Today’s software quality assurance professionals are looking at quality issues that extend far beyond product inspection to cover all phases of definition, design, development, and maintenance. Those who are looking to improve performance and efficiency would be wise to consider the new ISO 9001:2015 standard, which sets criteria for a quality management system and can be used to assess an organization’s ability to meet customer and regulatory requirements.
Software organizations that are currently registered to the ISO 9001:2008 quality management standard will have until September 2018 to make the transition to the ISO 9001:2015 version. This provides time to transition to the new standard or acquire ISO 9001 registration and certification under the new standard. For more information visit ASQ Quality Management Standards.
Figure. Process-based quality management model showing links to sections in the ISO 9001:2008 standard. (Source: ISO)
Nearly all the sections of the ISO 9001:2015 standard link back to helping improve software quality priority areas:
Requirements are essential to the success of software quality, particularly since 50-60% of software quality issues are traceable directly to the quality of the system or software requirements. They also provide the initial artifacts for evaluation, and serve as the foundation of work upon which subsequent downstream phases or stages depend on for success.
Implementing ISO 9001:2015 can help interested parties influence the development and prioritization of requirements and help establish the validity and acceptance of requirements by key stakeholders. It can also help increase consistency and predictability by following expected processes.
Within the ISO 9001:2015, the emphasis on customer focus aggregates and prioritizes customer and regulatory requirements and considers risks and opportunities in order to achieve outcomes critical to customer satisfaction. ISO 9001:2015 supports the definition of business, functional, and technical requirements to enable and support design, development, and testing. For example, an Automated Teller Machine (ATM) must integrate usability, functionality, and financial compliance rules to have a workable solution that can be deployed and used. Since requirements change, the mechanism for reviewing, approving, and controlling such changes is essential to a sustainable solution.
Design and Code Reviews
Quality management is a key reviewer of design and code to ensure that it is complete, consistent, and testable. This is an important function, not only to assure the engineering components but also to involve the quality function at the earliest stages of design.
ISO 9001:2015 provides an initial review to validate alignment of designs to relevant quality objectives and conformance to requirements. This can help identify early software quality issues that might be overlooked and highlight requirements that may be complex or ambiguous.
Within the ISO 9001:2015, the emphasis on Awareness, Design and Development, and Control of External Components reviews and tracks scope of features and suitability of components prior to integration. ISO 9001:2015 supports the coverage and assurance of designed and acquired objects and code. This is particularly necessary if the design applies multiple coding languages and protocols into the overall solution.
Software Verification and Validation
Software quality is often synonymous with software testing, which itself comprises multiple levels of testing with respect to breadth, complexity, and techniques. Verification refers to the confirmation that systems and software align and fulfill explicit specifications, while validation confirms the proper operation with respect to the intended use of the system or software in its expected operating environment.
However, the resources conducting verification and validation must be properly trained with necessary testing techniques and system or application under test. ISO 9001:2015 can help reduce churn or delay from ‘tester error’ and provide assurance in testing validity and outcomes.
Within the ISO 9001:2015, the emphasis on resources and competence ensure that qualified and suitable people apply appropriate test techniques to reveal those design and functionality defects that would imperil successful use and deployment. ISO 9001:2015 supports the monitoring, measurement, analysis, and evaluation to ensure that desired levels of functionality, reliability, usability, maintainability, and performance are present. For example, an online tax preparation service that is intended for both computer and mobile platforms would require accuracy, usability, and functionality across all devices intended for use and deployment. Since customer satisfaction and risk management are affected, these would be essential drivers for this initiative.
Defect Tracking and Resolution
Defects are frequently found and revealed throughout every stage of software quality from initial reviews to final validation. These product or system deficiencies must be captured and categorized, so that those of critical or high priority and impact can be resolved. Defects reveal the stability of the software, and provide an indicator of the suitability of earlier assurance efforts.
ISO 9001:2015 can help with creation and updating of records which track test completion and defect origination and resolution. When an approved tool of record is used to cover mandatory information, defects and test completion will be more consistently reported.
Within the ISO 9001:2015, the emphasis on improvement, nonconformity, and corrective action provides a structured approach to tracking product deficiencies and identifying corrections and improvements. ISO 9001:2015 supports the documentation of such issues to retain an audit trail and create a sustainable knowledge base. For example, an airline booking application with many interdependent systems and interfaces must have its defects tracked and resolved in a documented manner.
Configuration management is essential for the control of the hundreds and thousands of individual components, designs, artifacts, application entities, and infrastructure assets that comprise an integrated software or systems engineering solution. Navigating through different versions and constantly changing parts can be complex.
ISO 9001:2015 helps configuration management follow identification and versioning conventions to ensure consistency, traceability and reproducibility. That will help ensure that systems have components tracked according to the defined approaches which are aligned with the overall quality system.
Within the ISO 9001:2015, the emphasis on planning changes, identification, and traceability support controlled conditions and tracking of baselines and versions for replication and reproducibility. ISO 9001:2015 supports consistency and control, with the resulting records and libraries being created for future reference ad reuse. For example, a medical imaging storage application tracks and traces the various protocols used in order to keep records organized and searchable, without losing functionality during product maintenance or upgrades.
Product Release, Maintenance, and Resolution of Incidents and Problems
This is the phase which aggregates the outcomes from the prior phases for a general review by top management, customers, and key stakeholders. The general perception is that software quality is completed when development is done. In fact, the opposite is true: release to production and maintenance phases extend the need for software quality.
Introducing the product to the user community within a constantly evolving infrastructure and operating system requires constant attention and control. That’s where ISO 9001:2015 can help by supporting operational activities for acceptance, release and post-delivery.
Within the ISO 9001:2015, the emphasis on the full product life cycle supports the continuation of controls after release, evolving the solution and systems until product retirements. ISO 9001:2015 also reinforces this concept through management reviews and continual improvement. For example, the software installed into a firmware system (i.e. manufacturing conveyor belt system for food packaging) cannot be easily replaced so it must be incrementally updated through maintenance activities, as required by the business and technical needs of the system in use.
Next Steps in Making the Transition to ISO 9001:2015
For software professionals who are looking to make the transition to ISO 9001:2015, it will be important to first thoroughly review the standard to understand new terminology and requirements that will need to be addressed as well as to determine how current processes may allow the organization to build on what it already has in place. Organizational leaders will need to understand and accept how these risk-based processes can help the company become more profitable and competitive.
Ultimately, achieving alignment with this international ISO 9001:2015 standard will create the necessary architecture and infrastructure to support and sustain continuing software quality management.
Daniel Zrymiak is Performance and Functional Excellence Lead for Accenture and is co-author of the ASQ Six Sigma Green Belt Handbook. He has worked in quality for two decades and lives in Canada and blogs at A QualitEvolution.