Also see ISO IEC 27001
on information security and ISO IEC
20000-1 on service management.
4.1 Organizational
requirements and guidelines |
• Establish your quality management system (QMS). • Identify the processes that your organization’s QMS needs. • Identify the internal processes that your organization’s QMS needs. • Identify the outsourced processes that your organization’s QMS needs. • Figure out how you’re going to make sure that each process is effective. • Figure out how to make sure that internal processes achieve planned results. • Figure out how to make sure that outsourced processes achieve planned results. • Document your organization’s QMS. • Document the sequence and interaction between your QMS processes. • Determine how to control the interaction between these processes. • Document how QMS processes will be managed and controlled. • Implement your organization’s QMS. • Implement your internal processes. • Implement your outsourced processes.
• Maintain your organization’s QMS. • Support process performance. • Control process performance. • Monitor process performance. • Measure process performance. • Analyze process performance. • Improve your organization’s QMS. |
4.2 Documentation requirements and guidelines |
4.2.1 Prepare quality documents |
• Plan your QMS documentation. • Make sure that it respects and reflects what you do. • Consider the size and scope of your organization. • Consider the nature of your organization’s activities. • Consider the competence of your organization’s personnel. • Consider the nature and purpose of your organization’s processes. • Make sure that it supports process management. • Include documents and records used for process planning. • Include documents and records used for process development. • Include documents and records used for process operation. • Include documents and records used for process control. • Establish your QMS documentation. • Document your QMS parts and components. • Document your organization's quality policy. • Document your organization's quality objectives. • Document your organization's quality procedures. • Document your organization's quality methods. • Document your organization's quality models. • Document your organization's quality tools. • Document your organization's quality techniques. • Document your organization's quality technologies. • Prepare a quality manual for your organization. • Document your quality management system. • Implement your QMS documentation. • Use your documentation to establish your QMS. • Use your documentation to implement your QMS. • Use your documentation to maintain your QMS. • Use your documentation to improve your QMS. • Maintain your QMS documentation. • Maintain quality records for your organization. • Maintain a quality manual for your organization. |
4.2.2 Develop a quality manual |
• Establish a quality manual for your organization. • Define the scope (boundary) of your QMS. • Justify all exclusions (reductions in scope). • Document your QMS procedures or refer to them. • Describe how your QMS processes interact. • Maintain your organization’s quality manual. |
4.2.3 Control quality documents |
• Establish a procedure to control QMS documents. • Document your document control procedure. • Implement your document control procedure. • Approve documents before you distribute them. • Specify current revision status of documents. • Preserve the usability of your documents. • Manage documents from external sources. • Provide the correct version at points of use. • Prevent the accidental use of obsolete documents. • Maintain your QMS document control procedure. |
4.2.4 Maintain quality records |
• Establish your organization’s QMS records. • Make sure that your records are useable. • Make sure that they can be used as evidence. • Establish a procedure to control QMS records. • Document your record control procedure. • Implement your record control procedure. • Control how records are identified. • Control how records are stored. • Control how records are retrieved. • Control how records are protected. • Control how records are removed. • Control how records are retained. • Maintain your record control procedure. |
4.2.4.1 Show that requirements are being met |
• Use QMS records to prove that requirements are being met. • Use reviews to prove that requirements are being met. • Use reports to prove that requirements are being met. • Use inspections to prove that requirements are being met. • Use change requests to prove that requirements are being met. |
4.2.4.2 Demonstrate that your QMS is effective |
• Use records to prove that your QMS is effective. • Use estimates to demonstrate that your QMS is effective. • Use supplier evaluations to demonstrate that your QMS is effective. • Use resource changes to demonstrate that your QMS is effective. • Use software license agreements to demonstrate that your QMS is effective. • Use tool assessments to
demonstrate that your QMS is effective. • Use software release records to demonstrate that your QMS is effective. • Use minutes of meetings to demonstrate that your QMS is effective. |
4.2.4.3 Control record retention and disposition |
• Clarify QMS record management requirements. • Establish record accessibility requirements. • Consider record protection requirements. • Clarify record retention requirements. • Establish QMS record
retention time periods. • Consider record accessibility requirements. • Consider record protection requirements. |
5.1
Commitment requirements and
guidelines |
• Support the development of your organization’s QMS. • Support the implementation of your organization’s QMS. • Support implementation by communicating the importance of meeting requirements. • Support implementation by ensuring that resources are available when needed. • Support the improvement of your organization’s QMS. |
5.2 Customer requirements and guidelines |
• Expect your personnel to enhance customer satisfaction. • Expect personnel to determine customer requirements. • Expect personnel to meet customer requirements. |
5.3 Policy requirements and
guidelines |
• Establish a quality policy for your organization. • Make sure that your policy is appropriate. • Make sure that your policy is effective. • Make sure that your policy is implemented. • Make sure that your policy is suitable. |
5.4 Planning
requirements and guidelines |
5.4.1 Establish quality objectives |
• Expect personnel to establish quality objectives. • Establish quality objectives for your organization. • Establish quality objectives in relevant functional areas. • Establish quality objectives at relevant organizational levels. |
5.4.2 Carry out quality planning |
• Plan the establishment of your QMS. • Plan how you're going to document your QMS. • Plan how you're going to implement your QMS. • Plan how you're going to maintain your QMS. • Plan how you're going to improve your QMS. • Carry out software QMS planning activities. • Establish your software life cycle models. • Prepare your software management plans. • Select your software management tools. • Define your software development outputs. • Clarify your software management environment. • Specify software programming conventions. • Identify all software reuse requirements. |
5.5 Managerial
requirements and guidelines |
5.5.1 Clarify responsibility and authority |
• Define responsibilities and authorities. • Assign responsibilities and authorities. • Communicate assignments within your organization. |
5.5.2 Appoint management representative |
• Appoint a member of your organization’s management to oversee your QMS. • Give management representative authority over and responsibility for your QMS. • Give your representative the authority and responsibility to establish the QMS. • Give your representative the authority and responsibility to implement the QMS. • Give your representative the authority and responsibility to support the QMS. • Give your representative the authority and responsibility to report on the QMS. |
5.5.3 Establish internal communications |
• Establish appropriate communication processes within your organization. • Discuss quality management effectiveness throughout your organization. |
5.6 Review requirements and
guidelines |
• Review your organization's QMS at planned intervals. • Review the ongoing suitability, adequacy, and effectiveness of your QMS. • Identify and assess opportunities to improve your organization's QMS. • Maintain a record of your management review activities. |
5.6.2 Examine management review inputs |
• Examine information about your QMS (inputs). • Examine previous management reviews. • Examine the status of remedial actions. • Examine changes that could affect QMS. • Examine the results of previous audits. • Examine feedback from customers. • Examine product conformity data. • Examine process performance information. • Examine recommendations for improvement. |
5.6.3 Generate management review outputs |
• Generate management review decisions and actions (outputs). • Generate decisions and actions to make improvements. • Generate decisions and actions to address resource needs. |
6.1 Allocation
requirements and guidelines |
• Determine the resources that your QMS needs • Allocate the resources that your QMS needs. • Provide resources needed to support your QMS. • Provide resources needed to enhance customer satisfaction. |
6.2 Personnel
requirements and guidelines |
6.2.1 Provide competent personnel |
• Use competent people to carry out work that affects product quality. • Make sure that your QMS personnel have the right experience. • Make sure that your QMS personnel have the right education. • Make sure that your QMS personnel have the right training. • Make sure that your QMS personnel have the right skills. |
6.2.2 Meet competence requirements |
• Identify personnel who affect product quality. • Identify their competence needs and requirements. • Determine their software training needs. • Take steps to meet competence requirements. • Provide training or take other suitable steps. • Make personnel aware of their importance. • Evaluate the effectiveness of training activities. • Monitor the competence of software personnel. • Monitor your software development technologies. • Monitor your software maintenance technologies. • Maintain an appropriate record of competence. |
6.3 Infrastructure
requirements and guidelines |
• Determine your organization’s infrastructure needs. • Figure out what you need in order to meet product requirements. • Evaluate the infrastructure that you need to meet product requirements. • Evaluate tools needed to support design and development process. • Approve the infrastructure that you need to meet product requirements. • Approve tools needed to support design and development process. • Control the infrastructure that you need to meet product requirements. • Control tools needed to support design and development process. • Provide the infrastructure that you need to meet product requirements. • Maintain the infrastructure that you need to meet product requirements. |
6.4 Environmental
requirements and guidelines |
• Determine the work environment that you need to meet product requirements. • Manage the environment that you need in order to meet product requirements. |
7.1 Planning
requirements and guidelines |
• Establish a product realization planning process. • Plan the realization of your organization’s products. • Use your planning process to set your product quality objectives. • Use your planning process to specify product quality requirements. • Use your planning process to identify your product realization needs. • Produce product realization planning outputs. • Prepare outputs that are consistent with your methods. • Develop your product realization processes. |
7.1.1
Use life cycle models to plan work |
• Select suitable life cycle models to manage software design and development. • Consider the nature of your project when you select models and methods. • Consider the nature of your product when you select models and methods. • Use suitable life cycle models to plan and perform software design and development. • Use suitable life cycle models to plan your processes, activities, and tasks. • Use suitable life cycle models to perform processes, activities, and tasks. |
7.1.2
Carry out software quality
planning |
• Plan software projects, products, and contracts. • Clarify quality needs and requirements. • Clarify product oriented quality needs and requirements. • Clarify process oriented quality needs and requirements. • Figure out how QMS should be tailored. • Establish software quality objectives. • Define each software development stage. • Include all related plans and procedures. • Review plans for projects, products, and contracts. • Ask participating organizations to review your software quality plans. • Approve plans for projects, products, and contracts. • Ask participating organizations to agree before work is carried out. |
7.2 Customer
requirements and guidelines |
7.2.1 Determine requirements related to products |
• Determine your customers' requirements. • Determine your intended use requirements. • Determine your legal product requirements. • Determine your organization's requirements. |
7.2.1.1 Determine customer-related requirements |
• Establish methods for managing software requirements. • Establish methods for developing software requirements. • Establish methods for approving software requirements. • Establish methods for controlling software requirements. • Establish methods for tracing software requirements. • Manage your organization's software requirements. • Clarify requirements for your software. • Specify requirements for your software. • Approve requirements for your software. • Control requirements for your software. |
7.2.1.2 Determine additional product requirements |
• Establish a system requirements analysis process. • Establish a system architectural design process. • Establish a software requirements analysis process. • Establish a formal
requirements engineering process. • Establish system and software quality models. • Establish integrity levels for systems and software. • Establish quality
requirements for COTS
software. |
7.2.2 Consider your product-oriented requirements |
• Review your customers’ product requirements. • Consider product requirements before you agree to supply products. • Verify that product requirements are defined before you agree to supply products. • Confirm that your organization is able to meet customers’ product requirements. • Control changes in customers’ requirements. • Maintain a record of your requirement reviews. |
7.2.2.1 Review contractual issues and concerns |
• Review software tenders, contracts, and orders. • Review the feasibility of meeting required product characteristics. • Review related management responsibilities and requirements. • Review property to be provided by the customer organization. • Review the operating system or hardware platform to be used. • Review the software life cycle processes imposed by customers. • Review the need to control external interfaces with software product. • Review software replication and distribution requirements. • Review legal obligations and regulatory issues and concerns. |
7.2.2.2 Evaluate risk before agreeing to supply software |
• Evaluate risks when reviewing requirements related to products. • Evaluate safety risks when reviewing product requirements. • Evaluate security risks when reviewing product requirements. • Evaluate supplier risks when reviewing product requirements. • Evaluate performance risks when reviewing product requirements. • Evaluate resource risks when reviewing product requirements. • Evaluate scheduling risks when reviewing product requirements. • Evaluate customer risks when reviewing product requirements. • Evaluate user risks when reviewing product requirements. • Re-evaluate risks whenever software development contracts change. • Consider the impact changes in software contracts could have. |
7.2.2.3 Appoint someone to represent the customer |
• Ask customer to appoint someone to represent the customer's interests. • Ask this representative to ensure that customer personnel cooperate. • Ask representative to ensure that information is provided in a timely manner. • Ask representative to ensure that action items are resolved in a timely manner. • Ask this representative to monitor software product life cycle activities. |
7.2.3 Establish effective customer communications |
• Determine effective arrangements for communicating with customers. • Figure out how communications with customers should be handled. • Figure out how important topics should be discussed with customers. • Implement effective arrangements for communicating with customers. • Control how communications with customers are handled. • Control how important topics are discussed with customers. |
7.2.3.1 Consider the type and extent of your contractual obligations |
• Establish suitable methods for communicating with software customers. • Consider the type and scope of your organization's contractual agreements. |
7.2.3.2 Schedule joint reviews during software development projects |
• Schedule joint reviews between your organization and your customer. • Carry out joint reviews on a regular basis and for project events. • Review product oriented information with your customers. • Review contract oriented information with your customers. |
7.2.3.3 Communicate with customers during operations and maintenance |
• Communicate during operations and maintenance. • Share product information with customers. • Discuss enquiries and feedback with customers. |
7.3 Development
requirements and guidelines |
7.3.1 Plan product design and development activities |
• Plan the design and development of your products. • Plan design and development job assignments. • Plan product design and development stages. • Plan interaction between participating groups. • Update planning outputs whenever it is appropriate. |
7.3.1.1 Plan the design and development of software products |
• Develop a disciplined approach to design and development. • Establish a software design and development planning process. • Plan the design and development of your software products. • Address or refer to the activities that should be carried out. • Consider how work should be managed and controlled. • Identify project expectations and related arrangements. • Identify the rules and conventions that must be used. • Identify the methods and models that must be used. • Identify the tools and techniques that must be used. • Identify the hardware and software that must be used. • Identify the controls and procedures that must be used. • Identify how you plan to protect software and information. • Analyze the risks and problems that could affect your project. • Establish your design and development project schedule. • Periodically review and amend design and development plans. |
7.3.1.2 Plan your review, verification, and validation activities |
• Plan your design and development review activities (see 7.3.4). • Plan your design and development verification activities (see 7.3.5). • Plan your design and development validation activities (see 7.3.6). |
7.3.1.3 Plan your design and development work assignments |
• Plan design and development responsibilities and authorities. • Clarify design and development responsibilities and authorities. • Allocate design and development responsibilities and authorities. • Document design and development responsibilities and authorities. |
7.3.1.4 Plan design and development boundaries and interfaces |
• Expect suppliers of design and development services to plan their work. • Expect suppliers to clearly define responsibility interfaces and boundaries. • Gather input from parties who have an interest in design and development. • Consider getting input from parties who have an interest in software installation. • Consider getting input from parties who have an interest in software operation. • Consider getting input from parties who have an interest in software maintenance. • Consider getting input from parties who have an interest in software training. • Define your software design and development interfaces and boundaries. • Review software supplier's design and development planning activities. |
7.3.2 Define product design and development inputs |
• Clarify design and development requirements. • Study similar product designs and identify requirements. • Examine requirements arising from acceptance criteria. • Consider using prototypes to determine requirements. • Identify issues and problems that should be solved.
• Define product design and development inputs. • Define product design and development requirements. • Define your product’s performance requirements. • Define your product’s functional requirements. • Define your product’s regulatory requirements. • Define your product’s statutory requirements. • Define your product's quality requirements. • Define your product's safety requirements. • Define your product's security requirements. • Define system design and development constraints. • Review product design and development inputs. • Review design and development input documents. • Review the adequacy of input definitions. • Review the accuracy of user characteristics. • Review the quality of project management. • Keep records of design and development inputs. |
7.3.3 Generate product design and development outputs |
• Plan your design and development outputs. • Develop outputs that are both accurate and complete. • Develop outputs that can be compared against design inputs. • Develop outputs that specify essential product characteristics. • Develop outputs that support other processes and activities. • Generate design and development outputs. • Use prescribed or chosen methods to document outputs. • Use computer design and development tools to create outputs. • Verify design and development outputs. • Approve design and development outputs. |
7.3.4 Perform product design and development reviews |
• Establish a product design and development review process. • Establish a software product review process that is appropriate. • Establish methods and techniques for monitoring compliance. • Establish procedures for dealing with identified shortcomings. • Plan software product design and development reviews. • Specify what type of design and development review will be done. • Organize your software product design and development reviews. • Perform reviews in accordance with planned arrangements. • Make arrangements to carry out software reviews at suitable stages. • Evaluate how well design and development results meet requirements. • Identify problems and propose actions to address issues and concerns. • Follow up on outstanding problems and actions taken to resolve them. •
Maintain records of your design and development
reviews. • Record the results of design and development reviews. • Record the actions taken to follow-up on these reviews. |
7.3.5 Conduct product design and development verifications |
• Plan product design and development verification activities. • Make arrangements to do design and development verifications. • Perform verifications in accordance with your planned arrangements. • Verify that design and development outputs meet input requirements. • Decide whether verified outputs should be accepted for subsequent use. • Maintain records of your design and development verifications. • Record the results of design and development verifications. • Record actions taken to follow up on your verifications. |
7.3.6 Carry out product design and development validations |
• Plan product design and development validation activities. • Make arrangements to do design and development validations. • Perform validations in accordance with your planned arrangements. • Confirm that product is capable of meeting intended use requirements. • Keep records of design and development validations. • Record results of design and development validations. • Record necessary actions taken to follow up on validations. |
7.3.6.1 Carry out planned software validation activities |
• Plan your software product design and development validation activities. • Consider whether it is feasible or possible to fully validate your software. • Validate your software product before you ask your customer to accept it. • Establish conditions similar to the customer's application environment. • Confirm that software product will meet its operational requirements. • Use other methods when software validation is unfeasible or impossible. • Use configuration audits to confirm that software product meets requirements. • Use analyses, simulations, and emulations to see if requirements are being met. • Establish software product design and development validation records. • Record the results of design and development validation activities. • Record the actions to be taken to meet specified requirements. |
7.3.6.2 Carry out planned software testing activities |
• Consider using tests to validate software. • Establish software testing procedures. • Clarify how testing should be managed. • Plan your software testing activities. • Establish your software testing plans. • Document your software testing plans. • Use testing methods to validate software. • Implement your software testing plans. • Control your software testing environment. • Test the validity of your software products. • Record the results of your testing activities. • Record any limitations to testing activities. • Review software testing plans and activities. |
7.3.7 Control product design and development changes |
• Use configuration management to control changes. • Identify changes in software design and development. • Record changes in software design and development. • Review changes in software design and development. • Verify changes in software design and development. • Validate changes in software design and development. • Approve changes in software design and development. |
7.4 Purchasing
requirements and guidelines |
7.4.1 Manage purchasing process |
• Establish criteria to control your suppliers. • Establish criteria to select your suppliers. • Establish criteria to evaluate your suppliers. • Evaluate suppliers’ ability to supply products. • Evaluate their ability to meet purchase requirements. • Select suppliers that can meet requirements. • Control your organization's product purchasing process. • Ensure that purchases meet specified purchase requirements. • Exert greater control over purchases that influence product realization. • Exert greater control over purchases that influence your final product. |
7.4.1.1 Control purchased products and services |
• Establish control over purchasing process. • Control purchased products and services. • Control the purchase of products. • Control the purchase of software. • Control the purchase of hardware. • Control the purchase of documents. • Control the purchase of services. • Manage purchased product and service risk. • Manage the risks associated with purchased products. • Manage the risks associated with purchased services. |
7.4.1.2 Control the use of external resources |
• Control the use of external documents. • Control the use of user documentation. • Control the use of product documentation. • Control the use of training courses and materials. • Control the use of external personnel. • Control the use of external suppliers. |
7.4.2 Clarify purchasing information |
• Specify your purchasing requirements. • Specify your product requirements. • Specify your process requirements. • Specify your procedure requirements. • Specify your equipment requirements. • Specify your personnel requirements. • Specify your service requirements. • Specify your QMS requirements. • Approve your purchasing requirements. |
7.4.3 Verify purchased products |
• Establish your purchase verification and inspection methods. • Figure out how to verify that products meet requirements. • Figure out how to verify purchased software and services. • Figure out how to verify purchased or obtained data. • Implement your purchase verification and inspection methods. • Verify that purchased products meet your purchase requirements. • Verify that purchased software and services meet requirements. • Verify that purchased or obtained data meets requirements. |
7.5 Production
requirements and guidelines |
7.5.1 Control production and service provision |
• Plan production, post-production, and service delivery activities. • Determine how you're going to control production and service provision. • Figure out how to use information to control production and service provision. • Figure out how to use measurement to control production and service provision. • Figure out how to use monitoring to control production and service provision. • Figure out how to use equipment to control production and service provision. • Determine how you're going to control your post-production activities. • Control production, post-production, and service provision. |
7.5.1.1 Control software production and service activities |
• Control software production and service provision. • Control software build, release, and replication activities. • Control software delivery and installation activities. • Control software post-delivery service activities. |
7.5.1.2 Control software build and release activities |
• Set up a process to control software build and release activities. • Define how constituent software items should be controlled. • Define how software releases should be classified or categorized. • Define how software product update decisions should be made. • Control your organization's software build and release activities. |
7.5.1.3 Control software replication activities |
• Set up a process to control software replication activities. • Control your organization's software replication activities. • Control your software replication environment. • Control identities of software masters and copies. • Control the media that will be used for each item. • Control your software product documentation. • Verify the correctness and completeness of your copies. |
7.5.1.4 Control software product delivery activities |
• Set up a process to control software delivery. • Control the physical delivery of software. • Preserve software items during physical delivery. • Control the electronic delivery of software. • Preserve software items during electronic delivery. |
7.5.1.5 Control software product installation activities |
• Control how customers and third parties install software. • Describe the steps that customers and third parties should take. • Plan the rollout and installation of new products and new releases. • Control how your organization's people install software. • Plan how staff install new products and new releases. • Describe how your personnel should install software. • Clarify software installation roles and responsibilities. • Determine software installation tasks and obligations. • Assign software installation roles and responsibilities. • Use agreements to formalize roles and responsibilities. |
7.5.1.6 Control software operation and support activities |
• Control your software operation and support activities. • Determine whether or not you need to communicate with customers. • Determine whether or not you need to provide ongoing support. • Control your software operation and support activities. • Control electronic communications with your software customers. • Control arrangements made to provide ongoing support services. |
7.5.1.7 Control software product maintenance activities |
• Establish a process to control software maintenance activities. • Control your organization's software maintenance activities. • Control software maintenance services provided to customers. • Control maintenance of your software development environment. • Maintain a record of your software maintenance activities. |
7.5.2 Validate processes if outputs cannot be verified |
• Identify processes whose outputs cannot be fully verified until it's too late. • Identify production processes whose outputs can't be verified until it's too late. • Identify output deficiencies that are noticed only after the product is in use. • Identify service provision processes that generate outputs that can't be verified. • Identify output deficiencies that are noticed only after service is delivered. • Develop arrangements to validate processes when outputs can't be fully verified. • Develop arrangements to validate these special production processes. • Develop arrangements to validate these special service provision processes. • Validate processes whenever outputs can't be fully verified until it's too late. • Validate production processes whenever outputs can't be properly verified. • Demonstrate that these production processes can achieve planned results. • Validate service provision processes whenever outputs can't be properly verified. • Demonstrate that these service provision processes can achieve planned results. • Establish methods to compensate for your inability to fully verify products. • Select methods that are commensurate with the risks you are taking. • Consider what could happen if design and development fails. |
7.5.3
Identify your products and establish traceability |
• Consider using configuration management to identify and track your products. • Establish the unique identity of your organization’s products (when appropriate). • Identify the monitoring and measurement status of your organization’s products. • Preserve the identity of your products throughout product realization process. |
7.5.3.1 Use configuration management to identify and track software |
• Consider using configuration management to identify and track software items. • Select configuration management methods that respect the risk you are taking. • Select methods that are commensurate with project size and complexity. • Use configuration management to provide technical and administrative direction. • Use it to manage your software design, development, and support activities. • Use it to ensure that product's present configuration and status is fully visible. |
7.5.3.2 Clarify scope of software configuration management process |
• Define the scope of software configuration management process. • Use configuration management to control software planning. • Use configuration management to control software identities. • Use configuration management to control software updates. • Use configuration management to control software evaluations. • Use configuration management to control software releases. • Use configuration management to control software delivery. |
7.5.3.3 Establish a process to trace your software components |
• Establish a process to trace components of software items and products. • Establish a process that meets both contractual and marketplace requirements. • Use your process to trace software components throughout their life cycle. • Use your process to trace the destination of each version of your product. • Use your process to trace changes back to specific change requests. |
7.5.4 Protect customer property supplied for products |
• Identify property provided by customers for use or incorporation into products. • Identify information that will be used by or included in your product. • Identify data that will be used by or included in your product. • Identify environments that will be used by or included in your product. • Identify specifications that will be used by or included in your product. • Identify software that will be used by or included in your product. • Identify hardware that will be used by or included in your product. • Verify property provided by customers for use or incorporation into your products. • Define how updates to customer-supplied items are accepted and integrated. • Consider how to protect customer property that is used by or included in your products. • Protect property provided by customers for use or incorporation into your products. • Maintain a record of customer property that is lost, damaged, or unsuitable. |
7.5.5 Preserve software products and components |
• Preserve products and components during internal processing and delivery. • Maintain conformity to requirements during internal processing and delivery. • Protect software products from the point of production through to delivery. • Plan how you're going to protect and preserve your software products. • Preserve software products during replication, handling, storage, and delivery. |
7.6 Measurement
requirements and guidelines |
• Identify your organization’s monitoring and measuring needs and requirements. • Develop processes to ensure that monitoring and measuring can actually be done. • Confirm that software used to monitor and measure requirements can do the job. • Select equipment that meets your monitoring and measuring needs and requirements. • Use configuration management systems to control monitoring and measuring devices. • Establish an identification system to ensure that calibration status is always clear. • Calibrate or verify measuring equipment in order to ensure that results are valid. • Adjust or re-adjust your measuring equipment to make sure that results are valid. • Maintain a record of equipment calibration and verification activities and results. • Safeguard measuring equipment from adjustments that invalidate measurement results. • Protect your organization's measuring equipment from damage and deterioration. • Evaluate the validity of previous measurements if equipment fails to meet requirements. |
8.1 Planning
requirements and guidelines |
• Plan your monitoring, measurement, analysis, and improvement processes. • Plan how these processes will be used to show conformity and make improvements. • Implement monitoring, measurement, analytical, and improvement processes. • Use these processes to demonstrate conformity and make improvements. • Use monitoring to demonstrate conformity and make improvements. • Use measurement to demonstrate conformity and make improvements. • Use analytics to demonstrate conformity and make improvements. |
8.2 Research
requirements and guidelines |
8.2.1 Monitor and measure customer satisfaction |
• Determine methods for monitoring and measuring customer satisfaction (perceptions). • Establish methods that can find out how well customer requirements are being met. • Figure out how you’re going to get customer satisfaction (perception) information. • Figure out how you’re going to use customer satisfaction (perception) information. • Use your methods to monitor and measure customer satisfaction (their perceptions). • Use customer satisfaction information as a measure of QMS performance. |
8.2.2 Perform internal audits at planned intervals |
• Establish your organization's internal audit procedure. • Document your organization's internal audit procedure. • Specify how internal audits should be planned. • Specify how internal audits should be performed. • Specify how internal audit records should be kept. • Specify how internal audit results should be reported. • Implement your organization's internal audit procedure. • Maintain your organization's internal audit procedure. • Plan your organization's internal audit program. • Use your audit procedure to plan your audits. • Clarify the scope of your internal audit. • Establish your internal audit criteria. • Examine the results of previous audits. • Define and record your audit methods. • Consider the status and importance of audit areas. • Select impartial and objective internal auditors. • Specify how often audits should be performed. • Carry out your internal audits at planned intervals. • Determine if your organization's QMS meets specified requirements. • Determine if your organization's QMS conforms to planned arrangements. • Determine if your organization's QMS has been effectively implemented. • Eliminate all detected nonconformities and causes. • Follow-up on steps taken to resolve nonconformities. • Maintain a record of your audit activities and results. |
8.2.3 Find out if processes achieve planned results |
• Determine suitable methods to monitor and measure QMS processes. • Select methods that can find out if planned results are being achieved. • Select methods that are appropriate for each type of QMS process. • Apply suitable methods to monitor and measure each QMS process. • Determine whether or not each QMS process is achieving planned results. • Take remedial action whenever processes fail to achieve planned results. • Make corrections whenever a process fails to achieve planned results. • Apply corrective action whenever a process fails to achieve planned results. |
8.2.4 Verify that quality requirements are being met |
• Monitor and measure product and service characteristics. • Determine how well quality requirements are being met. • Use reviews to determine how well quality requirements are being met. • Use validations to determine how well quality requirements are being met. • Use verifications to determine how well quality requirements are being met. • Verify that product and service requirements are being met. • Verify products in accordance with planned arrangements. • Verify products at applicable stages during product realization. • Verify services in accordance with planned arrangements. • Verify services at applicable stages during service realization. • Decide if products should be released and services delivered. • Record product and service monitoring and measurement activities. • Retain evidence which shows that product acceptance criteria are being met. • Retain evidence which shows that service acceptance criteria are being met. |
8.3 Control
requirements and guidelines |
• Establish a nonconforming products procedure. • Document your nonconforming products procedure. • Document nonconforming product responsibilities. • Document how nonconforming products are identified. • Document when nonconforming products are controlled. • Document how nonconforming products are controlled. • Document how nonconforming products are recorded. • Document how nonconforming products are reported. • Implement nonconforming products procedure. • Identify your nonconforming products. • Investigate nonconforming products. • Prioritize software nonconformities. • Specify when controls are applied. • Control nonconforming products. • Prevent unintended use or delivery. • Eliminate detected nonconformities. • Address the effects of nonconforming products. • Authorize nonconforming product concessions. • Report discovered software problems and impacts. • Maintain a record of all product nonconformities. • Track the investigation and resolution of nonconformities. • Maintain nonconforming products procedure. |
8.4 Analytical
requirements and guidelines |
• Determine QMS data needs and requirements. • Identify the data needed to demonstrate that your QMS is suitable. • Identify the data needed to demonstrate that your QMS is effective. • Identify the data needed to improve QMS effectiveness. • Collect data about your organization’s QMS. • Monitor your organization’s QMS. • Measure your organization’s QMS. • Provide information by analyzing QMS data. • Provide information about your customers. • Provide information about your suppliers. • Provide information about your products. • Provide information about your processes. |
8.5
Implementation requirements and guidelines |
8.5.1 Improve quality management system |
• Establish an improvement process. • Apply it to software life cycle processes. • Improve the effectiveness of your QMS. • Use audit results to continually improve the effectiveness of your QMS. • Use data analysis to continually improve the effectiveness of your QMS. • Use quality policy to continually improve the effectiveness of your QMS. • Use quality objectives to continually improve the effectiveness of your QMS. • Use corrective actions to continually improve the effectiveness of your QMS. • Use preventive actions to continually improve the effectiveness of your QMS. • Use management reviews to continually improve the effectiveness of your QMS. |
8.5.2 Correct actual nonconformities |
• Establish a corrective action procedure. • Figure out how you're going to prevent the recurrence of actual nonconformities. • Figure out how you're going to manage and control your corrective actions. • Document a corrective action procedure. • Describe how actual nonconformities will be analyzed. • Describe how actual causes will be determined. • Describe how corrective actions will be managed. • Implement a corrective action procedure. • Analyze actual nonconformities. • Identify causes and study effects. • Evaluate the need for action. • Formulate corrective action. • Authorize corrective action. • Take timely corrective action. • Record corrective action results. • Review past corrective actions. • Maintain a corrective action procedure. |
8.5.3 Prevent potential nonconformities |
• Establish a preventive action procedure. • Figure out how you're going to prevent the occurrence of potential nonconformities. • Figure out how you're going to identify and anticipate potential process problems. • Document a preventive action procedure. • Describe how potential nonconformities will be identified and selected. • Describe how preventive actions will be managed and controlled. • Implement a preventive action procedure. • Identify potential nonconformities. • Determine causes of potential nonconformities. • Evaluate the need for action. • Formulate preventive actions. • Authorize preventive actions. • Take timely preventive actions. • Record preventive action results. • Review prior preventive actions.
• Maintain a preventive action procedure. |
Also see ISO 20000 on IT service management and ISO IEC 27001 on information security. |
Praxiom Research Group Limited help@praxiom.com 780-461-4514 |
|||
Updated on February 6, 2021. First published on December 27, 2016. |
|||
Legal Restrictions on
the Use of this Page
Copyright © 2016 - 2021 by Praxiom Research Group Limited. All Rights Reserved. |