Quality Management System Standards in IT

Today almost all medium and large IT companies are ISO 9001 certified. However, is it possible to develop high quality software, manage networks, provide Internet access, etc. without ISO 9001 certification? Definitely, yes. Then why is ISO 9001 so popular in the IT industry? And is it really good that this standard is so widespread? Let’s try to find answers to these questions.

First of all, the main reason for ISO 9001 popularity in IT is that it is broadly used across all types of organizations and enterprises. This standard was first published in 1987, and by 2009 the number of certified companies worldwide exceeded a million. ISO 9001 is an internationally recognized standard in the field of quality management in general and in the IT industry in particular. It is not only a standard but also a brand. Consumers can have a vague idea about the contents of the standard but they are normally aware that a trusted company should have the ISO 9001 certification. If customers are familiar with ISO 9001 and prefer vendors to be certified to the standard, then companies that strive to develop leading positions on the market will try to obtain it. However, is ISO 9001 appropriate for an IT company? One of the reasons for the great popularity of ISO is its versatility, with all the consequent positive and negative features. Any multi-purpose tool generates benefits in general but, as a rule, loses in particular cases. As an illustration, you can unscrew any nut with an adjustable wrench but it is better to unscrew a 12mm nut with a 12mm wrench.

ISO 9001 is a standard for the quality management system but not a product. In terms of the standard, it is not so important what particular industry a company belongs to. It is more important how it performs its activities. The ISO certificate does not guarantee a high level of product quality but it confirms a certain degree of reliability of vendor’s enterprise including its products. Thus, ISO 9001 is suitable for both a large hi-tech corporation and a small bakery where they make bread using the technologies that haven’t changed for ages.

When it comes to implementing a quality management system in IT, a question often arises whether it is worth using ISO 9001 or it is better to pay attention to the standards that are more specific for the industry, such as CMMI or ITIL. Probably, the terms CMMI and ITIL seem more common to IT managers than ISO 9001. However, if we look deeper into the matter, then we can see that in general all these standards do not contradict each other and are based on a process approach, i.e. on identification of enterprise processes, their analysis and improvement. In this view, it is probably not so important what particular standard a company adopts as they all have the same roots but at the same time none of these standards will correspond completely to day-to-day realities of a specific enterprise. Please keep it in mind that theory differs from practice in that in theory, theory and practice are the same, and in practice, they are not. The main objective of quality assurance specialists who implement this or that standard is to apply general rules to specific day-to-day operations of an enterprise. Large businesses often build their own quality management systems based on one or several standards and their own practices.

To sum up, ISO 9001 is a fundamental standard that basically describes requirements to quality management systems. It is generally about 20 pages in length, and its implementation takes not less than six months. In comparison, the CMMI requirements are about 700 pages in length, and it takes not less than a year to adopt them. Does it really mean that the quality of processes within an ISO certified company are definitely worse than in a CMMI level5 company? I don’t think so. Moreover, effective process execution based on ISO 9001 will eventually lead to the processes corresponding to CMMI, even if a company doesn’t have a formal certificate. Probably, a good idea for developing a quality management system from scratch and understanding internal processes will be consistent implementation of ISO 9001 at first, then development of a system until it corresponds to one of the CMMI levels (for technology development companies) or ITIL/ISO 20000 (mostly for services providers), and further continuous improvement. Besides, we should not forget about Lean, Six Sigma and other popular and not so popular quality standards that can be useful as well. Compiling knowledge from these standards, it is possible to find the right way to build a quality management system that meets the precise needs of your enterprise.