Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Practical Support for ISO 9001 Software Project Documentation
Using IEEE Software Engineering Standards
Susan K. Land John W. Walz
IEEE
COMPUTER SOCIETY
,WILEY-INTERSCIENCE
A WILEY-INTERSCIENCE PUBLICATION
Contents
Preface xiii
1 Introduction and Overview 1 Introduction 1
Whatis ISO 9001? 3 What ISO 9001 is Not 4 What are Standards? 5
2 Summaryof ISO 9001 7 ISO 9001 Principles 7
Why Should My Organization Implement ISO 9001 ? 8 How Does the ISO 9001 Model Work? 8 What If My Organization Implements ISO 9001 ? 9 ISO 9001 Audits 9 ISO 9001 Conformance, Registration, and Accreditation 10 Basic Business Model for Software Engineering Organizations 10 Conformance Pathways 11 ISO 9001 Benefits 11
3 Relationship to Software Engineering Standards 15 Standards Organizations 15
ISO Technical Committee 176 on Quality Management and 15 Quality Assurance
International Electrotechnical Commission 16 ISO/IECJoint Technical Committee 001 16 ISO/IEC JTCl SC7 Software and Systems Engineering Standards 16
Committee American National Standards Institute 17 Institute of Electrical and Electronics Engineers 18 IEEE S2ESC Software and Systems Engineering Standards 19
Committee ISO/IEC JTCl SC7 Software and Systems Engineering Standards 20
Committee (S2ESC) Relationships Among ISO 9001, ISO 90003, IEEE 12207 and 20
ISO/IEC 15504
vi Contents
Software Engineering Body of Knowledge (SWEBOK) 21 Capability Maturity Model Integrated (CMMI) 22
4 Implementation Guidance 25 Improvement Frameworks Selection 25
Plan, Do, Check, Act (PDCA) Cycle 25 IDEAL (Initiating, Diagnosing, Establishing, Acting, and Learning) 25
Model Set Context 26
Business Improvement through ISO 9001 Implementation 27 Customer and Investor Confidence through ISO 9001 Implementation 27
Build Sponsorship 28 Improvement Project Stakeholders 28
Charter Infrastructure 28 Establish Steering Committee and Process Group 29 Software Engineering Training 29
Characterize Current and Desired States 30 Perform Gap Analysis 31 Perform Self-Audit Using ISO 9001 Criteria 31
Develop Recommendations 32 Set Priorities 32 Develop the Approach 33
Goal-Driven Implementation 33 Plan Actions 33
Baseline Processes 34 Create Solution 36 Pilot/Test Solution 36 Refine Solution 37 Implement Solution 37 Analyze and Validate 37
ISO 9001 Registration Steps 37 Propose Future Actions 38 Implementation Pitfalls 38
Being Overly Prescriptive 38 Remaining Confined to a Specific Stage 39 Documentation, Documentation 39 Lack of Incentives 3 9 No Measurements 39
Conclusion 40
5 12207 Primary Life Cycle Processes and ISO 9001 43 Software Life Cycle (SLC) Selection and Design 43
Waterfall 44 Modified Waterfall 44 V-Shaped 44 Incremental 44
5
Spiral Synchronize and Stabilize Rapid Prototype for New Projects Code-and-Fix
IEEE 12207 Processes Acquisition
ISO 9001 Goals Software Acquisition Plan Software Acquisition Plan Document Guidance Concept of Operations Concept of Operations (ConOps) Document Guidance Decision Tree Analysis
Supply ISO 9001 Goals Request for Proposal Request for Proposal (RFP) Guidance Joint Customer Technical Reviews Software Project Management Plan Software Project Management Plan Document Guidance
Development ISO 9001 Goals System Requirements Analysis System Requirements Specification System Requirements Specification Document Guidance Software Requirements Analysis Software Requirements Specification Software Requirements Specification Document Guidance Software Design Document Software Design Document Guidance Interface Control Document Interface Control Document Guidance
Operation ISO 9001 Goals User's Manual User's Manual Document Guidance
Maintenance ISO 9001 Goals Transition Plan
12207 Supporting Life Cycle Processes and ISO 9001 Supporting Processes
ISO 9001 Goals Documentation
ISO 9001 Goals Quality Manual Configuration Management Record
Contents vn
45 45 45 45 46 47 47 50 50 53 53 57 58 60 61 61 63 65 65
069 70 75 75 75 80 80 80 84 84 88 88 91 92 93 93 95 96 96
103 103 103 105 105 106 108
viii Contents
Configuration Management 108 ISO 9001 Goals 109 Software Configuration Management Plan 110 Software Configuration Management Plan Document Guidance 110
Quality Assurance 121 ISO 9001 Goals 122 Software Quality Assurance Plan 122 Software Quality Assurance Plan Document Guidance 123
Verification 134 ISO 9001 Goals 134 Inspections 135 Walk-throughs 140
Validation 144 ISO 9001 Goals 144 Software Test Plan 144 Software Test Plan Document Guidance 144
System Test Plan 155 Joint Review 172
ISO 9001 Goals 172 Technical Reviews 173 Management Reviews 176
Audit 179 ISO 9001 Goals 180 Audits 180 Software Measurement and Measures Plan 184 Software Measurement and Measures Plan Document Guidance 184
Problem Resolution 191 ISO 9001 Goals 191 Risk Management Plan 192 Probability/Impact Risk Rating Matrix 196
7 12207 Organizational Processes and ISO 9001 197 ISO 9001 Goals 197 Management 197
ISO 9001 Goals 199 Software Requirements Management Plan 201 Software Requirements Management Plan Document Guidance 202 Software Project Management Plan 212 Software Project Management Plan Document Guidance 212 Stakeholder Involvement 218 Work Breakdown Structure (WBS) 218 Work Breakdown Structure (WBS) for Postdevelopment Stage 219
Infrastructure 220 ISO 9001 Goals 220 Organization's Set of Standard Processes 222
Contents ix
Improvement 222 ISO 9001 Goals 222 Engineering Process Group Charter 225 Process Action Plan (PAP) 226 Tailoring Guidelines 227
Training 229 ISO 9001 Goals 229 Training Plan 229
8 ISO 9001 for Small Projects 235 Introduction to ISO 9001 for Small Projects 235 Project Management Plan—Small Projects 236
Appendix A. IEEE Standards Abstracts 247
Appendix B. Comparison of ISO 9001 to IEEE Standards 259
Appendix C. Work Products 269 Acquisition 269
Make/Buy Decision Matrix 269 Alternative Solution Screening Criteria Matrix 269 Cost-Benefit Ratio 269
Supply 272 Recommendations for Software Acquisition 272 Organizational Acquisition Strategy Checklist 272 Supplier Evaluation Criteria 272 Supplier Performance Standards 273
Development 274 Requirements Traceability 274 Software Development Standards Description 274 System Architectural Design Description 279 Software Architectural Design Description 279 Database Design Description 280 Software Architecture Design Success Factors and Pitfalls 280 UMLModeling 281 Unit Test Report 282 Unit Test Report Document Guidance 283 System Integration Test Report 290 System Integration Test Report Document Guidance 290
Operation 294 Product Packaging Information 294
Maintenance 294 Change Enhancement Requests 294 Baseline Change Request 294 Work Breakdown Structure for Postdeployment 297
Contents
Software Change Request Procedures 306 Quality Assurance 309
Example Life Cycle 309 Minimum Set of Software Reviews 316 SQA Inspection Log 317 Inspection Log Description 317
Verification 319 Inspection Log Defect Summary 319 Inspection Log Defect Summary Description 319 Inspection Report 319 Inspection Report Description 321 Requirements Walk-through Form 322 Software Project Plan Walk-through Checklist 322 Preliminary Design Walk-through Checklist 322 Detailed Design Walk-through Checklist 323 Program Code Walk-through Checklist 323 Test Plan Walk-through Checklist 324 Walk-through Summary Report 324 Classic Anomaly Class Categories 325 Validation 326 Examples of System Testing 331 Test Design Specification 332 Test Case Specification 333 Test Procedure Specification 334 Test Item Transmittal Report 335 Test Log 336 Test Incident Report 337 Test Summary Report 338
Joint Review 339 Open Issues List 339
Audit 339 Status Reviews 339 Critical Dependencies Tracking 341 List of Measures for Reliable Software 341 Example Measures 341 Measurement Information Model in ISO/IEC 15939 364
Problem Resolution 364 Risk Taxonomy 364 Risk Taxonomy Questionnaire 364 Risk Action Request 364 Risk Mitigation Plan 364 Risk Matrix Sample 366
Management 366 Work Breakdown Structure 366 Work Flow Diagram 367
Contents xi
Stakeholder Involvement Matrix 372 Infrastructure 373
Organizational Policy Examples 373 Definition Form 375 Asset Library Catalog 375
Improvement 377 Organizational Improvement Checklist 377 Organization Process Appraisal Checklist 377 Lessons Learned 377 Measures Definition for Organizational Processes 382
Training 384 Training Log 384
Appendix D. ISO/IEC Guidance 387
ISO 9001:2000 Mapping to ISO/IEC Standards 387
Appendix E. ISO/IEC 90003 Mapping to ISO/IEC 12207 391
Appendix F. CD ROM Reference Summary 399
References 401 IEEE Publications 401 ISO Publications 403 Other References 404
Index 407
About the Authors 417