ISO 9001
ISO 9001 is a standard for quality management systems (QMS). In this document, we'll detail how Oystehr's processes map and conform to the ISO 9001 standard.
Mapping to ISO 9001 Standard
| Number | ISO Clause | Requirement | In Practice |
|---|---|---|---|
| 1 | 4.1 General requirements | Establish, document, implement, and maintain a QMS and continually improve its effectiveness. | Sprint retrospective |
| 2 | 4.2 Documentation requirements | Documentation is created and maintained | Product backlog creation, issue creation, sprint planning and retrospectives |
| 3 | 5.1 Management commitment | Provide evidence of its commitment to the development and implementation of the QMS and continually improving its effectiveness. This includes establishing the quality policy and quality objectives, conducting management reviews, and ensuring resource availability. | n/a |
| 4 | 5.2 Customer focus | Ensure that customer requirements are met with the aim of enhancing customer satisfaction | Product backlog creation and grooming |
| 5 | 5.3 Quality policy | Establish, implement, and maintain a quality policy that is appropriate to the organization, provides a framework for setting quality objectives, and is communicated and understood within the organization. The policy must also be reviewed for continuing suitability. | n/a |
| 6 | 5.4 Planning | Ensure quality objectives are established at relevant functions and levels, and that the planning of the QMS is carried out to meet these objectives. | n/a |
| 7 | 5.5 Responsibility, authority, and communication | Responsibilities and authorities must be defined and communicated within the organization. Effective internal communication processes must also be established. | Distinct roles in the scrum team - product owner, scrum master, contributers, and QA. Regular standup meetings, product backlog grooming, sprint review, sprint retrospective |
| 8 | 5.6 Management review | Review the QMS at planned intervals to ensure its continuing suitability, adequacy, and effectiveness. Records from management reviews must be maintained. | n/a |
| 9 | 6.1 Provision of resources | Determine and provide the resources needed to implement, maintain, and continually improve the QMS and enhance customer satisfaction. | n/a |
| 10 | 6.2 Human resources | Determine and provide the resources needed to implement, maintain, and continually improve the QMS and enhance customer satisfaction. | n/a |
| 11 | 6.3 Infrastructure | Determine, provide, and maintain the infrastructure needed to achieve conformity to product requirements. | Product backlog creation, issue creation, sprint planning and retrospectives |
| 12 | 6.4 Work environment | Manage the work environment needed to achieve conformity to product requirements. | n/a |
| 13 | 7.1 Planning of product realization | Planning and development of product | Product backlog creation, sprint planning, sprint backlog creation and user stories |
| 14 | 7.2 Customer-related processes | Ensure that requirements are captured, reviewed, and that communication about requirements, bugs, etc is an ongoing process with the customer. | n/a |
| 15 | 7.3 Design and development | Plan and control the design and development of product. Inputs relating to product requirements shall be determined and records should be maintained. Outputs of design and development shall be in a form suitable for verification against the design and development input shall be approved prior to release. At suitable stages, systematic reviews of design and development shall be performed in accordance with planned arrangements. Verification shall be performed in accordance with planned arrangements to ensure that the design and development outputs have met the design and development input requirements. Design and development changes should be defined and records and logs should always be maintained. | Sprint planning Github issues filed by developers, with descriptions and acceptance criteria, design documentation in google docs where applicable Pull requests require review, each issue tested by QA team Sprint retrospectives, quarterly security and compliance review, annual SOC 2 review Testing, automated code scanning tools, linting tools, automated tools like Inferno Issue tracking in Github, backlog grooming and sprint review |
| 16 | 7.4 Purchasing | Ensure purchased products conform to specified requirements. Evaluate and select suppliers based on their ability to meet these requirements and maintain records of evaluations and actions. | n/a |
| 17 | 7.5 Production and service provision | Plan and carry out production and service provision under controlled conditions. This includes the availability of information, suitable equipment, monitoring and measurement activities, and release and delivery processes. | n/a |
| 18 | 7.6 Control of monitoring and measuring devices | Determine the monitoring and measurement devices needed to ensure conformity to requirements. Calibrate, verify, and maintain these devices and keep records of the results. | n/a |
| 19 | 8.1 General | Plan and implement the monitoring, measurement, analysis, and improvement processes needed to demonstrate conformity to product requirements and continually improve the effectiveness of the QMS. | n/a |
| 20 | 8.2 Monitoring and measurement | Team should monitor information relating to customer perception as to whether they have met customer requirements Team monitors and measures the characteristics of the built product to verify that the requirements have been met | Customer submitted issue tracking, sprint review Sprint review, stand up, sprint planning, system monitoring with alarms, logging, on-call staff |
| 21 | 8.3 Control of non-conforming product | Team should ensure that the product which does not conform to product requirements is identified and controlled to prevent its unintended use or delivery | Testing, backlog grooming and sprint review |
| 22 | 8.4 Analysis of data | Team should determine, collect and analyze appropriate data to demonstrate the suitability and effectiveness of the quality management system and evaluate where continual improvement of the effectiveness of the quality management system can be made | Quarterly security and compliance review, sprint retrospective |
| 23 | 8.5 Improvement | Team should take action to eliminate the causes of nonconformities in order to prevent recurrence Team should determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence | Quarterly security and compliance review, incident root cause analysis, sprint retrospective Quarterly security and compliance review, root cause analysis, sprint retrospective, product backlog grooming, static analysis tools |