BS ISO IEC 90003-2014 Software engineering Guidelines for the application of ISO 9001 2008 to computer software《软件工程 计算机软件应用ISO 9001-2000的指南》.pdf

1、BSI Standards Publication BS ISO/IEC 90003:2014 Software engineering Guidelines for the application of ISO 9001:2008 to computer softwareBS ISO/IEC 90003:2014 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 90003:2014. It supersedes BS ISO/IEC 90003:2004

2、which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/15, Software and systems engineering. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary

3、 provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2014. Published by BSI Standards Limited 2014 ISBN 978 0 580 86271 7 ICS 03.120.10; 35.080 Compliance with a British Standard cannot confer immunity from legal obligations. This British St

4、andard was published under the authority of the Standards Policy and Strategy Committee on 31 December 2014. Amendments issued since publication Date Text affectedBS ISO/IEC 90003:2014 Software engineering Guidelines for the application of ISO 9001:2008 to computer software Ingnierie du logiciel Lig

5、nes directrices pour lapplication de lISO 9001:2008 aux logiciels informatiques ISO/IEC 2014 INTERNATIONAL STANDARD ISO/IEC 90003 Second edition 2014-12-15 Reference number ISO/IEC 90003:2014(E)BS ISO/IEC 90003:2014ISO/IEC 90003:2014(E)ii ISO/IEC 2014 All rights reserved COPYRIGHT PROTECTED DOCUMENT

6、 ISO/IEC 2014 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission ca

7、n be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in SwitzerlandBS ISO/IEC 90003:2014ISO/IEC 90

8、003:2014(E) ISO/IEC 2014 All rights reserved iii Contents Page Foreword iv Introduction v 1 Scope . 1 1.1 General . 1 1.2 Application . 1 2 Normative references 2 3 T erms and definitions . 2 4 Quality management system 5 4.1 General requirements . 5 4.2 Documentation requirements 6 5 Management res

9、ponsibility 8 5.1 Management commitment 8 5.2 Customer focus . 9 5.3 Quality policy 9 5.4 Planning 9 5.5 Responsibility, authority and communication 10 5.6 Management review 11 6 Resource management 12 6.1 Provision of resources .12 6.2 Human resources .12 6.3 Infrastructure 13 6.4 Work environment

10、14 7 Product realization .14 7.1 Planning of product realization .14 7.2 Customer-related processes .16 7.3 Design and development .21 7.4 Purchasing .29 7.5 Production and service provision 32 7.6 Control of monitoring and measuring devices .38 8 Measurement, analysis and improvement .39 8.1 Genera

11、l 39 8.2 Monitoring and measurement 40 8.3 Control of nonconforming product 42 8.4 Analysis of data 43 8.5 Improvement .44 Annex A (informative) Summary of guidance in the implementation of ISO 9001:2008 available in ISO/IEC JTC 1/SC 7 and ISO/TC 176 standards 46 Annex B (informative) Planning in IS

12、O/IEC 90003 and ISO/IEC 12207 48 Bibliography .53BS ISO/IEC 90003:2014ISO/IEC 90003:2014(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are me

13、mbers of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international o

14、rganizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further m

15、aintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Atten

16、tion is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Intr

17、oduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to

18、 conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT), see the following URL: Foreword Supplementary information. The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee SC 7, Soft

19、ware and system engineering. This second edition of ISO/IEC 90003 cancels and replaces the first edition. It has been updated for conformity to ISO 9001:2008 and to reference recent editions of other relevant standards.iv ISO/IEC 2014 All rights reservedBS ISO/IEC 90003:2014ISO/IEC 90003:2014(E) Int

20、roduction This International Standard provides guidance for organizations in the application of ISO 9001:2008 to the acquisition, supply, development, operation, and maintenance of computer software. It identifies the issues that should be addressed and is independent of the technology, life cycle m

21、odels, development processes, sequence of activities, and organizational structure used by an organization. The guidance and identified issues are intended to be comprehensive but not exhaustive. Where the scope of an organizations activities includes areas other than computer software development,

22、the relationship between the computer software elements of that organizations quality management system and the remaining aspects should be clearly documented within the quality management system as a whole. Clauses 4, 5, and 6 and parts of Clause 8 of ISO 9001:2008 are applied mainly at the “global

23、” level in the organization, although they do have some effect at the “project/product level”. Each project or product development may tailor the associated parts of the organizations quality management system to suit project/product-specific requirements. Throughout ISO 9001:2008, “shall” is used t

24、o express a provision that is binding between two or more parties, “should” to express a recommendation among possibilities, and “may” to indicate a course of action permissible within the limits of ISO 9001:2008. This International Standard (ISO/IEC 90003) provides guidance to assist in understandi

25、ng how the provisions of ISO 9001:2008 apply in the context of software. Organizations with quality management systems for developing, operating, or maintaining software based on this International Standard may choose to use processes from ISO/IEC 12207 to support or complement the ISO 9001:2008 pro

26、cess model. The related paragraphs of ISO/IEC 12207:2008 are referenced in each clause of this International Standard; however, they are not intended to imply requirements additional to those in ISO 9001:2008. Further guidance to the use of ISO/IEC 12207 may be found in ISO/IEC 247483. For additiona

27、l guidance, references are provided to the International Standards for software engineering defined by ISO/IEC JTC 1/SC 7. Where these references are specific to a clause or subclause of ISO 9001:2008, they appear after the guidance for that clause or subclause. Where they apply generally across the

28、 parts of a clause or subclause, the references are included at the end of the last part of the clause or subclause. Where text has been quoted from ISO 9001:2008, that text is enclosed in a box, for ease of identification. ISO/IEC 2014 All rights reserved vBS ISO/IEC 90003:2014BS ISO/IEC 90003:2014

29、Software engineering Guidelines for the application of ISO 9001:2008 to computer software 1 Scope 1.1 General ISO 9001:2008, Quality management systems requirements 1.1 General This International Standard specifies requirements for a quality management system where an organization a) needs to demons

30、trate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements, and b) aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of c

31、onformity to customer and applicable statutory and regulatory requirements. NOTE 1 In this International Standard, the term “product” only applies toa) product intended for, or required by, a customer,b) any intended output resulting from the product realization processes. NOTE 2 Statutory and regul

32、atory requirements can be expressed as legal requirements. This International Standard provides guidance for organizations in the application of ISO 9001:2008 to the acquisition, supply, development, operation, and maintenance of computer software and related support services. It does not add to or

33、otherwise change the requirements of ISO 9001:2008. Annex A (informative) provides a table pointing to additional guidance in the implementation of ISO 9001:2008, available in ISO/IEC JTC 1/SC 7 and ISO/TC 176 International Standards. The guidelines provided in this International Standard are not in

34、tended to be used as assessment criteria in quality management system registration/certification. 1.2 Application ISO 9001:2008, Quality management systems requirements 1.2 Application All requirements of this International Standard are generic and are intended to be applicable to all organizations,

35、 regardless of type, size, and product provided. Where any requirement(s) of this International Standard cannot be applied due to the nature of an organization and its product, this can be considered for exclusion. Where exclusions are made, claims of conformity to this International Standard are no

36、t acceptable unless these exclusions are limited to requirements within Clause 7, and such exclusions do not affect the organizations ability, or responsibility, to provide product that meets customer and applicable statutory and regulatory requirements. The application of this International Standar

37、d is appropriate to software that is part of a commercial contract with another organization, INTERNATIONAL ST ANDARD ISO/IEC 90003:2014(E) ISO/IEC 2014 All rights reserved 1BS ISO/IEC 90003:2014ISO/IEC 90003:2014(E) a product available for a market sector, used to support the processes of an organi

38、zation, embedded in a hardware product, or related to software services. Some organizations may be involved in all of the above activities; others may specialize in one area. Whatever the situation, the organizations quality management system should cover all aspects (software related and non-softwa

39、re related) of the business. 2 Normative references ISO 9001:2008, Quality management systems requirements 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the editio

40、n cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 9000:2005, Quality management systems Fundamentals and vocabulary 3 T erms a nd definiti ons ISO 9001:2008, Quality management systems requirements 3 T e r m s a n d d e f i

41、 n i t i o n s For the purposes of this document, the terms and definitions given in ISO 9000 apply. Throughout the text of this International Standard, wherever the term “product” occurs, it can also mean “service”. For the purposes of this document, the terms and definitions given in ISO 9001:2008

42、, and certain terms (repeated here for convenience) given in ISO/IEC 12207 apply. However, in the event of a conflict in terms and definitions, the terms and definitions specified in ISO 9000:2005 apply. NOTE ISO/IEC 12207:2008 provides detailed provisions for software life cycle processes. This Int

43、ernational Standard will make reference to terms defined in it. 3.1 activity set of cohesive tasks of a process SOURCE: ISO/IEC 12207:2008, 4.3 3.2 baseline specification or product that has been formally reviewed and agreed upon, that thereafter serves as the basis for further development, and that

44、 can be changed only through formal change control procedures SOURCE: ISO/IEC 12207:2008, 4.62 ISO/IEC 2014 All rights reservedBS ISO/IEC 90003:2014ISO/IEC 90003:2014(E) 3.3 c on f i g u r at ion i t e m entity within a configuration that satisfies an end use function and that can be uniquely identi

45、fied at a given reference point SOURCE: ISO/IEC 12207:2008, 4.7 3.4 COTS Commercial-Off-The-Shelfavailable for purchase and use without the need to conduct development activities 3.5 implementation software life cycle process that contains activities of requirements analysis, design, coding, integra

46、tion, testing, installation, and support for acceptance of software products 3.6 life cycle model framework of processes and activities concerned with the life cycle that may be organized into stages, which also acts as a common reference for communication and understanding Note 1 to entry: The requ

47、irements of ISO 9001:2008 would apply to maintenance, only if contractually required, after acceptance of the product by the customer. However, generally, the requirements do not apply to maintenance. SOURCE: ISO/IEC 12207:2008, 4.17 3.7 measure make a measurement SOURCE: ISO/IEC 15939:2007, 2.16 3.

48、8 measure variable to which a value is assigned as the result of measurement SOURCE: ISO/IEC 15939:2007, 2.15 3.9 measurement set of operations having the object of determining a value of a measure SOURCE: ISO/IEC 15939:2007, 2.17 3.10 process set of interrelated or interacting activities which tran

49、sforms inputs into outputs Note 1 to entry: Inputs to a process are generally outputs of other processes. SOURCE: ISO 9000:2005, 3.4.1 3.11 regression testing testing required to determine that a change to a system component has not adversely affected functionality, reliability, or performance, and has not introduced additional defects ISO/IEC 2014 All rights reserved 3BS ISO/IEC 90003:2014ISO/IEC 90003:2014(E) 3.12 release particular version of a configuration item that is made available for a specific purpose