Implementing ISO 9001 Quality Management in Spira

by Adam Sandman on

Introduction

With the rapid acceleration of innovative products and services, industries worldwide are focusing more on quality. They prioritize quality in physical products made from sourced raw materials and digital products developed through software processes. Traditional and adaptive project management approaches uphold the principles of total quality management, underscoring the importance of a robust Quality Management System (QMS). A QMS integrates process and product quality principles, ensuring consistent excellence and continuous improvement.

ISO 9001 Quality Management System (QMS) Overview

ISO 9001 is an international standard outlining the requirements for a quality management system (QMS). It enables organizations to consistently deliver products and services that meet customer and regulatory requirements. ISO 9001 is founded on several key quality management principles, including customer focus, leadership, engagement of people, process approach, improvement, evidence-based decision-making, and relationship management.

While the concept of Quality Management Systems originated in automobile manufacturing, the importance of quality has permeated all industries and evolved over time. The first edition of ISO 9001 was published in 1987 and has been regularly revised approximately every seven years, reflecting the evolving perspectives and advancements in quality management practices.

  • 1987: The first edition focused on quality assurance for design, development, production, installation, and servicing, similar to SDLC processes.
  • 1994: Introduced risk-based thinking through preventive actions and process analysis, moving towards process-based quality considerations.
  • 2000: Emphasized process management, especially for new product development (NPD), requiring process modeling and documentation. Promoted document approval, versioning, evidence of conformance, and role-based procedural controls.
  • 2008: Enhanced compatibility with ISO 14001 (Environment Management) and ISO 19011 (Auditing Management), providing complementary auditing guidelines.
  • 2015: The current version is focused on continuous quality performance and adaptive ways of working, incorporating Deming's PDCA cycle and risk-based thinking for regulatory compliance in the 4IR space.
  • 2024: The sixth edition is in progress and has yet to be published.

Ready to enhance your quality management practices? Get Started with Spira!

Benefits of ISO 9001 in Software Development

As software becomes increasingly integral to the design and development of numerous products and services, the principles of ISO 9001 are highly relevant to software development. By leveraging the quality management principles outlined in ISO 9001, organizations can establish a framework to enhance the quality of their software products and services. This framework helps organizations identify and mitigate risks, improve communication and collaboration, and ensure software development meets customer requirements.

ISO 9001 is particularly valuable for organizations in regulated industries such as finance, healthcare, construction, telecommunications, transportation, defense, and government services. It aids in meeting regulatory requirements, improving compliance, and reducing the risk of product recalls.

Implementing ISO 9001 has numerous benefits. According to the 9001 Council (2018), these benefits include improved customer satisfaction, increased sales, reduced costs, enhanced efficiency, and a stronger brand reputation. The ISO 9001 (2015) standard asserts that following its guidelines will increase customer confidence, improve issue resolution effectiveness, and promote ongoing process improvement and optimization.

Implementing an ISO 9001 quality management system involves a collaborative effort across the organization. To succeed, the organization must embrace the "quality by design" approach and engage multiple stakeholders.

The following roles are typically responsible for implementing ISO 9001 in an organization:

  • Senior Management: Senior management provides crucial leadership and support for the implementation of ISO 9001. They are responsible for fostering a culture of quality, incorporating evidence-based decision-making, and maintaining a customer-focused approach. Their role includes developing policies, processes, and procedures that align with ISO 9001 standards. For example, senior management might implement an application lifecycle management (ALM) tool to enhance artifact traceability, auditability, and transparency across projects, programs, and portfolios【Rajagopalan, 2019】.
  • Middle Management: Middle management plays a crucial role in developing and implementing the QMS. Various business units are engaged to identify quality improvement processes. Leadership within these units is vital for effective collaboration with internal and external stakeholders, including vendors, partners, and other application tool providers. Such cooperation across the value chain must emphasize addressing risks that could hinder the implementation and continuous configuration of the QMS throughout its operational stages.
  • Product Community: The product community ensures that products and services meet customer requirements. Whether utilizing traditional plan-driven approaches or adaptive change-driven methods, the product management team must focus on developing product features and the ongoing marketing of product functions. This dual focus ensures that the products align with customer needs and market demands.

A Deep Dive into Quality Management Systems

Various stakeholders are required to establish a quality management system for ISO 9001 certification. Let us define a quality management system (QMS).

To realize the benefits of traceability, auditability, transparency, and regulatory compliance, the QMS is a system that helps organizations document, customize, and improve their business processes, monitor the work done across the organization, track, monitor, and audit process compliance, and use data to report on essential metrics related to cost of quality.

Synthesizing lessons learned from successful and failed ISO 9001 implementations (PECB, n.d.; 9001 Simplified, n.d.; Xybion, n.d.; Vianna, 2011; Santos & David, 2021;), the ISO 9001 implementation guidelines can be broken down into five process groups with 14 high-level input processes and 14 high-level output decisions, says Dr. Sriram Rajagopalan, Global Head of Agile Strategy, Transformation, and Training Services. These are documented in Table 1 below.

The input processes and output decisions are a high-level representation. The type of inputs and nature of outputs will differ depending on the size and complexity of the product or service, industry, sector within the industry, and geographical region.

Table 1: Synthesis of ISO 9001 Implementation Guidelines

Input Processes

Process Groups

Output Decisions

Establish a Quality Management Team

Agree on Roles and Responsibilities

1 - Create Quality Culture

Document Gap Analysis of business processes to comply with ISO 9001

Prioritize and approve the QMS recommendations

Agree on Policies based on quality objectives

Develop Quality Manual (Processes)

Map and develop detailed processes

2 - Build a QMS

Approve Policies, Processes, and Procedures

Implement Processes in the QMS

Complete POC and revise essential processes

Develop Training Materials

Train Employees

Assess Training Effectiveness

Establish Metrics

3 - Invest in Training

Complete Training

Revise Documentation

Pilot Projects

Monitor & Measure Adherence

Identify Train the Trainers

Scale within Organization

Lead Projects

4 - Scale and Sustain

Conduct Internal Audits

Conduct Training and Knowledge sharing sessions

Improve Processes and Documentation

Consolidate Materials

Prepare for Certification

5 - Certification Journey (Optional)

Get Organizational Certification

Maintain Organizational Certification

It is important to note that the certification process is optional, as not all organizations will seek ISO 9001:2015 certification. However, all organizations will benefit from implementing the ISO 9001:2015 QMS. In this journey, organizations can use the Six Sigma or Capability Maturity Model Integration (Inflectra, 2024a) as part of their total quality management (TQM) implementation.

Using Spira for Implementing ISO 9001

Inflectra's mission is to help you 'deliver quality software faster and with lower risk.' To achieve this, our core application - Spira, provides comprehensive project management, agile planning, and quality assurance capabilities. Spira has various built-in features and numerous customizable options at the product, template, and system levels, ensuring flexibility and adaptability to meet your needs.

  • System Level: Organizations can consistently mandate how people log in or what actions various roles within the organization can perform.
  • Template Level: Templates serve as a container that enforces typical workflow, notifications, and specific artifact properties like requirement importance, test case priority, incident status, or risk probability. This approach allows projects of similar types to inherit the work done in the templates.
  • Product Level: Even when two projects inherit the same template, one project may use Agile ways of working, requiring the possibility of using story points, and another requires using work-in-progress limits to benefit from the Lean/Kanban method. Customization at the product level makes this possible.

Furthermore, Spira also provides useful extensions called SpiraApps to customize the individual products requiring specific guidelines, such as artifact default descriptions, multi-approver considerations, etc. For example, one project may use the standard risk assessment using probability and impact, and another may use the quantitative risk analysis technique such as the FMEA (Failure Mode Effects Analysis) (Inflectra, 2022). Please consult Spira Documentation for a more detailed understanding of SpiraApps and their technical specifications.

Input Process 1: Quality Management Team

In the sections below, we will review how Spira can support the ISO 9001 implementation process illustrated in Table 1. The five essential process groups can be set up as ISO 9001 project-specific components, as shown below.

Subsequently, the various input processes that need to be reviewed and evaluated, as documented in Table 1, can be listed as hierarchical requirements with mappings to the component process groups, as noted.

Each input listed here may also be broken into additional sub-requirements, and each such requirement may be mapped to a different type of requirement associated with a separate workflow. For instance, the business requirements may go through a workflow different from technical specifications. As illustrated below, Spira supports customizable requirement types as additional metadata that can be associated with each sub-requirement and still be mapped to a common component.

While the above setup may work for smaller organizations, medium and large organizations may need more! For example, medium-size organizations may involve more stakeholder groups, such as internal employees and external contractors, requiring one more level of abstraction for the process groups. In such cases, each process group can be set up as individual projects under the ISO 9001 Program. Since each product can also be associated with a different template, each project benefits from the customized template functionality. In addition, each product can further be customized with its own set of product-specific components. The ISO Program with the component as individual projects mapped to different templates is illustrated below.

For larger enterprises with extensive supply chains, multiple vendors, and diverse product portfolios, implementing ISO 9001 can be effectively managed by treating the QMS as a portfolio in Spira, with each process group functioning as a program. This approach provides the necessary flexibility and scalability to accommodate the complex needs of large organizations.

Input Process 2: Agree on Roles and Responsibilities

Spira assigns users roles and provides role-based access permissions to artifacts. With this approach, the same user can be assigned different roles in projects and, accordingly, inherit different permissions to artifacts.

User to Role Assignment in Different Projects

Permissions for a Specific Role

Input Process 3: Quality Objectives Setup

Spira provides custom properties and lists at the product level. These are particularly useful in setting up project-level objectives, such as those frequently documented in the project charter. Users can leverage this option to set up QMS-specific quality objectives, as noted below.

Input Processes 4 - 7: Documentation Support

Spira's requirement module is robust and allows for documenting various business process gaps. Spira supports creating several inline documents supporting rich text editor, markup language, behavior-driven development, simple spreadsheet editor, and diagram tools to create flowcharts, swimlane editors for documenting SIPOC (Supplier, Input, Process, Output, Customer) flows, and mind maps to perform cause and effect analysis, and other process diagrams extremely pivotal to QMS process to procedure mapping needs.

Input Processes 8 - 14

The implementation of ISO 9001 can vary significantly based on the type of product, organization size, and the nature of the regulated industry. Input processes 8 to 14, which cover training, scaling within the organization, and certification preparation may require additional artifacts. For example, users can employ test cases and task modules to track acceptance criteria and the definition of done. These test cases and task modules can be linked to specific requirements.

Cross-project associations can be set up for medium-to-large organizations to enhance the visibility of work performed across various projects. Spira provides an equivalent of the Project Management Information System (PMIS) dashboard at the product, program, and portfolio levels, enabling the aggregation of metrics. This comprehensive view facilitates better management and oversight.

Spira also supports the generation of standard reports, which can be stored in the Spira Documentation repository for internal audit compliance (Quality Auditing) before an organization is assessed for maturity levels according to CMMI or Six Sigma processes. This preparatory step is crucial before committing time and resources to certification preparation with external vendors.

Custom reports and graphical widgets can also be created for management-level reporting to support governance decisions. Organizations with business intelligence (BI) tools like PowerBI can leverage Spira's OData support and REST/SOAP API to access data for more dynamic and integrated reporting.

This level of customization and support ensures that ISO 9001 implementation is tailored to the organization's specific needs, promoting efficiency, compliance, and continuous improvement.

All the Input and Output Processes

Implementing an ISO 9001 compliant or any TQM-compliant process involves several stakeholders working collaboratively. As a result, any such endeavor is not immune to risks. Spira provides a risk management module that allows for the documentation of risks, analysis of them for probability and impact, association with components, and linking them with other project artifacts. Users can customize risks for statuses, probability, impact, score ranking, and risk types besides augmenting the risk module with FMEA SpiraApps.

Output Processes: Document Gap Analysis

Output Processes: Decision-Making

Two areas that stand out for decision-making in Spira are the customizable workflows and Spira integration support.

  • Every critical artifact in Spira, such as the requirements, releases, test cases, documents, tasks, incidents, and risks, has a workflow associated with it. Each workflow can also be customized and associated with artifact types to facilitate electronic approval required for 21 CFR Part 11 (Inflectra, 2024b). More details about support for workflows are available in the SpiraDocs.
  • Spira offers opportunities to integrate with other business process tools through SpiraPlan Web Services (n.d) using REST/SOAP interfaces to access real-time data. Additionally, a robust plugin extensibility framework provides flexibility to customize user's Spira instance through SpiraApps (Inflectra. n.d.). Furthermore, support for 70+ add-ons and download tools (n.d) allows for data integration and migration, while AI-enabled extensions (Inflectra, 2023) support gap analysis.

Implement a successful QMS with Spira. Request a Demo today!

Summary

Implementing ISO 9001 in an organization requires careful planning and a systematic approach. By following the steps outlined in this guide, organizations can ensure they meet the standard's requirements and reap the benefits of a quality management system. These steps include:

  • Establishing a Quality Policy and Objectives: Define a clear quality policy and set specific, measurable objectives.
  • Identifying and Understanding Customer Needs and Expectations: Recognize and address the requirements and expectations of your customers.
  • Determining Necessary Processes: Identify and map out the processes required for the quality management system and their application throughout the organization.
  • Providing Necessary Resources: Allocate the resources necessary to effectively implement and maintain the quality management system.
  • Measuring, Monitoring, Analyzing, and Improving: Regularly measure, monitor, and analyze the system's effectiveness and make necessary improvements.
  • Continually Improving the QMS: Commit to enhancing the quality management system.

Spira can be instrumental in following these steps by providing the necessary tools to document and demonstrate compliance, increasing the likelihood of certification success. Even if an organization is not pursuing ISO 9001 certification, using Spira to document these processes can establish a robust quality management system, helping the organization achieve its quality objectives.

Achieve ISO 9001 certification success with Spira. Contact Us Today!

References

9001 Council (2018). The benefits of ISO 9001. Retrieved June 17, 2024, from https://www.9001council.org/iso-9001-benefits-case-studies.php

Add-ons and Downloads (n.d.). Retrieved June 28, 2024, from https://www.inflectra.com/Products/Downloads.aspx

Inflectra (n.d.). SpiraApps. Spira Plug-In Extensibility Framework. Retrieved June 28, 2024, from https://www.inflectra.com/Products/SpiraApps/

Inflectra (2022). Spotlight on SpiraPlan 7.0. FMEA Risk Management comes to town. Retrieved June 24, 2024, from https://www.inflectra.com/Ideas/Entry/spotlight-on-spiraplan-70-fmea-risk-management-1304.aspx

Inflectra (2023). Examples of using Generative AI in SpiraPlan - Get ready for v7.10. Retrieved June 28, 2024, from https://www.inflectra.com/Ideas/Entry/examples-of-using-generativeai-in-spiraplan-1625.aspx

Inflectra (2024a). Implementing Total Quality Management (TQM) in the Modern Enterprise. Retrieved June 23, 2024, from https://www.inflectra.com/Ideas/Topic/Implementing-Total-Quality-Management-In-The-Modern-Enterprise.aspx

Inflectra (2024b). FDA Validation & Testing with 21 CFR Part 11. Retrieved June 28, 2024, from https://www.inflectra.com/Ideas/Whitepaper/FDA-Validation-and-Testing-with-21-CFR-Part-11.aspx

Intellect (n.d.). A guide on how to avoid a failed QMS implementation. Retrieved June 16, 2024, from https://intellect.com/blog/a-guide-on-how-to-avoid-a-failed-qms-implementation/

ISO 9001 (2015). Quality Management System Requirements. Retrieved June 16, 2024, from https://www.iso.org/standard/62085.html

PECB (n.d.) ISO 9001 Implementation: A step-by-step guide. Retrieved June 17, 2024, from https://pecb.com/article/iso-9001-implementation-a-step-by-step-guide

Popvic, T. (2015) Getting ISO 9001 certified for software development using scrum and open source tools: A case study. TechnicalGazette 22(6), 1633-1640

Project Management Institute (2017). The Standard for Program Management. Pennsylvania, PA: Project Management Institute.

Rajagopalan, S. (2019). OPA: Differences among policies, processes, and procedures. Retrieved from https://agilesriram.blogspot.com/2020/04/opa-differences-among-policy-processes.html

SpiraPlan: Webservices (n.d.). Retrieved June 28, 2024, from https://api.inflectra.com/Spira/Services/

Stalhane, T., & Hanssen, G.K.(2008). The application of ISO 9001 to agile software development. Proceedings of the Product-Focused Software Process Improvement, 9th International, 371-385.

Disclaimer

The information provided on this website is to be used for informational purposes only. The information should not be relied upon or construed as legal or compliance advice or opinions. The information is not comprehensive and will not guarantee compliance with any regulation or industry standard. You must not rely on the information found on this website as an alternative to seeking professional advice from your attorney and/or compliance professional.

Glossary of Terms

Agile: A project management methodology focused on iterative development, collaboration, and flexibility.

Application Lifecycle Management (ALM): A continuous process of managing the life of an application through governance, development, and maintenance.

Auditability: The ability to conduct a systematic review of records, activities, and processes to ensure compliance and effectiveness.

Business Intelligence (BI): Technologies and strategies used by enterprises for data analysis and business information.

Capability Maturity Model Integration (CMMI): A process-level improvement training and appraisal program that helps organizations improve their performance.

Continuous Improvement: An ongoing effort to improve products, services, or processes.

Customer Focus: Ensuring that the customer’s needs and expectations are met in the development and delivery of products and services.

Deming’s PDCA Cycle: A four-step management method used for continuous improvement of processes and products (Plan-Do-Check-Act).

Evidence-Based Decision Making: Making decisions based on the analysis of data and information rather than assumptions or intuition.

Failure Mode Effects Analysis (FMEA): A systematic method for evaluating processes to identify where and how they might fail and assessing the relative impact of different failures.

ISO 9001: An international standard that specifies requirements for a quality management system (QMS).

Lean/Kanban: A methodology that focuses on the continuous delivery of value to customers, using visual tools to manage work.

Preventive Actions: Measures taken to eliminate the cause of a potential nonconformity or other undesirable situation.

Process Approach: Managing activities and related resources as a process to achieve desired outcomes more efficiently.

Quality Assurance (QA): Activities and programs intended to ensure the quality of products and services.

Quality Management System (QMS): A structured system that documents processes, procedures, and responsibilities for achieving quality policies and objectives.

Quality by Design: A systematic approach to development that begins with predefined objectives and emphasizes product and process understanding and process control.

Regulatory Compliance: Adherence to laws, regulations, guidelines, and specifications relevant to business operations.

Risk-Based Thinking: Incorporating risk management principles to anticipate and mitigate potential issues in processes and systems.

SIPOC (Supplier, Input, Process, Output, Customer): A visual tool used to document a business process from beginning to end.

Six Sigma: A set of techniques and tools for process improvement aimed at reducing defects and improving quality.

Software Development Lifecycle (SDLC): A process for planning, creating, testing, and deploying an information system.

Spira: Inflectra’s comprehensive project management, agile planning, and quality assurance suite that includes SpiraTest, SpiraTeam, and SpiraPlan.

Stakeholder: Any individual, group, or organization that can affect or be affected by an organization's actions.

Total Quality Management (TQM): A management approach centered on quality, based on the participation of all members of an organization and aiming at long-term success.

Traceability: The ability to trace the history, application, or location of an entity by means of recorded identification.

Workflow: A sequence of processes through which a piece of work passes from initiation to completion.

Spira Helps You Deliver Quality Software, Faster and with Lower Risk.

Get Started with Spira for Free

And if you have any questions, please email or call us at +1 (202) 558-6885

Free Trial