Quality management system: how to understand the standards and start the process of their implementation in the company
The positive aspects of using ISO standards and the quality management system are proven by the experience of many companies, including in the field of information technology. Much has already been written about this, so I don’t undertake to promote the ISO and the quality management system. The task of my article is to show that with the help of two not very complicated schemes, one can understand the meaning of the process of implementing a quality management system and get specific, clear recommendations on what documents are required for this. Such schemes, which are given in the article, you will not find in any guide. That is why I decided to share them with Habr's readers.
A source
Schemes will help to orient in numerous regulatory documents. The first one compares in detail the ISO 9001-2015, ISO 9001-2001 standards, stages of the software life cycle according to different state standards, describes the stages of implementation of the quality management system and the necessary documents for this. The second scheme is dedicated to documenting business processes in the development of automated systems. At the end of the article, I provide step-by-step instructions for those who implement a quality management system. The article provides links to sources of information. Moreover, the minimum is sufficient for the initial acquaintance with the topic.
In 2015, the international standard regulating quality management was released - ISO 9001-2015, and in 2016, based on it, the national standard GOST R ISO 9001-2015 was released [1]. Certification for these standards gives a lot of bonuses. The certificate of compliance with GOST R ISO 9001-2015 (ISO 9001: 2015) confirms to customers, partners, investors that business controls quality. ISO 9001 certificate helps to enter the international market. In addition, an ISO certificate is mandatory for participation in certain government tenders and competitions.
')
Industry and business in our country have always strived for full compliance with standards, which was automatically interpreted as a synonym for quality. Here is an example of orientation to GOST, and not to the consumer. On the packaging of processed cheese, we will see the number of GOST, which seems to confirm its high quality. But next to the smallest font is written about the content in the composition of palm oil (this does not contradict GOST). However, the manufacturer is silent that palm oil can be technical (after all, it is two times cheaper), and how it affects the health of the consumer, the manufacturer is indifferent.
According to the ISO system of standards, the main thing is not blind adherence to standards, but a focus on competitive quality. The latter includes not only contractual relations between the supplier and the customer, but also the complete satisfaction of the needs of the client (consumer). The desire to please the client, the continuous monitoring of quality and its constant “improvement” create a quality culture that is significantly different from that based on a system of simple adherence to standards.
For software developers (software) and automated systems (AS), working within the framework of a quality management system (QMS) is incomprehensible and difficult. The rules and requirements of the QMS are really cumbersome. They number one and a half dozen international standards of the ISO 9000 and ISO 10,000 series. The number of domestic standards, taking into account industry standards, is difficult to count - there are at least a hundred of them. Plus, there are also dozens of manuals and textbooks [6, 7]. Even just reading these thousands of pages is difficult, and it is even more difficult to comprehend them and formulate a program of concrete actions for implementing a quality management system in your company (or even just within the framework of a working project team).
A source
To obtain a certificate on the implemented quality management system for participation in tenders and competitions, the company often contacts a consulting firm, pays for the order, and the firm draws up the necessary documents and issues a certificate. The company presents a certificate to the customer and continues to work as it has done before, changing nothing in its activity. It has a very remote relation to the quality system.
An organization that makes a strategic decision to follow the requirements of GOST R ISO 9001 must take the following main points into account and document them.
The main provisions of the above-mentioned standards are listed in the names of the sections of these standards [1, 2]. The main thing is the concept of the product life cycle (including software, automated systems), on the basis of which all the detailing of the process in the framework of the project is built.
To compare and analyze a large number of standards and regulatory documents, consider the diagram below (Figure 1). This is an attempt to classify the various life cycle (LC) formulations in relation to the development of software and automated systems.
Figure 1. Life cycle stages in the development of automated systems in interpretations of various existing standards. Figure clickable.
The two upper rows represent the list of life cycle stages in the framework of the new GOST R ISO 9001-2015 (first row) and GOST R ISO 9001-2001 (second row). Despite some differences in formulations, the life cycle stages in the specified standards are almost identical.
Differences between standards are manifested only in detailed explanations for each stage of the cycle. Note that in the new standard, the notion of “organization context” has appeared. Its meaning is to study how the external or internal environment affects the prospects of the enterprise. GOST R ISO 9001-2015 in clauses 4.1 and 4.2 requires the identification of external and internal factors and the associated risks and opportunities. Thus, the meaning of the in-depth analysis or study of the “context” is to collect and analyze data on the external environment and the current state of the business, on the key success factors (what determines victory and loss), on the state of the market sector, its structure, dynamics, etc. . In order to decipher this concept and specify activities in accordance with this requirement, it is necessary to carefully analyze all possible risks arising in the process. More information about the concept of "context" can be found in the article by R. Ibragimov [3].
The third series of the scheme shows the stages of the life cycle in the development of software in the interpretation of GOST 12207, which was created specifically for software development processes [4]. There are also no fundamental differences in interpretations of the life cycle compared to previous standards.
GOST 12207 - indeed, quite a rigid standard. To fulfill all its requirements in software development is not an easy task. But it is important for us to note that the frightening number of standards for the quality management system and the requirements in them boil down to thorough documentation of the entire process of design, development and maintenance.
Let's look at the fourth row of the scheme. Here are the life cycle processes in the interpretation of the GOST 34th series [5], published back in 1990. This series of standards has been developed so specifically and thoroughly that it is used almost without any changes until now. Many customers in the formulation of requirements for documentation for automated systems refer mainly to GOSTs of this particular series. Since the life cycle stages in the interpretations of ISO 9001, GOST 12207 and GOST standards of the 34th series coincide, this means that by fulfilling the requirements of the last of the listed GOSTs, that is, presenting the listed documents to the customer, we automatically work in accordance with the ISO 9001 quality system.
The last row in the scheme is an approximate list of documents, which is necessary for the organization of a quality system in a company.
I really hope that the above scheme has greatly simplified your life. Since now you already have a complete list of stages of the life cycle, there is a list of activities that must be completed at each stage, and a list of documents that must complete each stage. Of course, this list upon request of the customer can be corrected in the direction of reducing or adding new documents that are not listed in the GOST. But this is the right of the customer, and the performer is obliged to fulfill his recommendations.
Unfortunately, this is not all. So far, we have dealt only with the production component, that is, with the process of developing software or speakers.
The following processes remained behind the scenes: contract work, organization and management of the project and quality assurance itself. This is also an independent organizational process. Describing these processes in text format is a thankless task, all descriptions are already in numerous manuals [6, 7]. Therefore, we will try to display the listed business processes in the form of another diagram (Figure 2).
Each of these processes (vertical) is marked on the picture with its own color. Separately highlighted positions completing individual stages or the whole process as a whole. The intermediate process steps or documents remained colorless. All processes are parallel. They are inseparable, as indicated by the arrow-connection between the individual elements.
In the diagram, I tried to display a generalized version of the process. In each particular case, of course, there may be nuances and differences.
The contractor, using the above scheme, it is necessary to analyze their specific business processes and identify those elements that require regulation. For example, the products of any IT company are obviously being tested. Does your company have a regulation, which states what is related to critical bugs, and what is non-critical and what is the time frame for their elimination? Surely, there are certain instructions on this. The approved regulations for this position are the quality management system. Moreover, testing affects both production direction and administration, as management must monitor the timely correction of errors.
Having done a similar work on all the processes, you can prove to the customer what kind of SMKashnye and ISHO are you. It would be even better if the company from the very beginning of the next project creates a similar scheme for its specific conditions and uses it in work and for control.
Figure 2. Business processes in the development of automated systems: documentation of the quality system. Figure clickable.
So, here are the steps that need to be taken to implement (and not just design) the quality management system in the organization.
1. Create a division, group, or appoint an individual contractor to deal with QMS issues.
2. Develop and issue a Quality Program , including a Quality Manual for the organization (department, group of developers of a specific project). The program and the Guide should contain the sections listed in GOST R ISO 9001-2015, and the decoding of these sections. They must declare the organization’s willingness to fulfill the requirements of the standard in the specific conditions of this organization or within the project.
3. Regulate the development and creation of software or automated systems . To do this, you need to create standards for the organization (or instructions), in which to prescribe all actions related to the design, development, testing and implementation of the project, organization and management of the project, quality assurance and contractual work.
4. Regulate the accountability and responsibility of the executives and management for each stage of the project life cycle.
5. Submit the package of developed documents to a consulting firm that has a corresponding license to inspect the documentation and issue a conclusion on the compliance of work on the QMS in the framework of GOST R ISO 9001-2015. Correct comments and get a certificate.
6. To continue the project work, strictly following the developed regulatory documents.
We have not yet touched upon the issues of annual certification of ISO certification, external audit confirming work on the QMS. Unfortunately, the result of the development of a quality management system is rarely monetary value. It, as a rule, is manifested in the stability of the work of the team, the reliability of the results obtained. And this work is worth it.
1. GOST R ISO 9001-2015. Quality management systems. Requirements. - M .: Standardinform, 2016.
2. GOST R ISO 9001-2001. Quality management systems. Requirements. - M., Standardinform, 2001.
3. R. Ibragimov, ISO 9001: 2015 and practical analysis of the "context" and the construction of strategies. - Management, â„– 2 (34), 2015. - p. 13-18.
4. GOST R ISO IEC 12207 Information technology. Software life cycle processes. - Moscow: Gosstandart of Russia, 1999.
5. Information technology. A set of standards and guidance documents for automated systems. - M .: Publishing house of standards, 1991.
6. Gludkin OP, Gorbunov N.M. et al. Total quality management. Textbook for universities. Ed. O. P. Gludkin. - M .: Hotline - Telecom, 2001. - 600 p.
7. Kruglov M.G. Innovative project. Quality and performance management. - M .: RANEPA, 2011. - 350 p.
A source
A source
Schemes will help to orient in numerous regulatory documents. The first one compares in detail the ISO 9001-2015, ISO 9001-2001 standards, stages of the software life cycle according to different state standards, describes the stages of implementation of the quality management system and the necessary documents for this. The second scheme is dedicated to documenting business processes in the development of automated systems. At the end of the article, I provide step-by-step instructions for those who implement a quality management system. The article provides links to sources of information. Moreover, the minimum is sufficient for the initial acquaintance with the topic.
Standardization on the other side of good and evil
In 2015, the international standard regulating quality management was released - ISO 9001-2015, and in 2016, based on it, the national standard GOST R ISO 9001-2015 was released [1]. Certification for these standards gives a lot of bonuses. The certificate of compliance with GOST R ISO 9001-2015 (ISO 9001: 2015) confirms to customers, partners, investors that business controls quality. ISO 9001 certificate helps to enter the international market. In addition, an ISO certificate is mandatory for participation in certain government tenders and competitions.
')
Industry and business in our country have always strived for full compliance with standards, which was automatically interpreted as a synonym for quality. Here is an example of orientation to GOST, and not to the consumer. On the packaging of processed cheese, we will see the number of GOST, which seems to confirm its high quality. But next to the smallest font is written about the content in the composition of palm oil (this does not contradict GOST). However, the manufacturer is silent that palm oil can be technical (after all, it is two times cheaper), and how it affects the health of the consumer, the manufacturer is indifferent.
A lot of letters, not mastered
According to the ISO system of standards, the main thing is not blind adherence to standards, but a focus on competitive quality. The latter includes not only contractual relations between the supplier and the customer, but also the complete satisfaction of the needs of the client (consumer). The desire to please the client, the continuous monitoring of quality and its constant “improvement” create a quality culture that is significantly different from that based on a system of simple adherence to standards.
For software developers (software) and automated systems (AS), working within the framework of a quality management system (QMS) is incomprehensible and difficult. The rules and requirements of the QMS are really cumbersome. They number one and a half dozen international standards of the ISO 9000 and ISO 10,000 series. The number of domestic standards, taking into account industry standards, is difficult to count - there are at least a hundred of them. Plus, there are also dozens of manuals and textbooks [6, 7]. Even just reading these thousands of pages is difficult, and it is even more difficult to comprehend them and formulate a program of concrete actions for implementing a quality management system in your company (or even just within the framework of a working project team).
A source
To obtain a certificate on the implemented quality management system for participation in tenders and competitions, the company often contacts a consulting firm, pays for the order, and the firm draws up the necessary documents and issues a certificate. The company presents a certificate to the customer and continues to work as it has done before, changing nothing in its activity. It has a very remote relation to the quality system.
About the life cycle in detail
An organization that makes a strategic decision to follow the requirements of GOST R ISO 9001 must take the following main points into account and document them.
- Everything that happens in an organization in the course of its activities should follow the provisions of GOST R ISO 9001, which should be specifically stated in the Quality Manual, instructions and regulations describing the design (production) processes. Thus, internal documents should reflect changes in the size, structure of the organization, changes in the goals of production of goods and services, changing production processes.
- The requirements for the quality management system established in GOST R ISO 9001 are additional with respect to the requirements for the products manufactured. (This is very important, since customer requirements are paramount.)
- An organization’s quality management system can be used internally and externally. For example, certification bodies can use the system to assess whether a company is capable of meeting customer requirements and regulations.
The main provisions of the above-mentioned standards are listed in the names of the sections of these standards [1, 2]. The main thing is the concept of the product life cycle (including software, automated systems), on the basis of which all the detailing of the process in the framework of the project is built.
To compare and analyze a large number of standards and regulatory documents, consider the diagram below (Figure 1). This is an attempt to classify the various life cycle (LC) formulations in relation to the development of software and automated systems.
Figure 1. Life cycle stages in the development of automated systems in interpretations of various existing standards. Figure clickable.
The two upper rows represent the list of life cycle stages in the framework of the new GOST R ISO 9001-2015 (first row) and GOST R ISO 9001-2001 (second row). Despite some differences in formulations, the life cycle stages in the specified standards are almost identical.
Differences between standards are manifested only in detailed explanations for each stage of the cycle. Note that in the new standard, the notion of “organization context” has appeared. Its meaning is to study how the external or internal environment affects the prospects of the enterprise. GOST R ISO 9001-2015 in clauses 4.1 and 4.2 requires the identification of external and internal factors and the associated risks and opportunities. Thus, the meaning of the in-depth analysis or study of the “context” is to collect and analyze data on the external environment and the current state of the business, on the key success factors (what determines victory and loss), on the state of the market sector, its structure, dynamics, etc. . In order to decipher this concept and specify activities in accordance with this requirement, it is necessary to carefully analyze all possible risks arising in the process. More information about the concept of "context" can be found in the article by R. Ibragimov [3].
The third series of the scheme shows the stages of the life cycle in the development of software in the interpretation of GOST 12207, which was created specifically for software development processes [4]. There are also no fundamental differences in interpretations of the life cycle compared to previous standards.
GOST 12207 - indeed, quite a rigid standard. To fulfill all its requirements in software development is not an easy task. But it is important for us to note that the frightening number of standards for the quality management system and the requirements in them boil down to thorough documentation of the entire process of design, development and maintenance.
Let's look at the fourth row of the scheme. Here are the life cycle processes in the interpretation of the GOST 34th series [5], published back in 1990. This series of standards has been developed so specifically and thoroughly that it is used almost without any changes until now. Many customers in the formulation of requirements for documentation for automated systems refer mainly to GOSTs of this particular series. Since the life cycle stages in the interpretations of ISO 9001, GOST 12207 and GOST standards of the 34th series coincide, this means that by fulfilling the requirements of the last of the listed GOSTs, that is, presenting the listed documents to the customer, we automatically work in accordance with the ISO 9001 quality system.
The last row in the scheme is an approximate list of documents, which is necessary for the organization of a quality system in a company.
I really hope that the above scheme has greatly simplified your life. Since now you already have a complete list of stages of the life cycle, there is a list of activities that must be completed at each stage, and a list of documents that must complete each stage. Of course, this list upon request of the customer can be corrected in the direction of reducing or adding new documents that are not listed in the GOST. But this is the right of the customer, and the performer is obliged to fulfill his recommendations.
Unfortunately, this is not all. So far, we have dealt only with the production component, that is, with the process of developing software or speakers.
Business processes are the foundation
The following processes remained behind the scenes: contract work, organization and management of the project and quality assurance itself. This is also an independent organizational process. Describing these processes in text format is a thankless task, all descriptions are already in numerous manuals [6, 7]. Therefore, we will try to display the listed business processes in the form of another diagram (Figure 2).
Each of these processes (vertical) is marked on the picture with its own color. Separately highlighted positions completing individual stages or the whole process as a whole. The intermediate process steps or documents remained colorless. All processes are parallel. They are inseparable, as indicated by the arrow-connection between the individual elements.
In the diagram, I tried to display a generalized version of the process. In each particular case, of course, there may be nuances and differences.
The contractor, using the above scheme, it is necessary to analyze their specific business processes and identify those elements that require regulation. For example, the products of any IT company are obviously being tested. Does your company have a regulation, which states what is related to critical bugs, and what is non-critical and what is the time frame for their elimination? Surely, there are certain instructions on this. The approved regulations for this position are the quality management system. Moreover, testing affects both production direction and administration, as management must monitor the timely correction of errors.
Having done a similar work on all the processes, you can prove to the customer what kind of SMKashnye and ISHO are you. It would be even better if the company from the very beginning of the next project creates a similar scheme for its specific conditions and uses it in work and for control.
Figure 2. Business processes in the development of automated systems: documentation of the quality system. Figure clickable.
Moving towards the goal
So, here are the steps that need to be taken to implement (and not just design) the quality management system in the organization.
1. Create a division, group, or appoint an individual contractor to deal with QMS issues.
2. Develop and issue a Quality Program , including a Quality Manual for the organization (department, group of developers of a specific project). The program and the Guide should contain the sections listed in GOST R ISO 9001-2015, and the decoding of these sections. They must declare the organization’s willingness to fulfill the requirements of the standard in the specific conditions of this organization or within the project.
3. Regulate the development and creation of software or automated systems . To do this, you need to create standards for the organization (or instructions), in which to prescribe all actions related to the design, development, testing and implementation of the project, organization and management of the project, quality assurance and contractual work.
4. Regulate the accountability and responsibility of the executives and management for each stage of the project life cycle.
5. Submit the package of developed documents to a consulting firm that has a corresponding license to inspect the documentation and issue a conclusion on the compliance of work on the QMS in the framework of GOST R ISO 9001-2015. Correct comments and get a certificate.
6. To continue the project work, strictly following the developed regulatory documents.
We have not yet touched upon the issues of annual certification of ISO certification, external audit confirming work on the QMS. Unfortunately, the result of the development of a quality management system is rarely monetary value. It, as a rule, is manifested in the stability of the work of the team, the reliability of the results obtained. And this work is worth it.
Literature
1. GOST R ISO 9001-2015. Quality management systems. Requirements. - M .: Standardinform, 2016.
2. GOST R ISO 9001-2001. Quality management systems. Requirements. - M., Standardinform, 2001.
3. R. Ibragimov, ISO 9001: 2015 and practical analysis of the "context" and the construction of strategies. - Management, â„– 2 (34), 2015. - p. 13-18.
4. GOST R ISO IEC 12207 Information technology. Software life cycle processes. - Moscow: Gosstandart of Russia, 1999.
5. Information technology. A set of standards and guidance documents for automated systems. - M .: Publishing house of standards, 1991.
6. Gludkin OP, Gorbunov N.M. et al. Total quality management. Textbook for universities. Ed. O. P. Gludkin. - M .: Hotline - Telecom, 2001. - 600 p.
7. Kruglov M.G. Innovative project. Quality and performance management. - M .: RANEPA, 2011. - 350 p.
A source
Source: https://habr.com/ru/post/323528/
All Articles