Practical Support for ISO 9001 Software Project Documentation

Using IEEE Software Engineering Standards

Susan K. Land John W. Walz

IEEE

COMPUTER SOCIETY

,WILEY-INTERSCIENCE

A WILEY-INTERSCIENCE PUBLICATION

Contents

Preface xiii

1 Introduction and Overview 1 Introduction 1

Whatis ISO 9001? 3 What ISO 9001 is Not 4 What are Standards? 5

2 Summaryof ISO 9001 7 ISO 9001 Principles 7

Why Should My Organization Implement ISO 9001 ? 8 How Does the ISO 9001 Model Work? 8 What If My Organization Implements ISO 9001 ? 9 ISO 9001 Audits 9 ISO 9001 Conformance, Registration, and Accreditation 10 Basic Business Model for Software Engineering Organizations 10 Conformance Pathways 11 ISO 9001 Benefits 11

3 Relationship to Software Engineering Standards 15 Standards Organizations 15

ISO Technical Committee 176 on Quality Management and 15 Quality Assurance

International Electrotechnical Commission 16 ISO/IECJoint Technical Committee 001 16 ISO/IEC JTCl SC7 Software and Systems Engineering Standards 16

Committee American National Standards Institute 17 Institute of Electrical and Electronics Engineers 18 IEEE S2ESC Software and Systems Engineering Standards 19

Committee ISO/IEC JTCl SC7 Software and Systems Engineering Standards 20

Committee (S2ESC) Relationships Among ISO 9001, ISO 90003, IEEE 12207 and 20

ISO/IEC 15504

vi Contents

Software Engineering Body of Knowledge (SWEBOK) 21 Capability Maturity Model Integrated (CMMI) 22

4 Implementation Guidance 25 Improvement Frameworks Selection 25

Plan, Do, Check, Act (PDCA) Cycle 25 IDEAL (Initiating, Diagnosing, Establishing, Acting, and Learning) 25

Model Set Context 26

Business Improvement through ISO 9001 Implementation 27 Customer and Investor Confidence through ISO 9001 Implementation 27

Build Sponsorship 28 Improvement Project Stakeholders 28

Charter Infrastructure 28 Establish Steering Committee and Process Group 29 Software Engineering Training 29

Characterize Current and Desired States 30 Perform Gap Analysis 31 Perform Self-Audit Using ISO 9001 Criteria 31

Develop Recommendations 32 Set Priorities 32 Develop the Approach 33

Goal-Driven Implementation 33 Plan Actions 33

Baseline Processes 34 Create Solution 36 Pilot/Test Solution 36 Refine Solution 37 Implement Solution 37 Analyze and Validate 37

ISO 9001 Registration Steps 37 Propose Future Actions 38 Implementation Pitfalls 38

Being Overly Prescriptive 38 Remaining Confined to a Specific Stage 39 Documentation, Documentation 39 Lack of Incentives 3 9 No Measurements 39

Conclusion 40

5 12207 Primary Life Cycle Processes and ISO 9001 43 Software Life Cycle (SLC) Selection and Design 43

Waterfall 44 Modified Waterfall 44 V-Shaped 44 Incremental 44

5

Spiral Synchronize and Stabilize Rapid Prototype for New Projects Code-and-Fix

IEEE 12207 Processes Acquisition

ISO 9001 Goals Software Acquisition Plan Software Acquisition Plan Document Guidance Concept of Operations Concept of Operations (ConOps) Document Guidance Decision Tree Analysis

Supply ISO 9001 Goals Request for Proposal Request for Proposal (RFP) Guidance Joint Customer Technical Reviews Software Project Management Plan Software Project Management Plan Document Guidance

Development ISO 9001 Goals System Requirements Analysis System Requirements Specification System Requirements Specification Document Guidance Software Requirements Analysis Software Requirements Specification Software Requirements Specification Document Guidance Software Design Document Software Design Document Guidance Interface Control Document Interface Control Document Guidance

Operation ISO 9001 Goals User's Manual User's Manual Document Guidance

Maintenance ISO 9001 Goals Transition Plan

12207 Supporting Life Cycle Processes and ISO 9001 Supporting Processes

ISO 9001 Goals Documentation

ISO 9001 Goals Quality Manual Configuration Management Record

Contents vn

45 45 45 45 46 47 47 50 50 53 53 57 58 60 61 61 63 65 65

069 70 75 75 75 80 80 80 84 84 88 88 91 92 93 93 95 96 96

103 103 103 105 105 106 108

viii Contents

Configuration Management 108 ISO 9001 Goals 109 Software Configuration Management Plan 110 Software Configuration Management Plan Document Guidance 110

Quality Assurance 121 ISO 9001 Goals 122 Software Quality Assurance Plan 122 Software Quality Assurance Plan Document Guidance 123

Verification 134 ISO 9001 Goals 134 Inspections 135 Walk-throughs 140

Validation 144 ISO 9001 Goals 144 Software Test Plan 144 Software Test Plan Document Guidance 144

System Test Plan 155 Joint Review 172

ISO 9001 Goals 172 Technical Reviews 173 Management Reviews 176

Audit 179 ISO 9001 Goals 180 Audits 180 Software Measurement and Measures Plan 184 Software Measurement and Measures Plan Document Guidance 184

Problem Resolution 191 ISO 9001 Goals 191 Risk Management Plan 192 Probability/Impact Risk Rating Matrix 196

7 12207 Organizational Processes and ISO 9001 197 ISO 9001 Goals 197 Management 197

ISO 9001 Goals 199 Software Requirements Management Plan 201 Software Requirements Management Plan Document Guidance 202 Software Project Management Plan 212 Software Project Management Plan Document Guidance 212 Stakeholder Involvement 218 Work Breakdown Structure (WBS) 218 Work Breakdown Structure (WBS) for Postdevelopment Stage 219

Infrastructure 220 ISO 9001 Goals 220 Organization's Set of Standard Processes 222

Contents ix

Improvement 222 ISO 9001 Goals 222 Engineering Process Group Charter 225 Process Action Plan (PAP) 226 Tailoring Guidelines 227

Training 229 ISO 9001 Goals 229 Training Plan 229

8 ISO 9001 for Small Projects 235 Introduction to ISO 9001 for Small Projects 235 Project Management Plan—Small Projects 236

Appendix A. IEEE Standards Abstracts 247

Appendix B. Comparison of ISO 9001 to IEEE Standards 259

Appendix C. Work Products 269 Acquisition 269

Make/Buy Decision Matrix 269 Alternative Solution Screening Criteria Matrix 269 Cost-Benefit Ratio 269

Supply 272 Recommendations for Software Acquisition 272 Organizational Acquisition Strategy Checklist 272 Supplier Evaluation Criteria 272 Supplier Performance Standards 273

Development 274 Requirements Traceability 274 Software Development Standards Description 274 System Architectural Design Description 279 Software Architectural Design Description 279 Database Design Description 280 Software Architecture Design Success Factors and Pitfalls 280 UMLModeling 281 Unit Test Report 282 Unit Test Report Document Guidance 283 System Integration Test Report 290 System Integration Test Report Document Guidance 290

Operation 294 Product Packaging Information 294

Maintenance 294 Change Enhancement Requests 294 Baseline Change Request 294 Work Breakdown Structure for Postdeployment 297

Contents

Software Change Request Procedures 306 Quality Assurance 309

Example Life Cycle 309 Minimum Set of Software Reviews 316 SQA Inspection Log 317 Inspection Log Description 317

Verification 319 Inspection Log Defect Summary 319 Inspection Log Defect Summary Description 319 Inspection Report 319 Inspection Report Description 321 Requirements Walk-through Form 322 Software Project Plan Walk-through Checklist 322 Preliminary Design Walk-through Checklist 322 Detailed Design Walk-through Checklist 323 Program Code Walk-through Checklist 323 Test Plan Walk-through Checklist 324 Walk-through Summary Report 324 Classic Anomaly Class Categories 325 Validation 326 Examples of System Testing 331 Test Design Specification 332 Test Case Specification 333 Test Procedure Specification 334 Test Item Transmittal Report 335 Test Log 336 Test Incident Report 337 Test Summary Report 338

Joint Review 339 Open Issues List 339

Audit 339 Status Reviews 339 Critical Dependencies Tracking 341 List of Measures for Reliable Software 341 Example Measures 341 Measurement Information Model in ISO/IEC 15939 364

Problem Resolution 364 Risk Taxonomy 364 Risk Taxonomy Questionnaire 364 Risk Action Request 364 Risk Mitigation Plan 364 Risk Matrix Sample 366

Management 366 Work Breakdown Structure 366 Work Flow Diagram 367

Contents xi

Stakeholder Involvement Matrix 372 Infrastructure 373

Organizational Policy Examples 373 Definition Form 375 Asset Library Catalog 375

Improvement 377 Organizational Improvement Checklist 377 Organization Process Appraisal Checklist 377 Lessons Learned 377 Measures Definition for Organizational Processes 382

Training 384 Training Log 384

Appendix D. ISO/IEC Guidance 387

ISO 9001:2000 Mapping to ISO/IEC Standards 387

Appendix E. ISO/IEC 90003 Mapping to ISO/IEC 12207 391

Appendix F. CD ROM Reference Summary 399

References 401 IEEE Publications 401 ISO Publications 403 Other References 404

Index 407

About the Authors 417