Monday, April 18, 2005

ISO 9001:2000

Been involved in establishing an ISO 9001:2000 quality management system. What I have distilled from that process is the following:

The 4 fundamental pillars are
  • Responsibility, i.e., it should be clear who is responsible for what.
  • Traceability, ensured by logging all activities.
  • Repeatability, ensured by documenting the work processes.
  • continuous process improvement, done by evaluating the processes regularly.
An important practice is that all reactions should be proportioned, e.g., one should not go overboard to fix an insignificant issue.

A common misconception about ISO 900x is that it has to do with the quality of the final product. This is the ultimate goal, however the ISO standard is primarily focused on the processes used to produce the product. It is quite easy to have a ISO 9001 certified company that produces rubbish, so long that all processes are documented and logged, and the delegation of responsibility is clear :)

It was a surprise to find out how short the ISO 9001:2000 standard actually was, only 19 pages in the format I have it!


htomasso said...

Simple self documented code like myself produces omits the need for an ISO standard ;)

Ari said...

You confuse the quality of the product with the quality of the processes :)

Quality processes should give you traceability (proof of action), repeatability (if smthg. went well you know how to reproduce that success ... not unlike design patterns :), responsibility (if smthg. goes wrong, it is clear who bears the responsibility and should act on it).

Continuous improvement is just maintenance of the process descriptions.


htomasso said...

You're right. I got a bit carried away there ;) But the quality of the product is bound to reflect in the quality of the process. Why have an extensive process if it does not lead to better products?

Ari said...

I think there are two main reasons for getting certified, one is purely a business reason, e.g., some customers demand that you are certified, the other is that you hope to make the company stronger, e.g. it does not fall apart if some key person leaves.

Ideally, if you produce perfect code, you should not need to have a quality management system :)