ISO IEC 90003 2014 Translated into Plain English

Also see ISO IEC 27001 on information security and ISO IEC 20000-1 on service management.

4. Systemic requirements and guidelines

4.1 Organizational requirements and guidelines

•  Establish your quality management system (QMS).

•  Identify the processes that your organization’s QMS needs.

•  Identify the internal processes that your organization’s QMS needs.

•  Identify the outsourced processes that your organization’s QMS needs.

•  Figure out how you’re going to make sure that each process is effective.

•  Figure out how to make sure that internal processes achieve planned results.

•  Figure out how to make sure that outsourced processes achieve planned results.

•  Document your organization’s QMS.

•  Document the sequence and interaction between your QMS processes.

•  Determine how to control the interaction between these processes.

•  Document how QMS processes will be managed and controlled.

•  Implement your organization’s QMS.

•  Implement your internal processes.

•  Implement your outsourced processes.

•  Maintain your organization’s QMS.

•  Support process performance.

•  Control process performance.

•  Monitor process performance.

•  Measure process performance.

•  Analyze process performance.

•  Improve your organization’s QMS.

4.2 Documentation requirements and guidelines

4.2.1 Prepare quality documents

•  Plan your QMS documentation.

•  Make sure that it respects and reflects what you do.

•  Consider the size and scope of your organization.

•  Consider the nature of your organization’s activities.

•  Consider the competence of your organization’s personnel.

•  Consider the nature and purpose of your organization’s processes.

•  Make sure that it supports process management.

•  Include documents and records used for process planning.

•  Include documents and records used for process development.

•  Include documents and records used for process operation.

•  Include documents and records used for process control.

•  Establish your QMS documentation.

•  Document your QMS parts and components.

•  Document your organization's quality policy.

•  Document your organization's quality objectives.

•  Document your organization's quality procedures.

•  Document your organization's quality methods.

•  Document your organization's quality models.

•  Document your organization's quality tools.

•  Document your organization's quality techniques.

•  Document your organization's quality technologies.

•  Prepare a quality manual for your organization.

•  Document your quality management system.

•  Implement your QMS documentation.

•  Use your documentation to establish your QMS.

•  Use your documentation to implement your QMS.

•  Use your documentation to maintain your QMS.

•  Use your documentation to improve your QMS.

•  Maintain your QMS documentation.

•  Maintain quality records for your organization.

•  Maintain a quality manual for your organization.

4.2.2 Develop a quality manual

•  Establish a quality manual for your organization.

•  Define the scope (boundary) of your QMS.

•  Justify all exclusions (reductions in scope).

•  Document your QMS procedures or refer to them.

•  Describe how your QMS processes interact.

•  Maintain your organization’s quality manual.

4.2.3 Control quality documents

•  Establish a procedure to control QMS documents.

•  Document your document control procedure.

•  Implement your document control procedure.

•  Approve documents before you distribute them.

•  Specify current revision status of documents.

•  Preserve the usability of your documents.

•  Manage documents from external sources.

•  Provide the correct version at points of use.

•  Prevent the accidental use of obsolete documents.

•  Maintain your QMS document control procedure.

4.2.4 Maintain quality records

•  Establish your organization’s QMS records.

•  Make sure that your records are useable.

•  Make sure that they can be used as evidence.

•  Establish a procedure to control QMS records.

•  Document your record control procedure.

•  Implement your record control procedure.

•  Control how records are identified.

•  Control how records are stored.

•  Control how records are retrieved.

•  Control how records are protected.

•  Control how records are removed.

•  Control how records are retained.

•  Maintain your record control procedure.

4.2.4.1 Show that requirements are being met

•  Use QMS records to prove that requirements are being met.

•  Use reviews to prove that requirements are being met.

•  Use reports to prove that requirements are being met.

•  Use inspections to prove that requirements are being met.

•  Use change requests to prove that requirements are being met.

4.2.4.2 Demonstrate that your QMS is effective

•  Use records to prove that your QMS is effective.

•  Use estimates to demonstrate that your QMS is effective.

•  Use supplier evaluations to demonstrate that your QMS is effective.

•  Use resource changes to demonstrate that your QMS is effective.

•  Use software license agreements to demonstrate that your QMS is effective.

•  Use tool assessments to demonstrate that your QMS is effective.

•  Use software release records to demonstrate that your QMS is effective.

•  Use minutes of meetings to demonstrate that your QMS is effective.

4.2.4.3 Control record retention and disposition

•  Clarify QMS record management requirements.

•  Establish record accessibility requirements.

•  Consider record protection requirements.

•  Clarify record retention requirements.

•  Establish QMS record retention time periods.

•  Consider record accessibility requirements.

•  Consider record protection requirements.

5. Management requirements and guidelines

5.1 Commitment requirements and guidelines

•  Support the development of your organization’s QMS.

•  Support the implementation of your organization’s QMS.

•  Support implementation by communicating the importance of meeting requirements.

•  Support implementation by ensuring that resources are available when needed.

•  Support the improvement of your organization’s QMS.

5.2 Customer requirements and guidelines

•  Expect your personnel to enhance customer satisfaction.

•  Expect personnel to determine customer requirements.

•  Expect personnel to meet customer requirements.

5.3 Policy requirements and guidelines

•  Establish a quality policy for your organization.

•  Make sure that your policy is appropriate.

•  Make sure that your policy is effective.

•  Make sure that your policy is implemented.

•  Make sure that your policy is suitable.

5.4 Planning requirements and guidelines

5.4.1 Establish quality objectives

•  Expect personnel to establish quality objectives.

•  Establish quality objectives for your organization.

•  Establish quality objectives in relevant functional areas.

•  Establish quality objectives at relevant organizational levels.

5.4.2 Carry out quality planning

•  Plan the establishment of your QMS.

•  Plan how you're going to document your QMS.

•  Plan how you're going to implement your QMS.

•  Plan how you're going to maintain your QMS.

•  Plan how you're going to improve your QMS.

•  Carry out software QMS planning activities.

•  Establish your software life cycle models.

•  Prepare your software management plans.

•  Select your software management tools.

•  Define your software development outputs.

•  Clarify your software management environment.

•  Specify software programming conventions.

•  Identify all software reuse requirements.

5.5 Managerial requirements and guidelines

5.5.1 Clarify responsibility and authority

•  Define responsibilities and authorities.

•  Assign responsibilities and authorities.

•  Communicate assignments within your organization.

5.5.2 Appoint management representative

•  Appoint a member of your organization’s management to oversee your QMS.

•  Give management representative authority over and responsibility for your QMS.

•  Give your representative the authority and responsibility to establish the QMS.

•  Give your representative the authority and responsibility to implement the QMS.

•  Give your representative the authority and responsibility to support the QMS.

•  Give your representative the authority and responsibility to report on the QMS.

5.5.3 Establish internal communications

•  Establish appropriate communication processes within your organization.

•  Discuss quality management effectiveness throughout your organization.

5.6 Review requirements and guidelines

5.6.1 Perform reviews at planned intervals

•  Review your organization's QMS at planned intervals.

•  Review the ongoing suitability, adequacy, and effectiveness of your QMS.

•  Identify and assess opportunities to improve your organization's QMS.

•  Maintain a record of your management review activities.

5.6.2 Examine management review inputs

•  Examine information about your QMS (inputs).

•  Examine previous management reviews.

•  Examine the status of remedial actions.

•  Examine changes that could affect QMS.

•  Examine the results of previous audits.

•  Examine feedback from customers.

•  Examine product conformity data.

•  Examine process performance information.

•  Examine recommendations for improvement.

5.6.3 Generate management review outputs

•  Generate management review decisions and actions (outputs).

•  Generate decisions and actions to make improvements.

•  Generate decisions and actions to address resource needs.

6. Resource requirements and guidelines

6.1 Allocation requirements and guidelines

•  Determine the resources that your QMS needs

•  Allocate the resources that your QMS needs.

•  Provide resources needed to support your QMS.

•  Provide resources needed to enhance customer satisfaction.

6.2 Personnel requirements and guidelines

6.2.1 Provide competent personnel

•  Use competent people to carry out work that affects product quality.

•  Make sure that your QMS personnel have the right experience.

•  Make sure that your QMS personnel have the right education.

•  Make sure that your QMS personnel have the right training.

•  Make sure that your QMS personnel have the right skills.

6.2.2 Meet competence requirements

•  Identify personnel who affect product quality.

•  Identify their competence needs and requirements.

•  Determine their software training needs.

•  Take steps to meet competence requirements.

•  Provide training or take other suitable steps.

•  Make personnel aware of their importance.

•  Evaluate the effectiveness of training activities.

•  Monitor the competence of software personnel.

•  Monitor your software development technologies.

•  Monitor your software maintenance technologies.

•  Maintain an appropriate record of competence.

6.3 Infrastructure requirements and guidelines

•  Determine your organization’s infrastructure needs.

•  Figure out what you need in order to meet product requirements.

•  Evaluate the infrastructure that you need to meet product requirements.

•  Evaluate tools needed to support design and development process.

•  Approve the infrastructure that you need to meet product requirements.

•  Approve tools needed to support design and development process.

•  Control the infrastructure that you need to meet product requirements.

•  Control tools needed to support design and development process.

•  Provide the infrastructure that you need to meet product requirements.

•  Maintain the infrastructure that you need to meet product requirements.

6.4 Environmental requirements and guidelines

•  Determine the work environment that you need to meet product requirements.

•  Manage the environment that you need in order to meet product requirements.

7. Realization requirements and guidelines

7.1 Planning requirements and guidelines

•  Establish a product realization planning process.

•  Plan the realization of your organization’s products.

•  Use your planning process to set your product quality objectives.

•  Use your planning process to specify product quality requirements.

•  Use your planning process to identify your product realization needs.

•  Produce product realization planning outputs.

•  Prepare outputs that are consistent with your methods.

•  Develop your product realization processes.

7.1.1 Use life cycle models to plan work

•  Select suitable life cycle models to manage software design and development.

•  Consider the nature of your project when you select models and methods.

•  Consider the nature of your product when you select models and methods.

•  Use suitable life cycle models to plan and perform software design and development.

•  Use suitable life cycle models to plan your processes, activities, and tasks.

•  Use suitable life cycle models to perform processes, activities, and tasks.

7.1.2 Carry out software quality planning

•  Plan software projects, products, and contracts.

•  Clarify quality needs and requirements.

•  Clarify product oriented quality needs and requirements.

•  Clarify process oriented quality needs and requirements.

•  Figure out how QMS should be tailored.

•  Establish software quality objectives.

•  Define each software development stage.

•  Include all related plans and procedures.

•  Review plans for projects, products, and contracts.

•  Ask participating organizations to review your software quality plans.

•  Approve plans for projects, products, and contracts.

•  Ask participating organizations to agree before work is carried out.

7.2 Customer requirements and guidelines

7.2.1 Determine requirements related to products

•  Determine your customers' requirements.

•  Determine your intended use requirements.

•  Determine your legal product requirements.

•  Determine your organization's requirements.

7.2.1.1 Determine customer-related requirements

•  Establish methods for managing software requirements.

•  Establish methods for developing software requirements.

•  Establish methods for approving software requirements.

•  Establish methods for controlling software requirements.

•  Establish methods for tracing software requirements.

•  Manage your organization's software requirements.

•  Clarify requirements for your software.

•  Specify requirements for your software.

•  Approve requirements for your software.

•  Control requirements for your software.

7.2.1.2 Determine additional product requirements

•  Establish a system requirements analysis process.

•  Establish a system architectural design process.

•  Establish a software requirements analysis process.

•  Establish a formal requirements engineering process.

•  Establish system and software quality models.

•  Establish integrity levels for systems and software.

•  Establish quality requirements for COTS software.

7.2.2 Consider your product-oriented requirements

•  Review your customers’ product requirements.

•  Consider product requirements before you agree to supply products.

•  Verify that product requirements are defined before you agree to supply products.

•  Confirm that your organization is able to meet customers’ product requirements.

•  Control changes in customers’ requirements.

•  Maintain a record of your requirement reviews.

7.2.2.1 Review contractual issues and concerns

•  Review software tenders, contracts, and orders.

•  Review the feasibility of meeting required product characteristics.

•  Review related management responsibilities and requirements.

•  Review property to be provided by the customer organization.

•  Review the operating system or hardware platform to be used.

•  Review the software life cycle processes imposed by customers.

•  Review the need to control external interfaces with software product.

•  Review software replication and distribution requirements.

•  Review legal obligations and regulatory issues and concerns.

7.2.2.2 Evaluate risk before agreeing to supply software

•  Evaluate risks when reviewing requirements related to products.

•  Evaluate safety risks when reviewing product requirements.

•  Evaluate security risks when reviewing product requirements.

•  Evaluate supplier risks when reviewing product requirements.

•  Evaluate performance risks when reviewing product requirements.

•  Evaluate resource risks when reviewing product requirements.

•  Evaluate scheduling risks when reviewing product requirements.

•  Evaluate customer risks when reviewing product requirements.

•  Evaluate user risks when reviewing product requirements.

•  Re-evaluate risks whenever software development contracts change.

•  Consider the impact changes in software contracts could have.

7.2.2.3 Appoint someone to represent the customer

•  Ask customer to appoint someone to represent the customer's interests.

•  Ask this representative to ensure that customer personnel cooperate.

•  Ask representative to ensure that information is provided in a timely manner.

•  Ask representative to ensure that action items are resolved in a timely manner.

•  Ask this representative to monitor software product life cycle activities.

7.2.3 Establish effective customer communications

•  Determine effective arrangements for communicating with customers.

•  Figure out how communications with customers should be handled.

•  Figure out how important topics should be discussed with customers.

•  Implement effective arrangements for communicating with customers.

•  Control how communications with customers are handled.

•  Control how important topics are discussed with customers.

7.2.3.1 Consider the type and extent of your contractual obligations

•  Establish suitable methods for communicating with software customers.

•  Consider the type and scope of your organization's contractual agreements.

7.2.3.2 Schedule joint reviews during software development projects

•  Schedule joint reviews between your organization and your customer.

•  Carry out joint reviews on a regular basis and for project events.

•  Review product oriented information with your customers.

•  Review contract oriented information with your customers.

7.2.3.3 Communicate with customers during operations and maintenance

•  Communicate during operations and maintenance.

•  Share product information with customers.

•  Discuss enquiries and feedback with customers.

7.3 Development requirements and guidelines

7.3.1 Plan product design and development activities

•  Plan the design and development of your products.

•  Plan design and development job assignments.

•  Plan product design and development stages.

•  Plan interaction between participating groups.

•  Update planning outputs whenever it is appropriate.

7.3.1.1 Plan the design and development of software products

•  Develop a disciplined approach to design and development.

•  Establish a software design and development planning process.

•  Plan the design and development of your software products.

•  Address or refer to the activities that should be carried out.

•  Consider how work should be managed and controlled.

•  Identify project expectations and related arrangements.

•  Identify the rules and conventions that must be used.

•  Identify the methods and models that must be used.

•  Identify the tools and techniques that must be used.

•  Identify the hardware and software that must be used.

•  Identify the controls and procedures that must be used.

•  Identify how you plan to protect software and information.

•  Analyze the risks and problems that could affect your project.

•  Establish your design and development project schedule.

•  Periodically review and amend design and development plans.

7.3.1.2 Plan your review, verification, and validation activities

•  Plan your design and development review activities (see 7.3.4).

•  Plan your design and development verification activities (see 7.3.5).

•  Plan your design and development validation activities (see 7.3.6).

7.3.1.3 Plan your design and development work assignments

•  Plan design and development responsibilities and authorities.

•  Clarify design and development responsibilities and authorities.

•  Allocate design and development responsibilities and authorities.

•  Document design and development responsibilities and authorities.

7.3.1.4 Plan design and development boundaries and interfaces

•  Expect suppliers of design and development services to plan their work.

•  Expect suppliers to clearly define responsibility interfaces and boundaries.

•  Gather input from parties who have an interest in design and development.

•  Consider getting input from parties who have an interest in software installation.

•  Consider getting input from parties who have an interest in software operation.

•  Consider getting input from parties who have an interest in software maintenance.

•  Consider getting input from parties who have an interest in software training.

•  Define your software design and development interfaces and boundaries.

•  Review software supplier's design and development planning activities.

7.3.2 Define product design and development inputs

•  Clarify design and development requirements.

•  Study similar product designs and identify requirements.

•  Examine requirements arising from acceptance criteria.

•  Consider using prototypes to determine requirements.

•  Identify issues and problems that should be solved.

•  Define product design and development inputs.

•  Define product design and development requirements.

•  Define your product’s performance requirements.

•  Define your product’s functional requirements.

•  Define your product’s regulatory requirements.

•  Define your product’s statutory requirements.

•  Define your product's quality requirements.

•  Define your product's safety requirements.

•  Define your product's security requirements.

•  Define system design and development constraints.

•  Review product design and development inputs.

•  Review design and development input documents.

•  Review the adequacy of input definitions.

•  Review the accuracy of user characteristics.

•  Review the quality of project management.

•  Keep records of design and development inputs.

7.3.3 Generate product design and development outputs

•  Plan your design and development outputs.

•  Develop outputs that are both accurate and complete.

•  Develop outputs that can be compared against design inputs.

•  Develop outputs that specify essential product characteristics.

•  Develop outputs that support other processes and activities.

•  Generate design and development outputs.

•  Use prescribed or chosen methods to document outputs.

•  Use computer design and development tools to create outputs.

•  Verify design and development outputs.

•  Approve design and development outputs.

7.3.4 Perform product design and development reviews

•  Establish a product design and development review process.

•  Establish a software product review process that is appropriate.

•  Establish methods and techniques for monitoring compliance.

•  Establish procedures for dealing with identified shortcomings.

•  Plan software product design and development reviews.

•  Specify what type of design and development review will be done.

•  Organize your software product design and development reviews.

•  Perform reviews in accordance with planned arrangements.

•  Make arrangements to carry out software reviews at suitable stages.

•  Evaluate how well design and development results meet requirements.

•  Identify problems and propose actions to address issues and concerns.

•  Follow up on outstanding problems and actions taken to resolve them.

•  Maintain records of your design and development reviews.

•  Record the results of design and development reviews.

•  Record the actions taken to follow-up on these reviews.

7.3.5 Conduct product design and development verifications

•  Plan product design and development verification activities.

•  Make arrangements to do design and development verifications.

•  Perform verifications in accordance with your planned arrangements.

•  Verify that design and development outputs meet input requirements.

•  Decide whether verified outputs should be accepted for subsequent use.

•  Maintain records of your design and development verifications.

•  Record the results of design and development verifications.

•  Record actions taken to follow up on your verifications.

7.3.6 Carry out product design and development validations

•  Plan product design and development validation activities.

•  Make arrangements to do design and development validations.

•  Perform validations in accordance with your planned arrangements.

•  Confirm that product is capable of meeting intended use requirements.

•  Keep records of design and development validations.

•  Record results of design and development validations.

•  Record necessary actions taken to follow up on validations.

7.3.6.1 Carry out planned software validation activities

•  Plan your software product design and development validation activities.

•  Consider whether it is feasible or possible to fully validate your software.

•  Validate your software product before you ask your customer to accept it.

•  Establish conditions similar to the customer's application environment.

•  Confirm that software product will meet its operational requirements.

•  Use other methods when software validation is unfeasible or impossible.

•  Use configuration audits to confirm that software product meets requirements.

•  Use analyses, simulations, and emulations to see if requirements are being met.

•  Establish software product design and development validation records.

•  Record the results of design and development validation activities.

•  Record the actions to be taken to meet specified requirements.

7.3.6.2 Carry out planned software testing activities

•  Consider using tests to validate software.

•  Establish software testing procedures.

•  Clarify how testing should be managed.

•  Plan your software testing activities.

•  Establish your software testing plans.

•  Document your software testing plans.

•  Use testing methods to validate software.

•  Implement your software testing plans.

•  Control your software testing environment.

•  Test the validity of your software products.

•  Record the results of your testing activities.

•  Record any limitations to testing activities.

•  Review software testing plans and activities.

7.3.7 Control product design and development changes

•  Use configuration management to control changes.

•  Identify changes in software design and development.

•  Record changes in software design and development.

•  Review changes in software design and development.

•  Verify changes in software design and development.

•  Validate changes in software design and development.

•  Approve changes in software design and development.

7.4 Purchasing requirements and guidelines

7.4.1 Manage purchasing process

•  Establish criteria to control your suppliers.

•  Establish criteria to select your suppliers.

•  Establish criteria to evaluate your suppliers.

•  Evaluate suppliers’ ability to supply products.

•  Evaluate their ability to meet purchase requirements.

•  Select suppliers that can meet requirements.

•  Control your organization's product purchasing process.

•  Ensure that purchases meet specified purchase requirements.

•  Exert greater control over purchases that influence product realization.

•  Exert greater control over purchases that influence your final product.

7.4.1.1 Control purchased products and services

•  Establish control over purchasing process.

•  Control purchased products and services.

•  Control the purchase of products.

•  Control the purchase of software.

•  Control the purchase of hardware.

•  Control the purchase of documents.

•  Control the purchase of services.

•  Manage purchased product and service risk.

•  Manage the risks associated with purchased products.

•  Manage the risks associated with purchased services.

7.4.1.2 Control the use of external resources

•  Control the use of external documents.

•  Control the use of user documentation.

•  Control the use of product documentation.

•  Control the use of training courses and materials.

•  Control the use of external personnel.

•  Control the use of external suppliers.

7.4.2 Clarify purchasing information

•  Specify your purchasing requirements.

•  Specify your product requirements.

•  Specify your process requirements.

•  Specify your procedure requirements.

•  Specify your equipment requirements.

•  Specify your personnel requirements.

•  Specify your service requirements.

•  Specify your QMS requirements.

•  Approve your purchasing requirements.

7.4.3 Verify purchased products

•  Establish your purchase verification and inspection methods.

•  Figure out how to verify that products meet requirements.

•  Figure out how to verify purchased software and services.

•  Figure out how to verify purchased or obtained data.

•  Implement your purchase verification and inspection methods.

•  Verify that purchased products meet your purchase requirements.

•  Verify that purchased software and services meet requirements.

•  Verify that purchased or obtained data meets requirements.

7.5 Production requirements and guidelines

7.5.1 Control production and service provision

•  Plan production, post-production, and service delivery activities.

•  Determine how you're going to control production and service provision.

•  Figure out how to use information to control production and service provision.

•  Figure out how to use measurement to control production and service provision.

•  Figure out how to use monitoring to control production and service provision.

•  Figure out how to use equipment to control production and service provision.

•  Determine how you're going to control your post-production activities.

•  Control production, post-production, and service provision.

7.5.1.1 Control software production and service activities

•  Control software production and service provision.

•  Control software build, release, and replication activities.

•  Control software delivery and installation activities.

•  Control software post-delivery service activities.

7.5.1.2 Control software build and release activities

•  Set up a process to control software build and release activities.

•  Define how constituent software items should be controlled.

•  Define how software releases should be classified or categorized.

•  Define how software product update decisions should be made.

•  Control your organization's software build and release activities.

7.5.1.3 Control software replication activities

•  Set up a process to control software replication activities.

•  Control your organization's software replication activities.

•  Control your software replication environment.

•  Control identities of software masters and copies.

•  Control the media that will be used for each item.

•  Control your software product documentation.

•  Verify the correctness and completeness of your copies.

7.5.1.4 Control software product delivery activities

•  Set up a process to control software delivery.

•  Control the physical delivery of software.

•  Preserve software items during physical delivery.

•  Control the electronic delivery of software.

•  Preserve software items during electronic delivery.

7.5.1.5 Control software product installation activities

•  Control how customers and third parties install software.

•  Describe the steps that customers and third parties should take.

•  Plan the rollout and installation of new products and new releases.

•  Control how your organization's people install software.

•  Plan how staff install new products and new releases.

•  Describe how your personnel should install software.

•  Clarify software installation roles and responsibilities.

•  Determine software installation tasks and obligations.

•  Assign software installation roles and responsibilities.

•  Use agreements to formalize roles and responsibilities.

7.5.1.6 Control software operation and support activities

•  Control your software operation and support activities.

•  Determine whether or not you need to communicate with customers.

•  Determine whether or not you need to provide ongoing support.

•  Control your software operation and support activities.

•  Control electronic communications with your software customers.

•  Control arrangements made to provide ongoing support services.

7.5.1.7 Control software product maintenance activities

•  Establish a process to control software maintenance activities.

•  Control your organization's software maintenance activities.

•  Control software maintenance services provided to customers.

•  Control maintenance of your software development environment.

•  Maintain a record of your software maintenance activities.

7.5.2 Validate processes if outputs cannot be verified

•  Identify processes whose outputs cannot be fully verified until it's too late.

•  Identify production processes whose outputs can't be verified until it's too late.

•  Identify output deficiencies that are noticed only after the product is in use.

•  Identify service provision processes that generate outputs that can't be verified.

•  Identify output deficiencies that are noticed only after service is delivered.

•  Develop arrangements to validate processes when outputs can't be fully verified.

•  Develop arrangements to validate these special production processes.

•  Develop arrangements to validate these special service provision processes.

•  Validate processes whenever outputs can't be fully verified until it's too late.

•  Validate production processes whenever outputs can't be properly verified.

•  Demonstrate that these production processes can achieve planned results.

•  Validate service provision processes whenever outputs can't be properly verified.

•  Demonstrate that these service provision processes can achieve planned results.

•  Establish methods to compensate for your inability to fully verify products.

•  Select methods that are commensurate with the risks you are taking.

•  Consider what could happen if design and development fails.

7.5.3 Identify your products and establish traceability

•  Consider using configuration management to identify and track your products.

•  Establish the unique identity of your organization’s products (when appropriate).

•  Identify the monitoring and measurement status of your organization’s products.

•  Preserve the identity of your products throughout product realization process.

7.5.3.1 Use configuration management to identify and track software

•  Consider using configuration management to identify and track software items.

•  Select configuration management methods that respect the risk you are taking.

•  Select methods that are commensurate with project size and complexity.

•  Use configuration management to provide technical and administrative direction.

•  Use it to manage your software design, development, and support activities.

•  Use it to ensure that product's present configuration and status is fully visible.

7.5.3.2 Clarify scope of software configuration management process

•  Define the scope of software configuration management process.

•  Use configuration management to control software planning.

•  Use configuration management to control software identities.

•  Use configuration management to control software updates.

•  Use configuration management to control software evaluations.

•  Use configuration management to control software releases.

•  Use configuration management to control software delivery.

7.5.3.3 Establish a process to trace your software components

•  Establish a process to trace components of software items and products.

•  Establish a process that meets both contractual and marketplace requirements.

•  Use your process to trace software components throughout their life cycle.

•  Use your process to trace the destination of each version of your product.

•  Use your process to trace changes back to specific change requests.

7.5.4 Protect customer property supplied for products

•  Identify property provided by customers for use or incorporation into products.

•  Identify information that will be used by or included in your product.

•  Identify data that will be used by or included in your product.

•  Identify environments that will be used by or included in your product.

•  Identify specifications that will be used by or included in your product.

•  Identify software that will be used by or included in your product.

•  Identify hardware that will be used by or included in your product.

•  Verify property provided by customers for use or incorporation into your products.

•  Define how updates to customer-supplied items are accepted and integrated.

•  Consider how to protect customer property that is used by or included in your products.

•  Protect property provided by customers for use or incorporation into your products.

•  Maintain a record of customer property that is lost, damaged, or unsuitable.

7.5.5 Preserve software products and components

•  Preserve products and components during internal processing and delivery.

•  Maintain conformity to requirements during internal processing and delivery.

•  Protect software products from the point of production through to delivery.

•  Plan how you're going to protect and preserve your software products.

•  Preserve software products during replication, handling, storage, and delivery.

7.6 Measurement requirements and guidelines

•  Identify your organization’s monitoring and measuring needs and requirements.

•  Develop processes to ensure that monitoring and measuring can actually be done.

•  Confirm that software used to monitor and measure requirements can do the job.

•  Select equipment that meets your monitoring and measuring needs and requirements.

•  Use configuration management systems to control monitoring and measuring devices.

•  Establish an identification system to ensure that calibration status is always clear.

•  Calibrate or verify measuring equipment in order to ensure that results are valid.

•  Adjust or re-adjust your measuring equipment to make sure that results are valid.

•  Maintain a record of equipment calibration and verification activities and results.

•  Safeguard measuring equipment from adjustments that invalidate measurement results.

•  Protect your organization's measuring equipment from damage and deterioration.

•  Evaluate the validity of previous measurements if equipment fails to meet requirements.

8. Remedial requirements and guidelines

8.1 Planning requirements and guidelines

•  Plan your monitoring, measurement, analysis, and improvement processes.

•  Plan how these processes will be used to show conformity and make improvements.

•  Implement monitoring, measurement, analytical, and improvement processes.

•  Use these processes to demonstrate conformity and make improvements.

•  Use monitoring to demonstrate conformity and make improvements.

•  Use measurement to demonstrate conformity and make improvements.

•  Use analytics to demonstrate conformity and make improvements.

8.2 Research requirements and guidelines

8.2.1 Monitor and measure customer satisfaction

•  Determine methods for monitoring and measuring customer satisfaction (perceptions).

•  Establish methods that can find out how well customer requirements are being met.

•  Figure out how you’re going to get customer satisfaction (perception) information.

•  Figure out how you’re going to use customer satisfaction (perception) information.

•  Use your methods to monitor and measure customer satisfaction (their perceptions).

•  Use customer satisfaction information as a measure of QMS performance.

8.2.2 Perform internal audits at planned intervals

•  Establish your organization's internal audit procedure.

•  Document your organization's internal audit procedure.

•  Specify how internal audits should be planned.

•  Specify how internal audits should be performed.

•  Specify how internal audit records should be kept.

•  Specify how internal audit results should be reported.

•  Implement your organization's internal audit procedure.

•  Maintain your organization's internal audit procedure.

•  Plan your organization's internal audit program.

•  Use your audit procedure to plan your audits.

•  Clarify the scope of your internal audit.

•  Establish your internal audit criteria.

•  Examine the results of previous audits.

•  Define and record your audit methods.

•  Consider the status and importance of audit areas.

•  Select impartial and objective internal auditors.

•  Specify how often audits should be performed.

•  Carry out your internal audits at planned intervals.

•  Determine if your organization's QMS meets specified requirements.

•  Determine if your organization's QMS conforms to planned arrangements.

•  Determine if your organization's QMS has been effectively implemented.

•  Eliminate all detected nonconformities and causes.

•  Follow-up on steps taken to resolve nonconformities.

•  Maintain a record of your audit activities and results.

8.2.3 Find out if processes achieve planned results

•  Determine suitable methods to monitor and measure QMS processes.

•  Select methods that can find out if planned results are being achieved.

•  Select methods that are appropriate for each type of QMS process.

•  Apply suitable methods to monitor and measure each QMS process.

•  Determine whether or not each QMS process is achieving planned results.

•  Take remedial action whenever processes fail to achieve planned results.

•  Make corrections whenever a process fails to achieve planned results.

•  Apply corrective action whenever a process fails to achieve planned results.

8.2.4 Verify that quality requirements are being met

•  Monitor and measure product and service characteristics.

•  Determine how well quality requirements are being met.

•  Use reviews to determine how well quality requirements are being met.

•  Use validations to determine how well quality requirements are being met.

•  Use verifications to determine how well quality requirements are being met.

•  Verify that product and service requirements are being met.

•  Verify products in accordance with planned arrangements.

•  Verify products at applicable stages during product realization.

•  Verify services in accordance with planned arrangements.

•  Verify services at applicable stages during service realization.

•  Decide if products should be released and services delivered.

•  Record product and service monitoring and measurement activities.

•  Retain evidence which shows that product acceptance criteria are being met.

•  Retain evidence which shows that service acceptance criteria are being met.

8.3 Control requirements and guidelines

•  Establish a nonconforming products procedure.

•  Document your nonconforming products procedure.

•  Document nonconforming product responsibilities.

•  Document how nonconforming products are identified.

•  Document when nonconforming products are controlled.

•  Document how nonconforming products are controlled.

•  Document how nonconforming products are recorded.

•  Document how nonconforming products are reported.

•  Implement nonconforming products procedure.

•  Identify your nonconforming products.

•  Investigate nonconforming products.

•  Prioritize software nonconformities.

•  Specify when controls are applied.

•  Control nonconforming products.

•  Prevent unintended use or delivery.

•  Eliminate detected nonconformities.

•  Address the effects of nonconforming products.

•  Authorize nonconforming product concessions.

•  Report discovered software problems and impacts.

•  Maintain a record of all product nonconformities.

•  Track the investigation and resolution of nonconformities.

•  Maintain nonconforming products procedure.

8.4 Analytical requirements and guidelines

•  Determine QMS data needs and requirements.

•  Identify the data needed to demonstrate that your QMS is suitable.

•  Identify the data needed to demonstrate that your QMS is effective.

•  Identify the data needed to improve QMS effectiveness.

•  Collect data about your organization’s QMS.

•  Monitor your organization’s QMS.

•  Measure your organization’s QMS.

•  Provide information by analyzing QMS data.

•  Provide information about your customers.

•  Provide information about your suppliers.

•  Provide information about your products.

•  Provide information about your processes.

8.5 Implementation requirements and guidelines

8.5.1 Improve quality management system

•  Establish an improvement process.

•  Apply it to software life cycle processes.

•  Improve the effectiveness of your QMS.

•  Use audit results to continually improve the effectiveness of your QMS.

•  Use data analysis to continually improve the effectiveness of your QMS.

•  Use quality policy to continually improve the effectiveness of your QMS.

•  Use quality objectives to continually improve the effectiveness of your QMS.

•  Use corrective actions to continually improve the effectiveness of your QMS.

•  Use preventive actions to continually improve the effectiveness of your QMS.

•  Use management reviews to continually improve the effectiveness of your QMS.

8.5.2 Correct actual nonconformities

•  Establish a corrective action procedure.

•  Figure out how you're going to prevent the recurrence of actual nonconformities.

•  Figure out how you're going to manage and control your corrective actions.

•  Document a corrective action procedure.

•  Describe how actual nonconformities will be analyzed.

•  Describe how actual causes will be determined.

•  Describe how corrective actions will be managed.

•  Implement a corrective action procedure.

•  Analyze actual nonconformities.

•  Identify causes and study effects.

•  Evaluate the need for action.

•  Formulate corrective action.

•  Authorize corrective action.

•  Take timely corrective action.

•  Record corrective action results.

•  Review past corrective actions.

•  Maintain a corrective action procedure.

8.5.3 Prevent potential nonconformities

•  Establish a preventive action procedure.

•  Figure out how you're going to prevent the occurrence of potential nonconformities.

•  Figure out how you're going to identify and anticipate potential process problems.

•  Document a preventive action procedure.

•  Describe how potential nonconformities will be identified and selected.

•  Describe how preventive actions will be managed and controlled.

•  Implement a preventive action procedure.

•  Identify potential nonconformities.

•  Determine causes of potential nonconformities.

•  Evaluate the need for action.

•  Formulate preventive actions.

•  Authorize preventive actions.

•  Take timely preventive actions.

•  Record preventive action results.

•  Review prior preventive actions.

•  Maintain a preventive action procedure.

Also see ISO 20000 on IT service management and ISO IEC 27001 on information security.

 

MORE ISO IEC 90003 PAGES

Introduction to ISO IEC 90003 2014

Outline of ISO IEC 90003 2014 Standard

Overview of ISO IEC 90003 2014 Standard

Plain English ISO IEC 90003 2014 Definitions

ISO IEC 90003 2014 versus ISO IEC 90003 2004

ISO IEC 90003 2014 Quality Management Checklist

Skills and Knowledge Internal Auditors Should Have

ISO IEC 90003 2014 Software Management Audit Tool

How to Carry Out an ISO IEC 90003 2014 Gap Analysis

Home Page

Our Libraries

A to Z Index

Customers

How to Order

Our Products

Our Prices

Guarantee

Praxiom Research Group Limited             help@praxiom.com             780-461-4514

Updated on February 6, 2021. First published on December 27, 2016.

Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2016 - 2021 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited