Software Quality Standards – ISO 9000

Back to Table of Contents

The International Organization for Standardization (ISO), a worldwide conglomerate of some 100 national standards federations, has designed a universally acceptable set of quality management and quality assurance standards known as ISO 9000. These are the only internationally recognized quality standards that cover the entire business life cycle of a product or service.

The ISO 9001 standard applies to product design, development, production, installation, service, and document and data control, and is applicable across all engineering disciplines. Compliance with ISO 9001 is a requirement for doing business in many countries. Here in the United States, many companies require evidence of ISO registration before they will even consider giving a contract to a software development company. Furthermore, many software development companies additionally require all of their suppliers to be ISO registered.

A major factor of ISO 9001 is the requirement to define all processes related in any way to product quality, to document and follow all processes, and to provide evidence of compliance. These processes are usually audited at least semiannually, and serious non-conformances can result in the loss of a company’s ISO registration.

Maintaining ISO certification requires ongoing evidence of meeting the stringent requirements of standards. Evidence is examined and documented via a continuing program of independent surveillance audits conducted by a certified ISO registrar. A special set of guidelines (9000-3) has been provided to help interpret the standard for use in software development.

In CSC 492, software development is conducted following ISO 9000 guidelines. The CSC 492 Software Development Process contains the following elements of ISO 9000 related to software product development:

  • Documented product development process with measurements and controls of both process and product.
  • Establishment of requirements prior to starting development.
  • Documented product acceptance criteria.
  • Schedule of development activities (Task Plan).
  • Records that show a match between development specifications and requirements.
  • Records of development analysis and review activities.
  • Documented evidence of design reviews.
  • Documented software development specifications that describe all programs and data structures.
  • Description of how development changes are received, evaluated, approved, and implemented.
  • Development verification activities.
  • Evidence of verification activities such as inspections, tests, and prototyping.
  • Documented test plan.
  • Identification and analysis of software defects and other problems.