Software engineering - Guidelines for the application of ISO 9001:2000 to computer software
Some standard content:
ICS03.120.10
iTKAoNrKAa=
qUE-ei-aC-e-ae-Ceranc-CBC-Nca-TYKAbNrKAcaNational Standard of the People's Republic of China
+GB/T19003—2008/ISO/IEC90003:2004Software Engineering
GB/T19001—2000 Application to
Guidelines for Computer Software
JXCAD first release is for learning purposes only! (SO/IEC 90003:2004.IDT
2008-06-18Issued
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China to Quality Trust
Standardization Administration of the People's Republic of China
2008-11-01Implementation
ISOForeword
1 Scope
1.2 Application
Normative references
Terms and definitions
Quality management system
General requirements
Document requirements
Quality manual
Document control
TKAONrKAa-
qLE-i-aC-ec-ae-Ceraic-CBC-Neca-ITYKAbNrKAcaGB/T190032008/1SO/IEC900 03.2004JXCAD first release, for learning purposes only!
5.2 Customer focus
5.3 Quality policy
5.4 Planning
5.4.1 Quality objectives
5.4.2 Quality management system planning
5.5 Responsibility, authority and communication
5.5.1 Responsibility and authority
5.5.2 Management representative
5.5.3 Internal communication
5.6 Management review
5.6.2 Review input
Review output
Resource management
Resource provision
Human resources
Capability, awareness and training
Infrastructure
Work environment
GB/T19003-2008/ISO/IEC90 003:20047.1 Planning of product realization
7.1.1 Software life cycle
Quality planning·
7.2 Customer-related processes
Determination of product-related requirements
Review of product-related requirements
Customer communication:
Design and development
Design and development planning
Design and development input
Design and development output
Design and development review·
Design and development verification
Design and development validation
Control of design and development changes
7.4 Procurement+
Procurement process·
Procurement information
7.4.3 Verification of purchased product,
-KAONKAa-
qLE-e i-aC-eC-ae-Ceranc-CB-Neca-ITYKAbNrKAca10
JXCAD is for learning purposes only!
7.5.3 Identification and traceability
7.5.4 Customer property.
7.5.5 Product protection.
7.6 Control of monitoring and measuring devices
8 Measurement, analysis and improvement|| tt||8.1 General..
8.2 Monitoring and measurement
8.2.1 Customer satisfaction
8.2.2 Internal audit
8.2.3 Monitoring and measurement of processes
8.2.4 Monitoring and measurement of products
8.3 Control of nonconforming products
8.4 Data analysis.…
8.5 Improvement*
8.5.1 Continuous improvement
8.5.2 Corrective action
8.5.3 Preventive measures
Appendix A (Informative Appendix) Other guidelines in ISO/IECJTC1/SC7 and ISO/TC176 standards that can be used for the implementation of GB/T 19001-2000
+++++++++.
Appendix BC (Informative Appendix) Planning comparison table related to this standard and ISO/IEC12207 standard References
iKAoNrKAca=
qLE-ei-aC-ec-ae-Ceraic-CBc-Neca-nYKAbNrKAcaGB/T 19003-2008/IS0/IEC90003:2004 This standard is equivalent to ISO/IEC90003:2004 Software Engineering - Guidelines for the application of ISO9001:2000 to computer software. This standard is a component of GB/T19000 standard and is consistent with it. Appendix A and Appendix B of this standard are informative appendices. This standard is proposed and managed by China National Institute of Standardization. This standard is drafted by China National Institute of Standardization. Participating drafting units of this standard: Electronic Industry Standardization Institute of the Ministry of Information Industry, China Aerospace Standardization Institute. The main drafters of this standard: Xian Kuitong, Liu Hui, Gui Ling, Ye Ruyi, Zhan Junfeng, Liu Jiangying, Wang Yiyan. First released by JXCAD, for learning purposes only!
GB/T19003-—2008/IS0/IEC90003.2004ISO Foreword
iTKAoNrKAa=
qLE-i-aC-eC-ae-Ceranc-CBC-Neca-ITYKAbNrKAcaThe International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) are worldwide specialized organizations for standardization: national member groups (all of which are members of ISO or IEC) participate in the formulation of international standards for specific scopes through various technical committees established by international organizations. ISO and IEC technical committees cooperate in areas of common interest. Other official or non-official international organizations associated with ISO and IEC also participate in the formulation of international standards. International standards follow the rules of Part 2 of the ISO/IEC Directives. In the field of information technology, ISO and IEC have established a joint technical committee (ISO/IECJITC1). The draft international standards passed by the joint technical committee are submitted to the member groups for voting. They must be approved by at least 75% of the member groups participating in the voting before they can be officially published as international standards.
Some of the contents in this standard may involve some patent rights issues. Attention should be paid to this. ISO and IEC are not responsible for identifying any such patent rights issues.
International standard ISO/IEC90003 was developed by ISO/IECJTC1/SC7 Joint Technical Committee Information Technology (Software and System Engineering). bZxz.net
This standard is the first version of ISO/IEC90003, replacing ISO9000-3:1997 version developed by ISO/TC176/SC2, and is consistent with ISO9001:2000 version.
JXCAD first release, for learning purposes only!
KAONKAa=
qUE-ei-aC-eC-ae-eraac-CBC-Neca-ITYKAbNrKAcaGB/T19003—2008/IS0/IEC90003:2004 This standard provides guidance for the application of GB/T 19001-2000 in the acquisition, provision, development, operation and maintenance of computer software by organizations.
This standard addresses issues that require attention and its application is independent of the technology used, life cycle model, development process, activity sequence and organizational structure. This guide and the issues it addresses are intended to be comprehensive, but not exhaustive. When the scope of an organization's activities includes other areas in addition to software development, the relationship between the software part and other parts of the organization's quality management system should be clarified, integrated into an overall quality management system, and documented. Although Chapters 4, 5, 6 and parts of Chapter 8 of GB/T 19001-2000 do have some impact on the project/product level, they are mainly applied at the global level of the organization. For each project or product development, the relevant parts of the organization's quality management system can be tailored to meet the needs of specific projects/products. GB/T19001-2000 uses "shall" to indicate regulations that are binding on both parties or multiple parties, "should" to indicate a recommendation among many possibilities, and "may" to indicate practices allowed under the restrictions of GB/T19001-2000. In this standard, should and may have the same meaning as GB/T19001-2000, that is, "should" is used to indicate a recommendation among many possibilities, and "may" is used to indicate practices allowed under the restrictions of this standard. The quality management system for software development, operation or maintenance established based on this standard can select and use the processes in ISO/IEC12207:199/Amd2002 and ISO/IEC12207:199/Amd2002. Support or supplementary technology
TXCAD issued when pointed out that the definition of soey k is inconsistent with the definition of quality management in the 0XTC15 standard of 1900×B/19001. Each clause of this standard refers to the corresponding chapter in IS0/EC12207:1995/Amd.1:2002, but it does not mean that the referenced chapter must meet the requirements of GB/T19001-2000. For further guidance on the use of ISO/1EC12207, please refer to ISO /IECTR15271. As additional guidance, the general bone can refer to the international standards for software engineering developed by ISO/IECJTC1/SC7, especially ISO/IEC9126-1, ISO/IEC9126-2, ISO/IEC9126-3, ISO/IEC9126-4. ISO/IEC15939 and ISO/IEC15504. If these references are referenced by a clause or subclause in GB/T19001-2000 , it appears after the guide to the clause or subclause: if it is referenced by multiple clauses or subclauses, it appears after the last referenced clause or subclause.
The clauses directly quoted from GB/T 19001-2000 are placed in a box for easy identification. W
1 Scope
1.1 General
TKAONrKAa-
qLE-i-aC-eC-ae-Ceranc-CBC-Neca-ITYKAbNrKAcaGB/T 19003—2008/ISO/1EC90003:2004 Software Engineering Guidelines for the application of GB/T 19001—2000 to computer software
GB/T 19001-2000 Quality Management System Requirements 1.1 General
This standard specifies the requirements for a quality management system for organizations that have the following needs: a) need to demonstrate their ability to consistently provide products that meet customer and applicable statutory and regulatory requirements; b) aim to enhance customer satisfaction through the effective application of the system, including a process for continual improvement of the system and assurance of compliance with customer and applicable statutory and regulatory requirements.
Note that in this standard, the term "product" applies only to products intended for or required by customers. This standard provides guidance for organizations to apply GB/T 19001—2000 when acquiring, providing, developing, operating and maintaining computer software and related support services. This standard does not make any additions or modifications to the requirements of GB/T19001-2000. Appendix A provides a comparison table of the implementation guidelines of GB/T19001-2000, and its contents can be found in ISO/IECJTC1/SC7 and ISO/TC176 standards.
JXCAD first release is for learning purposes only!
GB/T19001-2000 Quality Management System Requirements 1.2 Application
All requirements specified in this standard are general and are intended to be applicable to organizations of various types, sizes and providing different products. When any requirement of this standard is not applicable due to the characteristics of the organization and its products, it may be considered for exclusion. Unless the exclusion is limited to those requirements in Clause 7 of this standard that do not affect the organization's ability or responsibility to provide products that meet customer and applicable statutory and regulatory requirements, no claim of conformity with this standard can be made. This standard applies to the following software:
- Part of a commercial contract with other organizations; - Products available on the market:
- Used to support the organization's processes;
In hardware products,
Related to software services.
Some organizations may be involved in all of the above related activities, while others may only be involved in one of the business areas. However, in any case, an organization's quality management system should cover all aspects of its business (software-related and non-software-related). Normative referenced documents
GB/T19001-2000 Quality management system requirements Cited standards
The provisions contained in the following standards constitute the provisions of this standard through reference in this standard. When this standard is published, the versions shown are valid. All standards will be revised. Parties using this standard should discuss the possibility of using the latest versions of the following standards. GB/T19000-2000 Quality Management System Fundamentals and Vocabulary (idtIS09000:2000) 1
GB/T19003--2008/ISO/IEC90003:20043 Terms and Definitions
GB/T19001-2000 Quality Management System Requirements Terms and Definitions
This standard adopts the terms and definitions in GB/T19000, KANrKAa=
qLE-ei-aC-ec-ae-Ceraic-CBc-Neca-nYKAbNrKAcaThe following terms used in this standard to describe the supply chain have been changed to reflect current usage: Supplier → Organization → Customer
The term "organization" in this standard is used to replace the term "supplier" used in GB/T19001-1994, and the term "supplier" is used to replace the term "subcontractor".
The term "product" that appears in this standard may also refer to "service". The terms and definitions specified in GB/T19001-2000 and certain terms specified in ISO/IEC12207 are applicable to this standard.
However, when there is a conflict between the terms and definitions in GB/T19000-2000 and ISO/IEC12207, the terms and definitions specified in GB/T19000-2000 shall prevail.
Note: TSO/IEC12207:1995 provides detailed provisions for 17 software life cycle processes. ISO/1EC12207:1995/Amd1:2002 provides more detailed provisions for many other processes. This standard refers to the terms defined in these two standards. 3.1
Activity
First published by JXCAD, for learning purposes only!
A version of a configuration item that has been formally specified, fixed and formally approved at a specific moment in the life cycle of the configuration item, regardless of its media,
[1ISO/IEC12207.1995, definition 3.5] 3.3
Configuration item configurationitem
An entity in a configuration that satisfies an end-use function and can be uniquely identified at a given reference point. [ISO/IEC12207:1995, definition 3.6]
Commercial software (Cors is its abbreviation) Commercial-Off-The-Shelr (software product) that can be purchased and used without development, 3.5
Developmentdevelopment
Software life cycle processes that include requirements analysis, design, coding, integration, testing, installation, and various activities that support software product acceptance.
Life cycle modellifecyclemodel
A framework of processes, activities, and tasks that involve the development, operation, and maintenance of software products, spanning the system life cycle from requirements definition to termination of use. [ISO/IEC12207:1995, definition 3.11] Note: The requirements of GB/T19001-2000 can only be applied to the product maintenance phase after customer acceptance if the contract requires it. However, in general, the requirements of GB/T19001-2000 do not apply to the maintenance phase. 2
Measurement (verb)measure,verb
KAONYKA=
qLE-i-aC-eC-ae-Ceranc-CBC-Neca-ITYKAbNrKAcaGB/T19003-2008/IS0/IEC90003:2004The act of measuring.
[GB/T18905.1—-2002/ISO/IEC14598-1.1999.Definition 4.17]measure,noun
Measurement (noun)
The assignment of a value to a variable as a result of measurement.
[ISO/IEC15939:2000.Definition 3.14]3.9
measurement
A set of tasks aimed at determining the value of a measurement. [ISO/IEC15939:2002. Definition 3.17] 3.10
Process
A set of interrelated or interacting activities that transform inputs into outputs. Note 1: The inputs to a process are often the outputs of other processes. Note 2, see the definition in 3.4.1 of GB/T19000/ISO9000:2000, 3.11
regression testing
Regression testing
Review testing required after changes to system components to determine that the changes have no adverse effects on reliability or performance, and that there is no time limit
JXCAD first release, for learning purposes only!
Release
A specific version of a configuration item that is ready for a specific purpose (such as a test release): [ISO/IEC12207.1995. Definition 3.22] Note: The "release" in this standard is quoted from GB/T19001-2000. The definition in 3.6.13 of GB/T19000/1SO9000:2000 is different from the definition in ISO/TEC12207.
Replication
Copying a software product from one medium to another. 3.14
Software itemsoftwareitem
The identifiable part of a software product,||t t||Software productsoftwareproduct
A set of computer programs, procedures and possibly related documentation and data, [ISO/IEC12207:1995. Definition 3.26] Note 1 A software product can be designated for delivery, as a component of other products, or for development. Note 2: Different from the product defined in GB/T19000/1SO9000L2], Note 3, in this standard, the term "item" is synonymous with "software product", 3.16
Software servicesoftwareService
The implementation of activities, work or obligations related to a software product, such as the development, maintenance and operation of software. [ISO/IEC1220 7.1995, definition 3.27]3
GB/T19003-2008/IS0/IEC9000320044 Quality management system
4.1 General requirements
GB/T19001-2000 Quality management system requirements-TKANKAa=
qLE-i-aC-eC-ae-Ceranc-CBC-Neca-ITYKAbNrKAca4.1 General requirements
The organization shall establish a quality management system, form documents, implement and maintain it in accordance with the requirements of this standard, and continuously improve its effectiveness. The organization shall
a) Identify the processes required for the quality management system and their application in the organization (see 1.2): b) determine the sequence and interaction of these processes e) determine the rules and methods required to ensure the effective operation and control of these processes, d) ensure that the necessary resources and information are available to support the operation of these processes and the monitoring of these processes, e) monitor, measure and analyze these processes; f) implement the necessary actions to achieve the results of these process planning and continuous improvement of these processes. The organization shall manage these processes in accordance with the requirements of this standard. For any outsourced processes that affect product conformity selected by the organization, the organization shall ensure that they are controlled. The control of such outsourced processes shall be identified in the quality management system. Note that the processes required for the above quality management system should include processes related to management activities, sourcing, product realization and measurement. The following are guidelines for clauses a) and b) in GB/T19001-2000, 4.1, and are related to the processes of the following organizations. C See 5.4.2 and 7.4, 1) for guidance on outsourcing.
Process identification and application
JXCAD first release is for learning purposes only!
The organization shall determine the sequence and interaction of processes in the following areas: 1) Software development life cycle models, such as the bath model, increment model and evolutionary model. 2) Quality and development planning based on the life cycle model. NOTE For further information, see:
ISO/IEC 12207 [11] and ISO/IEC 12207.1995/Amd 1:2002 [12] (Software Life Cycle Processes) define a set of reference software life cycle processes.
ISO/IEC TR 15271.198 C21 Annex CC (Guidelines for ISO/IEC 12207) provides guidance on how to use the life cycle processes defined in ISO/IEC 12207.
4.2 Documentation requirements
4.2.1 General
GB/T19001-2000 Quality Management System Requirements4.2.1 General
Quality management system documents should include:
a) Documented quality policy and quality objectives; b) Quality manual;
Documented procedures required by this standard; d) Documents required by the organization to ensure effective planning, operation and control of its processes! e) Records required by this standard (see 4.2.4). Note: Where "documented procedures" appear in this standard, it requires the establishment of such procedures, documenting them, and implementing and maintaining them. Note 2 The amount and level of detail of the quality management system documentation of different organizations depends on: a) the size of the organization and the type of activities; b) the complexity of the processes and their interactions; e) the capabilities of the personnel. Note 3: Documents may be in any form or type of media. GB/T19003—2008/IS0/IEC90003:2004 is for [GB/T19001-2000, 4.2.1. Clause d)], in order to effectively plan, operate and control the software process, the documentation may include the following aspects:
1) Description of the process, such as the content determined when implementing Clause 4.1; 2) Description of the procedural work instructions and templates used; 3) Description of the life cycle model used, such as the explosion model, incremental model and evolutionary model; 4) Description of the tools (processes), techniques and methods, such as the content determined when implementing Clause 4.1; 5) Description of technical aspects, such as standards or guidance documents for coding, design, development and testing work. Note: Document identification is part of configuration management. For further information, see 7.5.3. 4.2.2 Quality Manual
GB/T19001-2000 Quality Management System Requirements 4.2.2 Quality Manual
The organization shall prepare and maintain a quality manual, which shall include:) The scope of the quality management system + details and rationale of any reduction (see 1.2): b) Documented procedures prepared for the quality management system or references to them:) A description of the interactions between the quality management system processes. 4.2.3 Document Control
GB/T19001—2000 Quality Management System
For learning purposes only!
JXCAD first releases with us
Control.
The documented procedures should be shortened to specify the required controls for the following aspects: a) Approved before the document is issued to ensure that the document is sufficient and appropriate; b) Review and update the document when necessary, and re-approve to ensure that the changes and current revision status of the document are identified to ensure that the relevant versions of the applicable documents are available at the point of use; d)
Ensure that the document remains clear and easy to identify: D Ensure that external documents are identified and their distribution is controlled; d) Prevent the unintended use of obsolete documents. If the original documents are retained due to any original surface, these documents should be appropriately marked. Note: Document control is part of the configuration management. For further information, see 7.5.3. 4.2.4 Record Control
GB/T19001-2000 Quality Management System: Requirements 4.2.4 Record Control
Records should be established and maintained to provide evidence of compliance with requirements and the effective operation of the quality management system. Records should be kept clear, easy to identify and retrieve. Documented procedures should be established to specify the controls required for the identification, storage, protection, retrieval, retention period and disposal of records.
4.2.4.1 Evidence of conformity to requirements
Evidence of conformity to requirements may include:
a) documented test results;
b) problem reports, including those related to tool problems;
change requests:
GB/T 19003-—2008/IS0/IEC 90003.2004d》document with comments;
e) audit and evaluation reports;
assessment and inspection records, such as design review, code review and walk-through records. 4.2.4.2 Evidence of Effective Operation
Examples of evidence of effective operation of the quality management system may include, but are not limited to: Changes in resources (manpower, software and equipment) (and their justifications) a
Estimates, such as estimates of project size and input (manpower, cost and schedule) b
Justification and specifications for selecting tools, methods and suppliers; TT KAONr KAa=
qCE-i-aC-eC-ae-Ceraac-CBC-Neca-rTYKAoNrKAcaSoftware license agreement (including software provided to customers and software acquired to support development), dy
e) Meeting minutes:
f) Software release records.
4.2.4.3 Retention and disposal of records
When determining the retention period of records, legal and regulatory requirements should be taken into account. If records are stored on electronic media, the rate of decay of the media, the availability of equipment, and the equipment required to access the records should be considered when considering the retention period and accessibility of the records. Records also include information stored in email systems. Protection against computer viruses and unauthorized or illegal access should also be considered.
The proprietary nature of the information stored in the records should be evaluated to determine how the data will be removed from the media at the end of the record retention period.
Note: For further information on the applicability guidance of 4.2 in GB/T 19001-2000, see 6.1 in 1S0/LEC12207:1995[11] and ISO/IEC12207
JXCAD first release, for learning purposes only!
5.1 Management commitment
GB/T19001-2000 Quality Management System Requirements 5.1 Management Commitment
Top management shall provide evidence of its commitment to establishing, implementing and continually improving the effectiveness of the quality management system through the following activities: a) Communicate to the organization the importance of meeting customer, statutory and regulatory requirements; b) Establish a quality policy; e) Ensure the establishment of quality objectives;
) Conduct management review; e) Ensure the availability of resources;
5.2 Customer focus
GB/T19001-2000 Quality Management System Requirements 5.2 Customer focus
Top management shall ensure that customer requirements are determined and met with the aim of enhancing customer satisfaction (see 7.2.1 and 8.2.1). 5.3 Quality Policy
GB/T19001-2000 Quality Management System Requirements 5.3 Quality Policy
Top management shall ensure that the quality policy:
a) is consistent with the purpose of the organization;
b) includes a commitment to meet requirements and to continually improve the effectiveness of the quality management system; andc) provides a framework for setting and reviewing quality objectives62 Customer Focus
Top management should ensure that customer requirements are determined and met with the aim of enhancing customer satisfaction (see 7.2.1 and 8.2.1). 5.3 Quality Policy
GB/T19001-2000 Quality Management System Requirements 5.3 Quality Policy
Top management should ensure that the quality policy:
a) is consistent with the purpose of the organization;
b) includes a commitment to meet requirements and continually improve the effectiveness of the quality management system; c) provides a framework for setting and reviewing quality objectives 62 Customer Focus
Top management should ensure that customer requirements are determined and met with the aim of enhancing customer satisfaction (see 7.2.1 and 8.2.1). 5.3 Quality Policy
GB/T19001-2000 Quality Management System Requirements 5.3 Quality Policy
Top management should ensure that the quality policy:
a) is consistent with the purpose of the organization;
b) includes a commitment to meet requirements and continually improve the effectiveness of the quality management system; c) provides a framework for setting and reviewing quality objectives 6
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.