ISO IEC 90003 2014 Plain English Introduction

INTRODUCTION TO ISO IEC 90003 2014

ISO IEC 90003 2014 is a quality management standard for software products and
related services. It contains two kinds of clauses: requirements and guidelines.
They are presented in the following five sections:

4. Systemic requirements and guidelines

5. Management requirements and guidelines

6. Resource requirements and guidelines

7. Realization requirements and guidelines

8. Remedial requirements and guidelines

ISO IEC 90003 was first published in 2004. This current version was published in
December of 2014 and is the second edition. It cancels and replaces all previous
editions. (Before ISO IEC 90003 was published, it was known as ISO 9000-3.)

ISO IEC 90003 is for organizations that buy, sell, develop, operate, or maintain
computer software or provide related support services. Its purpose is to help them
meet customer expectations and comply with all relevant regulatory requirements.
According to ISO IEC 90003, organizations can achieve these objectives if they
establish a quality management system (QMS) and if they continually try to
improve the suitability, adequacy, and effectiveness of this system.

ISO 90003 2014 AND ISO 9001 2008

ISO IEC 90003 2014 is based on the ISO 9001 2008 quality management
standard. Both standards are organized in the same way and use basically
the same numbering system. The following formula summarizes
how these standards are related:

   ISO 90003 = ISO 9001 + ADVICE ON HOW TO APPLY ISO 9001 TO SOFTWARE

ISO IEC 90003 is really nothing more than ISO 9001 applied to computer software.
It doesn’t add to or change the ISO 9001 requirements in any way. It just explains
how you can meet these requirements if you buy, sell, develop, operate, or
maintain computer software or provide related support services.

REQUIREMENTS VERSUS GUIDELINES

As previously stated, ISO IEC 90003 2014 contains two kinds of clauses:
requirements and guidelines. Requirements are things you must do if you
wish to become ISO 9001 certified (you can't become ISO IEC 90003 certified).
Requirements come directly from ISO 9001 without modification while guidelines
are unique to the ISO IEC 90003 standard. ISO IEC 90003 includes all ISO 9001
requirements plus a set of guidelines that explain how the ISO 9001
requirements can be applied to software and related services.

ISO IEC 90003 further distinguishes between two kinds of guidelines: recommendations and suggestions. Recommendations are things you should
do in order to meet the ISO 9001 requirements, while suggestions are things you
may do within the limits set by the ISO 9001 standard. Suggestions are things
that are permissible or allowed within the constraints imposed by ISO 9001.
These distinctions are summarized below:

  • ISO 9001 2008 Requirements (shall statements)

  • ISO IEC 90003 2014 Guidelines (should or may statements)

    • Recommendations (should statements)

    • Suggestions (may statements)

    However, you don't necessarily have to comply with every ISO 9001 2008
    requirement. You may exclude or ignore some requirements if you can justify
    doing so. Section 1.2 of ISO 9001 says that you may exclude product realization
    requirements (section 7) if you cannot apply them because of the nature of your
    organization or the kinds of products and services it provides, if you can justify
    and explain why you cannot apply them, and if doing so does not undermine
    your ability or responsibility to meet customer and legal requirements.

In short, you may exclude selected section 7 requirements only if you can
explain why you can't apply them and only if you can still meet both customer
and regulatory requirements even though you're excluding these requirements.

In order to distinguish between the ISO 9001 requirements and the two types
of ISO IEC 90003 guidelines, our Plain English standard uses the following
shorthand in sections 4 to 8:

  • SHL refers to shall statements (requirements)

  • SHD refers to should statements (recommendations)

  • MAY refers to may statements (suggestions)

When you go to ISO IEC 90003 sections 4 to 8 you'll notice that each clause has
been classified as either a SHL statement, a SHD statement, or a MAY statement.
SHL clauses permit two kinds of responses: TODO or DONE. While SHD and MAY
clauses allow three kinds: TODO, DONE, or N/A. This is because SHD and MAY
clauses may be ignored if they don't apply in your case.

Since ISO 9001 section 7 clauses may be excluded if you can justify and explain
why you must do so, we've also added an N/A for these kinds of SHL clauses.

SCOPE OF ISO IEC 90003 2014

ISO IEC 90003 applies to organizations that purchase, develop, operate,
maintain, or supply computer software and deliver related support services.
It may be applied in the following circumstances:

•  When the software is a product available for sale

•  When the software is related to software services

•  When the software is embedded in a hardware product

•  When the software is part of a contract with another organization

•  When the software is used to support the processes of an organization

ISO IEC 90003 is not a certification standard. You can't become ISO IEC 90003
certified.  You can, however, use ISO IEC 90003 to become ISO 9001 certified.
More precisely, you can use ISO IEC 90003 to establish a quality management
system for software products and services that complies with the ISO 9001
standard. And once this has been achieved, you can apply for ISO 9001
certification (not ISO IEC 90003 certification).

Of course, you don’t have to become ISO 9001 certified. You can, instead,
simply develop a QMS that complies with the ISO IEC 90003 2014 standard
and then announce to the world that you comply with this standard
(or with the underlying ISO 9001 standard).

WHY USE ISO IEC 90003 2014

Use ISO IEC 90003 if your organization needs to be able to demonstrate
that it can meet all relevant customer, statutory, and regulatory requirements.
Use ISO IEC 90003 if:

  • You need to be able to show that your organization is consistently capable
    of providing software products and services that meet customer requirements
    and comply with all relevant statutory and regulatory requirements.
  • You need to be able to demonstrate that your organization can enhance
    customer satisfaction because it is consistently capable of continually
    improving both its products and services and its practices and processes.
  • You need to be able to assess your organization's ability to consistently
    provide software products and services that meet customer requirements
    and comply with all relevant statutory and regulatory requirements.

MORE ISO IEC 90003 PAGES

Outline of ISO IEC 90003 2014 Standard

Overview of ISO IEC 90003 2014 Standard

ISO IEC 90003 2014 Software QMS Definitions

ISO IEC 90003 2014 versus ISO IEC 90003 2004

ISO IEC 90003 2014 Translated into Plain English

ISO IEC 90003 2004 Translated into Plain English

ISO IEC 90003 2014 Quality Management Checklist

ISO IEC 90003 2014 Quality Management Audit Tool

How to Perform an ISO IEC 90003 2014 Gap Analysis

Updated on January 30, 2017. First published on December 27, 2016.

Home Page

Our Libraries

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

Praxiom Research Group Limited        780-461-4514        help@praxiom.com

Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2016 - 2017 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited