ISO9000-3 - Software Traceability Requirements

Y

YossiD

#1
Traceability of software requirements

This is a long post so I apologize in advance.

My company's software procedures have just been audited for the first time for compliance with ISO9001. We manufacture computers for embedded applications and have had ISO9001 certification for our hardware development, production, and testing for some time, but we have only recently implemented formal procedures in the software area. Our software consists mostly of drivers, diagnostics, and operating systems kernels that reside on our hardware products or are intended for incorporation by customers into their software applications.

The auditor who checked our software procedures and documents was generally satisfied with our system, but has witheld certification because he claims that there is no documented traceability of requirements from one document to the next.

For example, if we are designing and manufacturing a computer system in accordance with a customer specification that calls out specific Built-in Tests (BIT), we will write a Software Requirements Specification (SRS) that specifies what the BIT software must do. Of course, the SRS must reflect the customer's requirements, but I don't think it's necessary to document the mapping of the spcification requirements to the SRS.

Once the software has been written, it must be tested in accordance with a Software Test Description (STD) document. The STD must have a one-to-one correleation with the SRS, but again, I'm not sure it's necessary to document this correlation.

Software test results are documented in a Software Test Report (STR). The auditor insists that there be documented correlation from the STR back to the requirements of the customer specification.

Theoretically, whoever reviews and approves each document should verify that all requirements are covered. Nevertheless, I do not deny that the requested traceability is desireable, and it is quite likely that we will use some kind of compliance matrix to verify that requirements are met, but I'd prefer to avoid commiting to this in written procedures.

I have not found any mention in ISO9000-3 of a requirement for this kind of documented traceability and I do not believe that the auditor is within his authority when insisting upon it. Certainly we have never been required to document requirements traceability with respect to mechanical and hardware related documents, so why for software?

I'd appreciate anyone's thoughts on this.

YossiD
 
Elsmar Forum Sponsor
#2
Hi YossiD, and welcome to the Cove :bigwave:

Interesting question. At first glance I agree with your conclusions, but I'd like to think it through for a while.

And hey, don't apologize... I've seen posts a lot loger than this one...;)

/Claes
 
V

Vincnet

#3
Well YossiD,

my feeling is the following, if you :

1) lay-out your customers requirement in an organised numbered way with a unique id for each of them.
2) write your SRS following the same organisation as in the customer's requirement file or at least refering to each requirement with it's unique id in the SRS.
3) Keep the same organisation in the STD.

Then you can keep fulll traceability without having to do any mapping or cross reference table. And your auditor shouldn't say anything or it would be abuse of power.

In fact, I would just refer documents in cascade, SRS having the customer's requirement file name in it's header. and the STD having both customer's req and SRS refered in it's header.

Repeating everything all the time sounds stupid to me, it's giving up dictionaries and putting word definitions in the body of a text.

Well that's my opinion but I might be too permissive an completely wrong in my reading of the standard.

Anyway sack you auditor :bonk:

Good luck !

Vinc
 

howste

Thaumaturge
Super Moderator
#4
I noticed that you didn't specify which version of ISO 9001. Are you being audited to 1994 or 2000? Assuming it's the 2000 edition, here's what you need to comply with:
7.3.3 Design and development outputs
The outputs of design and development shall be provided in a form that enables verification against the design and development input and shall be approved prior to release.
Design and development outputs shall
a) meet the input requirements for design and development,
b) provide appropriate information for purchasing, production and for service provision,
c) contain or reference product acceptance criteria, and
d) specify the characteristics of the product that are essential for its safe and proper use.
It doesn't say you must maintain "traceability" but it does say that your requirements (inputs) need to correlate with the results (outputs). Your design & development review records must show that you compared the outputs against the inputs and the requirements were met.
 
Y

YossiD

#5
Thanks everyone for your replies.

Our previous audit was to ISO 9001:1994 but the next one will be to 9001:2000 so the auditor was already in that mindset.

In any event, the auditor granted certification after further discussions and minor revisions to the procedures. We maintained that it is the responsibility of the persons reviewing and approving the SRS and STD to ensure that all customer requirements are covered and that ISO 9001 does not mandate that the review process be documented.

While documenting traceability is not such a large effort initially, our projects tend to be characterized by continuously changing requirements, which is not uncommon in embedded systems. Each change triggers revision of an entire chain of documents, so you can see where this is going.

I agree that documented traceability from customer requirement to SRS to STD to STR is a good idea, but the time required to do this is a luxury that we cannot always afford, and this is why I did not want to commit to it in the procedures.
 
Thread starter Similar threads Forum Replies Date
D Document Issue & Control in ISO9000-3 - Medical software ISO 13485:2016 - Medical Device Quality Management Systems 4
C ISO9000 and CWF (Certified Welding Fabricator) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
L Innovation in Quality as applied to ISO9000 ISO14000 or TS16949 Service Industry Specific Topics 1
L Vertical vs Horizontal Integration ISO9000 QMS ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
C Explain to me the differences between ISO9000 and TQM ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
M ISO9000.3:2004 vs. AS9100 - What are the Differences? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
ScottK Which ISO9000 Registrar would you pick? (Hypothetical Situation) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
M Certification of a Group Corporation - ISO9000/14000 vs. SONY GP certification ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
B The new Terms and Definitions in ISO9000:2005 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Randy ISO9000:2005 vs. ISO9000:2000 - Differences and Changes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
E Franchise of ISO9000 certified organization ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 29
M ISO9000 presentation help ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
M ISO9000 Training Presentation - Seeking introductory presentation on ISO9000 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
A How much objective evidence is required for ISO9000 certification? Records and Data - Quality, Legal and Other Evidence 8
N Signature for CAD / Engineering Drawings and ISO9000 requirements Quality Assurance and Compliance Software Tools and Solutions 3
S Changing from ISO9000 to ISO9001:2000 need help ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
B Deployment of an "ISO9000-ready" QMS - Multi-facility site ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
P Looking for subject matter for thesis about TQM, ISO9000, TS19649 IATF 16949 - Automotive Quality Systems Standard 4
J Can We Exclude ISO9000:2000 Clause 7.3.7 (Control Of Design And Development Changes)? Design and Development of Products and Processes 7
J ISO9000:2000 Scope Statement ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
B Are ISO9000 certificates ever withdrawn? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
Q Each ISO9000:2000 requirement has intent? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
A What is the difference between Validation & Verification in the context of ISO9000? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
M ISO 9001:2006 - What is the future of ISO9000? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
L ISO9000 Implementation in Schools and Educational Institutions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
S How are you undertaking Supplier assessment and Educating Upper Management in ISO9000 Supplier Quality Assurance and other Supplier Issues 13
Geoff Cotton ISO9000: 2000 What are the changes? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
D QS-9000 / ISO9000 Procedures - Four Questions about Requirements Document Control Systems, Procedures, Forms and Templates 1
M ISO9000 certification in education - Higher end post graduate degree school ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
P Question for ISO9000 auditor training General Auditing Discussions 3
D Lucrative Rubber Stamp - I was once very impressed with ISO9000 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
B ISO9000 Expert Witness work with the legal profession ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
J TS 16949 - QS9000 - ISO9000:2000 QS-9000 - American Automotive Manufacturers Standard 2
K ISO9000:2000 & TS16949 EFFECTS ON QS9000 QS-9000 - American Automotive Manufacturers Standard 1
K Guidelines for implementing ISO9000 in education - ISO 21001:2018 Update June 2019 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
K Are ISO9000 and QS-9000 Quality Control or Quality Assurance Systems? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
A Industrial Deaths & ISO9000 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
Marc The Quality Farce - ISO9000, QS9000, Six Sigma, TQM, Fishbone Diagrams, etc. Philosophy, Gurus, Innovation and Evolution 17
P Will ISO 10013:1995 be revised, as a consequence of the ISO9000 revision? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Marc Auditing R&D for ISO9000 General Auditing Discussions 1
Marc Implementing ISO9000 - Timeline showing major milestones ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 0
Marc ISO9000:2000 and QS9000 QS-9000 - American Automotive Manufacturers Standard 2
Marc Definition Process Audit - Internal and External - ISO9000 - A Definition Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 7
T How many companies are giving up ISO9000 registration? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
Marc ISO9000:2000 Update ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 0
F TickIT vs. ISO9000-3 vs. ISO 9001 - What are the Differences? Software Quality Assurance 7
Marc ISO9000 Performance Metrics ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Marc New ISO9000 E-Mail ListServe ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 0
Marc ISO9000 Internal Audit Requirements Internal Auditing 2
Marc ISO9000 Registration in Educational Institutions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5

Similar threads

Top Bottom