iso9000-3-digest Wednesday, December 23 1998 Volume 02 : Number 008
----------------------------------------------------------------------
Date: Mon, 28 Sep 1998 14:51:31 +0000
From: "Dudley, James"
Subject: Regulatory bodies
Can anyone tell me what regulatory organisation controls the use of
commercial software in the area of medicine and health care.
Thanks
James
------------------------------
Date: Mon, 28 Sep 1998 15:28:09 +0000
From: "Dudley, James"
Subject: Supplier Assessment
I have been tasked with carrying out a number of supplier assessments of
companies sub-contracted by us to supply hardware/software. Has anyone
any checklists or ideas on the specific areas I should concentrate on
and what format the assessment should take.
Thanks
James
------------------------------
Date: Mon, 28 Sep 1998 12:58:01 -0400 (EDT)
From: Eric Poole
Subject: Re: Regulatory bodies
On Mon, 28 Sep 1998, Dudley, James wrote:
> Can anyone tell me what regulatory organisation controls the use of
> commercial software in the area of medicine and health care.
I assume you mean in the UK, in which case I can't help, but on the chance
you refer to the USA, that would be the Food and Drug Administration.
. . . . . ep
------------------------------
Date: Mon, 28 Sep 1998 13:21:14 -0400 (EDT)
From: "Bill Casti (System Admin)"
Subject: re: Vol. 3, No. 1 digest
Does anyone on this list have a copy of that digest? I was cleaning out my
mailbox and deleted it. :(
Thanks.
Bill
------------------------------
Date: Sun, 04 Oct 1998 11:50:54 IST
From: "VIREN VORA"
Subject: standards for website development
How do we define the life cycle model for a website development process.
Is website considered a software. How do we freeze the customer
specifications as most of the time the customers have a look at two to
three versions of prototypes and then choose their option. can anybody
guide?
viren
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
------------------------------
Date: Mon, 05 Oct 1998 11:47:26 +0800
From: Ray Taylor
Subject: Re: standards for website development
VIREN VORA wrote:
> How do we define the life cycle model for a website development process.
> Is website considered a software. How do we freeze the customer
> specifications as most of the time the customers have a look at two to
> three versions of prototypes and then choose their option. can anybody
> guide?
> viren
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
> How do we define the life cycle model for a website development process.
> Is website considered a software.
A web site should be considered as a software development process. A
quality system for your environment would need to recognise that it is a
website and not a nuclear power plant or NASA development. In other words
it should be kept relatively simple with limited controls and simple
verification and validation activities.
Neither ISO9000.3 nor any other quality standard defines a methodology for
implementing software. They identify activities that are essential to the
develoment processes but do not define the method for implementing the
processes.
What you need to do is analyse your development process and identify a
methodology that represents your process or one that will be better than
your current process. The types of methodologies that you need to consider
would be Rapid Application Development (RAD), Incremental or Evolutionary.
Once you identify the relevant methodology, define your process in-line with
the methodology. Having done that, look at the elements of IS09000.3 that
are applicable to each stage of your process and check that you have
included all the relevant requirements.
Another standard that can help is ISO/IEEE 12207. This defines a framework
to identify the processes involved in the development process.
>>How do we freeze the customer specifications as most of the time the
>>customers have a look at two to three versions of prototypes and then
choose
>>their option.
Establishing prototypes is just one method of determining customer
requirements and should be considered part of the requirements analysis
stage. Once the customer has selected the prototype, file the prototype in
a controlled directory and ensure that it is not changed.
As the prototype will probably not have been developed to the same standard
as the finished product should be, develop the product again ensuring all
presentation and coding standards are applied. The controlled prototype can
then be referenced to validate the resultant site.
I realise this has been a long response but I hope it will help.
- ----------------------------------------------------------------
Ray Taylor Phone: (08) 9333 8710
Software Quality Engineer Fax: (08) 9333 8889
ADI Limited E-mail: taylorr@adi.ccis.com.au
- ----------------------------------------------------------------
------------------------------
Date: Mon, 5 Oct 1998 12:05:49 -0700 (PDT)
From: Ricardo Mejiaz
Subject: SW Quality System Documents Structure
Hi.
If you know how to establish a structure for all documents on a
Quality Assurance System for Software Development, please let me know.
Or if you now have one. I will appreciate it if you send it to me.
Thanks
Ricardo Mejia
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
------------------------------
Date: Tue, 6 Oct 1998 06:03:04 -0400 (EDT)
From: "Bill Casti (System Admin)"
Subject: SW Quality System Documents Structure (fwd)
If any of you can help him, please cotact him directly, as he is not a
member of this list.
Thanks.
Bill
- ---------- Forwarded message ----------
Date: Mon, 5 Oct 1998 12:05:49 -0700 (PDT)
From: Ricardo Mejiaz
To: iso9000-3@quality.org
Subject: SW Quality System Documents Structure
Hi.
If you know how to establish a structure for all documents on a
Quality Assurance System for Software Development, please let me know.
Or if you now have one. I will appreciate it if you send it to me.
Thanks
Ricardo Mejia
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
------------------------------
Date: Tue, 13 Oct 98 12:55:29 -0500
From: "Vinh Duong"
Subject: Research On Impact To Software Quality
Hi,
My first question on this list:
I would like to know if there is any research, study, survey on the
impact of using a software methodology (ISO9000-3 or any other
methodology namely IEEE, Productivity Plus....) to the quality of the
software.
If yes, how can I have access the results of these studies on the Web,
or are they published?
I have not found anything so far but I am sure that these researches
do exist.
Thank you for your help.
Vinh Duong
Montreal
IBM Global Services
vduong@aircanada.ca
------------------------------
Date: Tue, 20 Oct 98 16:46:28 -0500
From: "Vinh Duong"
Subject: Re: Research On Impact To Software Quality
- --simple boundary
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Dirk,
Thank you for your studies.
I would like to make some comments.
The studies are all based on the points of view of the QA's who may be
biased because they have to prove to their employers that they
contribute to the increase in company's productivity.
It is possible to impartially measure the productivity linked to the
implementation of a methodology in an organisation. At our company,
we record all the software errors, all requests for software
enhancement from clients, and the hours it takes to correct the errors
or to process the enhancements.
With this kind of data, one can compare, for example, the number of
errors, the hours required for corrections, following the
implementation of a system without a methodology and an equivalent
system with a methodology.
We should also interview the programmers who apply the methodologies.
Because they are the grunts, the soldiers who will give an honest
opinion of the utilisation of a methodology.
I hope that the other forum members read Dirk's excellent researches
and give us their comments.
This is a very quiet list.
Vinh Duong
IBM Global Services
______________________________ Forward Header __________________________________
Subject: Re: Research On Impact To Software Quality
Author: at INTERNET
Date: 10/14/98 9:18 AM
Dear Vinh Duong,
you might be interested in some of our research results:
Dirk Stelzer, Werner Mellis, Georg Herzwurm: A Critical Look at ISO
9000 for Software Quality Management. In: Software Quality Journal.
No. 2, 1997, PP. 65-79
Dirk Stelzer, Werner Mellis, Georg Herzwurm: Software Process
Improvement via ISO 9000? Re-sults of Two Surveys Among European
Software Houses. In: Software Process - Improvement and Practice. No.
3, 1996, PP. 197-210
http://www.informatik.uni-koeln.de/winfo/prof.mellis/publications/hics
copy.htm
Dirk Stelzer, Mark Reibnitz, Werner Mellis: Benefits and Prerequisites
of ISO 9000 based Software Quality Management. In: Software Process
Newsletter. No. 12, 1998, PP. 3-7
http://www-se.cs.mcgill.ca/process/spn.html
On
http://www.informatik.uni-koeln.de/winfo/prof.mellis/publications/vero
eff.htm#veroeff
you will find more papers on the effects of applying
the ISO 9000 standards to software development. However, most of the
other papers are written in German.
Would you please post a summary of the answers to your query to this
list?
Thanks,
Dirk
> Date: Tue, 13 Oct 98 12:55:29 -0500
> From: "Vinh Duong"
> To:
> Subject: Research On Impact To Software Quality
> I would like to know if there is any research, study, survey on the
> impact of using a software methodology (ISO9000-3 or any other
> methodology namely IEEE, Productivity Plus....) to the quality of the
> software.
>
Dr. Dirk Stelzer
Universitaet zu Koeln, LS fuer Wirtschaftsinformatik
Albertus-Magnus-Platz, D-50923 Koeln, Germany
Fon: +49(0)221-470-5373
Fax: +49(0)221-470-5386
mailto:stelzer@informatik.uni-koeln.de
http://www.informatik.uni-koeln.de/winfo/prof.mellis/stelzer.htm
- --simple boundary
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"
Received: from sm9ul021.aircanada.ca by aircanada.ca (ccMail Link to SMTP R8.00.01)
; Wed, 14 Oct 98 03:17:48 -0500
Return-Path:
Received: from suenner.informatik.Uni-Koeln.DE ([134.95.9.136])
by sm9ul021.aircanada.ca (Post.Office MTA v3.1.2
release (PO205-101c) ID# 0-0U10L2S100) with SMTP id AAA189
for ; Wed, 14 Oct 1998 03:20:58 -0400
Received: from LS-MELLIS.informatik.uni-koeln.de (LS-Mellis.informatik.Uni-Koeln.DE [134.95.10.1])
by suenner.informatik.Uni-Koeln.DE (8.8.8/8.8.8/RRZK-CL-8.8.6-1) with ESMTP id JAA01856
for ; Wed, 14 Oct 1998 09:18:17 +0200 (MET DST)
Message-Id: <199810140718.JAA01856@suenner.informatik.Uni-Koeln.DE>
Received: from LS_MELLIS/SpoolDir by LS-MELLIS.informatik.uni-koeln.de (Mercury 1.31);
14 Oct 98 09:18:53
Received: from SpoolDir by LS_MELLIS (Mercury 1.31); 14 Oct 98 09:18:42
From: "Dirk Stelzer"
Organization: Universitaet zu Koeln
To: "Vinh Duong"
Date: Wed, 14 Oct 1998 09:18:34 MET-1MEST
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: Research On Impact To Software Quality
Reply-to: stelzer@informatik.uni-koeln.de
Priority: normal
In-reply-to: <9810139083.AA908308517@aircanada.ca>
X-mailer: Pegasus Mail for Win32 (v2.54)
- --simple boundary--
------------------------------
Date: Tue, 20 Oct 98 16:29:46 -0500
From: "Vinh Duong"
Subject: RE: Research On Impact To Software Quality
- --simple boundary
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: Quoted-Printable
Louis,
=20
Thank you for your reply. You are right, we don't have many empir=
ical=20
researches, surveys on methodologies even though people claim they=
=20
benefit companies.
=20
I remember about 10 years ago, with the arrival of 4GL's, there wa=
s a=20
lot of researches on End User Computing.
=20
For the benefit of forum members, I am going to post the other rep=
lies=20
to my question.
=20
Vinh
IBM Global Services
______________________________ Forward Header _________________________=
_________
Subject: RE: Research On Impact To Software Quality=20
Author: at INTERNET
Date: 10/13/98 6:57 PM
On Tuesday, October 13, 1998 1:55 PM, Vinh Duong wrote:
=20
> I would like to know if there is any research, study, survey on the=20=
=0A> impact of using a software methodology (ISO9000-3 or any other
> methodology namely IEEE, Productivity Plus....) to the quality of the=
=20
> software.
=20
Vinh,
=20
I recommend the book "Software Quality" by Capers Jones (ISBN=20
1-85032-867-6). It's two years old and not perfect, but still the best =
to=20
my knowledge. Now, I'd like to say that you shot a simple question for =
which we don't have a satisfactory answer. It's though to tell even for=
=20
simple technological things like OO vs structured methods, let alone gl=
obal=20
methodologies...
=20
Sinc=E8res salutations,
=20
Louis
=20
- --
InSpec Louis Bastarache=20
Qualit=E9 du logiciel Associ=E9, M.Sc.
=20
Gestion de la qualit=E9 CP 9338 succ Ste-Foy=20
Essais & inspections Qu=E9bec (Qc) G1V 4B5=20
Assurance qualit=E9 Tel 418 692-5841=20
Formation Fax 418 692-6024
=20
=
- --simple boundary
Content-Type: text/plain; charset=US-ASCII; name="RFC822.TXT"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="RFC822.TXT"
Received: from sm9ul021.aircanada.ca by aircanada.ca (ccMail Link to SMTP R8.00.01)
; Tue, 13 Oct 98 18:53:59 -0500
Return-Path:
Received: from hermes.ulaval.ca ([132.203.250.27]) by sm9ul021.aircanada.ca
(Post.Office MTA v3.1.2 release (PO205-101c) ID# 0-0U10L2S100)
with SMTP id AAA225 for ;
Tue, 13 Oct 1998 18:56:25 -0400
Received: from basl.prosig.qc.ca (stbb013.ulaval.ca [132.203.55.53])
by hermes.ulaval.ca (8.8.8/8.8.8) with SMTP id SAA10418
for ; Tue, 13 Oct 1998 18:55:24 -0400 (EDT)
Received: by localhost with Microsoft MAPI; Tue, 13 Oct 1998 18:58:20 -0400
Message-ID: <01BDF6DB.71C74F40@louis.bastarache@ift.ulaval.ca>
From: Louis Bastarache
Reply-To: "louis.bastarache@ift.ulaval.ca"
To: "'Vinh Duong'"
Subject: RE: Research On Impact To Software Quality
Date: Tue, 13 Oct 1998 18:57:28 -0400
Organization: InSpec
X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4025
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
- --simple boundary--
------------------------------
Date: Tue, 10 Nov 1998 13:40:30 -0800
From: "Jim Vasconcellos"
Subject: Low Hanging Fruit
Hello all,
I do project management and consulting for customers of our quality
management software. I have been finding that the two largest issues have
been document management, and Corrective Actions. I want to know if you
all consider these to be the most important issues for organizations
setting up a quality/compliance management system, or automating one that
is in place. Thank you for responding to this informal survey.
Jim Vasconcellos Only mediocre people
Certified Lotus Professional are always at their best.
DPI Services, Inc. -Somerset Maugham
Lotus Premium Partner
Tel: 408-918-5225
jimv@dpiservices.com
http://www.qmx.com
------------------------------
Date: Wed, 11 Nov 1998 7:35:42 -0500
From: "Paquin, Sherolyn A."
Subject: Re: Low Hanging Fruit
Jim,
I think the most important issue is requirements management and accurate
estimating.
Sherry Paquin
"Quality is not a sprint; it is a long-distance event."
- V. Daniel Hunt
************************************************************************
Sherry Paquin SAP01@MHS.Sperry-Marine.COM
Litton/Sperry Marine w: 804-974-2078
1070 Seminole Trail f: 804-974-2480
Charlottesville, VA 22901-2891
************************************************************************
------------------------------
Date: Wed, 16 Dec 1998 21:33:19 -0500 (EST)
From: "Bill Casti (System Admin)"
Subject: How to join or leave email discussion lists HERE...
SAVE THIS FILE, PLEASE!
Here's the self-service instructions on how to handle your
subscription(s) for QUALITY.ORG lists....
- ------
1. The file of all the lists supported at QUALITY.ORG is available at:
http://www.quality.org/lists/lists_at_quality.org.html
2. We use an automated list management software tool called "Majordomo"
here, so all subscribe/unsubscribe messages must be directed to the URL
below.
Please use our Web-based MajorCool tool to subscribe/unsubscribe for any
of the lists supported at QUALITY.ORG. It is located at:
http://www.quality.org/cgi-bin/majordomo
If you have questions or comments, send them to ME, not to the list or to
Majordomo.
=============================================================================
Bill Casti, CQA Email: help@quality.org
- Domain Owner, QUALITY.ORG Pager: +1 800 604 6149
- List Moderator, "TQM in Manufacturing and Service Industries"
- Chairman, Electronic Media
ASQ Section 0511 (Northern VA) Section Email: E-media@asq0511.org
- Internet Security Manager, FEMA (Washington DC)
- -----------------------------------------------------------------------------
QUALITY RESOURCES ONLINE at: http://www.quality.org
=============================================================================
------------------------------
Date: Thu, 17 Dec 1998 16:02:04 -0500
From: Sterescu Sorin
Subject: New subscriber,
New subscriber,
We are a network integrator, providing all service
connected with networks, and we develop Java based software applications.
We are working now on a document control software
specific for the requirements of the ISO certifications. We're getting
audited in January on our ISO9002:94 QS, but we have targeted the ISO9001
certification for the mid year.
Since we develop software, the ISO9000-3 is very
important to us, thus the need to learn more about-it.
The information available on this list may prove
helpful.
Thanks.
Sorin Sterescu
Coordonateur de projets / Responsable Qualité
Le Groupe MIR
Web : Http://www.mir.ca
Courriél : ssterescu@mir.ca
Tél. : 1-800-267-9811
Bureau : (450)-641-2288 ext. 729
------------------------------
Date: Wed, 23 Dec 1998 12:16:09 -0700
From: "Miller, Arnold"
Subject: Review of ISO 9000-3:1997 Standard
TO: ISO 9000-3 email list group
Date: 23 Dec 1998
Here is a review of ISO 9000-3:1997 Standard.
It is from a presentation that I gave to the Boulder
ASQ Section's (1313) ISO 9000 user group this past Fall.
It is long about 600 lines.
May it bring some discussion on the Standard and other
Software Quality Standards over the coming year.
FYI:
In case anyone wants, I have Slides and Text in MS-Word 98 format.
This is being sent via MS-Outlook 98 as a Rich Text Message.
If you can not decode this message or it is unreadable,
let me know so I can find out how to send message as
plain text message.
- --- Begin ISO 9000-3 Review
Parts to this Review
Part 1. Is ISO 9000-3 necessary or needed ?
Part 2. What is the format of ISO 9000-3 ? and How does one audit
to ISO 9000-3 ?
Part 3. What does this add to the ISO 9000-2 General Guidelines for
implementing ISO 9001?
Part 4. What other standard does ISO 9000-3 Reference beside
ISO 9001 & 9000-2 ?
Part 5. What is IS0/IEC 12207 ?
Part 6. Where to get these Standards ?
Part 1. ISO 9000-3 Necessary or Needed ?
- - Software is Everywhere
- - Off-the-Shelf Software - Word processors
- - Contract Software - Customer Requirements
- - Internal Developed - Support Issues
- - Embedded Software - VCR, Autos, Medical
Maybe this document is not necessary, but something needs to be done
to keep software from destroying others products.
Part 2. ISO 9000-3 Format & Auditing
- - ISO 9001 is embedded into ISO 9000-3 with comments and extra guidance.
See table below.
- - Audit to ISO 9000-3 site non-conformities to ISO 9001 sections with
specific in ISO 9000-3.
- - References to ISO/IEC 12207 "Software Life Cycle Processes"
(described below)
Part 3. Addition to ISO 9000-2 & ISO 9001
This is a per section comparisons between ISO 9000-3 and ISO 9001 with
references to ISO/IEC 12207 and additional comments. Using the following
format:
ISO 9000-3 Section Number & Name
VS 9001:
ISO 12207:
Comment:
The "VS 9001" line contains:
"Same" when text is identical
"Same +" when ISO 9000-3 adds guidance the should be ISO 9000-2.
Not really specific to software.
"Same -" when ISO 9000-3 might subtract information from ISO 9001
"Extra" when ISO 9000-3 adds software specific guidance
"See Below" when detail information is in sub-sections
The "ISO 12207" line contains the related sections in ISO 12207 Standard
The "Comment" line contains summary of added guidance information.
ISO 9000-3 Sec: 4.1 Management Responsibility
VS. 9001: See Below
ISO 12207: See Below
Comment: None
ISO 9000-3 Sec: 4.1.1 Quality Policy
VS. 9001: Same
ISO 12207: NONE
Comment: None
ISO 9000-3 Sec: 4.1.2 Organization
VS. 9001: Same
ISO 12207: See Below
Comment: None
ISO 9000-3 Sec: 4.1.2.1 Responsibility and Authority
VS. 9001: Same
ISO 12207: NONE
Comment: None
ISO 9000-3 Sec: 4.1.2.2 Resources
VS. 9001: Same
ISO 12207: 7.2
Comment: None
ISO 9000-3 Sec: 4.1.2.3 Management Representative
VS. 9001: Same
ISO 12207: 6.3.1.6
Comment: None
ISO 9000-3 Sec: 4.1.3 Management Review
VS. 9001: Same
ISO 12207: 7.1.4
Comment: None
ISO 9000-3 Sec: 4.2.1 Quality System - General
VS. 9001: Same
ISO 12207: NONE
Comment: None
ISO 9000-3 Sec: 4.2.2 Quality System Procedures
VS. 9001: Same
ISO 12207: NONE
Comment: None
ISO 9000-3 Sec: 4.2.3 Quality Planning
VS. 9001: Extra
ISO 12207: 6.2 to 6.5
Comment: Quality Requirements; Life Cycle; project phases;
Verify &Validate; Customer-Support; Nonconforming product;
Corrective Action; ISO 10005 "Quality Plans"; ISO 10007
"Configuration Management"; Software Quality Plan
ISO 9000-3 Sec: 4.3.1 Contract Review - General
VS. 9001: Same +
ISO 12207: NONE
Comment: Developed via Contract; Market Sector; Embedded; Internal
Business processes
ISO 9000-3 Sec: 4.3.2 Review
VS. 9001: Extra
ISO 12207: 5.2.1 5.2.6 6.4.2.1
Comment: Concern Check lists for Customer; Technical; Management;
Legal; Security; Confidential
ISO 9000-3 Sec: 4.3.3 Amendment
VS. 9001: Same
ISO 12207: 5.1.3.5 5.2.3.2
Comment: None
ISO 9000-3 Sec: 4.3.4 Records
VS. 9001: Same
ISO 12207: NONE
Comment: None
ISO 9000-3 Sec: 4.4.1 Design Control - General
VS. 9001: Extra
ISO 12207: NONE
Comment: Life Cycle Model; Discipline manner; Requirements to
Product(Requirements analysis, Architecture design, Detail design,
code);
Design Method; Past experiences; Subsequent processes; Security &
Safety; Coding conventions & workmanship
ISO 9000-3 Sec: 4.4.2 Design and Development Planning
VS. 9001: Extra
ISO 12207: 5.2.4
Comment: Requirements to Product; Definition; input & output; resources;
subcontractors; materials; organizational interfaces; each phases'
input,
output, activity & management; schedule check list; related plans check
list.
ISO 9000-3 Sec: 4.4.3 Organizational and Technical Interfaces
VS. 9001: Extra
ISO 12207: 5.2.6.1 6.6.2
Comment: list of non customer interfaces; customer responsibilities check
list; joint review check list
ISO 9000-3 Sec: 4.4.4 Design Input
VS. 9001: Extra
ISO 12207: 5.3.2 5.3.3 5.3.4
Comment: Develop requirement specification; Customer approval;
7 Partial requirements
ISO 9000-3 Sec: 4.4.5 Design Output
VS. 9001: Same +
ISO 12207: 5.3.5 5.3.6 5.3.7
Comment: Output document & item check list
ISO 9000-3 Sec: 4.4.6 Design Review
VS. 9001: Extra
ISO 12207: 5.3.4.2 5.3.5.6 5.3.6.7 6.6.3
Comment: What; How; When; Type; Records; Personnel; Follow-up
ISO 9000-3 Sec: 4.4.7 Design Verification
VS. 9001: Same +
ISO 12207: 5.3.4.2 5.3.5.6 5.3.5.7 5.3.7.5 5.3.9 6.4
Comment: Review Design Output; Prototypes; Simulations; Design Output
submitted for acceptance & future use; Finding addressed & resolved
ISO 9000-3 Sec: 4.4.8 Design Validation
VS. 9001: Same +
ISO 12207: 5.3.1 6.5
Comment: Before Customer acceptance; Requirements checked & recorded
for output; Validated products for acceptance & future use
ISO 9000-3 Sec: 4.4.9 Design Changes
VS. 9001: Same +
ISO 12207: 5.5.2 5.5.3
Comment: Steps to approve changes; See Configuration Management
ISO 9000-3 Sec: 4.5.1 Document and Data Control - General
VS. 9001: Same +
ISO 12207: 6.1
Comment: Configuration Management; document check list
ISO 9000-3 Sec: 4.5.2 Document and Data Approval Issue
VS. 9001: Same +
ISO 12207: NONE
Comment: electronic documents - approval, access, media, distribution
archiving procedures
ISO 9000-3 Sec: 4.5.3 Document and Data Changes
VS. 9001: Same
ISO 12207: NONE
Comment: None
ISO 9000-3 Sec: 4.6.1 Purchasing - General
VS. 9001: Same +
ISO 12207: 5.1
Comment: Software product check list
ISO 9000-3 Sec: 4.6.2 Evaluation of Subcontractors
VS. 9001: Same
ISO 12207: NONE
Comment: None
ISO 9000-3 Sec: 4.6.3 Purchasing Data
VS. 9001: Same +
ISO 12207:NONE
Comment: Product order information check list; Contract Review applied
to subcontractors
ISO 9000-3 Sec: 4.6.4 Verification of Purchasing Product
VS. 9001: Same
ISO 12207: NONE
Comment: None
ISO 9000-3 Sec: 4.7 Control of Customer-Supplied Product
VS. 9001: Extra
ISO 12207: 6.1
Comment: Sample Software check list; Licensing, Support & Maintenance;
same verification as purchased product
ISO 9000-3 Sec: 4.8 Product Identification and Traceabilty
VS. 9001: Extra
ISO 12207: 6.1 & 6.2
Comment: Software items (specification, development, replication &
delivery) Configuration Management for size, complexity & risk of
project; Identification & traceablity check list
ISO 9000-3 Sec: 4.9 Process Control
VS. 9001: Extra
ISO 12207: 5.3.12 6.3.3
Comment: Requirements to Product; check lists for replication, future
changes & installation;
ISO 9000-3 Sec: 4.10.1 Inspection and Testing - General
VS. 9001: Extra
ISO 12207: 5.1.5 5.3.5.5 5.3.6.5 5.3.6.6 5.3.7 5.3.11 5.3.13
Comment: Test at several level (individual items to complete product);
Different approaches; inputs & outputs; complexity & risk; Check list
for unit, integration, system & acceptance test;
ISO 9000-3 Sec: 4.10.2 Receiving Inspection and Testing
VS. 9001: Same +
ISO 12207: NONE
Comment: Verify 3rd party software & data upon receipt using contract
requirements. Customer-supplied product as well as purchased product.
ISO 9000-3 Sec: 4.10.3 In-Process Inspection and Testing
VS. 9001: Same +
ISO 12207: NONE
Comment: General testing applies
ISO 9000-3 Sec: 4.10.4 Final Inspection and Testing
VS. 9001: Extra
ISO 12207: NONE
Comment: Validate operations before customer acceptance using simulated
customer environment; With risk noted for differences; Customer
acceptance testing by customer or supplier; check lists for environment,
acceptance items, & concerns
ISO 9000-3 Sec: 4.10.5 Inspection and Test Records
VS. 9001: Same +
ISO 12207: NONE
Comment: Test results recorded as defined in relevant specifications
ISO 9000-3 Sec: 4.11.1 Control of Inspect, etc. - General
VS. 9001: Same +
ISO 12207: 7.2
Comment: tools, facilities, techniques; effects on quality;
Configuration Management of tools; review tools for improvement
and upgrades.
ISO 9000-3 Sec: 4.11.2 Control Procedure
VS. 9001: Same -
ISO 12207: NONE
Comment: Some items may not apply with calibration mainly for hardware
test tools. ISO 10012 "Measuring Equipment"
ISO 9000-3 Sec: 4.12 Inspection and Test Status
VS. 9001: Same +
ISO 12207: 6.2
Comment: Identify phase of component and test status: untested,
found error, successful, approved. Test records can identify
inspection & test status.
ISO 9000-3 Sec: 4.13.1 Control of NC Product - General
VS. 9001: Extra
ISO 12207: 6.2 & 6.8
Comment: Segregate Nonconforming items effected by transferring to own
test environment. removing hardware that contains nonconforming
software. Find, record and control life cycle phase of defect.
Configuration Management issues.
ISO 9000-3 Sec: 4.13.2 Review & Disposition of NC Products
VS. 9001: Extra
ISO 12207: NONE
Comment: Disposition nonconforming check list; repair & re-work check list
ISO 9000-3 Sec: 4.14.1 Corrective and Prevention - General
VS. 9001: Same +
ISO 12207: 6.2; 6.8 & 7.3
Comment: Configuration Management to control corrective action changes;
Management approves, documents and controls Life Cycle process changes
ISO 9000-3 Sec: 4.14.2 Corrective Action
VS. 9001: Same
ISO 12207: NONE
Comment: None
ISO 9000-3 Sec: 4.14.3 Prevention Action
VS. 9001: Same +
ISO 12207: NONE
Comment: Nonconforming items' Root cause provide input to prevention.
ISO 9000-3 Sec: 4.15.1 Handling, Storage, etc. - General
VS. 9001: Same
ISO 12207: 5.2.7.1 5.3.13.2 6.2.6
Comment: None
ISO 9000-3 Sec: 4.15.2 Handling
VS. 9001: Same +
ISO 12207: NONE
Comment: None Software virus protection; electronic media deterioration
ISO 9000-3 Sec: 4.15.3 Storage
VS. 9001: Same +
ISO 12207: NONE
Comment: Software storing, access, versions/baselines, change,
corruption,
masters & copies; electromagnetic & electrostatic environments
ISO 9000-3 Sec: 4.15.4 Packaging
VS. 9001: Extra
ISO 12207: NONE
Comment: See Replication; compression & encryption
ISO 9000-3 Sec: 4.15.5 Preservation
VS. 9001: Same +
ISO 12207: NONE
Comment: Preserve software with regular back-ups, replacement media;
disaster recovery
ISO 9000-3 Sec: 4.15.6 Delivery
VS. 9001: Same +
ISO 12207: NONE
Comment: Movement of media & electronic transmission; Virus protection;
product integrity
ISO 9000-3 Sec: 4.16 Control of Quality Records
VS. 9001: Same +
ISO 12207: 6.1 & 6.2
Comment: Quality Record list; electronic media care & software access
requirements
ISO 9000-3 Sec: 4.17 Internal Quality Audits
VS. 9001: Same +
ISO 12207: 6.7 6.8 & 7.3.2
Comment: Audit covering progressively whole quality system. One
project over time or Multiple projects at the same time.
ISO 9000-3 Sec: 4.18 Training
VS. 9001: Same +
ISO 12207: 7.4
Comment: Tools, techniques, methods, and resources, for development &
management of software project. Skills & knowledge for specific
product field.
ISO 9000-3 Sec: 4.19 Servicing
VS. 9001: Extra
ISO 12207: 5.4.4 5.5 & 6.8
Comment: ISO 9000-2 contains "Customer Support"; Maintenance
classification
list; Change control for interface modification & functional expansion;
Maintenance in contract; Maintenance item list; Maintenance activity
list; Maintenance records;
ISO 9000-3 Sec: 4.20 Statistical Techniques
VS. 9001: Extra
ISO 12207: NONE
Comment: Analyze measurements of process capability & product character;
product character technique list; process capability technique list;
Metric principle list (value to process or product, clear definition,
quality meaning, influences on metric, direction of change to improve
quality)
Part 4. Referenced Standards in ISO 9000-3
ISO 9001 "Quality Assurance Model"
ISO 9000-2 " Implementation Guidelines"
ISO 10005 "Quality Plans"
ISO 10006 "Project Management"
ISO 10007 "Configuration Management"
ISO 10011 "Auditing"
ISO 10012 "Measurement Equipment"
ISO 10013 "Quality Manuals"
ISO/IEC 9126 "Software Product Evaluation"
ISO/IEC 12207 " Software Life Cycle Processes"
Part 5. ISO/IEC 12207-0:1995(E) "Information technology -
Software life cycle processes"
ISO/IEC 12207-0 same as 12207 "Software Life Cycle Processes"
1 Scope
1.1 Purpose
This International Standard establishes a common framework for software life
cycle processes, with well-defined terminology, that can be referenced by
the
software industry. It contains processes, activities, and tasks that are to
be applied during the acquisition of a system that contains software, a
stand-alone software product, and software service and during the supply,
development, operation, and maintenance of software products. Software
includes the software portion of firmware.
This International Standard also provides a process that can be employed for
defining, controlling, and improving software life cycle processes.
1.2 Field of application
This International Standard applies to the acquisition of systems and
software products and services, to the supply, development, operation, and
maintenance of software products, and to the software portion of firmware,
whether performed internally or externally to an organization. Those aspects
of system definition needed to provide the context for software products and
services are included.
NOTE-The processes used during the software life cycle need to be compatible
with the processes used during the system life cycle.
This International Standard is intended for use in a two-party situation and
may be equally applied where the two parties are from the same organization.
The situation may range from an informal agreement up to a legally binding
contract. This International Standard may be used by a single party as self-
imposed tasks.
This International Standard is not intended for off-the-shelf software
products unless incorporated into a deliverable product.
This International Standard is written for acquirers of systems and software
products and services and for suppliers, developers, operators, maintainers,
managers, quality assurance managers, and users of software products.
1.5 Limitations
This International Standard describes the architecture of the software life
cycle processes but does not specify the details of how to implement or
perform the activities and tasks included in the processes.
. . .
Throughout this International Standard:
- - "shall" is used to express a provision that is binding between two or more
parties,
- - "will" to express a declaration of purpose or intent by one party,
- - "should" to express a recommendation among other possibilities,
- and "may" to indicate a course of action permissible within the limits of
this International Standard.
4.1 Organization of this International Standard
4.1.1 Life cycle processes
This International Standard groups the activities that may be performed
during the life cycle of software into five primary processes, eight
supporting processes, and four organizational processes. Each life cycle
process is divided into a set of activities; each activity is further
divided
into a set of tasks. Subclause numbering a.b denotes a process, a.b.c an
activity, and a.b.c.d a task. These life cycle processes are introduced
below
and depicted in figure 1.
IEEE 12207 Section titles or task summary
5 Primary processes
5.1 Acquisition process
5.1.3 Contract preparation and update
5.1.3.5 (task) Contract underway: Customer will control changes to the
contract through negotiation with the supplier as part of a change
control mechanism. Changes to the contract shall be investigated
for
impact on project plans, costs, benefits, quality, and schedule.
5.1.5 Acceptance and completion
5.2 Supply process
5.2.1 Initiation
5.2.3 Contract
5.2.3.2 (task) The supplier may request modification to the contract as
part
of the change control mechanism.
5.2.4 Planning
5.2.6 Review and evaluation
5.2.6.1 (task) The supplier should coordinate contract review activities,
interfaces, and communication with the customer's organization.
5.2.7 Delivery and completion
5.2.7.1 (task) The supplier shall deliver the software product or service as
specified in the contract.
5.3 Development process
5.3.1 Process implementation
5.3.2 System requirements analysis
5.3.3 System architectural design
5.3.4 Software requirements analysis
5.3.4.2 (task) The supplier shall evaluate the software requirements
considering the criteria listed below. The results of the
evaluations shall be documented.
5.3.5 Software architectural design
5.3.5.5 (task) The supplier shall define and document preliminary test
requirements and the schedule for Software Integration.
5.3.5.6 (task) The supplier shall evaluate the architecture of the software
item and the interface and database designs considering the
criteria
listed below. The results of the evaluations shall be documented.
5.3.5.7 (task) The supplier shall conduct joint review(s) in accordance with
6.6.
5.3.6 Software detailed design
5.3.6.5 (task) The supplier shall define and document test requirements and
schedule for testing software units. The test requirements should
include stressing the software unit at the limits of its
requirements.
5.3.6.6 (task) The supplier shall update the test requirements and the
schedule for Software Integration.
5.3.6.7 (task) The supplier shall evaluate the software detailed design and
test requirements considering the criteria listed below. The
results
of the evaluations shall be documented.
5.3.7 Software coding and testing
5.3.7.5 (task) The supplier shall evaluate software code and test results
considering the criteria listed below. The results of the
evaluations
shall be documented.
5.3.9 Software qualification testing
5.3.11 System qualification testing
5.3.12 Software installation
5.3.13 Software acceptance support
5.3.13.2 (task) The supplier shall complete and deliver the software product
as specified in the contract.
5.4 Operation process
5.4.4 User support
5.5 Maintenance process
5.5.2 Problem and modification analysis
5.5.3 Modification implementation
6 supporting life cycle processes
6.1 Documentation process
6.2 Configuration management process
6.2.6 Release management and delivery
6.3 Quality assurance process
6.3.1 Process implementation
6.3.1.6 (task) It shall be assured that persons responsible for assuring
compliance with the contract requirements have the organizational
freedom, resources, and authority to permit objective evaluations
and to initiate, effect, resolve, and verify problem resolutions.
6.3.3 Process assurance
6.4 Verification
6.4.2 Verification
6.4.2.1 (task) The contract shall be verified considering the criteria
listed below.
6.5 Validation
6.6 Joint Review
6.6.2 Project management reviews
6.6.3 Technical reviews
6.7 Audit
6.8 Problem Resolution
7 Organizational life cycle processes
7.1 Management process
7.1.4 Review and evaluation
7.2 Infrastructure process
7.3 Improvement process
7.3.2 Process assessment
7.4 Training process
Part 6. Ordering Standards, Costs & More Information
ISO/IEC 12207 is collection of 3 standards.
ISO/IEC 12207 is the same as ISO/IEC 12207-0 "Software Cycle Processes"
ISO/IEC 12207-1 "Software Cycle Processes--Life Cycle Data"
ISO/IEC 12207-2 "Software Cycle Processes--Implementation Considerations"
ISO/IEC 12207 Set - complete set of all 3 standards
ISO 9000-3; ISO 9000 Compendium; ISO 12207, ISO 9126 available from ANSI
web page "http://www.ansi.org" or Phone number: 1-212-642-4900
Specific document search web page "http://www.ansi.org/catalog/search.html"
ISO 9000 Compendium contains ISO 9000 Series, ISO 1000 Series documents.
Cost does not include Shipping and Handling
Document Price $
ISO 9000-3 $72
ISO 9001 $42
ISO 9000-2 $65
ISO 9000 Compendium $250
ISO 12207 $96
ISO 9126 $44
IEEE 12207 Standards available from IEEE
web page "http://www.ieee.org" or Phone number: 1-800-678-4333
Available in Paper and PDF v3.0 formats
Cost does not include Shipping and Handling
Document & format Non$ Member$
12207-0 paper $60 $48
12207-0 PDF $90 $72
12207-1 paper $45 $36
12207-1 PDF $68 $54
12207-2 paper $65 $52
12207-2 PDF $98 $72
12207 set paper $153 $122
12207 set PDF $228 $183
- --- End of ISO 9000-3 Review
- --- Arnold Miller (amiller@SignalSoftCorp.com) 303-381-3019
- --- SignalSoft Corp. Test/QA person
- --- ASQ Section 1313's On-line and ISO 9000 person (asq1313@quality.org)
------------------------------
End of iso9000-3-digest V2 #8
*****************************