ISO 9000


Another popular set of standards related to software quality is the International Organization for Standardization's (ISO) 9000. ISO is an international standards organization that sets standards for everything from nuts and bolts to, in the case of ISO 9000, quality management and quality assurance.

You may have heard of ISO 9000 or noticed it in advertisements for a company's products or services. Often it's a little logo or note next to the company name. It's a big deal to become ISO 9000 certified, and a company that has achieved it wants to make that fact known to its customersespecially if its competitors aren't certified.

ISO 9000 is a family of standards on quality management and quality assurance that defines a basic set of good practices that will help a company consistently deliver products (or services) that meet their customer's quality requirements. It doesn't matter if the company is run out of a garage or is a multi-billion-dollar corporation, is making software, fishing lures, or is delivering pizza. Good management practices apply equally to all of them.

ISO 9000 works well for two reasons:

  • It targets the development process, not the product. It's concerned about the way an organization goes about its work, not the results of the work. It doesn't attempt to define the quality levels of the widgets coming off the assembly line or the software on the CD. As you've learned, quality is relative and subjective. A company's goal should be to create the level of quality that its customers want. Having a quality development process will help achieve that.

  • ISO 9000 dictates only what the process requirements are, not how they are to be achieved. For example, the standard says that a software team should plan and perform product design reviews (see Chapters 4 and 6), but it doesn't say how that requirement should be accomplished. Performing design reviews is a good exercise that a responsible design team should do (which is why it's in ISO 9000), but exactly how the design review is to be organized and run is up to the individual team creating the product. ISO 9000 tells you what to do but not how to do it.

NOTE

A company becoming certified as having met ISO 9000 is an indication that it has achieved a specified level of quality control in its development process. It doesn't mean that its products have a specified level of qualityalthough it's probably a safe bet that its products are better quality than a company's that doesn't meet ISO 9000.

For this reason, especially in the European Union but becoming more frequent in the United States, customers are expecting their suppliers to be ISO 9000 certified. If two suppliers are competing for the same contract, the one with ISO 9000 certification will have the competitive edge.


The sections of the ISO 9000 standard that deal with software are ISO 9001 and ISO 9000-3. ISO 9001 is for businesses that design, develop, produce, install, and service products. ISO 9000-3 is for businesses that develop, supply, install, and maintain computer software.

It's impossible to detail all the ISO 9000 requirements for software in this chapter, but the following list will give you an idea of what types of criteria the standard contains. It will also, hopefully, make you feel a little better, knowing that there's an international initiative to help companies create a better software development process and to help them build better quality software.

Some of the requirements in ISO 9000-3 include

  • Develop detailed quality plans and procedures to control configuration management, product verification and validation (testing), nonconformance (bugs), and corrective actions (fixes).

  • Prepare and receive approval for a software development plan that includes a definition of the project, a list of the project's objectives, a project schedule, a project specification, a description of how the project is organized, a discussion of risks and assumptions, and strategies for controlling it.

  • Communicate the specification in terms that make it easy for the customer to understand and to validate during testing.

  • Plan, develop, document, and perform software design review procedures.

  • Develop procedures that control software design changes made over the product's life cycle.

  • Develop and document software test plans.

  • Develop methods to test whether the software meets the customer's requirements.

  • Perform software validation and acceptance tests.

  • Maintain records of the test results.

  • Control how software bugs are investigated and resolved.

  • Prove that the product is ready before it's released.

  • Develop procedures to control the software's release process.

  • Identify and define what quality information should be collected.

  • Use statistical techniques to analyze the software development process.

  • Use statistical techniques to evaluate product quality.

These requirements should all sound pretty fundamental and common sense to you by now. You may even be wondering how a software company could even create software without having these processes in place. It's amazing that it's even possible, but it does explain why much of the software on the market is so full of bugs. Hopefully, over time, competition and customer demand will compel more companies in the software industry to adopt ISO 9000 as the means by which they do business.

If you're interested in learning more about the ISO 9000 standards for your own information or if your company is pursuing certification, check out the following websites:

  • International Organization for Standardization (ISO), www.iso.ch

  • American Society for Quality (ASQ), www.asq.org

  • American National Standards Institute (ANSI), www.ansi.org



    Software Testing
    Lessons Learned in Software Testing
    ISBN: 0471081124
    EAN: 2147483647
    Year: 2005
    Pages: 233

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net