ISO IEC 90003 2004 Software Standard in Plain English

The following material translates the ISO/IEC 90003:2004 software standard into
plain English. However, this material is both selective and general. It is, therefore,
incomplete. If you need a detailed and complete version of this standard, please
consider purchasing our Title 60: ISO IEC 90003 2004 Plain English Checklist.
Our Title 60 translates this rather complex and difficult material into plain English
using a simple task oriented checklist approach. Title 60 is 175 pages long.

ISO IEC 90003 is a quality management standard for computer software and related
services. It replaces the old ISO 9000-3 1997 software standard. ISO IEC 90003
explains how ISO 9001 2000 can be applied to software and related services.

Please note that ISO presents quality management requirements and guidelines
in sections 4 to 8 of ISO 90003. Therefore, the following material begins with section 4.
However, the bulk of this material will be taken from section 7 since this section makes
up over 60 percent of the standard. Section 7 discusses Software Product Realization.
Sections 1 to 3 cover a variety of technical introductory topics. These additional
topics are also covered in Title 60: ISO IEC 90003 2004 Plain English Checklist.

ISO IEC 90003 2004 SOFTWARE STANDARD IN PLAIN ENGLISH
ISO 90003	4. Systemic Requirements and Guidelines
4.1 Establish a quality management system for software products	Develop a quality system for software products and related services. Identify the processes that make up your quality system. Identify the processes that make up your approach to software development. Identify the processes that make up your approach to software development planning. Identify the processes that make up your approach to software quality planning. Identify the processes that make up your approach to software operation. Identify the processes that make up your approach to software maintenance. Describe the processes that make up your quality system. Describe the sequential structure of your processes. Describe how your processes interact with one another.
	Implement a quality system for software products and services. Use your quality management system processes. Manage the effectiveness of your processes. Support the effectiveness of your processes.
	Improve your software oriented quality management system. Monitor the effectiveness of your processes. Measure the effectiveness of your processes. Improve the effectiveness of your processes.
4.2 Document your software oriented quality system	4.2.1 Develop quality management system documents. Develop documents to implement your quality system. Develop documents that describe your software processes. Develop documents that describe your life cycle models.
	4.2.2 Prepare a quality management system manual. Document your procedures. Describe how your processes interact. Define the scope of your quality system. Justify exclusions and reductions in scope.
	4.2.3 Control quality management system documents. Approve documents before you distribute them. Provide the correct version of documents at points of use. Prevent the accidental use of obsolete documents. Preserve the usability of your quality documents.
	4.2.4 Maintain quality management system records. 4.2.4.1 Prove that requirements have been met. 4.2.4.2 Prove that your operations are effective. 4.2.4.3 Establish a record retention approach.

ISO IEC 90003 2004 SOFTWARE STANDARD IN PLAIN ENGLISH
ISO 90003	5. Management Requirements and Guidelines
5.1 Support quality	Promote the importance of quality. *Promote the need to meet customer requirements.* *Promote the need to meet software product requirements.*
	Develop a quality management system. Support the development of a quality system. Formulate your organization's quality policy. Set your organization's quality objectives. Provide needed quality resources.
	Implement your quality management system. Provide resources to implement your quality management system. Encourage people to meet quality management system requirements.
	Improve your quality management system. Perform quality management reviews. Provide resources to improve quality system.
5.2 Focus on your customers	Identify customer requirements. Expect people to identify customer requirements.
	Meet customers requirements. Expect your organization to meet customer requirements.
	Enhance customer satisfaction. Expect your organization to enhance customer satisfaction.
5.3 Establish a quality policy	Define your quality policy. Ensure that your policy serves your organization's purpose. Ensure that your policy emphasizes the need to meet requirements. Ensure that your policy facilitates the development of quality objectives.
	Manage your quality policy. Communicate your policy throughout your organization. Review your policy to ensure that it continues to be suitable.
5.4 Perform quality planning	5.4.1 Formulate your quality objectives. Set objectives for all functional areas. Set objectives at all organizational levels.
	5.4.2 Plan your quality management system. Plan the development of your quality management system. Carry out quality management planning for software products. Plan how you're going to improve the effectiveness of your quality system.
5.5 Control your quality system	5.5.1 Define responsibilities and authorities. Document responsibilities and authorities. Communicate responsibilities and authorities.
	5.5.2 Appoint a management representative. Oversee your quality management system. Report on the status of your quality management system. Support the maintenance of your quality management system.
	5.5.3 Support internal communications. Ensure that communication processes are established. Ensure that communication occurs throughout organization.
5.6 Perform management reviews	5.6.1 Review your quality management system. Plan regular reviews of your quality management system. Evaluate the effectiveness of your quality management system. Maintain a record of your quality management reviews.
	5.6.2 Examine management review inputs. Examine audit results. Examine opportunities to improve. Examine feedback from customers. Examine software product conformity data. Examine process performance information. Examine corrective and preventive actions. Examine previous quality management reviews.
	5.6.3 Generate management review outputs. Generate actions to improve quality system effectiveness. Generate actions to improve your software products. Generate actions to address your resource needs.

ISO IEC 90003 2004 SOFTWARE STANDARD IN PLAIN ENGLISH
ISO 90003	6. Resource Requirements and Guidelines
6.1 Provide quality resources	Identify quality management system resource requirements. Identify resources needed to support your quality system. Identify resources needed to meet customer requirements. Identify resources needed to meet regulatory requirements.
	Provide quality management system resources. Provide resources needed to support your quality management system. Provide resources needed to implement the quality management system. Provide resources needed to improve your quality management system. Provide resources needed to meet customers' requirements. Provide resources needed to meet regulatory requirements.
6.2 Provide quality personnel	6.2.1 Use competent personnel. *Ensure that your personnel have the right experience.* *Ensure that your personnel have the right education.* *Ensure that your personnel have the right training.* *Ensure that your personnel have the right skills.*
	6.2.2 Support competence. Define acceptable levels of competence. Identify your organization's training and awareness needs. Identify training needs of software development personnel. Identify training needs of software project management personnel. Deliver your organization's training and awareness programs. Evaluate effectiveness of training and awareness programs. Maintain a record of competence.
6.3 Provide quality infrastructure	Identify infrastructure needs. Identify the infrastructure you need in order to develop software. *Identify the hardware* you need in order to develop software. Identify the software you need in order to develop software. Identify the facilities you need in order to develop software. Identify the tools you need in order to manage software. Identify the tools you need in order to develop software. Identify the tools you need in order to support software. Identify the tools you need in order to protect software. Identify the tools you need in order to control software.**
	Provide needed infrastructure. Provide the infrastructure you need in order to develop software. *Provide the hardware* you need in order to develop software. Provide the software you need in order to develop software. Provide the facilities you need in order to develop software. Provide the tools you need in order to manage software. Provide the tools you need in order to develop software. Provide the tools you need in order to support software. Provide the tools you need in order to protect software. Provide the tools you need in order to control software.**
	Maintain your infrastructure. Maintain the infrastructure you need in order to develop software. *Maintain the hardware* you need in order to develop software. Maintain the software you need in order to develop software. Maintain the facilities you need in order to develop software. Maintain the tools you need in order to manage software. Maintain the tools you need in order to develop software. Maintain the tools you need in order to support software. Maintain the tools you need in order to protect software. Maintain the tools you need in order to control software.**
6.4 Provide quality environment	Identify needed work environment. Implement needed work environment. Manage needed work environment.

ISO IEC 90003 2004 SOFTWARE STANDARD IN PLAIN ENGLISH
ISO 90003	7. Realization Requirements and Guidelines
7.1 Control software product realization planning	Plan software product realization processes. Identify software product quality objectives and requirements. Identify software product realization needs and requirements. Identify software product realization risk management requirements. Identify software product realization record keeping requirements.
	Develop product realization processes. Develop product realization documents. Develop product realization record keeping systems. Develop methods to control quality during product realization.
	7.1.1 Use life cycle models to plan your work. Plan your tasks, activities, and processes using suitable software life cycle models. Select suitable software life cycle models. Use suitable software life cycle models to carry out your software projects. Select suitable software development methods.
	7.1.2 Carry out software quality planning. Plan how you're going to apply your quality management system to the development of your software products. Plan how you’re going to apply your quality management system to each software project.
7.2 Control customer processes	7.2.1 Identify your customers' software product requirements. Identify the requirements that customers want you to meet. Identify the requirements that are dictated by the product's use. Identify the requirements that are imposed by external agencies. Identify the requirements that your organization wants to meet.
	7.2.1.1 Identify customer-related software requirements. Establish methods that can be used to identify customer-related software requirements. Establish methods that can be used to authorize changes in customer-related software requirements. Establish methods that can be used to track changes in customer-related software requirements.
	7.2.2 Review your customers' software product requirements. *Review requirements related to software contracts.* *Review requirements related to software engineering.* *Review requirements related to software maintenance.* *Review requirements related to software quality.*
	7.2.2.1 Identify your organization's software product concerns. Identify the software design and development standards and procedures that must be used before you agree to supply software products. Identify the items that must be provided by the customer before you agree to supply software products. Identify and define the methods that will be used to assess the suitability of the items that you expect your customer to provide.
	7.2.2.2 Evaluate risks related to product requirements. Evaluate your risks before you agree to meet product oriented requirements. Evaluate criticality issues before you agree to meet product oriented requirements. Evaluate safety issues before you agree to meet product oriented requirements. Evaluate security issues before you agree to meet product oriented requirements. Evaluate your organizations experience and capabilities before you agree to meet product oriented requirements. Evaluate your suppliers’ experience and capabilities before you agree to meet product oriented requirements.
	7.2.2.3 Appoint someone to represent the customer. Ask your customer to appoint someone to support your software development activities and manage all contractual responsibilities. Make sure that customer representatives have the authority to ensure that customer personnel will cooperate with your staff.
	7.2.3 Communicate with your software customers. Develop a process to control communications with customers. Make sure that your process controls customer advisory notices. Implement your customer communications process.
	7.2.3.1 Communicate with your software customers. Make sure that your customer communication methods are consistent with your contractual agreements.
	7.2.3.2 Communicate with customers during development. Schedule reviews involving both the customer and your organization (joint reviews) to discuss software product development information. *Schedule joint reviews to discuss enquiries.* *Schedule joint reviews to discuss contracts.* *Schedule joint reviews to discuss amendments.* *Schedule joint reviews to discuss progress.*
	7.2.3.3 Communicate during operations and maintenance. Communicate with your customers during the software operations life cycle process. Communicate with your customers during the software maintenance life cycle process.
7.3 Control software design and development	7.3.1 Plan product design and development. Define your software product design and development stages. Establish procedures to control software design and development. Clarify design and development responsibilities and authorities. Manage interactions between design and development groups. Update your design and development plans as changes occur. Document your planning outputs as changes occur.
	7.3.1.1 Plan software design and development. Identify the activities that must be performed. Identify the inputs that each activity requires. Identify the outputs generated by each activity. Identify the management activities that will be needed. Identify the support services that will be required. Identify the team training that will be necessary. Identify the resources that your project will need. Identify verification and validation activities. Identify design and development rules and conventions. Identify software development tools and techniques.
	7.3.1.2 Plan review, verification, and validation activities. Use maintenance procedures or service agreements to plan the review, verification, and validation of software operations. Use maintenance procedures or service agreements to plan the review, verification, and validation of software maintenance.
	7.3.2 Define software design and development inputs. Specify product design and development inputs. Record product design and development input definitions. Evaluate product design and development input definitions. Review input definitions before you approve them. Derive software design and development inputs. Derive software design and development inputs from functional requirements. Derive software design and development inputs from performance requirements. Derive software design and development inputs from quality requirements. Derive software design and development inputs from safety requirements. Derive software design and development inputs from security requirements.
	7.3.3 Generate software design and development outputs. Create software product design and development outputs. Approve software design and development outputs prior to release. Use design and development outputs to control software product quality. Maintain a record of your software design and development outputs.
	7.3.4 Carry out software design and development reviews. Carry out reviews throughout your software product design and development process. Establish procedures that specify how problems identified during your software design and development reviews should be handled. Establish procedures that specify how product deficiencies or nonconformities should be handled. Establish procedures that specify how process deficiencies or nonconformities should be handled. Formulate the guidelines that all participants will be expected to follow during your software design and development reviews.
	7.3.5 Perform software design and development verifications. Perform verification activities throughout the software design and development process. Record the results of your software design and development verification activities.
	7.3.6 Conduct software design and development validations. Perform product design and development validations. Conduct clinical evaluations of medical devices (if required). Conduct performance evaluations of devices (if required) Record product design and development validations.
	7.3.6.1 Carry out software validation activities. Validate the operation of your software product before you ask the customer to formally accept it. Confirm that your new software product meets the requirements specified in your customer contract. Confirm that your new software product meets the requirements that define its intended use. Record the results of your software validations.
	7.3.6.2 Carry out software testing activities. Test individual software items in order to ensure that they meet operational requirements. Test the complete software product in order to ensure that it meets operational requirements.
	7.3.7 Manage software design and development changes. Identify changes in product design and development. Use configuration management to control software design and development changes. Record changes in software product design and development. Review changes in software product design and development. Verify changes in software product design and development. Validate changes in product design and development. Approve changes before they are implemented.
7.4 Control your purchasing function	7.4.1 Control purchasing process. Ensure that your purchased products meet requirements. Create a procedure to ensure purchases meet requirements. Ensure that your suppliers meet requirements.
	7.4.1.1 Control software purchasing process. Control the purchase of software products. Control the purchase of subcontracted services. Control the purchase of outsourced activities.
	7.4.1.2 Control purchased parts and components. Control the purchase of products that will become a component part of your software product. Control computer hardware if you intend to make it a component part of your software product. Control documentation if you intend to make it a component part of your software product.
	7.4.2 Document product purchases. Describe the products being purchased. Identify the software product being purchased. Specify the requirements that purchases must meet. Identify the requirements that purchased software must meet. Identify the procedures that your software suppliers must follow. Describe the skill and knowledge requirements that supplier personnel must be able to meet.
	7.4.3 Verify purchased products. Use acceptance testing to verify the suitability of software that has been purchased for use in software design and development. Use acceptance testing to confirm that subcontracted software development work meets your requirements. Use acceptance testing to confirm that software that is purchased on your behalf by subcontractors meets your requirements.
7.5 Manage production and service provision	7.5.1 Control production and service provision. 7.5.1.1 Control software production and service. 7.5.1.2 Control software build and release. 7.5.1.3 Control software replication activities. 7.5.1.4 Control software delivery activities. 7.5.1.5 Control software installation activities. 7.5.1.6 Control your software operations. 7.5.1.7 Control software maintenance activities.
	7.5.2 Validate production and service provision. Validate production and service processes whenever process outputs cannot be measured, monitored, or verified (sometimes referred to as special processes). Develop methods and procedures to prove that special processes can produce planned results. Keep records that can prove that special production and service processes can produce planned results.
	7.5.3 Identify and track your products. 7.5.3.1 Identify and trace software products. 7.5.3.2 Use software configuration management. 7.5.3.3 Establish a process to trace software.
	7.5.4 Protect property supplied by customers. Identify property supplied to you by customers. Verify property supplied to you by customers. Safeguard property supplied to you by customers.
	7.5.5 Preserve your products and components. Preserve products and components during internal processing. Establish procedures to preserve products during processing. Preserve products and components during final delivery. Establish procedures to preserve products during delivery.
7.6 Control monitoring devices	Identify monitoring and measuring needs. Identify your organization’s monitoring and measuring needs and requirements. Identify the monitoring and measurements that should be performed in order to ensure that your products meet specified requirements.
	Select monitoring and measuring devices. Select devices that are capable of meeting your organization’s monitoring and measuring needs. Select devices that can perform the monitoring and measuring that your organization needs to perform.
	Calibrate your monitoring and measuring devices. Calibrate your monitoring and measuring devices by comparing them against devices that can be traced to national or international standards. Identify the calibration status of your devices. Record the results of your calibration activities.
	Protect your monitoring and measuring devices. Use a configuration management system to control monitoring and measuring devices. Protect your devices from unauthorized adjustment. Protect your devices from damage or deterioration.
	Validate your monitoring and measuring devices. Validate monitoring and measuring devices before you use them. Revalidate monitoring and measuring devices when necessary.
	Use your monitoring and measuring devices. Use devices to ensure that your products meet requirements.

ISO IEC 90003 2004 SOFTWARE STANDARD IN PLAIN ENGLISH
ISO 90003	8. Remedial Requirements and Guidelines <SAMPLE Checklist (pdf)
8.1 Carry out remedial processes	Plan remedial processes. Plan how monitoring, measuring, and analytical processes will be used to demonstrate conformity. Plan how monitoring, measuring, and analytical processes will be used to maintain your quality management system. Plan how monitoring, measuring, and analytical processes will be used to continually improve the effectiveness of your quality management system.
	Implement remedial processes. Use monitoring, measuring, and analytical processes to demonstrate conformance. Use monitoring, measuring, and analytical processes to maintain your quality management system. Use monitoring, measuring, and analytical processes to continually improve the effectiveness of your quality management system.
8.2 Monitor and measure quality	8.2.1 Monitor and measure customer satisfaction. Identify methods that you can use to monitor and measure customer satisfaction. Use customer satisfaction information as a measure of quality management system performance. Monitor and measure customer satisfaction by analyzing help desk calls about product quality and service performance. Monitor and measure customer satisfaction by studying quality-in-use metrics derived from direct and indirect customer feedback.
	8.2.2 Plan and perform regular internal audits. Set up an internal audit program. Develop an internal audit procedure. Plan your internal audit projects. Plan how you’re going to audit software projects. Perform regular internal audits. Solve problems discovered by audits. Verify that problems have been solved.
	8.2.3 Monitor and measure quality processes. Use suitable methods to monitor and measure processes. Take action when processes fail to achieve planned results.
	8.2.4 Monitor and measure product characteristics. Monitor and measure how well your software products comply with quality requirements. Maintain a record of your software product monitoring and measuring activities.
8.3 Control your nonconforming software products	Establish a nonconforming software products procedure. Define how nonconforming software products should be identified. Define how nonconforming software products should be controlled.
	Identify and control your nonconforming software products. Eliminate or correct software product nonconformities. Prevent the delivery or use of nonconforming software products. Avoid the inappropriate use of nonconforming software products. Grant concessions only if regulatory requirements are met.
	Re-verify nonconforming software products that were corrected. Prove that corrected software products now meet requirements.
	Control nonconforming software products after delivery or use. Control events when you deliver or use nonconforming products. Develop a work instruction to control product rework process.
	Maintain records of nonconforming software products. Document your software product nonconformities. Describe the actions taken to deal with nonconformities. Maintain a record of software product concessions granted.
8.4 Analyze quality information	Define quality management information needs. Identify the type of information your organization needs to have about its quality management system. Define what kind of information you need in order to be able to evaluate the suitability and effectiveness of your quality management system.
	Collect quality management system data. Monitor and measure the suitability of your quality management system. Monitor and measure the effectiveness of your quality management system.
	Provide quality management information. Provide information about your customers. Provide information about your suppliers. Provide information about your products. Provide information about your processes. Develop procedures to analyze information. Maintain a record of your analytical results.
8.5 Take required remedial actions	8.5.1 Maintain your quality management system. Use audits to help maintain the effectiveness of your quality system. Use quality data to help maintain quality system effectiveness. Use your quality policy to help maintain quality system effectiveness. Use your quality objectives to help maintain quality system effectiveness. Use management reviews to help maintain quality system effectiveness. Use corrective actions to help maintain quality system effectiveness. Use preventive actions to help maintain quality system effectiveness.
	8.5.2 Correct actual nonconformities. Review your nonconformities. Figure out what causes your nonconformities. Evaluate whether you need to take corrective action. Develop corrective actions to prevent recurrence. Take corrective actions when they are necessary. Record the results that your corrective actions achieve. Examine the effectiveness of your corrective actions.
	8.5.3 Prevent potential nonconformities. Detect potential nonconformities. Identify the causes of potential nonconformities. Study the effects of potential nonconformities. Evaluate whether you need to take preventive action. Develop preventive actions to eliminate causes. Take preventive actions when they are necessary. Record the results that your preventive actions achieve. Examine the effectiveness of your preventive actions.

Disclaimer and Limitation of Liability
The publisher and authors have used their best efforts in designing and
developing this electronic publication. We make no representation or warranties
with respect to accuracy or completeness of the contents of this publication and
specifically disclaim any implied warranties or merchantability or fitness for any
particular purpose and shall in no event be liable for any loss of profit or any
other commercial damage, including but not limited to special, incidental,
consequential, or other damages.

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
material as often as you wish, free of charge. And as long as you keep intact
all copyright notices, you are also welcome to print or make one copy of this
page for your own personal, noncommercial, home use. But, you are not
legally authorized to print or produce additional copies, or to copy and paste
any of our material onto another web site. If you would like to purchase our
material, please contact our Sales Desk. Our staff would be very pleased to
take your order or to answer any questions you might have.

Home Page	Our Libraries	A to Z Index	Our Customers
How to Order	Our Products	Our Prices	Our Guarantee
PRAXIOM RESEARCH GROUP LIMITED 9619 - 100A Street, Edmonton, Alberta, T5K 0V7, Canada Telephone: (780)461-4514 info@praxiom.com
Updated on January 6, 2010. On the Web since May 25, 1997.

ISO IEC 90003 2004

SOFTWARE STANDARD

TRANSLATED INTO PLAIN ENGLISH

ISO IEC 90003 2004 SOFTWARE STANDARD IN PLAIN ENGLISH

4.1 Establish a quality management system for software products

4.2 Document your software oriented quality system

ISO IEC 90003 2004 SOFTWARE STANDARD IN PLAIN ENGLISH

5.1 Support quality

5.2 Focus on your customers

5.3 Establish a quality policy

5.4 Perform quality planning

5.5 Control your quality system

5.6 Perform management reviews

ISO IEC 90003 2004 SOFTWARE STANDARD IN PLAIN ENGLISH

6.1 Provide quality resources

6.2 Provide quality personnel

6.3 Provide quality infrastructure

6.4 Provide quality environment

ISO IEC 90003 2004 SOFTWARE STANDARD IN PLAIN ENGLISH

7.1 Control software product realization planning

7.2 Control customer processes

7.3 Control software design and development

7.4 Control your purchasing function

7.5 Manage production and service provision

7.6 Control monitoring devices

ISO IEC 90003 2004 SOFTWARE STANDARD IN PLAIN ENGLISH

8.1 Carry out remedial processes

8.2 Monitor and measure quality

8.3 Control your nonconforming software products

8.4 Analyze quality information

8.5 Take required remedial actions

4.1
Establish
a quality management system for software products

4.2
Document your software oriented quality system

5.1
Support
quality

5.2
Focus on your customers

5.3
Establish
a quality
policy

5.4
Perform
quality
planning

5.5
Control
your quality system

5.6
Perform management reviews

6.1
Provide quality resources

6.2
Provide quality personnel

6.3
Provide quality infrastructure

6.4
Provide quality environment

7.1
Control software product realization planning

7.2
Control customer processes

7.3
Control software design and development

7.4
Control your purchasing function

7.5
Manage production
and service provision

7.6
Control
monitoring devices

8.1
Carry out
remedial processes

8.2
Monitor and measure
quality

8.3
Control your nonconforming software products

8.4
Analyze quality information

8.5
Take required remedial actions