1、Software engineering Guidelines for the application of ISO 9001:2000 to computer softwareIngnierie du logiciel Lignes directrices pour lapplication de lISO 9001:2000 aux logiciels informatiquesReference numberISO/IEC 90003:2004(E) ISO/IEC 2004National Standard of CanadaCAN/CSA-ISO/IEC 90003:04(ISO/I
2、EC 90003:2004)International Standard ISO/IEC 90003:2004 (first edition, 2004-02-15) has been adopted withoutmodification (IDT) as CSA Standard CAN/CSA-ISO/IEC 90003:04, which has been approved as a NationalStandard of Canada by the Standards Council of Canada.ISBN 1-55397-727-0 December 2004The Cana
3、dian Standards Association (CSA), under whose auspices this National Standard has been produced, was chartered in 1919 and accredited by the Standards Council of Canada to the National Standards system in 1973. It is a not-for-profit, nonstatutory, voluntary membership association engaged in standar
4、ds development and certification activities. CSA standards reflect a national consensus of producers and users including manufacturers, consumers, retailers, unions and professional organizations, and governmental agencies. The standards are used widely by industry and commerce and often adopted by
5、municipal, provincial, and federal governments in their regulations, particularly in the fields of health, safety, building and construction, and the environment. Individuals, companies, and associations across Canada indicate their support for CSAs standards development by volunteering their time a
6、nd skills to CSA Committee work and supporting the Associations objectives through sustaining memberships. The more than 7000 committee volunteers and the 2000 sustaining memberships together form CSAs total membership from which its Directors are chosen. Sustaining memberships represent a major sou
7、rce of income for CSAs standards development activities. The Association offers certification and testing services in support of and as an extension to its standards development activities. To ensure the integrity of its certification process, the Association regularly and continually audits and ins
8、pects products that bear the CSA Mark. In addition to its head office and laboratory complex in Toronto, CSA has regional branch offices in major centres across Canada and inspection and testing agencies in eight countries. Since 1919, the Association has developed the necessary expertise to meet it
9、s corporate mission: CSA is an independent service organization whose mission is to provide an open and effective forum for activities facilitating the exchange of goods and services through the use of standards, certification and related services to meet national and international needs.For further
10、 information on CSA services, write toCanadian Standards Association5060 Spectrum Way, Suite 100Mississauga, Ontario, L4W 5N6CanadaThe Standards Council of Canada is the coordinating body of the National Standards system, a federation of independent, autonomous organizations working towards the furt
11、her development and improvement of voluntary standardization in the national interest. The principal objects of the Council are to foster and promote voluntary standardization as a means of advancing the national economy, benefiting the health, safety, and welfare of the public, assisting and protec
12、ting the consumer, facilitating domestic and international trade, and furthering international cooperation in the field of standards. A National Standard of Canada is a standard which has been approved by the Standards Council of Canada and one which reflects a reasonable agreement among the views o
13、f a number of capable individuals whose collective interests provide to the greatest practicable extent a balance of representation of producers, users, consumers, and others with relevant interests, as may be appropriate to the subject in hand. It normally is a standard which is capable of making a
14、 significant and timely contribution to the national interest. Approval of a standard as a National Standard of Canada indicates that a standard conforms to the criteria and procedures established by the Standards Council of Canada. Approval does not refer to the technical content of the standard; t
15、his remains the continuing responsibility of the accredited standards development organization. Those who have a need to apply standards are encouraged to use National Standards of Canada whenever practicable. These standards are subject to periodic review; therefore, users are cautioned to obtain t
16、he latest edition from the organization preparing the standard.The responsibility for approving National Standards of Canada rests with theStandards Council of Canada270 Albert Street, Suite 200Ottawa, Ontario, K1P 6N7CanadaAlthough the intended primary application of this Standard is stated in its
17、Scope, it is importantto note that it remains the responsibility of the users to judge its suitability for their particular purpose.Registered trade-mark of Canadian Standards AssociationCAN/CSA-ISO/IEC 90003:04Software engineering Guidelines for the application ofISO 9001:2000 to computer softwareD
18、ecember 2004 Canadian Standards Association CSA/1CAN/CSA-ISO/IEC 90003:04Software engineering Guidelines for the application of ISO 9001:2000 to computer softwareStandards development within the Information Technology sector is harmonized with international standards development. Through the CSA Tec
19、hnical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National C
20、ommittee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).This International Standard was reviewed by the CSA TCIT under the jurisdiction of the Strategic Steering Committ
21、ee on Information Technology and deemed acceptable for use in Canada. (A committee membership list is available on request from the CSA Project Manager.) From time to time, ISO/IEC may publish addenda, corrigenda, etc. The CSA TCIT will review these documents for approval and publication. For a list
22、ing, refer to the CSA Information Products catalogue or CSA Info Update or contact a CSA Sales representative. This Standard has been formally approved as a National Standard of Canada by the Standards Council of Canada.December 2004 Canadian Standards Association 2004All rights reserved. No part of
23、 this publication may be reproduced in any form whatsoever without the prior permission ofthe publisher. ISO/IEC material is reprinted with permission. Where the words “this International Standard” appear in the text, they should be interpreted as “this National Standard of Canada”.Inquiries regardi
24、ng this National Standard of Canada should be addressed toCanadian Standards Association5060 Spectrum Way, Suite 100, Mississauga, Ontario, Canada L4W 5N61-800-463-6727 416-747-4044www.csa.caINTERNATIONALSTANDARDISO/IEC90003First edition2004-02-15Reference numberISO/IEC 90003:2004(E) ISO/IEC 2004Sof
25、tware engineering Guidelines for the application of ISO 9001:2000 to computer softwareIngnierie du logiciel Lignes directrices pour lapplication de lISO 9001:2000 aux logiciels informatiquesISO/IEC 90003:2004(E)ii ISO/IEC 2004 All rights reservedPDF disclaimerThis PDF file may contain embedded typef
26、aces. In accordance with Adobes licensing policy, this file may be printed or viewed but shallnot be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. Indownloading this file, parties accept therein the responsibility of not infringi
27、ng Adobes licensing policy. The ISO Central Secretariataccepts no liability in this area.Adobe is a trademark of Adobe Systems Incorporated.Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creationparameters were optimized f
28、or printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In theunlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. ISO/IEC 2004All rights reserved. Unless otherwise specified, no part
29、 of this publication may be reproduced or utilized in any form or by any means,electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below orISOs member body in the country of the requester.ISO copyright officeCase postale 56 CH-
30、1211 Geneva 20Tel. + 41 22 749 01 11Fax + 41 22 749 09 47E-mail copyrightiso.orgWeb www.iso.orgISO/IEC 90003:2004(E) ISO/IEC 2004 All rights reserved iiiContents Page1 Scope 11.1 General . 11.2 Application . 12 Normative references 23 Terms and definitions 24 Quality management system 54.1 General r
31、equirements . 54.2 Documentation requirements 64.2.1 General 64.2.2 Quality manual 64.2.3 Control of documents 74.2.4 Control of records 75 Management responsibility 85.1 Management commitment 85.2 Customer focus . 85.3 Quality policy . 95.4 Planning . 95.4.1 Quality objectives . 95.4.2 Quality mana
32、gement system planning . 95.5 Responsibility, authority and communication 105.5.1 Responsibility and authority . 105.5.2 Management representative 105.5.3 Internal communication . 115.6 Management review 115.6.1 General 115.6.2 Review input . 115.6.3 Review output . 126 Resource management . 126.1 P
33、rovision of resources 126.2 Human resources 126.2.1 General 126.2.2 Competence, awareness and training 136.3 Infrastructure . 136.4 Work environment . 147 Product realization . 147.1 Planning of product realization 147.1.1 Software life cycle 157.1.2 Quality planning . 157.2 Customer-related process
34、es 16ISO/IEC 90003:2004(E)iv ISO/IEC 2004 All rights reserved7.2.1 Determination of requirements related to the product . 167.2.2 Review of requirements related to the product . 187.2.3 Customer communication . 207.3 Design and development 217.3.1 Design and development planning . 217.3.2 Design and
35、 development inputs . 237.3.3 Design and development outputs . 247.3.4 Design and development review . 257.3.5 Design and development verification . 267.3.6 Design and development validation . 267.3.7 Control of design and development changes 287.4 Purchasing . 287.4.1 Purchasing process . 287.4.2 P
36、urchasing information . 307.4.3 Verification of purchased product 307.5 Production and service provision 317.5.1 Control of production and service provision . 317.5.2 Validation of processes for production and service provision 347.5.3 Identification and traceability 347.5.4 Customer property . 357.
37、5.5 Preservation of product . 367.6 Control of monitoring and measuring devices . 378 Measurement, analysis and improvement . 388.1 General . 388.2 Monitoring and measurement 388.2.1 Customer satisfaction 388.2.2 Internal audit . 398.2.3 Monitoring and measurement of processes 408.2.4 Monitoring and
38、 measurement of product . 408.3 Control of nonconforming product 418.4 Analysis of data . 428.5 Improvement 428.5.1 Continual improvement 428.5.2 Corrective action 438.5.3 Preventive action 43Annex A (informative) Additional guidance in the implementation of ISO 9001:2000 available in ISO/IEC JTC 1/
39、SC 7 and ISO/TC 176 standards . 44Annex B (informative) Planning in ISO/IEC 90003 and ISO/IEC 12207 . 49Bibliography . 53ISO/IEC 90003:2004(E) ISO/IEC 2004 All rights reserved vForewordISO (the International Organization for Standardization) and IEC (the International ElectrotechnicalCommission) for
40、m the specialized system for worldwide standardization. National bodies that are members ofISO or IEC participate in the development of International Standards through technical committees establishedby the respective organization to deal with particular fields of technical activity. ISO and IEC tec
41、hnicalcommittees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.In the fie
42、ld of information technology, ISO and IEC have established a joint technical committee, ISO/IECJTC 1. Draft International Standards adopted by the joint technical committee are circulated to national bodiesfor voting. Publication as an International Standard requires approval by at least 75 % of the
43、 national bodiescasting a vote.Attention is drawn to the possibility that some of the elements of this document may be the subject of patentrights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.ISO/IEC 90003 was prepared by Joint Technical Committee ISO/IEC
44、JTC 1, Information technology,Subcommittee SC 7, Software and system engineering.This first edition of ISO/IEC 90003 cancels and replaces ISO 9000-3:1997, which has been updated forconformity with ISO 9001:2000. ISO 9000-3:1997 was under the responsibility of ISO/TC 176/SC 2.ISO/IEC 90003:2004(E)vi
45、ISO/IEC 2004 All rights reservedIntroductionThis International Standard provides guidance for organizations in the application of ISO 9001:2000 to theacquisition, supply, development, operation and maintenance of computer software.It identifies the issues which should be addressed and is independent
46、 of the technology, life cycle models,development processes, sequence of activities and organizational structure used by an organization. Theguidance and identified issues are intended to be comprehensive but not exhaustive. Where the scope of anorganizations activities includes areas other than com
47、puter software development, the relationship betweenthe computer software elements of that organizations quality management system and the remaining aspectsshould be clearly documented within the quality management system as a whole.Clauses 4, 5 and 6 and parts of clause 8 of ISO 9001:2000 are appli
48、ed mainly at the “global” level in theorganization, although they do have some effect at the “project/product level”. Each project or productdevelopment may tailor the associated parts of the organizations quality management system, to suitproject/product-specific requirements.Throughout ISO 9001:20
49、00, “shall” is used to express a provision that is binding between two or more parties,“should” to express a recommendation among possibilities and “may” to indicate a course of action permissiblewithin the limits of ISO 9001:2000. In this International Standard (ISO/IEC 90003), “should” and “may” have thesame meaning as in ISO 9001:2000, i.e. “should” to express a recommendation among possibilities and “may”to indicate a course of action permissible within the limits of this International Standard.