M
mbt7FFF
I'm doing a gap analysis using ISO 9003:2004 - essentially ISO 9001 interpreted for organizations producing software products. All of 9001:2000 is included verbatim with software-specific items added.
I find 107 statements with "shall', 106 with "should", 83 with "may". For example:
"8.5.2 The organization shall take action to eliminate the cause of nonconformities in order to prevent recurrence."
"7.5.4 ... The means by which updates to customer-supplied items are accepted and integrated should be defined."
"7.5.1.7 ...When resolving problems, temporary fixes may be used to minimize downtime and permanent modifications carried out later."
With regard to being certified as in compliance, how strictly are these keywords and their associated requirements interpreted?
Does compliance with a "shall" statement mean that there can never any non-compliance? Suppose we achieve the requirement about 85% of the time? 50%? 25%?
Does non-compliance with even a single shall statement prevent non-compliance with the standard overall?
What about "should" statements? In what way are they less strict than a "shall" statement?
Am I correct in assuming that a "may" statement means that it isn't required, but if attempted, we must follow the standard?
Is there any difference in principle between interpretations for an accredited certification and a self-certification?
Thanks in advance.
I find 107 statements with "shall', 106 with "should", 83 with "may". For example:
"8.5.2 The organization shall take action to eliminate the cause of nonconformities in order to prevent recurrence."
"7.5.4 ... The means by which updates to customer-supplied items are accepted and integrated should be defined."
"7.5.1.7 ...When resolving problems, temporary fixes may be used to minimize downtime and permanent modifications carried out later."
With regard to being certified as in compliance, how strictly are these keywords and their associated requirements interpreted?
Does compliance with a "shall" statement mean that there can never any non-compliance? Suppose we achieve the requirement about 85% of the time? 50%? 25%?
Does non-compliance with even a single shall statement prevent non-compliance with the standard overall?
What about "should" statements? In what way are they less strict than a "shall" statement?
Am I correct in assuming that a "may" statement means that it isn't required, but if attempted, we must follow the standard?
Is there any difference in principle between interpretations for an accredited certification and a self-certification?
Thanks in advance.