c) identity the build status of software products in development or delivered and installed;

“d) control simultaneous updating of a given software item by more than one person;

“e) provide coordination for the updating of multiple products in one or more locations as required;

“f) identify and track all actions and changes resulting from a change request, from initiation … to release.”

Based on a review of currently available tools and an evolving understanding of the organizational role of CM, the SEI advocates a broader definition of CM in SEI-92-TR-8:

“The standard definition for CM taken from IEEE standard 729-1983 [updated as IEEE Std 610.12-1990] includes:

“Identification: identifying the structure of the product, its components and their type, and making them unique and accessible in some form

“Control: controlling the release of product and changes to it throughout the life cycle …

“Status Accounting: recording and reporting the status of components and change requests, and gathering vital statistics about components in the product

“Audit and review: validating the completeness of a product and maintaining consistency among the components …

“[The IEEE] definition of CM … needs to be broadened to encompass … :

“Manufacturing: managing the construction and building of the product

“Process management: ensuring the correct execution of the organization’s procedures, policies, and life-cycle model

“Team work: controlling the work and interactions between multiple developers on a product.”

In 1987, the International Organisation for Standardisation in Geneva Switzerland published ISO 9001, Quality Systems – Model for quality assurance in design / development, production, installation, and servicing.

ISO 9001 is the most comprehensive model in the ISO 9000 series of standards. It describes a minimum set of activities found in companies and organizations that consistently produce products that satisfy customer requirements. The policies, procedures, standards, records, and associated business activities are the quality system. While ISO 9001 is written to describe any company providing any product or service, it tends to employ manufacturing terminology, which must be interpreted for non-manufacturing environments, including service and software providers.

To ensure a uniform interpretation of ISO 9001 for software engineering organizations, ISO published ISO 9000-3, Guidelines for the Application of ISO 9001 to the development, supply and maintenance of software.

The key issues ISO 9000-3 addresses are those:

• Product exists earlier in software (during design and development)
• Software product can be proliferated easily

Focusing on these issues mirrors the guidance in Clause 7.4 of ISO 9000-1:1994:

The process of development, supply, and maintenance of software is different from that of most other types of industrial products in that there is no distinct manufacturing phase. Software does not “wear out” and, consequently, quality activities during the design phase are of paramount importance to the final quality of the product.

Note that ISO 9000-1 and ISO 9000-3 provides guidance. ISO 9001 is the only source of the requirements against which compliance in software engineering practices is assessed.

ISO 9001 and Configuration Management

Tracing the relationship between ISO 9001′s requirements and CM practices begins with an examination of the guidance in ISO 9000-3.

ISO 9000-3 and configuration management

ISO 9000-3 contains two appendices, Annex A and Annex B, that provide cross-references between ISO 9001 and ISO 9000-3. According to Annex A, five sections of ISO 9001 correlate to ISO 9000-3, Paragraph 6.1, Configuration Management:

• 4.4 Design control
• 4.5 Document data control
• 4.8 Product identification and traceability
• 4.12 Inspection and test status
• 4.13 Control of nonconforming product

Each of these sections of ISO 9001 contains a portion of the traditional CM process.

4.4 Design control addresses all of the steps in the software development life cycle: planning, specification, design, coding, testing

Section 4.4 requires that design inputs and outputs be documented, reviewed, verified, controlled, approved, and modified according todocumented procedures. Design inputs and outputs include plans(project life cycle definition), specifications, prototypes, requirementsdocuments, progress reports, review results, test plans, test cases/scripts, development tools, code, and test reports.

ISO 9001 4.4.9 Design changes, in conjunction with ISO 9001 4.14.2 Corrective action, and 4.13 Control ofnonconforming product, requires that each change be traceable to an appropriate source and approval.

For software product there should be a clear path between a change request spawned by a fault report or enhancement request and a change ina specific product component to correct the fault or to implement the enhancement.

An interested party should be able to pick up the path at any point and follow it forward to the released change and backward to the changerequest or to the fault report.

4.5 Document and data control addresses the identification, protection, approval, and availability of current issues of allpertinent product- and project-related documents, including designs, specifications, plans, and schedules.

Because a fundamental function of CM is making current configuration items available, the CM practices and tools can be applied to thecontrol of product- and process-related documentation and data.

4.8 Product identification and traceability requires that each version of a configuration item be identified by some appropriate means.

4.12 Inspection and Test Status requires procedures to identify what verification steps and tests have been completed and what resultshave been achieved by the product or product components at each phase in the defined development life cycle.

4.13 Control of Nonconforming Product requires procedures to ensure that untested, defective, or incorrect versions (e.g., down level) ofthe product are not inadvertently used. This paragraph of ISO 9001also requires a procedure to determine the disposition of nonconforming product at all stages.

For software, the bulk of the activity related to non-conforming product is in the correction of faults identified during allphases of development (e.g., during requirements definition, prototyping,integration testing, and beta testing) and after the product has been released (e.g., customer reported faults).

ISO 9000 is a group of internationally recognized standards regarding quality management systems, laid down by the International Standard Organization. Previously divided into different standards like ISO 9001, ISO 9002, ISO 9003, they are now revised and combined into one simplified standard which covers all aspects, known as ISO 9001:2000. Another review is in process, but according to experts not many changes are expected.

How important is ISO 9001 for your business?  Or do you really need ISO 9001 certification?  The answer to these questions depends on your nature of business and future plans. ISO certification can prove to be very helpful and is quite necessary if you are planning to go global. It provides your business with much needed credibility and improves your company’s overall impression. If you are operating in a highly competitive market, ISO certification can be a competitive advantage. However, acquiring ISO 9001 certification is very expensive and it all depends on your business nature, needs and more importantly the availability of funds.

Will it improve your product’s quality?
ISO 9001 certification has no direct affect on product’s quality; it mainly deals with quality management systems.  Although implementing these standards may improve the final product quality and reduce cost, it should not be used to measure a product’s quality or business’s profitability.

Obtaining ISO 9001 certification:
After the management has decided that having an ISO 9001 Certificate can be fruitful for the business. Some senior person, who is well informed of ISO standards, should be made in charge of all this process. ISO certification requires businesses to write down all procedures, job descriptions, different department functions, etc in accordance with ISO standards. Next step is the implementation. Start with educating the employees; tell them about the importance and significance of ISO certification, once motivated, they should be directed on how they can help in acquiring certification? Perform internal audits frequently to check if everybody is following the procedures. Make corrective actions when some error is found. If needed, you can hire an advisory service as well.

Issuance of Certificate:
International standard organization (ISO) doesn’t provide any certification itself. These certifications are issued by registered bodies that are entitled to do so. After some business has taken all necessary steps and their quality management system is in accordance with ISO guidelines, they can apply for the certification. Some representative from these registration bodies will visit the workplace or factory and observe the procedures. If satisfied, they will provide an ISO certification which is valid for three years.

ISO 9001 is known across the world as the standard for high quality business operations and management. Both big and small companies prefer going by ISO 9001 Standards because of its versatility and efficiency. Today, over 875,000 companies are ISO certified, getting the most out of their capital.ISO 9001 is implemented on business processes involving product creation and control of the amount and quality of a companys product or service. By incorporating a solid system to monitor and control business activities, a company can deliver products and services that satisfy the demands of costumers or organizations. ISO 9001 can be applied to any existing product or service made using any available process regardless of a companys location.By implementing ISO 9001, staff members will be more motivated because they will have more defined roles and responsibilities. There will also be a notable increase in the efficiency and productivity of employees. Any deficiencies in the product or service will be easier to detect, allowing early corrective procedures. This will result in fewer expenses, less customer complaints, and minimal product rejection that may warrant extensive rework if not detected early.Having ISO 9001 certification is an indication that a company or business firm is committed to providing customers with high quality products and services. It also shows that a company is willing to do what it takes to achieve better production efficiency. These are the two traits all customers and organizations look for when choosing a company to do business with.A business certified by an accredited ISO 9001 registrar also shows that it has a solid and excellent Quality Management System that is capable of passing the rigors of independent and external auditing. By enhancing a companys image in the customers eyes, an ISO certified business firm has a competitive advantage over other businesses in the same industry.In order to qualify for ISO 9001 registration, a company must first check the requirements and how these requirements can be incorporated to its production processes. Once the objectives are established and documentation about implementation of requirements is done, evaluation can be made to ensure that the requirements are properly implemented. After proving that the system is working efficiently through internal audits, accredited certification bodies can then perform their own audits to determine if a company can be eligible for ISO certification.
Read more: http://www.iso9001store.com

The ISO 9001 accreditation is part of the International Organization for Standardization 9000 standards. They are awarded to businesses for quality. The 9001 is recognized worldwide as an award for a companys internal quality management or actions that the company takes to ensure the product or service they provide is of the highest quality. Customer satisfaction is a major factor in whether a company will be awarded an ISO 9001 accreditation.

There are many benefits for a company to have an ISO 9001 accreditation and the most important being that it gives a great impression of the business. If companies are planning to tender for a contract with a Local Authority for example, it can be one of the required criteria. Some of the other benefits include continuously detailed and quality driven running of your business, an improvement in customer satisfaction, improved business status, and an increase in staff motivation. A business can even integrate the ISO 9001 with other ISO standards such as those for health and safety, environmental and information security to further enhance the status of the company. The ISO standards all integrate together effortlessly so a business should have no problems maintaining ISO standards in all areas.

To get an ISO 9001 accreditation, your business will have to prepare and look for help and advice. You can check the ISO website for any advice on how to begin the process. You will need to find out everything you can before applying to see what you need to implement into your business. Find out as much as possible as this will ease your application process. Once you have decided to apply, a Lead Assessor will be appointed to you to help guide you through the whole process. Your lead assessor will be your first point of contact throughout and he or she should be able to answer any questions you have.

Stage one of the application process is the pre-audit assessment. This is where your lead assessor will visit your premises and make a report of everything you need to implement in order to gain your accreditation. After the visit you will be given a detailed report on all the necessary actions which need to be taken. You can then set a deadline for completing the required actions.

The second stage is the audit assessment. This will be set up for you by your lead assessor and an auditor will visit your premises and will notify you of any recommendations before leaving. If the auditor recommends that you be awarded the ISO 9001 accreditation, it will be confirmed shortly afterwards formally. You will then receive your ISO 9001 certification. However, the process does not end there. If you are awarded the certificate it is up to you to maintain the standards of quality that you have set. You will be continually assessed to ensure that your standards are maintained. You will still have the services of your lead assessor to help you to meet any requirements which are set down by the ISO 9001 standard.
.

Regardless of the size of a business, management plays an important role in keeping it alive.  This is why a lot of businesses these days try to implement solid management frameworks to keep things running as smooth as possible.  Without proper management, it would be difficult for a business to carry out projects and produce high-quality products.  In many countries, businesses usually fail because of inefficient management systems.

Created by a group consisting of representatives of local standards organizations from different countries around the world, ISO 9001 can greatly improve the production output by renovating the way a business is operated.  Careful documentation is implemented, providing managers with a better overall view of their businesses.  It also helps in keeping the workers motivated, and it improves the efficiency of business processes by minimizing losses and expenses attributed to defective products or other liabilities.

ISO 9001 contains a series of business and management prerequisites that help a company to keep up with international standards.  Upon successful implementation, an ISA registrar will issue a certification as proof that a business meets all the business specifications set by ISO 9001.

The ISO 9001 standard is applicable to any kind of business, department, or branch that wants to improve the way it operates.  However, by implementing ISO 9001 in an entire company instead of a single branch, a company can get the most out of the quality management system.  With the entire business system working uniformly, any business will be able to see significant improvements in overall production and income.

The good thing about ISO 9001 is that it is a highly compatible standard.  This means businesses with existing standards, such as one that has ESD 20:20 certification, can further optimize their profits without having to perform too much management restructuring, potentially saving lots of time and resources. Existing standards, combined with ISO 9001, even become more effective.

Any business interested in streamlining their operations should get a copy of the ISO 9001 standard.  Although not all points in the standard are required to be eligible for certification, implementing them all ensures a company will get the most out of the standard.

Visit http://www.iso9001store.com for more information.