ISO IEC 90003 2014 vs ISO IEC 90003 2004

ISO IEC 90003 2014 is based on the ISO 9001 2008 quality management standard.
The following formula summarizes how these two QMS standards are related:

     ISO IEC 90003 = ISO 9001 + advice on how to apply ISO 9001 to software

ISO 9001 has changed, but the “advice on how to apply ISO 9001 to software”
hasn't. It's still the same. Accordingly, the following material will discuss the
changes that were made to the underlying ISO 9001 standard.

ISO 9001 2000 and ISO 9001 2008 use the same numerical system to organize
the standard. As a result, the new ISO IEC 90003 standard looks much like the old.
However, some (ISO 9001) changes were made. When you compare ISO 9001 2000
and ISO 9001 2008 you’ll notice that the changes that have been made tend to be
minor clarifications and modifications. These changes are summarized below.

Outsourced processes

The process approach continues to be of central importance to ISO 9001.
And since outsourcing has become increasingly common during the last few
years, the new ISO 9001 standard has expanded its discussion of outsourced
processes (see ISO 9001 section 4.1).

The new standard makes it clear that an outsourced process is still part of your
QMS even though it is performed by a party that is external to your organization.
The new standard emphasizes the need to ensure that outsourced processes
comply with all customer, statutory, and regulatory requirements. While the
responsibility for a process may have been outsourced, your organization
is, nevertheless, still responsible for ensuring that it meets all customer,
regulatory, and statutory requirements.

While the old standard said that outsourced processes must be controlled, the new
standard goes further by expecting you also to specify the type, nature, and extent
of control.  ISO 9001 2008 also wants you to think carefully about how you’re going
to control outsourced processes. How you choose to control an outsourced process
should be influenced by the potential impact it could have on your products, whether
or not process control will be shared with the process supplier, and whether or not
adequate controls can be contractually created using your purchasing process.


ISO 9001 2008, section 4.2.1, makes it clear that QMS documentation includes
not only the records required by the standard but also the records that your
organization needs in order to be able to plan, operate, and control its QMS
processes. So the new standard has expanded the definition of
documentation to include all QMS process records.

Section 4.2.1 makes it clear that a single document may contain several procedures
or several documents may be used to describe a single procedure. While this has
always been an option, the new standard makes this possibility explicit.

ISO 9001 2000 section 4.2.3 gave the impression that all external documents needed
to be identified and controlled. This has now been clarified. The new standard now
says that you need to identify and control the distribution of only those external
documents that you need in order to be able to plan and operate your QMS. In
other words, only relevant external QMS documents need to be controlled,
not all of them.

Management representative

ISO 9001 2000, clause 5.5.2, allowed you to appoint any member of management
to oversee the organization’s QMS.  Since the old standard did not explicitly say
that the management representative must be a member of the organization’s
own management, outsiders were sometimes appointed, instead.

This loophole has now been closed. ISO 9001 2008 now makes it very clear
that the management representative must be a member of the organization’s
own management.


While both old and new standards stress the importance of competence, the old
standard wasn’t very clear about who they were talking about. Now it’s clear that all
QMS personnel must be competent. ISO 9001 2008, section 6.2.1, makes it clear that
any task within the QMS may directly or indirectly affect the organization’s ability or
willingness to meet product requirements. Since any QMS task could directly or
indirectly influence product quality, the competence of anyone and everyone
who carries out any QMS task must be assured.


For ISO 9001 2000 (section 6.3) the term infrastructure includes buildings,
workspaces, equipment, software, utilities, and services like transportation
and communications. ISO 9001 2008 has now added information systems to
the previous list of support services. Both old and new standards expect you
to provide the infrastructure that your organization needs in order to ensure
that product requirements are being met.

Work environment

According to ISO 9001 2000, section 6.4, you are expected to manage the work environment that your organization needs in order to be able to ensure that all
product requirements are being met. However, it failed to indicate exactly what
they were talking about. This problem has now been solved. ISO 9001 2008
now says that the term work environment refers to working conditions.

These working conditions include physical and environmental factors,
as well as things like noise, temperature, humidity, lighting, and weather.
According to the new ISO 9001 standard, all of these conditions need to be
managed in order to help ensure that product requirements are being met.

Customer requirements

According to ISO 9001 2000, section 7.2.1, you are expected to identify your
customers’ specific delivery and post-delivery requirements. Since some people
weren’t sure about what post-delivery meant, the new standard has tried to clarify
this. According to ISO 9001 2008, post-delivery requirements include things like
warranty provisions, contractual obligations (such as maintenance), and
supplementary services (such as recycling and final disposal).

Design and development planning

Both old and new standards expect organizations to plan and perform product
design and development review, verification, and validation activities (section 7.3.1).
While each of these three activities serves a different purpose, ISO 9001 2008 makes
it clear that these three activities can be carried out and recorded separately or in
any combination as long as it makes sense for the product and the organization.

Design and development outputs

Section 7.3.3 of ISO 9001 2000 wants you to make sure that the design and development process generates information (outputs) that your purchasing, production, and service provision processes need to have. ISO 9001 2008
now also says that outputs could include information that explains how
products can be preserved during production and service provision.

Monitoring and measuring equipment

While ISO 9001 2008, section 7.6, refers to the need to control monitoring
and measuring equipment, the old standard talked about controlling devices.
Since the term device can refer to almost anything from a literary contrivance
to a machine, its meaning wasn’t exactly clear. The new standard has removed
this ambiguity by using the term equipment.

Both the old and the new ISO 9001 standard want you to confirm that monitoring
and measuring software is capable of doing the job you want it to do. In addition
to this requirement, the new standard suggests that configuration management
and well established verification methods can be used to ensure the ongoing
suitability of monitoring and measuring software. However, this is not a
formal requirement, just a statement that explains how the ongoing
suitability of software can be maintained.

Customer satisfaction

Both old and new ISO 9001 standards want you to monitor and measure customer satisfaction (perceptions). A new note to ISO 9001 2008, section 8.2.1, explains that there are many ways to monitor and measure customer satisfaction. You could use customer satisfaction and opinion surveys and you could collect product quality
data, track warranty claims, examine dealer reports, study compliments and
criticisms, and analyze lost business opportunities.

Internal audit records

Both old and new standards refer to the need to establish a procedure to define how
internal audits should be planned, performed, reported, and recorded (section 8.2.2).
However, the old standard did not explicitly state that audit records must actually be
maintained. This oversight has now been corrected. ISO 9001 2008 now explicitly
says that you must maintain a record of internal audit activities and results.

Process monitoring and measurement

Both old and new standards expect you to monitor and measure QMS processes.
A new note to ISO 9001 2008, section 8.2.3, wants you to consider the impact each
process has on the overall effectiveness of your QMS (and the impact it has on your
ability to meet product requirements) when you’re making decisions about what
kinds of process monitoring and measurement methods should be used.

Release of product

According to ISO 9001 2000, section 8.2.4, you must make sure that product
monitoring and measuring records indicate who was responsible for authorizing
the release of products. However, the old standard did not specify who must be
on the receiving end. This has now been clarified. ISO 9001 2008 now makes it
clear that products are released for delivery to customers. Records must
now indicate who releases products for delivery to customers.


Introduction to ISO IEC 90003 2014

Outline of ISO IEC 90003 2014 Standard

Overview of ISO IEC 90003 2014 Standard

Plain English ISO IEC 90003 2014 Definitions

ISO IEC 90003 2014 Translated into Plain English

ISO IEC 90003 2014 Quality Management Checklist

Software Quality Management System Gap Analysis

ISO IEC 90003 2014 Quality Management Audit Tool

Skills and Knowledge Internal Auditors Must Have

Home Page

Our Libraries

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

Praxiom Research Group Limited        780-461-4514

Updated on January 31, 2017. First published on December 27, 2016.

Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2016 - 2017 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited