ISO/IEC 90003:2004 Software Engineering - Guidelines - Application of ISO 9001:2000

Marc

Hunkered Down for the Duration
Staff member
Admin
#1
From: ISO Standards Discussion
Date: Mon, 24 Jan 2000 15:14:07 -0600
Subject: Re: The Fate of ISO 9000-3 :1997 /Dresner

From: Daniel D

With the upcoming revision of the ISO 9000 series of standards due at the end of 2000, consideration has been given to what will happen to all the other documents in the family.

The ISO committee responsible for the ISO 9000 family is ISO/TC 176. The focus of the work of ISO/TC 176 has been on "core" standards ISO 9000, ISO 9001, ISO 9004 and ISO 19011.

The intention of ISO/TC 176 is that the revised ISO 9001:2000 will be sufficiently generic and easy to understand that guidance will not be required. The original proposal was that all existing guidance documents will be withdrawn.

However, there has been some concern that sector-specific guidance will be required; of particular concern to software engineers is the fate of ISO 9000-3:1997. The current proposal is that the ownership of ISO 9000-3 is transferred to the ISO committee JTC/1 and the section of the British Standard Institution (BSI) committee IST/15 specialising in Software Engineering. BSI through its DISC division has managed the TickIT scheme ( http://www.tickit.org ). TickIT guides software developers to define and implement a quality system which covers all the essential business processes in the product life cycle within the framework of ISO 9000.

The BSI DISC committee BRD/3/1 (responsible for The TickIT Guide) believes that the ownership of the document is not of primary concern, but that it is important that it is retained and revised in line with ISO 9001:2000.

BRD/3/1 would appreciate input from users of ISO 9000-3 :1997 on the following:

1) Do you think that ISO 9000-3 should be retained or withdrawn? 2) Do you think that it should be revised in line with ISO 9001:2000? 3) Any other comments.

Please send your feedback from this via e-mail to [email protected] who will forward it to the committee representative.

For reference here is the pertinent extract from the journal TickIT International 4Q99 article by Andy Coster Quality Manager of Oracle, Chairman, BSI-DISC Committee IST/15.

'Interaction with ISO 9001:2000 is also key to the success of any emerging standards in this area; speaking of which, the UK group that helped to develop ISO 9000-3:1997 have proposed that new guidance for software development organizations should be developed. They have produced a draft for a new version of ISO 9000-3 based on the CD2 version of ISO 9001:2000 that has just completed ballot. There is some hostility to this approach in the software community, where expectations had been raised that the new ISO 9001:2000 would cater for software as well as hardware, services and process industry. The reality is that, although the new standard is much improved and increased in length, it is still difficult to interpret for software development and software engineering. Verification, Validation and Configuration Management are all glossed over in CD2. Some form of additional guidance for software is definitely required but it remains to be seen whether this will be a guidelines standard, a technical report or even specific guidance developed as part of the revision to the TickIT guide. Moreover, it's still not clear who will be developing these guidelines.'

(The complete article was at: http://www.tickit.org/) under the file name of ti4q99.pdf

Danny Dresner
 
Elsmar Forum Sponsor

Marc

Hunkered Down for the Duration
Staff member
Admin
#2
The Status of ISO 9000-3

Date: Wed, 12 Dec 2001 12:50:47 -0600
From: ISO 9000 Standards Discussion
Subject: Re: ISO 9000-3 /Gutierrez/Duncan

From: Scott Duncan

In a previous message (December 11, 2001) Luis Gutierrez wrote:

> Is there any preliminary draft of the new 9001:2000-based 9000-3
> that is already in the public domain? If so, could you kindly
> let us know how to obtain a copy?

I know of no copies in the public domain. However, in the meeting of the SC7 Working Group in Moscow in early November, the following events reportedly occurred:

It was announced that the 9000-3 draft had passed CD level, exceeding the 2/3 threshold for progress to FCD in the period 12/2001 through 4/2002 with results processed at the May 2002 SC7 plenary. This would allow an FDIS ballot during the period of 7/2002 through 9/2002 and potential publication in 11/2002.

However, Japan and France opposed going directly to FCD, believing that additional substantive revision is required. The decision whether to progress the document to FCD was not made though the agreed criterion for progression was achieved. [I believe the Working Group Chair and Editor will meet to decide this since there was some discussion that another CD ballot could delay publication by as much as 6 months.]

The major issue concerned guidance not "specific," but "suitable," to software. Japan believes such guidance should be removed, and provided an informal list of the passages claimed to be generic. [I do not have this list, but the US delegation generally agreed with Japan.] Some items were removed but the overall issue remains.

Additional issues:

- TC176 has not yet agreed to release the "9000-3" number so SC7 can continue to use 9000-3 as the identification for the document. If TC176 declines, SC7 has reserved "2003."

- Compatibility between 15504 and 9001 regarding the role of measurement.

- Japan and France also believe the document is simply too large. The US delegation generally supported this position.

A few items were left incompletely resolved and may appear in future commenting on the document:

- Material about "traceability" remains at a level which some believe is not required by 9001.

- The use of terms "customer", "user" and "acquirer" is confusing as 12207 and 9001 use them differently. The relationship among the terms should be explained and used appropriately thereafter.

- The definition of "software item" does not agree with 12207.

- Generic guidance on process improvement should be replaced with an explanation of process capability as in 15504.

- Guidance in section 7.6 on "Control of monitoring and measuring devices" will be completely replaced with new text.

I can also offer some observations not formally from meeting participants:

The current draft lacks detailed cross-reference to other SC7 standards though it contains a general list of those referenced. It would be a more valuable document if, for each provision of 9001, it explained how much of the provision was satisfied by implementing various SC7 standards and how much would still be left uncovered.

There are concerns that document redundancy and size will cause readers to infer additional requirements that would be onerous given the large number already in TC176 and SC7 standards.

There is also some feeling that a detailed cross-reference should be developed.

Scott
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#3
http://www.iso.org/iso/en/commcentre/pressreleases/2004/Ref906.html

Ref.: 906
29 March 2004

Huge potential user base for ISO/IEC 90003 - the state of the art for improving quality in software engineering
Given the penetration of almost every business sector by information technology, a new ISO/IEC standard for applying ISO 9001:2000 quality management to software engineering has a huge worldwide potential.

ISO/IEC 90003:2004, Software engineering - Guidelines for the application of ISO 9001:2000 to computer software, covers all aspects from development to supply, acquisition, operation and maintenance of computer software.

Victoria Hailey, convener of the international experts who pioneered ISO/IEC 90003:2004 explained its significance, "In addition to providing guidance on how to implement the highly successful ISO 9001:2000 approach in a software environment, the publication of ISO 90003 heralds an important event for the software engineering world because it brings unity to what has been an increasingly fragmented approach, given the sheer number of software engineering standards being developed."

"It cross-refers to the many existing discipline-specific standards that already exist to support a software organization's quality programme," adds Andy Coster, the editor-in-chief of the standard. For example, it extensively references the ISO/IEC 12207 Life Cycle Models to support software project activities, ISO/IEC TR 15504 on Software Process Assessment to support the measurement of processes and continual improvement, and ISO/IEC 14143 to support Functional Size Measurement.

Witold Suryn, secretary of the ISO/IEC technical group that developed the document further explains: "As a unifying standard, ISO/IEC 90003 adds tremendous value to the wealth of knowledge accumulating in the software world by cross-referencing the requirements of the proven ISO 9001:2000 model to some of the most important support document in software engineering documents in existence."

ISO/IEC 90003:2004 is applicable to software that is part of a commercial contract with another organization, a product available for a market sector, used to support the processes of an organization, embedded in a hardware product, or related to software services.

The standard includes the ISO 9001:2000 requirements, to which it adds software-specific guidance without modifying the requirements. ISO/IEC 90003:2004 is not in itself a certification standard and is intended to be useful whether or not the organization seeks ISO 9001:2000 certification.

Victoria Hailey concludes, "ISO 90003 incorporates international best practice. It is useful for every software organization - whatever its level of maturity - that is serious about improving quality."

ISO/IEC 90003:2004 costs 150 Swiss francs and is available from ISO national member institutes (see the complete list with contact details) and from ISO Central Secretariat (see below). It was developed by the joint technical committee established by ISO (International Organization for Standardization) and the IEC (International Electrotechnical Committee) ISO/IEC JTC 1, Information technology, subcommittee SC 7, Software and system engineering, working group WG 18, Quality management.

ISO Store: to order ISO/IEC 90003:2004, Software engineering - Guidelines for the application of ISO 9001:2000 to computer software
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#4
I thought it had disappeared. Has anyone ordered it yet?

You know, as I think about it with consideration to some of the conversations about 9001, I wonder if it will really be something that will 'take off'.
 
G

Graeme

#5
Finally!

It's good to hear that this has finally come out. The last I heard (October 2003) it was a FDIS and had been submitted for voting, but there was no idea when that would be complete. I hope it's been worth the wait.

Now to see where I can get a copy in the US ... maybe from ANSI?
 
W

wrodnigg

#6
Marc said:
I thought it had disappeared. Has anyone ordered it yet?
Yes, I have a copy of it.

It is - o.k. At least a guideline for those who are new to quality management.
And it is a kind of checklist for those who are some years in this business... :tg:
 

Govind

Super Moderator
Staff member
Super Moderator
#7
Have you compared this ISO/IEC 90003:2004 with TickIT Guide 5? Can you share your observations and thoughts?
Thanks,
Govind.
 
Thread starter Similar threads Forum Replies Date
T ISO/IEC 17065 certification scheme Help Other ISO and International Standards and European Regulations 7
R Who is the customer in the ISO/IEC 17025:2017? ISO 17025 related Discussions 1
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
I Approved Suppliers ISO/IEC 17025:2017 and used test equipment ISO 17025 related Discussions 6
S The (E) in ISO/IEC 17025:2017(E) ISO 17025 related Discussions 3
MDD_QNA QR Code Standard ISO/IEC 15417:2007 - Does anyone use it? Other Medical Device Related Standards 3
DuncanGibbons Who are ISO/IEC 17065 and 17025 applicable to? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
V IS/ISO/IEC 17025:2017 Clause 7, sub clause 7.11 Control of data and information management ISO 17025 related Discussions 1
V IS/ISO/IEC 17025:2017 Clause 4.1 Impartiality ISO 17025 related Discussions 3
P Risk acceptability alignment between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 6
S Relationship between IEC 62304 problem resolution and ISO 13485 IEC 62304 - Medical Device Software Life Cycle Processes 8
S When is the last date for transition to ISO/IEC 80079-34:2018? Other ISO and International Standards and European Regulations 0
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Laboratory Manual ISO/IEC 17025 Example wanted ISO 17025 related Discussions 2
Douglas E. Purdy ISO/IEC 17025:2017 3rd Ed. Changes from 2nd Ed. ISO 17025 related Discussions 6
Douglas E. Purdy ISO/IEC 17025:2017 Clause 8 & Annex B ISO 17025 related Discussions 9
Le Chiffre Is ISO/IEC 27001 appropriate for most small businesses? IEC 27001 - Information Security Management Systems (ISMS) 2
D IEC 60601-1 and ISO 14971 Assessment IEC 60601 - Medical Electrical Equipment Safety Standards Series 12
L What are the rules on significance of digits in numbers in IEC/ISO standards? IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
A ISO/IEC 27001 - Issue during implementation of system IEC 27001 - Information Security Management Systems (ISMS) 3
C Data Matrix and DPM (direct part marking) UDI Standards - ISO/IEC TR 29158 Other US Medical Device Regulations 2
T Is there any requirement to be compliant with IEC 62304 while implementing ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 5
Ajit Basrur Informational ISO/IEC 17025:2017 Published - November 2017 ISO 17025 related Discussions 8
G Effect of ISO9001 2015 transition on ISO IEC 80079-34 Other ISO and International Standards and European Regulations 2
Richard Regalado ISMS Auditing Guideline V2 (based from ISO/IEC 27001:2013) IEC 27001 - Information Security Management Systems (ISMS) 7
B Our NB says that IEC 62304 is an ISO 14971 Requirement ISO 14971 - Medical Device Risk Management 1
B Clarification on interpretation of some EN ISO 14971:2012 & IEC 62304:2006 req's ISO 14971 - Medical Device Risk Management 46
H ISO 14971 vs. IEC 62304 vs. 98/79/EC vs. ISO 13485 (Software Medical Device) ISO 14971 - Medical Device Risk Management 1
M Does Calibration to ISO/IEC 17025 conform to Z540.3? ISO 17025 related Discussions 1
K ISO/IEC 27000, ISO 15408 and the DSS security clearance (FCL) -- Oh, My IEC 27001 - Information Security Management Systems (ISMS) 0
M IEC 62304, ISO 14971 and FDA Medical Device SW Guidance 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
Richard Regalado ISO/IEC 27001:2016 Overview and Vocabulary - FREE! IEC 27001 - Information Security Management Systems (ISMS) 3
K ISO 14971 and IEC 62304 - Medical Device Software House ISO 14971 - Medical Device Risk Management 9
Richard Regalado ISO/IEC 27001 Mandatory Documentation Checklist IEC 27001 - Information Security Management Systems (ISMS) 1
A ISO/IEC process of revising the ISO IEC 20000 standards - Your chance to have a say IT (Information Technology) Service Management 1
P Where to start to helping other companies to get ISO IEC 27000? Consultants and Consulting 1
Richard Regalado Sharing a Statement of Applicability (SOA) for ISO/IEC 27001:2013 IEC 27001 - Information Security Management Systems (ISMS) 2
D ISO/IEC 17025 Implementation Workshop Ideas ISO 17025 related Discussions 2
M ISO 14971, IEC 60601 Satisfy 98/37/EC, 2006/95/EC, 2004/108/EC Directives? Other ISO and International Standards and European Regulations 3
M UDI (Unique Device Identifier) ISO/IEC 15459 (Unique Identifiers) Requirements Other US Medical Device Regulations 4
Q A Resource - Cheap Harmonised ISO and IEC Standards EU Medical Device Regulations 2
A ISO/IEC 20000 Toolkit For Academic Purpose IT (Information Technology) Service Management 6
Richard Regalado ISO/IEC 27000:2014 - Information technology - Overview and vocabulary (FREE download) IEC 27001 - Information Security Management Systems (ISMS) 4
E Upcoming changes for ISO 10993 and IEC 60601 in South Korea Other Medical Device Regulations World-Wide 2
Hershal ILAC is preparing to start the possible revision to ISO/IEC 17025 ISO 17025 related Discussions 2
sagai Safety Integrity Requirement as per ISO/IEC 61508 Other ISO and International Standards and European Regulations 2
L Where to purchase ISO/IEC 27001:2013 IEC 27001 - Information Security Management Systems (ISMS) 3
M Does ISO/IEC 17021 Accreditation work for 13485 ISO 13485:2016 - Medical Device Quality Management Systems 2
H IEC 60601-2-24 & ISO 8536-8 - Conflicting Requirements? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3

Similar threads

Top Bottom