IEEE Software Engineering Standards Support for ISO 9001: Getting Your Organization Started

Sample Selection

Introduction

Moving an organization from chaotic free-form development towards a more controlled and documented process can be overwhelming to those tasked to make it happen. This document has been developed to support Software Engineering practitioners who are responsible for defining organizational process improvement efforts in support of establishing an ISO 9001 quality management system.  These individuals are responsible for producing the process documentation and work products or artifacts associated in support of software process definition and improvement. The information provided here specifically addresses how IEEE standards may be used to facilitate the development of processes, internal plans, and procedures in support of managed and defined software and systems engineering processes for conformance to ISO 9001 [47].  This document describes how IEEE Software Engineering Standards can be used to help support the development and definition of corporate best practices.

 

Descriptive vs. Prescriptive Guidance

IEEE Standards can be used as tools to help with the process definition and documentation (e.g., work products) required in support of the process improvement of software and systems development efforts.  Many of the IEEE Software Engineering standards provide detailed procedural explanations, they offer section-by-section guidance on building the necessary support material, and most importantly, they provide best practice guidance in support of process definition as described by those from academia and industry who sit on the panels of standards reviewers. 

ISO 9001 does not tell the user 'how' to satisfy its conformance criteria.  ISO 9001 is a general quality standard providing a process-based management approach.  It describes the criteria that underlying processes should support.  IEEE Standards are prescriptive.  These standards describe how to full fill the requirements associated with all activities of effective software and systems project life cycle.

IEEE standards are highly specific. They are documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics to ensure that materials, products, processes and services are fit for their purpose. In contrast, ISO 9001 is a generic quality management system standard.  "Generic" means that the same standards can be applied to any organization, large or small, whatever its product or service, in any sector of activity, and whether it is a business enterprise, a public administration, or a government department. "Management system" refers to what the organization does to manage its processes or activities in order that the products or services that it produces meet the objectives it has set itself.  "Management system standards" provide the organization with a model to follow in setting up and operating the management system. "Quality management" means what the organization does to ensure that its products or services satisfy the customer's quality requirements and comply with any regulations applicable to those products or services.  ISO 9001 is concerned with the way an organization goes about its work, not directly with the results of this work. The focus of ISO 9001 is on the implementation of the process, not the product (at least, not directly). However the way an organization manages its processes is going to affect its final product.  The efficient and effective management of processes is going to affect whether or not everything has been done to ensure that the product satisfies the customer's quality requirements.  Effective process management and implementation is also an indication of overall software quality.

It is often hard to separate the details associated with product development from the practices required to manage the effort.  Simply handing ISO 9001 standard to a project lead, or manager, provides them with a description of an end results model.  Pairing this with IEEE software and systems engineering standards provides individuals with a way to work towards this desired end.  IEEE standards do not offer a 'cookie cutter' approach to process management; rather these standards support the definition of the management processes in use by describing what is required.  It is up to the implementing organization to apply the definitions as provided by the standards to the ISO 9001 model as they support their organizational requirements.

 

External vs. Internal Motivation

Organizations are motivated to use ISO 9001 from two directions: external and internal. External motivations come in the form of customers, investors, or competitors. Customers typically ask questions in their Request For Quotes (RFQs). Many times a requirement for ISO 9001 conformance or compliance may show up in this RFQ proposed as a contract requirement. Customer inspections or second-party audits may also invoke ISO 9001.  Externally motivated use of ISO 9001 normally leads to registration using third-party auditors.

Internal motivations for ISO 9001 use is often driven by some need for improvement, expected growth, or part of a change management strategy. Reports from industry consistently show that the benefits derived from ISO 9001 improvements have resulted in lowering costs, reducing time cycles, improving product quality, and increased resources for new product features. Internally motivated implementation of ISO 9001 often results in self-declaration of conformance to the standard. 

As described, conformity to the ISO 9001 requirements may be verified by self-declaration, second-party, or third-party registration.  Many software engineering organizations have implemented ISO 9001 in minimal form to the level of self-declaration or registration, but in doing so haven't realized the full potential available when implementing ISO 9001 for third party registration. This is due to the general and abstract nature of ISO 9001 contrasted by the inherent complexity of software engineering processes.  Many details can be missed when claims of self conformance are made.

Successful software engineering organizations create well-formed internal work products or artifacts during the development phases leading to a finished product. While ISO 9001 doesn't describe these artifacts, this document will describe and provide examples of these important artifacts as they are aligned with the IEEE software engineering standards.  Conformance to ISO 9001 using artifacts related to well-known IEEE standards provides benefits of increased confidence to knowledgeable customers and investors and increased clarity to project personnel. The usage of IEEE related artifacts allows customers and investors additional opportunities for interaction during the various project phases leading to refined requirements, feedback, and expectations.  The increased clarity among project personnel promotes easier personnel movement between teams and organizations, better alignment between project and program management and software engineering, and better alignment between company goals, objectives, and project success factors.

For organizations that do not wish to pursue ISO 9001 registration this document will show how the application of IEEE Standards, and their use as reference material, can facilitate the development of sound software and systems engineering practices.  This advice is geared for the ISO 9001 novice, the project manager, and software engineering practitioners who want a one-stop, helpful source, providing the details and implementation support required when pursuing process definition and improvement.  The artifacts described in this document may be used in support of software and systems process definition and improvement[1]. 

________________________________

[1] It should be noted that many of these examples are meant to show intent and offer only narrow perspectives on possible content.

Purchase, Product Descriptions, Author Bios, Table of Contents