ISO 9000-3 Digest Saturday, 8 February 1997 Volume 01 : Number 037
In this issue:
RE: Q: iso 9000-3 next version status
RE: Q: ISO SPICE status
Re: BOUNCE iso9000-3@quality.org: Non-member submission from [Arnold Miller ] (fwd)
Re: unsubscribe
ANNOUN: New Book on Software Verification & Validation
Independent QA audit
BOUNCE iso9000-3@quality.org: Non-member submission from [] (fwd)
BOUNCE iso9000-3@quality.org: Non-member submission from [Melanie Hopwood ] (fwd)
Re: BOUNCE iso9000-3@quality.org: Non-member submission from [Melanie
Re: BOUNCE iso9000-3@quality.org: Non-member submission from [Melanie
Internet Alert! Pay for local dial-up?? (fwd)
Re: Audits of QA department
----------------------------------------------------------------------
From: David Walker
Date: Tue, 04 Feb 1997 09:19:35 -0500
Subject: RE: Q: iso 9000-3 next version status
I have a copy of the preliminary 9000-3 dated June 28, 1996.
There is significant change to the document structure and it more
closely follows the strucure of 9001. There is a lot more beef in the
design section and and cross-references were replaced with what
is called an "Informative References" section (appendix). Overall it
looks like a big improvement.
I was told that it was distributed for ballot and should be released
this summer or fall.
Dave Walker
Trilogy Consulting Corporation
Kalamazoo, Michigan
Received: from casti.com (vector.casti.com [199.181.80.100]) by matrix.casti.com (8.6.12/8.6.12) with ESMTP id UAA02074 for ; Mon, 3 Feb 1997 20:42:16 -0500
Received: by casti.com (8.6.9/NX3.0M)
id UAA02002; Mon, 3 Feb 1997 20:43:45 -0500
Received: by casti.com (8.6.9/NX3.0M)
id UAA01989; Mon, 3 Feb 1997 20:43:38 -0500
Date: Mon, 3 Feb 1997 20:43:35 -0500 (GMT-0500)
From: "Bill Casti, CQA (Moderator)"
X-Sender: help@vector.casti.com
To: iso9000-3@quality.org
Subject: BOUNCE iso9000-3@quality.org: Non-member submission from [Arnold Miller ] (fwd)
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-iso9000-3@quality.org
Precedence: bulk
Reply-To: iso9000-3@quality.org
From: "Bill Casti, CQA (Moderator)"
NOTE: Respond *both* to the poster's address (see below the dotted line)
and to the list's posting address, OR as directed in the posting, but
definitely NOT to me.
Thanks.
Bill
- ---------- Forwarded message ----------
Date: Mon, 3 Feb 1997 11:14:41 -0500
From: Arnold Miller
To: "'iso9000-3@quality.org'"
Subject: Q: iso 9000-3 next version status
I was wonder what is the status of the next version of ISO 9000-3.
Last year, I received e-mail from various list-servers that ISO 9000-3:1991
was under review and that there are two completing formats and various
updated and changes for the 1998 version.
What is the status of these changes and will ISO 9000-3
follow the ISO 9001 format or have a cross matrix table ?
- ---- Arnold Miller (miller@SignalSoftCorp.com) 303-443-7006 x 19
To remove yourself from this list, address a message to: MAJORDOMO@QUALITY.ORG with only the words "unsubscribe iso9000-3" (without the quotes) in the BODY of your message.
------------------------------
From: David Walker
Date: Tue, 04 Feb 1997 09:25:41 -0500
Subject: RE: Q: ISO SPICE status
SPICE was released to ISO/IEC JTC1/SC7 WG10 in June 1995.
This was to be followed by 4 months of reviews per ballot and then
24 months of industrial trials. It is not expected in '98.
These kinds of updates are always covered at the annual
international conference on software quality.
Dave Walker
Trilogy Consulting Corporation
Kalamazoo, Michican
Received: from casti.com (vector.casti.com [199.181.80.100]) by matrix.casti.com (8.6.12/8.6.12) with ESMTP id UAA02080 for ; Mon, 3 Feb 1997 20:43:10 -0500
Received: by casti.com (8.6.9/NX3.0M)
id UAA02049; Mon, 3 Feb 1997 20:44:39 -0500
Received: by casti.com (8.6.9/NX3.0M)
id UAA02027; Mon, 3 Feb 1997 20:44:27 -0500
Date: Mon, 3 Feb 1997 20:44:26 -0500 (GMT-0500)
From: "Bill Casti, CQA (Moderator)"
X-Sender: help@vector.casti.com
To: iso9000-3@quality.org
Subject: BOUNCE iso9000-3@quality.org: Non-member submission from [Arnold Miller ] (fwd)
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-iso9000-3@quality.org
Precedence: bulk
Reply-To: iso9000-3@quality.org
From: "Bill Casti, CQA (Moderator)"
NOTE: Respond *both* to the poster's address (see below the dotted line)
and to the list's posting address, OR as directed in the posting, but
definitely NOT to me.
Thanks.
Bill
- ---------- Forwarded message ----------
Date: Mon, 3 Feb 1997 11:22:28 -0500
From: Arnold Miller
To: "'iso9000-3@quality.org'"
Subject: Q: ISO SPICE status
In studying for the ASQC's Certified Software Quality Engineer Exam (CSQE),
there is mention of ISO SPICE (Software Process Improvement for Capability
dEtermination). The SPICE standards are to harmonize the various efforts to
manage the Software process. According to the study guide a draft of ISO SPICE
was sent to ISO standard body in June 1995.
What is the current status of ISO SPICE ? ( 18 months after being sent to the
ISO Body).
If ISO SPICE is approved, where and when can I get a copy.
- --- Arnold Miller (miller@SignalSoftCorp.com) 303-443-7006 x 19
To remove yourself from this list, address a message to: MAJORDOMO@QUALITY.ORG with only the words "unsubscribe iso9000-3" (without the quotes) in the BODY of your message.
------------------------------
From: Luciano Guerrero
Date: Tue, 4 Feb 1997 10:00:36 -0500
Subject: Re: BOUNCE iso9000-3@quality.org: Non-member submission from [Arnold Miller ] (fwd)
Arnold,
You will find information at the following SPICE sites:
http://www-sqi.cit.edu.au/spice
http://www.esi.es
http://www.sei.cmu.edu
Enjoy the reading!.
Luciano Guerrero
ASEC, Montreal, PQ, Canada
------------------------------
From: Peter Lambert <100665.2143@CompuServe.COM>
Date: 05 Feb 97 04:08:35 EST
Subject: Re: unsubscribe
unsubscribe
------------------------------
From:
Date: Thu, 06 Feb 97 11:15:54 est
Subject: ANNOUN: New Book on Software Verification & Validation
This post is directed to software quality engineers,
software developers and project managers who are
dealing with the requirements of ISO-9000-3. I have
written a new book on Software V&V and Software QA
entitled: "Software Verification and Validation: A
Practitioner's Guide".
If you're a software quality professional, but lack
formal training in software quality assurance, this
practical reference will help fill in the gaps. Based
on the principles of continuous process improvement,
this book offers practical solutions for performing
verification and validation tasks throughout the entire
software development life cycle. Applying the
information in this book can help improve the quality
of your software products.
The topics covered include:
* Review of several popular Software Development
Lifecycle Models
* The Software Inspection Process and how to apply it
* Fundamentals of Configuration Management
* Improving the effectiveness of testing
* Applying measurements to Software V&V activities
* Basics of software reliability growth modeling
The books includes lists of FAQs and an extensive
collection of appendixes including a Software
Development Process model, a Software Inspection
Process Model along with several checklists that can be
used to conduct requirements, design, code, and test
inspections.
If you are interested in a copy, contact Artech House
Customer Service at 800 225-9977. You can also order
the book via Artech's Web Page at www.artech-house.com
If you would like more information about this book, I
can be reached at srakitin@viewlogic.com
thanks,
-Steve Rakitin-
------------------------------
From: Melanie Hopwood
Date: Thu, 06 Feb 1997 10:24:50 -0600
Subject: Independent QA audit
Hello
I work for a software medical device company we are certified to EN46001
using TickIT. At our last survellience audit the auditor said that we
needed to get an independent audit of our QA department. We are a small
company and really don't feel that we have anyone in-house who could do
this. I was wondering if there were any other businesses that needed
this "independent audit" also and maybe we could trade services.
thanks
Melanie Hopwood
Software Quality Assurance Engineer
email: hopwoodm@cms-stl.com
COMPUTERIZED MEDICAL SYSTEMS, INC.
1195 Corporate Lake Drive
St. Louis, MO USA 63132-1716
company tel: 314 993 0003
fax: 314 993 0075
direct tel: 314 993 0880 x347
------------------------------
From: "Bill Casti, CQA (Moderator)"
Date: Thu, 6 Feb 1997 14:14:22 -0500 (GMT-0500)
Subject: BOUNCE iso9000-3@quality.org: Non-member submission from [] (fwd)
NOTE: Respond *both* to the poster's address (see below the dotted line)
and to the list's posting address, OR as directed in the posting, but
definitely NOT to me.
Thanks.
Bill
- ---------- Forwarded message ----------
Date: Thu, 6 Feb 1997 11:19:27 -0500
From:
To: iso9000-3@quality.org
Subject: ANNOUN: New Book on Software Verification & Validation
This post is directed to software quality engineers,
software developers and project managers who are
dealing with the requirements of ISO-9000-3. I have
written a new book on Software V&V and Software QA
entitled: "Software Verification and Validation: A
Practitioner's Guide".
If you're a software quality professional, but lack
formal training in software quality assurance, this
practical reference will help fill in the gaps. Based
on the principles of continuous process improvement,
this book offers practical solutions for performing
verification and validation tasks throughout the entire
software development life cycle. Applying the
information in this book can help improve the quality
of your software products.
The topics covered include:
* Review of several popular Software Development
Lifecycle Models
* The Software Inspection Process and how to apply it
* Fundamentals of Configuration Management
* Improving the effectiveness of testing
* Applying measurements to Software V&V activities
* Basics of software reliability growth modeling
The books includes lists of FAQs and an extensive
collection of appendixes including a Software
Development Process model, a Software Inspection
Process Model along with several checklists that can be
used to conduct requirements, design, code, and test
inspections.
If you are interested in a copy, contact Artech House
Customer Service at 800 225-9977. You can also order
the book via Artech's Web Page at www.artech-house.com
If you would like more information about this book, I
can be reached at srakitin@viewlogic.com
thanks,
-Steve Rakitin-
------------------------------
From: "Bill Casti, CQA (Moderator)"
Date: Thu, 6 Feb 1997 14:15:02 -0500 (GMT-0500)
Subject: BOUNCE iso9000-3@quality.org: Non-member submission from [Melanie Hopwood ] (fwd)
NOTE: Respond *both* to the poster's address (see below the dotted line)
and to the list's posting address, OR as directed in the posting, but
definitely NOT to me.
Thanks.
Bill
- ---------- Forwarded message ----------
Date: Thu, 6 Feb 1997 11:25:26 -0500
From: Melanie Hopwood
Organization: Computerized Medical Systems
To: iso9000-3@quality.org
Subject: Independent QA audit
Hello
I work for a software medical device company we are certified to EN46001
using TickIT. At our last survellience audit the auditor said that we
needed to get an independent audit of our QA department. We are a small
company and really don't feel that we have anyone in-house who could do
this. I was wondering if there were any other businesses that needed
this "independent audit" also and maybe we could trade services.
thanks
Melanie Hopwood
Software Quality Assurance Engineer
email: hopwoodm@cms-stl.com
COMPUTERIZED MEDICAL SYSTEMS, INC.
1195 Corporate Lake Drive
St. Louis, MO USA 63132-1716
company tel: 314 993 0003
fax: 314 993 0075
direct tel: 314 993 0880 x347
------------------------------
From: dbarnes@cix.compulink.co.uk (Dave Barnes)
Date: Thu, 6 Feb 97 22:55 GMT0
Subject: Re: BOUNCE iso9000-3@quality.org: Non-member submission from [Melanie
In-Reply-To:
Melanie,
I don't see why your QA department must be independently audited unless
you say so in your Quality System. There is nothing in ISO9001 or in
ISO9000-3 that mandates that the QA dept must be audited. It talks about
the "scheduled on the basis of status and importance of the activity to be
audited". The effectiveness (or otherwise) of the QA department can be
covered by the Management Review in clause 4.1.3. Otherwise the problem
becomes one of "who checks the checkers [[of the checkers] of the checkers
...]?"
If you declare this as your policy _and_ there is no evidence to show that
a lack of audits of the QA dept is causing problems then your external
auditor should back down. If not, then complain and or change your
certification body (you are the customer remember).
Best Wishes,
Dave
Registered Provisional TickIT Auditor
dbarnes@cix.compulink.co.uk
"My views, not my employers - and I reserve the right to change
my mind with little or no notice - just more experience."
> I work for a software medical device company we are certified to EN46001
> using TickIT. At our last survellience audit the auditor said that we
> needed to get an independent audit of our QA department. We are a small
> company and really don't feel that we have anyone in-house who could do
> this. I was wondering if there were any other businesses that needed
> this "independent audit" also and maybe we could trade services.
>
------------------------------
From: quality@sedona.net (Lew Levenson)
Date: Thu, 6 Feb 1997 22:02:59 -0700 (MST)
Subject: Re: BOUNCE iso9000-3@quality.org: Non-member submission from [Melanie
Dave is correct that nothing in ISO9001 or in ISO9000-3 mandates that the QA
dept must be audited.
All either or both say regarding internal audits is "supplier shall carry
out a comprehensive system of ... internal quality [system] audits to verify
whether quality activities comply ...".
When a quality department is not defined to be a quality activity, of course
no internal audit is required.
Personally, I think such a definition would be hard to uphold.
Good luck,
Lew ... RAB QSLA #Q2405
>From: dbarnes@cix.compulink.co.uk (Dave Barnes)
>In-Reply-To:
>Melanie,
>
>I don't see why your QA department must be independently audited unless
>you say so in your Quality System. There is nothing in ISO9001 or in
>ISO9000-3 that mandates that the QA dept must be audited. It talks about
>the "scheduled on the basis of status and importance of the activity to be
>audited". The effectiveness (or otherwise) of the QA department can be
>covered by the Management Review in clause 4.1.3. Otherwise the problem
>becomes one of "who checks the checkers [[of the checkers] of the checkers
>...]?"
>
>If you declare this as your policy _and_ there is no evidence to show that
>a lack of audits of the QA dept is causing problems then your external
>auditor should back down. If not, then complain and or change your
>certification body (you are the customer remember).
>
>Best Wishes,
>
>Dave
>
>Registered Provisional TickIT Auditor
>dbarnes@cix.compulink.co.uk
>
>"My views, not my employers - and I reserve the right to change
> my mind with little or no notice - just more experience."
>
>
>
>> I work for a software medical device company we are certified to EN46001
>> using TickIT. At our last survellience audit the auditor said that we
>> needed to get an independent audit of our QA department. We are a small
>> company and really don't feel that we have anyone in-house who could do
>> this. I was wondering if there were any other businesses that needed
>> this "independent audit" also and maybe we could trade services.
>>
>
>To remove yourself from this list, address a message to:
MAJORDOMO@QUALITY.ORG with only the words "unsubscribe iso9000-3" (without
the quotes) in the BODY of your message.
>
------------------------------
From: "Bill Casti, CQA (Moderator)"
Date: Sat, 8 Feb 1997 11:58:19 -0500 (GMT-0500)
Subject: Internet Alert! Pay for local dial-up?? (fwd)
NOTE: This is NOT a hoax. If you use dialup connections, and you will
object to paying by the minute for those dialups, please send email to
the FCC as directed below. DO NOT SEND THEM TO ME OR TO YOUR LISTS!
(This message is being mass-mailed to multiple QUALITY.ORG lists. If you
are subscribed to more than one list, you will receive duplicates. Just
exercise your "delete" key; don't complain to me about them. Can't do
anything about it anyway.)
Regards.
Bill
- ---------- Forwarded message ----------
*****************************************
INTERNET USERS ALERT!!! It has come to our attention that several
local telephone companies have petitioned the FCC for permission
to charge Internet Users by the minute for LOCAL dial-up telephone
service. This would affect every Internet User, including those
using AOL dial-up.
For more information, see the FCC site: http://www.fcc.gov/isp.htm.
Please send an E-Mail to isp@fcc.gov
to express your outrage at the idea of allowing telephone companies
to charge by the minute for LOCAL dial-up service. E-Mail comments
must be sent by Feb. 13th, 1997. This affects every Internet user!!
- ------------- End of Forwarded Message --------------------
=============================================================================
Bill Casti, CQA Email: help@quality.org
- Domain Owner, QUALITY.ORG Pager: +1 800 604 6149
- List Moderator, "TQM in Manufacturing and Service Industries"
- Chairman, Electronic Media
ASQC Section 0511 (Northern VA) Section Email: E-media@quality.org
- '97 Candidate for Region 05 Director: Tell your 05xx Board to Nominate Me!
- Senior Administrator, Internet Systems, Fed. Emergency Mgmt. Agency (FEMA)
- -----------------------------------------------------------------------------
QUALITY RESOURCES ONLINE at: http://www.quality.org/qc
=============================================================================
------------------------------
From: dbarnes@cix.compulink.co.uk (Dave Barnes)
Date: Sat, 8 Feb 97 23:50 GMT0
Subject: Re: Audits of QA department
quality@sedona.net (Lew Levenson) said in response to my comment:
> Dave is correct that nothing in ISO9001 or in ISO9000-3 mandates that
> the QA
> dept must be audited.
>
> All either or both say regarding internal audits is "supplier shall
> carry
> out a comprehensive system of ... internal quality [system] audits to
> verify
> whether quality activities comply ...".
My main point was that auditing the QA department is akin to checking the
checkers - and this can be carried to absurdity. It's a bit like saying
that you need to write test scripts to test the test scripts for your
deliverable software. Perhaps it's a good idea in some circumstances but
it's unlikely to be cost-effective under all circumstances.
The other problem is that in order to audit _any activity_ one needs to
have a knowledge of the activity being carried out as well as having some
training & experience of auditing itself. Even large companies baulk at
the cost of training people to be auditors when this is not their primary
role.
>
> When a quality department is not defined to be a quality activity, of
> course
> no internal audit is required.
>
> Personally, I think such a definition would be hard to uphold.
>
I consider that Quality activities are those which are in the value chain
(see Michael Porter) because these activities bear directly upon the
ability of the product to satisfy its requirements. A QA group is not (or
shouldn't be) in the value chain - it should be supporting the value chain
activities. As such, it is important but not _directly_.
My other point was that the QA function is checked by the Management
Review (4.1.3). The internal auditing function is considered so important
that it has its own clause in the standard so the external auditor checks
it. So where's the benefit?
The real issue here is whether or not one should allow an external auditor
to increase your costs without good reason (ie the benefit provided is
worth the cost incurred). If the answer isn't a _definite_ yes then I
believe that the auditor should be told "No - I'm not doing this because
....".
We auditors are not infallible gods - and no matter how good we are, we
still don't know a business as well as the people who are working in it.
Only if there is objective, incontrovertible evidence should we raise a
non-compliance report.
Dave
dbarnes@cix.compulink.co.uk
"My views, not my employers - and I reserve the right to change
my mind with little or no notice - just more experience."
------------------------------
End of ISO 9000-3 Digest V1 #37
*******************************
To remove yourself from this list, address a message to:
MAJORDOMO@QUALITY.ORG with only the words "unsubscribe iso9000-3-digest"
(without the quotes) in the BODY of your message.