5. Reliability & Quality Management and Maintanance

In this chapter we cover:

1.0   Reliability quality Management & Maintenance

1.1  software reliability

1.2  Hardware vs software reliability

1.3  Reliability Metrics

1.4  Reliability Growth Modeling

1.5  Statistical testing

1.6  Software Quality

1.7  Software quality management system

1.8  Evolution of quality systems

1.9  ISO9000

1.10          What is ISO 9000 Certification

1.11          ISO 9000 for Software Industry

1.12          Why get ISO 9000 Certification?

1.13          How to Get ISO 9001 Certification?

1.14          Summary of ISO 9001 Requirements

1.15          Shortcomings of ISO 9000 Certification

1.16          SEI Capability Maturity Model

1.17          Comparison Between ISO 9000 Certification and SEI

The ISO 9000 family of standards relate to quality management systems and are designed to help organizations ensure they meet the needs of customers(CLIENTS). The standards are published by ISO(International Organization for Standarization ).

ISO 9000 deals with the fundamentals of quality management systems, including the eight management principles  on which the family of standards is based.ISO 9001 deals with the requirements that organizations wishing to meet the standard have to meet.

Independent confirmation that organizations meet the requirements of ISO 9001 may be obtained from third party certification bodies. Over a million organizations worldwide are independently certified making ISO 9001 one of the most widely used management tools in the world today.

Advantages

It is widely acknowledged that proper quality management improves business, often having a positive effect on investment, market share, sales growth, sales margins, competitive advantage, and avoidance of litigation.The quality principles in ISO 9000:2000 are also sound, according to Wade and also to Barnes, who says that "ISO 9000 guidelines provide a comprehensive model for quality management systems that can make any company competitive implementing ISO often gives the following advantages:

1. Create a more efficient, effective operation
2. Increase customer satisfaction and retention
3. Reduce audits
4. Enhance marketing
5. Improve employee motivation, awareness, and morale
6. Promote international trade
7. Increases profit
8. Reduce waste and increases productivity.

Disadvantages of ISO 9000(Problems):

In spite of many advantages in ISO 9000, we have some problems:

A common criticism of ISO 9001 is the amount of money, time and paperwork required for registration. ISO 9001 is not in any way an indication that products produced using its certified systems are any good. A company can intend to produce a poor quality product and providing it does so consistently and with the proper documentation can put an ISO 9001 stamp on it. According to Seddon, ISO 9001 promotes specification, control, and procedures rather than understanding and improvement. ISO 9000 is effective as a guideline, but that promoting it as a standard "helps to mislead companies into thinking that certification means better quality, ... [undermining] the need for an organization to set its own quality standards." ISO 9001 does not guarantee a successful quality system.

While internationally recognized, most US consumers are not aware of ISO 9000 and it holds no relevance to them. The added cost to certify and then maintain certification may not be justified if product end users do not require ISO 9000. The cost can actually put a company at a competitive disadvantage when competing against a non ISO 9000 certified company.

The standard is seen as especially prone to failure when a company is interested in certification before quality.Certifications are in fact often based on customer contractual requirements rather than a desire to actually improve quality. "If you just want the certificate on the wall, chances are, you will create a paper system that doesn't have much to do with the way you actually run your business," said ISO's Roger Frost. Certification by an independent auditor is often seen as the problem area, and according to Barnes, "has become a vehicle to increase consulting services." In fact, ISO itself advises that ISO 9001 can be implemented without certification, simply for the quality benefits that can be achieved.

Another problem reported is the competition among the numerous certifying bodies, leading to a softer approach to the defects noticed in the operation of the Quality System of a firm.

Abrahamson argued that fashionable management discourse such as Quality Circles  tends to follow a life cycle  in the form of a bell curve , possibly indicating a management fad(The term management fad is used to characterize a change in philosophy or operations that sweeps through businesses and institutions. Some fads may become established aspects of business, sustaining themselves over several years.) 

Why is ISO 9000 Important?

The global adoption of ISO 9001 may be attributable to a number of factors. A number of major purchasers require their suppliers to hold ISO 9001 certification. In addition to several clients benefits  a number of studies have identified significant financial benefits for organizations certified to ISO 9001. Corbett et al (2005)  showed that certified organizations achieved superior return on assets compared to otherwise similar organizations without certification. 

While the connection between superior financial performance and ISO 9001 may be seen from the above, there remains no proof of direct causation, though longitudinal studies

.Other writers such as Heras et al (2002) have suggested that while there is some evidence of this, the improvement is partly driven by the fact that there is a tendency for better performing companies to seek ISO 9001 certification.

The mechanism for improving results has also been the subject of much research. Lo et al (2007) identified operational improvements (cycle time reduction, inventory reductions, etc.) as following from certification. Buttle (1997)^] and Santos (2002) both indicated internal process improvements in organizations leading to externally observable improvements. Hendricks and Singhal (2001) results indicate that firms outperform their control group during the post implementation period and effective implementation of total quality management principles and philosophies leads to significant wealth creation. The benefit of increased international trade and domestic market share, in addition to the internal benefits such as customer satisfaction, interdepartmental communications, work processes, and customer/supplier partnerships derived, far exceeds any and all initial investment according to Alcorn.

ISO 9001

ISO 9001:2008 is the International standard for Quality Management Systems (QMS).

      It provides your company with a set of principles that ensure a common sense approach to the management of your business activities to consistently achieve customer satisfaction.
      ISO 9001 applies to all types of organizations. It doesn't matter what size they are or that they do. It can help both product and service oriented organisations achieve standards of quality that are recognized and respected throughout the world.
       (there are two types of organisations are in the market they are (i) product based  example: Sun Microsystems, MicroSoft, IBM, Oracle ., etc., (ii) Service Oriented . ex: Mahindra Satyam computers, Accenture, etc.,)

    ISO 9001 2000 has replaced the old ISO 9001 1994 standar. In addition , the old ISO 9002 1994 and ISO 9003 1994 quality standards have been discontinued. They are now obsolete( means outdated).

Who is ISO 9001:2008 applicable to?

Any organisation can benefit from implementing ISO 9001:2008 as its requirements are underpinned by eight management principles:

• a customer focused organisation
• leadership
• the involvement of people
• ensuring a process approach
• a systematic approach to management
• a factual approach to decision making
• mutually beneficial supplier relations
• continuous improvement

What is ISO 9001:2000

Any software industry, by adapting the ISO 9001:2000 standards can reach quality peaks in terms of its products (being manufactured), systems as well as services delivered by it.

 This was not initially introduced by International Standard Organization ISO 9001 :2000 specifies the quality management requirements for a given organization seeking overall development of its as well as total customer satisfaction to be of its primary motive.

 To assess the quality of management for a given software ISO 9001 : 2000 has derived a special cycle referred as, 'plan-to-check-act", In this phrase each term has got its own significance i.e.,

Plan   - Includes the targets, associated activities, objectives with an aim to producing high quality software that can probably each complete customer satisfaction.

Do-- Refers to the implementation of entire software development process.

Check- Refers to the process of monitoring and accessing the software process to remain at safe side that all the mechanisms of software quality management concepts are thoroughtly implemented on the current process of software development.

Act-- Refers to the implementation of ideas in favour of improving the current software development process

What are the benefits of registration?

• Customer satisfaction - through delivery of products that consistently meet customer requirements
• Reduced operating costs - through continual improvement of processes and resulting operational efficiencies
• Improved stakeholder relationships - including staff, customers and suppliers
• Legal compliance - by understanding how statutory and regulatory requirements impact on the organization and its your customers
• Improved risk management - through greater consistency and traceability of products and services
• Proven business credentials - through independent verification against recognized standards
• Ability to win more business - particularly where procurement specifications require certification as a condition to supply

Capability Maturity Model (CMM)

The Capability Maturity Model (CMM) is a methodology used to develop and refine an organization's software development process. The model describes a five-level evolutionary path of increasingly organized and systematically more mature processes. CMM was developed and is promoted by the Software Engineering Institute (SEI), a research and development center sponsored by the U.S. Department of Defense (DoD). SEI was founded in 1984 to address software engineering issues and, in a broad sense, to advance software engineering methodologies. More specifically, SEI was established to optimize the process of developing, acquiring, and maintaining heavily software-reliant systems for the DoD. Because the processes involved are equally applicable to the software industry as a whole, SEI advocates industry-wide adoption of the CMM.

The CMM is similar to ISO 9001, one of the ISO

LEARN MORE

• Traditional Models (RUP, V-Model, CMMI, Waterfall)
• Software Quality Resources

9000 series of standards specified by the International Organization for Standardization (ISO). The ISO 9000 standards specify an effective quality system for manufacturing and service industries; ISO 9001 deals specifically with software development and maintenance. The main difference between the two systems lies in their respective purposes: ISO 9001 specifies a minimal acceptable quality level for software processes, while the CMM establishes a framework for continuous process improvement and is more explicit than the ISO standard in defining the means to be employed to that end.

CMM's Five Maturity Levels of Software Processes

• At the initial level, processes are disorganized, even chaotic. Success is likely to depend on individual efforts, and is not considered to be repeatable, because processes would not be sufficiently defined and documented to allow them to be replicated.
• At the repeatable level, basic project management techniques are established, and successes could be repeated, because the requisite processes would have been made established, defined, and documented.
• At the defined level, an organization has developed its own standard software process through greater attention to documentation, standardization, and integration.
• At the managed level, an organization monitors and controls its own processes through data collection and analysis.
• At the optimizing level, processes are constantly being improved through monitoring feedback from current processes and introducing innovative processes to better serve the organization's particular needs.

1.17          Comparison Between ISO 9000 Certification and SEI

· SEI = ‘Software Engineering Institute’ at Carnegie-Mellon University; initiated by the U.S. Defense Department to help improve software development processes.

· CMM = ‘Capability Maturity Model’, developed by the SEI. It’s a model of 5 levels of organizational ‘maturity’ that determine effectiveness in delivering quality software. It is geared to large organizations such as large U.S. Defense Department contractors. However, many of the QA processes involved are appropriate to any organization, and if reasonably applied can be helpful. Organizations can receive CMM ratings by undergoing assessments by qualified auditors.

Level 1 - characterized by chaos, periodic panics, and heroic efforts required by individuals to successfully complete projects. Few if any processes in place; successes may not be repeatable.

Level 2 – software project tracking, requirements management, realistic planning, and configuration management processes are in place; successful practices can be repeated.

Level 3 – standard software development and maintenance processes are integrated throughout an organization; a Software Engineering Process Group is in place to oversee software processes, and training programs are used to ensure understanding and compliance.

Level 4 – metrics are used to track productivity, processes, and products. Project performance is predictable, and quality is consistently high.

Level 5 – the focus is on continuous process improvement. The impact of new processes and technologies can be predicted and effectively implemented when required.

· ISO = ‘International Organization for Standards’ – The ISO 9001, 9002, and 9003 standards concern quality systems that are assessed by outside auditors, and they apply to many kinds of production and manufacturing organizations, not just software. The most comprehensive is 9001, and this is the one most often used by software development organizations. It covers documentation, design, development, production, testing, installation, servicing, and other processes. ISO 9000-3 (not the same as 9003) is a guideline for applying ISO 9001 to software development organizations. The U.S. version of the ISO 9000 series standards is exactly the same as the international version, and is called the ANSI/ASQ Q9000 series. The U.S. version can be purchased directly from the ASQ (American Society for Quality) or the ANSI organizations. To be ISO 9001 certified, a third-party auditor assesses an organization, and certification is typically good for about 3 years, after which a complete reassessment is required. Note that ISO 9000 certification does not necessarily indicate quality products – it indicates only that documented processes are followed.

· IEEE = ‘Institute of Electrical and Electronics Engineers’ – among other things, creates standards such as ‘IEEE Standard for Software Test Documentation’ (IEEE/ANSI Standard 829), ‘IEEE Standard of Software Unit Testing (IEEE/ANSI Standard 1008), ‘IEEE Standard for Software Quality Assurance Plans’ (IEEE/ANSI Standard 730), and others.

· ANSI = ‘American National Standards Institute’, the primary industrial standards body in the U.S.; publishes some software-related standards in conjunction with the IEEE and ASQ (American Society for Quality).