How strictly are "Shall" and "Should" interpreted?

M

mbt7FFF

I'm doing a gap analysis using ISO 9003:2004 - essentially ISO 9001 interpreted for organizations producing software products. All of 9001:2000 is included verbatim with software-specific items added.

I find 107 statements with "shall', 106 with "should", 83 with "may". For example:

"8.5.2 The organization shall take action to eliminate the cause of nonconformities in order to prevent recurrence."

"7.5.4 ... The means by which updates to customer-supplied items are accepted and integrated should be defined."

"7.5.1.7 ...When resolving problems, temporary fixes may be used to minimize downtime and permanent modifications carried out later."


With regard to being certified as in compliance, how strictly are these keywords and their associated requirements interpreted?

Does compliance with a "shall" statement mean that there can never any non-compliance? Suppose we achieve the requirement about 85% of the time? 50%? 25%?

Does non-compliance with even a single shall statement prevent non-compliance with the standard overall?

What about "should" statements? In what way are they less strict than a "shall" statement?

Am I correct in assuming that a "may" statement means that it isn't required, but if attempted, we must follow the standard?

Is there any difference in principle between interpretations for an accredited certification and a self-certification?

Thanks in advance.
 

Michael_M

Trusted Information Resource
Does compliance with a "shall" statement mean that there can never any non-compliance? Suppose we achieve the requirement about 85% of the time? 50%? 25%?

I can help a little bit with this part of your question. The standard is not saying you will not make non-conforming parts, simply that you will address and fix when it is discovered.
 
R

Reg Morrison

Throughout ISO 9001:2000, ?shall? is used to express a provision that is binding between two or more parties, ?should? to express a recommendation among possibilities and ?may? to indicate a course of action permissible within the limits of ISO 9001:2000. In this International Standard (ISO/IEC 90003 ), ?should? and ?may? have the same meaning as in ISO 9001:2000, i.e. ?should? to express a recommendation among possibilities and ?may? to indicate a course of action permissible within the limits of this International Standard

PS the document is ISO 90003:2004, not ISO 9003:2004.
 
K

kgott

I'm doing a gap analysis using ISO 9003:2004 - essentially ISO 9001 interpreted for organizations producing software products. All of 9001:2000 is included verbatim with software-specific items added.

I find 107 statements with "shall', 106 with "should", 83 with "may". For example:

"8.5.2 The organization shall take action to eliminate the cause of nonconformities in order to prevent recurrence."

"7.5.4 ... The means by which updates to customer-supplied items are accepted and integrated should be defined."

"7.5.1.7 ...When resolving problems, temporary fixes may be used to minimize downtime and permanent modifications carried out later."


With regard to being certified as in compliance, how strictly are these keywords and their associated requirements interpreted?

Does compliance with a "shall" statement mean that there can never any non-compliance? Suppose we achieve the requirement about 85% of the time? 50%? 25%?

Does non-compliance with even a single shall statement prevent non-compliance with the standard overall?

What about "should" statements? In what way are they less strict than a "shall" statement?

Am I correct in assuming that a "may" statement means that it isn't required, but if attempted, we must follow the standard?

Is there any difference in principle between interpretations for an accredited certification and a self-certification?

Thanks in advance.


Shall is madatory and must be done. Must and will means the same thing but legalease uses the word shall. (safety is riddled with this word.)

Should means that it should be done unless there is a compelling or otherwise good reason for not doing it.

'....temporary fixes may be used to minimize.... 'may' means that you can (as in permitted to,) or, at your option, you can use temporary fixes until a permanent fix is implemented. Remember, most fixes, are temporary fixes until the passessage of time for frequency of use proves that the fix is or will be a permanent solution.
 
Top Bottom