Soft Audit overview・Method 2: The process audit procedure is IS9001
- 1. ISO9001 used for software development audit procedures is a quality improvement tool for manufacturing control at the manufacturing site.
- 2. Manufacturing quality is determined by 80% of manufacturing equipment and 20% of manufacturing control.
- 3. ISO 9001 improves the quality of human manufacturing control
- 4. Can ISO9001 be used for software development audits?
- 5. Advantages and disadvantages of using ISO9001 for software development audit
ISO9001 used for software development audit procedures is a quality improvement tool for manufacturing control at the manufacturing site.
ISI9001 is familiar to those who belong to the quality assurance department of the factory, but it may not be familiar to those who belong to the software development department, so this article will briefly introduce ISO9001. .. ISO9001 is a method originally devised for the purpose of improving the quality of manufacturing control in order to improve the manufacturing quality of industrial products manufactured in factories . Since the purpose is to improve manufacturing control, the emphasis is on finding management problems and improving them, and follow-up to see if further improvements are being implemented is also ISO 9001 It is included in a series of audit activities.
Manufacturing quality is determined by 80% of manufacturing equipment and 20% of manufacturing control.
By the way, in factories, manufacturing equipment often makes products . In order for human beings to operate the manufacturing equipment stably, there are problems with the finished product, such as stable supply of materials, maintenance and inspection of the manufacturing equipment to ensure that the manufacturing equipment always operates in the best condition. We perform manufacturing control, such as testing whether or not there is a product and determining whether or not it can be shipped.
Manufacturing control performed by humans is also important, but since it is the manufacturing equipment itself that makes the product, the quality of the product depends greatly on the manufacturing equipment . For example, if you have a manufacturing facility with a dimensional accuracy of 0.1 mm and a manufacturing facility with a dimensional accuracy of 0.5 mm, only the former manufacturing facility can stably manufacture a product with the required dimensional accuracy of 0.3 mm.
And since the manufacturing equipment is a machine, if it is operated properly, it will perform almost as specified and manufacture the product. On the other hand, manufacturing control is done by humans, so mistakes may occur. It’s a pretty rough word, but even if you think that the quality of products manufactured at the factory depends on 80% of the manufacturing equipment and 20% of the human manufacturing control that manages this, there is no mistake. think.
ISO 9001 improves the quality of human manufacturing control
In order to reduce the mistakes of manufacturing control performed by humans, that is, to improve the quality of manufacturing control, the points to be noted regarding manufacturing control were organized and summarized in the audit method in the early days of ISO9001. Quality audit . The current ISO9001 has been extended to cover the quality of a wider range of corporate activities, not limited to manufacturing control, but the basis is to improve manufacturing control.
Since it is necessary for factories to constantly produce good products in a stable manner, ISO9001 aims to maintain good condition by conducting regular audits once a year in order to maintain good manufacturing control. At the same time, it is also established as an audit business that conducts audits once a year .
It’s a little off topic, but what exists as an audit business is auditing called third-party auditing. There are three types of ISO9001 audits: first-party audits, second-party audits, and third-party audits, each of which is as follows.
- First-party audit: Your own audit by your company (also called an internal audit)
- Second-party audit: Audit of a company that sells products by a company that buys products (factory audit is common)
- Third-party audit: Audit by an ISO9001 certification body that is not in a trading relationship (audit business)
The software development audit explained this time is an audit of the development contractor by the development contractor (in-house), so in the above ISO definition, it is a second party audit .
Can ISO9001 be used for software development audits?
As a result of the expansion of the scope of audits, ISO9001 can now cover not only the improvement of factory manufacturing control, but also product planning and sales, product shipment, and even service provision. It has evolved into a method for improving overall quality. However, since its background is an audit of manufacturing management, there is a lack of specificity from the perspective of product planning and service provision other than manufacturing, which was increased afterwards.
In addition , the specificity of product design , which corresponds to the pre-process of product manufacturing, is not sufficient. Since most of the work of software development corresponds to the design that is thought in the human mind, it must be said that the audit items of ISO9001 are inevitably lacking in concreteness. As an audit item, CMMI, which was developed by narrowing down the target area to software development, is more specific.
However, in embedded software development, software development is often carried out in some departments of the equipment manufacturers that manufacture the equipment to be embedded. In such cases, since the equipment manufacturer has a manufacturing plant, it is often the case that ISO9001 has been introduced for a long time to improve manufacturing control. In that case, there are many situations where ISO9001 is used to improve development management for software development . (Because it is costly to support both ISO9001 and CMMI)
In this case, the audit items of ISO9001 will be read as the actual process of software development and auditing will be performed, which will increase the time and effort, but ISO9001 can also be used for software auditing .
Advantages and disadvantages of using ISO9001 for software development audit
So what are the advantages and disadvantages of using ISO9001 for software development audits? I tried to organize a little like Gutara’s father.
【merit】
- Procedures have been established as an audit method from planning to follow-up.
- A method has been established to improve quality by taking measures against problems and establishing the measures.
【Demerit】
- There are no specific audit items for software development that focuses on design and testing.
- In software development, which is the development of a single item, it is difficult to use because it is necessary to read the audit items.
So, the audit procedure is easy to use , but the contents of the audit or the check items need to be replaced or lack specificity, so it is necessary to read ISO9001 software. This is the current situation when trying to use it for development audits.
So what is CMMI? This will be briefly introduced in the next article.