Page 294 -
P. 294

ISO 9000
                          ISO 9000 is a family of quality management standards defined by the International Stan-
                          dards Organization and implemented by over half a million organizations around the
                          world. Quality management refers to the practices performed by an organization in order
                          to fulfill the customer’s requirements (and any legal or regulatory requirements). The goal
                          of quality management is to improve customer satisfaction, while at the same time contin-
                          ually improving the performance of the organization.

                          Every ISO 9000 standard defines a set of minimum “pass or fail” standards that are used to
                          judge whether an organization is in compliance. ISO standards, like the CMM, have a cer-
                          tification process in which an organization’s practices are assessed by a third-party assessor
                          who audits the organization’s compliance with the quality system, and whether that sys-
                          tem is effective. The result of the audit is a set of recommendations for changes to be
                          made, in order to bring the organization into compliance.
                          ISO 9000 is based on eight core principles:

                          • Organizations must focus on their customers by understanding current and future cus-
                            tomer needs.
                          • Leaders within the organization must create and maintain an environment in which
                            people can become involved and fulfill the organization’s objectives.
                          • People at all levels are important to the organization.
                          • Activities and resources are best managed as a process.
                          • Organizations have many interrelated processes, which must be understood and man-
                            aged as a system.
                          • The organization should continually improve its performance.
                          • Decisions should be well informed and based on real data and information.
                          • An organization and its suppliers are in a mutually beneficial relationship.

                          The ISO 9000-3 standard contains a set of guidelines that interprets ISO 9000 so that it can
                          be applied to the development, supply, and maintenance of software. It is divided into sec-

                          tions that define standards for many areas of a software organization, including manage-
                          ment practices, the quality system, contracts, document and data control, inspection,
                          training, deployment, process control, and the design and development of the software.
                          Each of the sections contains standards for the day-to-day work that goes on in the organi-
                          zation. For example, within the software development and design section are standards for
                          software development, software design, design and development planning, organizational
                          and technical interfaces and design review, verification, validation, and change control.
                          Each of these standards defines specific practices that must be implemented in the organi-
                          zation. For example, the software development requirements require that a project plan
                          be developed. This plan must define the project, list its objectives, contain a project sched-
                          ule, define the inputs and outputs, identify related plans and projects, identify project


                   286  CHAPTER TWELVE
   289   290   291   292   293   294   295   296   297   298   299