1. International Software Quality Models ISO 9000-3
SQA – SWE 333
Software Quality Assurance
International Software Quality Models ISO
Prof. Dr. Mohamed BATOUHE
Dept. of Software Engineering
CCIS – King Saud University

2. Quality Management Standards
The scope of quality management standards

3. The Benefits of using Standards
* The ability to apply methodologies and procedures of the highest professional level. * Better mutual understanding and coordination among development teams but especially between development and maintenance teams. * Greater cooperation between the software developer and external participants in the project. * Better understanding and cooperation between suppliers and customers, based on the adoption of standards as part of the contract.

4. Organizations involved in SQA Standards Development
Most prominent developers of SQA standards:
IEEE (Institute of Electric and Electronic Engineers) Computer Society
ISO (International Standards Organization)
DOD (US Department of Defense)
ANSI (American National Standards Institute)
IEC (International Electrotechnical Commission)
EIA (Electronic Industries Association)

5. Scope of quality management standards – Certification Standards
*  Enable a software development organization to demonstrate consistent ability to assure acceptable quality of its software products or maintenance services. Certification is granted by an external body.
*   Serve as an agreed-upon basis for customer and supplier evaluation of the supplier’s quality management system. Accomplished by performance of a quality audit by the customer.
*  Support the organization's efforts to improve its quality management system through compliance with the standard’s requirements.
→ One indication of the importance of standards is the current trend of software development tenders, which require certification of participants …

6. Quality Management Standards
ISO 9001 and ISO

7. ISO 9000
In 1946, delegates from 25 countries met in London and decided to create a new international organization, of which the object would be "to facilitate the international coordination and unification of industrial standards". The new organization, ISO, officially began operations on 23 February 1947, in Geneva, Switzerland.
ISO 9000 is a series of documented standards prescribing quality management.
ISO 9000 has a broad scope: hardware, software, processed materials and services.
The standard outlines the basic elements of a good quality management system. These elements are good business practice.

8. ISO 9000
ISO 9000 is a written set of standard which describe and define the basic elements/clauses of the quality system needed to ensure that an organization’s products/or services meet or exceed customer needs and expectations
ISO 9000 is based on documentation and is based on the following:
- Document what you do;
- Do what your document;
- Prove it and improve it
ISO 9000 emphasizes prevention.

9. ISO 9000
ISO 9000 and ISO 9004 are guidelines for quality management and are not Mandatory for certification.
ISO 9001, ISO 9002, and ISO 9003 are Quality system standards.
ISO 9001 is the broadest standard and provides a model for design, development, production, installation and servicing
ISO 9002 is limited to production, installation and servicing
ISO 9003 is further limited to inspection and testing
A company should first use ISO to design and to implement a quality system. Once the quality has been installed, the company may use the quality assurance models of ISO 9001, ISO 9002, or ISO 9003 to demonstrate the adequacy of the quality system.

10. Why ISO 9000 Certification? Better organizational definition
greater quality awareness
better documentation of processes
increased control of operations
Ongoing analysis of and solution to problems
Positive cultural change
Improved customer satisfaction and increased market opportunities

11. The criteria for getting ISO 9000/9001 certification
Review the current operation and business structure of your facility.
Provide an introductory session in ISO 9000/9001 requirements and instruct in the preparation of job descriptions and work instruction style documentation.
Audit the completed job descriptions and work instructions and prepare the structure for the policies and procedures manual.
Write the first draft of the policy and procedures manual to meet ISO 9000/9001 standards incorporating the existing documented work instructions.

12. The criteria for getting ISO 9000/9001 certification
Submit first draft of manuals for review and approval. Prepare final draft of documentation and audit manuals for compliance to ISO 9000/9001 requirements.
Train staff on the policies, procedures and work instruction manuals and receive feedback as to the accuracy of the documentation.
Conduct a simulated third party audit of the implemented Quality System utilizing qualified auditors.
Make final adjustments to the Quality System to prepare for certified third party audit.

13. Overview of ISO 9000

14. ISO
ISO , the guidelines offered by ISO, represent implementation of the ISO 9000 standards to the special case of software development and maintenance.
ISO is a standard for quality software systems.
It is very short (approximately 30 pages) and very high level (abstraction).
It explains what to do and not how to do !!

15. ISO 9000-3: An Excerpt ISO 9000-3 4.4 Software development and design
General
Develop and document procedures to control the product design and development process. These procedures must ensure that all requirements are being met.
Software development
Control your software development project and make sure that it is executed in a disciplined manner.
Use one or more life cycle models to help organize your software development project.
Develop and document your software development procedures. These procedures should ensure that:
Software products meet all requirements.
Software development follows your:
Quality plan.
Development plan.
From

16. ISO 9000-3 The 8 guiding quality management principles:
Principle 1 Customer focus
Principle 2 Leadership
Principle 3 Involvement of people
Principle 4 Process approach
Principle 5 System approach to management
Principle 6 Continual improvement
Principle 7 Factual approach to decision making
Principle 8 Mutually beneficial supplier relationships

17. Principle 1 Customer focus
Organizations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations.

18. Principle 2 LEADERSHIP
Leaders establish unity of purpose and direction of the organization (the organization’s vision). They should create and maintain the internal environment in which people can become fully involved in achieving the organization's objectives.

19. Principle 2 LEADERSHIP Key benefits
People will understand and be motivated towards the organization's goals and objectives.
Activities are evaluated, aligned and implemented in a unified way.
Miscommunication between levels of an organization will be minimized.

20. Principle 3 Involvement of people
People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization's benefit.

21. Principle 4 Process approach
A desired result is achieved more efficiently when activities and related resources are managed as a process.

22. How is a Process Managed?
Monitor & Measure the Process
make sure the inputs are right, the transformation
activities consistently work, and the desired results
are achieved, then - improve the process as needed
Activity
INPUT
OUTPUT
Efficient
No Waste
Effective
Desired Results Achieved
Right Resources:
Qualified People
Right Facilities/Equipment
Correct Materials
Proven Methods
Desired Results:
Quality Products
Quality Services
Customer Satisfaction
Employee Satisfaction

23. Principle 5 System approach to management
Identifying, understanding and managing interrelated processes as a system contributes to the organization's effectiveness and efficiency in achieving its objectives.

24. Principle 6 Continual improvement
Continual improvement of the organization's overall performance should be a permanent objective of the organization.

25. Improve Process through PDCA Cycle Improvement Objective
The Quality Management System (QMS) must be used for continuous improvement ...
Improve Process through PDCA Cycle
Results
Baseline Performance
Plan Do
Act Check
Measure/Monitor Results Against Objectives - Improve Process and Change QMS as Needed to Achieve and Sustain Desired Results
QMS
Improvement Objective

26. QUALITY MANAGEMENT SYSTEM
Continual improvement of the
Quality management system
Management
responsibility
Customers
Customers
Measurement,
analysis and
improvement
Resource
management
Satisfaction
Requirements
The ISO 9001:2000 Requirements:
Scope
General
Application
Normative reference
Terms and definitions
Quality management system
General requirements
Documentation requirements
Quality manual
Control of documents
Control of records
Management responsibility
Management commitment
Customer focus
Quality policy
Planning
Quality objectives
Quality management system planning
Output
Input
Product
realization
Product
Information flow
Value-adding activities

27. Principle 7 Factual approach to decision making
Effective decisions are based on the analysis of data and information

28. Principle 8 Mutually beneficial supplier relationships
An organization and its suppliers are interdependent and a mutually beneficial relationship enhances the ability of both to create added value

29. ISO : Requirements
The ISO includes about 20 requirements that relate to various aspects of software quality management classified into the following five groups:
Quality management system
Management responsibilities
Resource management
Product realization
Measurement, analysis and improvement

30. ISO 9000-3: Principal areas of quality focus
• management responsibility • quality system requirements • contract review requirements • product design requirements • document and data control • purchasing requirements • customer supplied products • product identification and traceability • process control requirements • inspection and testing
• control of inspection, measuring, and test equipment
• inspection and test status
• control of nonconforming products
• corrective and preventive actions
• handling, storage, and delivery
• control of quality records
• internal quality audit requirements
• training requirements
• servicing requirements
• statistical techniques

31. ISO Certification

32. ISO 9000-3 Certification Development of the organization’s SQA system:
Development of a quality model and SQA procedures
Development of other SQA infrastructure
Staff training
Preventive and corrective actions procedures
Configuration management services
Documentation and quality record control
Development of a project progress control system

33. ISO Certification
Implementation of the organization’s SQA system:
Setting up a staff instruction program
Leaders and managers are expected to follow up and support the implementation efforts made by their units.
Internal quality audits are carried out to verify the success in implementation.
The findings will determine of whether the organization has reached a satisfactory level of implementation.

34. References
Williaw E. Lewis, “Software Testing And Continuous Quality Improvement”, Third Edition, CRC Press, 2009.
K. Naik and P. Tripathy: “Software Testing and Quality Assurance”, Wiley, 2008.
Ian Sommerville, Software Engineering, 8th edition, 2006.
Aditya P. Mathur,“Foundations of Software Testing”, Pearson Education, 2009.
D. Galin, “Software Quality Assurance: From Theory to Implementation”, Pearson Education, 2004
David Gustafson, “Theory and Problems of Software Engineering”, Schaum’s Outline Series, McGRAW-HILL, 2002.
Michael R. Liu, Handbook of Software Reliability Engineering, IEEE Computer Society Press, McGraw-Hill, 2005.

35. Q & A