ISO/IEC 90003:2004 Software Engineering - Guidelines - Application of ISO 9001:2000

Marc

Fully vaccinated are you?
Leader
From: ISO Standards Discussion
Date: Mon, 24 Jan 2000 15:14:07 -0600
Subject: Re: The Fate of ISO 9000-3 :1997 /Dresner

From: Daniel D

With the upcoming revision of the ISO 9000 series of standards due at the end of 2000, consideration has been given to what will happen to all the other documents in the family.

The ISO committee responsible for the ISO 9000 family is ISO/TC 176. The focus of the work of ISO/TC 176 has been on "core" standards ISO 9000, ISO 9001, ISO 9004 and ISO 19011.

The intention of ISO/TC 176 is that the revised ISO 9001:2000 will be sufficiently generic and easy to understand that guidance will not be required. The original proposal was that all existing guidance documents will be withdrawn.

However, there has been some concern that sector-specific guidance will be required; of particular concern to software engineers is the fate of ISO 9000-3:1997. The current proposal is that the ownership of ISO 9000-3 is transferred to the ISO committee JTC/1 and the section of the British Standard Institution (BSI) committee IST/15 specialising in Software Engineering. BSI through its DISC division has managed the TickIT scheme ( https://www.tickit.org ). TickIT guides software developers to define and implement a quality system which covers all the essential business processes in the product life cycle within the framework of ISO 9000.

The BSI DISC committee BRD/3/1 (responsible for The TickIT Guide) believes that the ownership of the document is not of primary concern, but that it is important that it is retained and revised in line with ISO 9001:2000.

BRD/3/1 would appreciate input from users of ISO 9000-3 :1997 on the following:

1) Do you think that ISO 9000-3 should be retained or withdrawn? 2) Do you think that it should be revised in line with ISO 9001:2000? 3) Any other comments.

Please send your feedback from this via e-mail to [email protected] who will forward it to the committee representative.

For reference here is the pertinent extract from the journal TickIT International 4Q99 article by Andy Coster Quality Manager of Oracle, Chairman, BSI-DISC Committee IST/15.

'Interaction with ISO 9001:2000 is also key to the success of any emerging standards in this area; speaking of which, the UK group that helped to develop ISO 9000-3:1997 have proposed that new guidance for software development organizations should be developed. They have produced a draft for a new version of ISO 9000-3 based on the CD2 version of ISO 9001:2000 that has just completed ballot. There is some hostility to this approach in the software community, where expectations had been raised that the new ISO 9001:2000 would cater for software as well as hardware, services and process industry. The reality is that, although the new standard is much improved and increased in length, it is still difficult to interpret for software development and software engineering. Verification, Validation and Configuration Management are all glossed over in CD2. Some form of additional guidance for software is definitely required but it remains to be seen whether this will be a guidelines standard, a technical report or even specific guidance developed as part of the revision to the TickIT guide. Moreover, it's still not clear who will be developing these guidelines.'

(The complete article was at: https://www.tickit.org/) under the file name of ti4q99.pdf

Danny Dresner
 

Marc

Fully vaccinated are you?
Leader
The Status of ISO 9000-3

Date: Wed, 12 Dec 2001 12:50:47 -0600
From: ISO 9000 Standards Discussion
Subject: Re: ISO 9000-3 /Gutierrez/Duncan

From: Scott Duncan

In a previous message (December 11, 2001) Luis Gutierrez wrote:

> Is there any preliminary draft of the new 9001:2000-based 9000-3
> that is already in the public domain? If so, could you kindly
> let us know how to obtain a copy?

I know of no copies in the public domain. However, in the meeting of the SC7 Working Group in Moscow in early November, the following events reportedly occurred:

It was announced that the 9000-3 draft had passed CD level, exceeding the 2/3 threshold for progress to FCD in the period 12/2001 through 4/2002 with results processed at the May 2002 SC7 plenary. This would allow an FDIS ballot during the period of 7/2002 through 9/2002 and potential publication in 11/2002.

However, Japan and France opposed going directly to FCD, believing that additional substantive revision is required. The decision whether to progress the document to FCD was not made though the agreed criterion for progression was achieved. [I believe the Working Group Chair and Editor will meet to decide this since there was some discussion that another CD ballot could delay publication by as much as 6 months.]

The major issue concerned guidance not "specific," but "suitable," to software. Japan believes such guidance should be removed, and provided an informal list of the passages claimed to be generic. [I do not have this list, but the US delegation generally agreed with Japan.] Some items were removed but the overall issue remains.

Additional issues:

- TC176 has not yet agreed to release the "9000-3" number so SC7 can continue to use 9000-3 as the identification for the document. If TC176 declines, SC7 has reserved "2003."

- Compatibility between 15504 and 9001 regarding the role of measurement.

- Japan and France also believe the document is simply too large. The US delegation generally supported this position.

A few items were left incompletely resolved and may appear in future commenting on the document:

- Material about "traceability" remains at a level which some believe is not required by 9001.

- The use of terms "customer", "user" and "acquirer" is confusing as 12207 and 9001 use them differently. The relationship among the terms should be explained and used appropriately thereafter.

- The definition of "software item" does not agree with 12207.

- Generic guidance on process improvement should be replaced with an explanation of process capability as in 15504.

- Guidance in section 7.6 on "Control of monitoring and measuring devices" will be completely replaced with new text.

I can also offer some observations not formally from meeting participants:

The current draft lacks detailed cross-reference to other SC7 standards though it contains a general list of those referenced. It would be a more valuable document if, for each provision of 9001, it explained how much of the provision was satisfied by implementing various SC7 standards and how much would still be left uncovered.

There are concerns that document redundancy and size will cause readers to infer additional requirements that would be onerous given the large number already in TC176 and SC7 standards.

There is also some feeling that a detailed cross-reference should be developed.

Scott
 

Sidney Vianna

Post Responsibly
Leader
Admin
(broken link removed)

Ref.: 906
29 March 2004

Huge potential user base for ISO/IEC 90003 - the state of the art for improving quality in software engineering
Given the penetration of almost every business sector by information technology, a new ISO/IEC standard for applying ISO 9001:2000 quality management to software engineering has a huge worldwide potential.

ISO/IEC 90003:2004, Software engineering - Guidelines for the application of ISO 9001:2000 to computer software, covers all aspects from development to supply, acquisition, operation and maintenance of computer software.

Victoria Hailey, convener of the international experts who pioneered ISO/IEC 90003:2004 explained its significance, "In addition to providing guidance on how to implement the highly successful ISO 9001:2000 approach in a software environment, the publication of ISO 90003 heralds an important event for the software engineering world because it brings unity to what has been an increasingly fragmented approach, given the sheer number of software engineering standards being developed."

"It cross-refers to the many existing discipline-specific standards that already exist to support a software organization's quality programme," adds Andy Coster, the editor-in-chief of the standard. For example, it extensively references the ISO/IEC 12207 Life Cycle Models to support software project activities, ISO/IEC TR 15504 on Software Process Assessment to support the measurement of processes and continual improvement, and ISO/IEC 14143 to support Functional Size Measurement.

Witold Suryn, secretary of the ISO/IEC technical group that developed the document further explains: "As a unifying standard, ISO/IEC 90003 adds tremendous value to the wealth of knowledge accumulating in the software world by cross-referencing the requirements of the proven ISO 9001:2000 model to some of the most important support document in software engineering documents in existence."

ISO/IEC 90003:2004 is applicable to software that is part of a commercial contract with another organization, a product available for a market sector, used to support the processes of an organization, embedded in a hardware product, or related to software services.

The standard includes the ISO 9001:2000 requirements, to which it adds software-specific guidance without modifying the requirements. ISO/IEC 90003:2004 is not in itself a certification standard and is intended to be useful whether or not the organization seeks ISO 9001:2000 certification.

Victoria Hailey concludes, "ISO 90003 incorporates international best practice. It is useful for every software organization - whatever its level of maturity - that is serious about improving quality."

ISO/IEC 90003:2004 costs 150 Swiss francs and is available from ISO national member institutes (see the complete list with contact details) and from ISO Central Secretariat (see below). It was developed by the joint technical committee established by ISO (International Organization for Standardization) and the IEC (International Electrotechnical Committee) ISO/IEC JTC 1, Information technology, subcommittee SC 7, Software and system engineering, working group WG 18, Quality management.

ISO Store: to order ISO/IEC 90003:2004, Software engineering - Guidelines for the application of ISO 9001:2000 to computer software
 

Marc

Fully vaccinated are you?
Leader
I thought it had disappeared. Has anyone ordered it yet?

You know, as I think about it with consideration to some of the conversations about 9001, I wonder if it will really be something that will 'take off'.
 
G

Graeme

Finally!

It's good to hear that this has finally come out. The last I heard (October 2003) it was a FDIS and had been submitted for voting, but there was no idea when that would be complete. I hope it's been worth the wait.

Now to see where I can get a copy in the US ... maybe from ANSI?
 
W

wrodnigg

Marc said:
I thought it had disappeared. Has anyone ordered it yet?

Yes, I have a copy of it.

It is - o.k. At least a guideline for those who are new to quality management.
And it is a kind of checklist for those who are some years in this business... :tg:
 

Govind

Super Moderator
Leader
Super Moderator
Have you compared this ISO/IEC 90003:2004 with TickIT Guide 5? Can you share your observations and thoughts?
Thanks,
Govind.
 
Top Bottom