ISO 9001 Standards – Risks and opportunities

The first things to consider when we want to change a people intensive process are:

• What do the people involved fear? These are the risks – things that we must prevent.

• What do people hope for? These are the opportunities – things that we must strive to obtain.

In order to better understand risks and opportunities, we used a two-step approach. We started by interviewing two developers and one manager. The interviews were semi-structured in that we had a set of questions that we needed answers to but in

addition, we used follow-up questions to gain a better understanding of the answers to the predefined questions. The focus of the interview was on what they expected would happen if the company implemented an ISO 9001 certified process. Two typical examples of what came out of the interviews are shown below – one from a developer and one from a manger.

Manager: Implementing ISO 9001 will cost quite a lot. At the same time, the company will get a better overview of its competence, its experience and its document templates. ISO certification is an investment. We are, however, unsure of how long we have to wait before we can reap the benefits.

Developer: Some of the developers may have a negative attitude towards ISO certification because they are afraid it will hurt creativity. This is not only true for ISO 9001 standards but holds also for coding standards and other rules and regulations. Rules

and standards can take away all the fun from the job. In many ways this is the same attitude as we saw when we started to reuse components – many developers were afraid that they would not be allowed to develop things but just had to use “toy bricks”.

After the interviews we found that:

A. Everybody in the company – both mangers and developers – filled in the questionnaire.

The items in the questionnaire that got an average score of 5.0 or more were considered for risk and opportunity analysis. This gave us the following items:

• When we get ISO certified, we will have to generate more documents for each development project.

• It is important that all employees participate actively in the introduction of new processes, standards and procedures. This is consistent with e.g. Trittmann et al’s observation

• Active management participation is important in order to make the introduction of an ISO certified process a success.

• Active management support is important in order to make the introduction of ISO certification a success.

• An ISO certified process will lead to better working practices in the company in general.

Based on our findings, we identified the following risks that needed to be controlled throughout the implementation of the ISO 9001 certified process:

Risk 1: The introduction of new documents or additions to existing documents.

We decided that we should not make new documents except if absolutely needed.

Risk 2: Developer participation. The developers must be included at all steps in

the process. Their experiences and advices are important input to the new processes and procedures.

Risk 3: Management participation and support. Management must show their commitment by allocating money and time to the ISO implementation activities.

Opportunity 1: Better working practices. The changes in the development process must be considered to be improvements by the developers.

Management and developers are in agreement in the sense that everything the developers found important also was ranked high by management. There were, however, some cases where the two groups disagreed strongly – average score difference greater than 2.0. In all cases, management ranked these items higher than the developers.

The points are:

• Introducing an ISO certified process will cost a lot but will be a good investment – developers 3.3 vs. mangers 6.0

• Introducing an ISO certified process will give the company a better control over the order situation – developers 3.0 vs. mangers 6.0

• Introducing an ISO certified process will give us more satisfied customers already after one year – developers 3.2 vs. mangers 6.0

Management is more optimistic than the developers when it comes to business related issues such as order situation and customer satisfaction.

Read more on ISO 9001 Standards at http://www.iso9001store.com

Extreme Programming For ICT In ISO 9001 Standards

Extreme Programming represents a new wave in software development known as the approach. Tom de Marco, the father of structural analysis, calls Extreme Programming the most important movement in software engineering. The strong points of Extreme Programming in the ICT context are as follows:

– Risk minimization. ICT is developing very fast. To catch up with current developments it is necessary to make investments in new technologies and try new tools out. On the other hand, new tools and technologies are immature and one cannot depend on them. The best approach is to make some (preferably small) investment now and after some time invest more or give up, depending on the developments (it is like buying an option on the stock exchange). Extreme Programming is based on incremental software development and its suites the strategy very well.

– Customer orientation. In Extreme Programming all the business decisions are made by the customer and he has the full control over the development process.

– Lack of excessive paperwork. In Extreme Programming programmers concentrate on programming, not on writing documentation. The only artifacts they have to produce are test cases and code.

– Quality assurance through intensive testing. In XP programmers first create test cases then they write code. Automated tests and integration are performed several times a day and they drive the development process.

– Lack of overtime. Short releases and increments allow to gain experience very fast. This makes planning easier and more dependable. As a result programmer do not have to (always) work overtime.

Extreme Programming has also weak points. The most important are problems with software maintenance.

Since the only artifacts are test cases and code, after some time it can be very difficult to maintain the software. It would be also the problem from the ISO 9001 point of view. In the remaining part of the paper we propose how to solve that problem.

Read more on ISO 9001 Standards at http://www.iso9001store.com