Loading ...
Sorry, an error occurred while loading the content.

Re: [scrumdevelopment] How does Scrum comply to ISO 9001:2008?

Expand Messages
  • Jesse Fewell
    As a resource to help you document the Scrum process you are using, you can reference the Scrum Guide: http://www.scrumalliance.org/resources/598
    Message 1 of 9 , Aug 4, 2009
    • 0 Attachment

      As a resource to help you document the Scrum process you are using, you can reference the Scrum Guide: http://www.scrumalliance.org/resources/598

    • Tobias Mayer
      Mary Anne wrote: How does Scrum comply to ISO 9001:2008? Scrum does not comply to anything. It challenges everything. ... Documentation is not prohibited by
      Message 2 of 9 , Aug 4, 2009
      • 0 Attachment
        Mary Anne wrote: How does Scrum comply to ISO 9001:2008?

        Scrum does not comply to anything.  It challenges everything.

        > Alan Dayley wrote: 
        Documentation is not prohibited by Scrum. Do the documentation needed by the team and needed by your company's processes.

        Yes, and ask "why am I writing this document" quite frequently.  Do what is required, but don't forget to inspect, and adapt as necessary.

        Tobias

      • Roy Morien
        This is an interesting discussion I think. It seems to me that many people who talk about process improvement are actually taking about process compliance.
        Message 3 of 9 , Aug 4, 2009
        • 0 Attachment
          This is an interesting discussion I think. It seems to me that many people who talk about process improvement are actually taking about process compliance. Maybe I have a jaundiced view of ISO standards adherence, but being certified as complying to a poor process does not seem to me to be very helpful.
           
          I would view the situation this way; Scrum (and I guess XP and DSDM also) recommend certain patterns of behaviour, certain 'things that you should do' when you are developing software in accordance with that method. For example, Scrum recommends 3 major roles in the process. Scrum recommends the maintenance of a Product Backlog that is kept up to date. Scrum recommends a Daily Stand-up ... and so on. An SOP document would, I would suggest, contain mention of these, and a compliance audit would verify that these things are being done.
           
          But no ISO standard, no SOP or any compliance audit is going to be able to say 'The Daily Standup must be efficiently run and effective', or 'the members of the project team must always think carefully about the test scripts that they write'. Thinking carefully, being effective at a meeting, applying your skills in a thoughtful and organised manner, being creative in your thinking etc. are not things that can be standardised and documented in a SOP Manual.
           
          Unfortunately, in the past, many Procedure Manuals seemed to acknowledge this in a negative manner, and so tried to impose such a rigorous and rigid process on developers that sought to eradicate creativity, loose thinking etc.  It almost became a matter of 'If you fill out this form, and make sure you tick all the boxes, then you must have done things properly'. The old saying of 'Plan the Work and Work the Plan' is a bit like this philosophy. Creating a detailed plan and then adhering to that plan rigorously was seen as good process. As we (mostly) all now acknowledge, that just didn't work ... that just could not work.
           
          So, methods such as Scrum recommend a particular project organisation, recommend certain roles, recommend certain practices and 'ways to behave' which can be formalised into an SOP ... and then adherance or compliance with those recommendations can be audited. But it is up to the people involved to make it effective. And not just by apparent exact compliance.
           
          Regards,
          Roy Morien 

          To: scrumdevelopment@yahoogroups.com
          From: kurt.haeusler@...
          Date: Tue, 4 Aug 2009 22:05:45 +0200
          Subject: Re: [scrumdevelopment] How does Scrum comply to ISO 9001:2008?

           
          Hi,
          in my previous job, I prepared a SOP (Standard Operating Procedure)
          document for our software development department as part of the
          companies ISO 9001 QMS (although I believe in our case it was
          9001:2000). It only required that we described and documented our
          process. We specifically mentioned our agile values in the SOP, and
          referred to the focus on working code and verbal communication over
          documentation. As far as I know, ISO doesn't prescribe much in the way
          of the process itself, only in the way it is documented and audited, and
          how the continual improvement procedure (which fits in really nicely
          with scrum) is managed and documented. I had no special ISO training and
          was able to basically write down how we did things, in a structure that
          I copied from the other departments SOPs (until we had our own SOP, the
          hardware development department's SOP also applied to Software, which
          was pointed out in an audit as not reflecting reality.). Our ISO contact
          just tidied things up a bit. When were audited, the auditor was familiar
          with XP, which I think helped, and he just made sure we worked according
          to the SOP, had the artefacts mentioned inside, (scrum board, burndown
          charts, backlog etc), and that was it. Not much drama at all.

          When you say ISO requires documents to be approved etc, do you mean the
          meta-documents like the SOP, or does :2008 actually prescribe software
          development documentation such as requirements and functional
          specification etc?

          Having an auditor that knows something about agile does apparently help
          though.

          But to answer the question in the topic, I don't think Scrum itself has
          to apply to ISO 9001, the process itself, which usually includes a fair
          bit more than just scrum (I think in our SOP, Scrum was just a small
          paragraph), just has to be documented to a certain standard and has to
          be audited.

          maryannejunge wrote:
          > I have been recently trained as a Scrum Master and I am also the ISO
          > contact. My company is certified to ISO 9001:2008 and we are
          > currently piloting 2 projects using the Agile/Scrum methodology, but
          > I have been asked how do we maintain our ISO certification using
          > Scrum. ISO requires documents to be approved prior to issue and that
          > records of reviews for design and development steps are maintained.
          > Does anyone have any feedback on how to effectively do this while
          > doing Scrum?
          >
          >




          Click Here View photos of singles in your area
        • maryannejunge
          Thanks so much for the feedback. I like your approach and think this is a great way to help us comply with the ISO standard.
          Message 4 of 9 , Aug 5, 2009
          • 0 Attachment
            Thanks so much for the feedback. I like your approach and think this is a great way to help us comply with the ISO standard.

            --- In scrumdevelopment@yahoogroups.com, Roy Morien <roymorien@...> wrote:
            >
            >
            > This is an interesting discussion I think. It seems to me that many people who talk about process improvement are actually taking about process compliance. Maybe I have a jaundiced view of ISO standards adherence, but being certified as complying to a poor process does not seem to me to be very helpful.
            >
            >
            >
            > I would view the situation this way; Scrum (and I guess XP and DSDM also) recommend certain patterns of behaviour, certain 'things that you should do' when you are developing software in accordance with that method. For example, Scrum recommends 3 major roles in the process. Scrum recommends the maintenance of a Product Backlog that is kept up to date. Scrum recommends a Daily Stand-up ... and so on. An SOP document would, I would suggest, contain mention of these, and a compliance audit would verify that these things are being done.
            >
            >
            >
            > But no ISO standard, no SOP or any compliance audit is going to be able to say 'The Daily Standup must be efficiently run and effective', or 'the members of the project team must always think carefully about the test scripts that they write'. Thinking carefully, being effective at a meeting, applying your skills in a thoughtful and organised manner, being creative in your thinking etc. are not things that can be standardised and documented in a SOP Manual.
            >
            >
            >
            > Unfortunately, in the past, many Procedure Manuals seemed to acknowledge this in a negative manner, and so tried to impose such a rigorous and rigid process on developers that sought to eradicate creativity, loose thinking etc. It almost became a matter of 'If you fill out this form, and make sure you tick all the boxes, then you must have done things properly'. The old saying of 'Plan the Work and Work the Plan' is a bit like this philosophy. Creating a detailed plan and then adhering to that plan rigorously was seen as good process. As we (mostly) all now acknowledge, that just didn't work ... that just could not work.
            >
            >
            > So, methods such as Scrum recommend a particular project organisation, recommend certain roles, recommend certain practices and 'ways to behave' which can be formalised into an SOP ... and then adherance or compliance with those recommendations can be audited. But it is up to the people involved to make it effective. And not just by apparent exact compliance.
            >
            >
            >
            > Regards,
            >
            > Roy Morien
            >
            >
            > To: scrumdevelopment@yahoogroups.com
            > From: kurt.haeusler@...
            > Date: Tue, 4 Aug 2009 22:05:45 +0200
            > Subject: Re: [scrumdevelopment] How does Scrum comply to ISO 9001:2008?
            >
            >
            >
            >
            >
            > Hi,
            > in my previous job, I prepared a SOP (Standard Operating Procedure)
            > document for our software development department as part of the
            > companies ISO 9001 QMS (although I believe in our case it was
            > 9001:2000). It only required that we described and documented our
            > process. We specifically mentioned our agile values in the SOP, and
            > referred to the focus on working code and verbal communication over
            > documentation. As far as I know, ISO doesn't prescribe much in the way
            > of the process itself, only in the way it is documented and audited, and
            > how the continual improvement procedure (which fits in really nicely
            > with scrum) is managed and documented. I had no special ISO training and
            > was able to basically write down how we did things, in a structure that
            > I copied from the other departments SOPs (until we had our own SOP, the
            > hardware development department's SOP also applied to Software, which
            > was pointed out in an audit as not reflecting reality.). Our ISO contact
            > just tidied things up a bit. When were audited, the auditor was familiar
            > with XP, which I think helped, and he just made sure we worked according
            > to the SOP, had the artefacts mentioned inside, (scrum board, burndown
            > charts, backlog etc), and that was it. Not much drama at all.
            >
            > When you say ISO requires documents to be approved etc, do you mean the
            > meta-documents like the SOP, or does :2008 actually prescribe software
            > development documentation such as requirements and functional
            > specification etc?
            >
            > Having an auditor that knows something about agile does apparently help
            > though.
            >
            > But to answer the question in the topic, I don't think Scrum itself has
            > to apply to ISO 9001, the process itself, which usually includes a fair
            > bit more than just scrum (I think in our SOP, Scrum was just a small
            > paragraph), just has to be documented to a certain standard and has to
            > be audited.
            >
            > maryannejunge wrote:
            > > I have been recently trained as a Scrum Master and I am also the ISO
            > > contact. My company is certified to ISO 9001:2008 and we are
            > > currently piloting 2 projects using the Agile/Scrum methodology, but
            > > I have been asked how do we maintain our ISO certification using
            > > Scrum. ISO requires documents to be approved prior to issue and that
            > > records of reviews for design and development steps are maintained.
            > > Does anyone have any feedback on how to effectively do this while
            > > doing Scrum?
            > >
            > >
            >
            >
            >
            >
            >
            >
            >
            >
            >
            > _________________________________________________________________
            > View photos of singles in your area Click Here
            > http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fdating%2Eninemsn%2Ecom%2Eau%2Fsearch%2Fsearch%2Easpx%3Fexec%3Dgo%26tp%3Dq%26gc%3D2%26tr%3D1%26lage%3D18%26uage%3D55%26cl%3D14%26sl%3D0%26dist%3D50%26po%3D1%26do%3D2%26trackingid%3D1046138%26r2s%3D1&_t=773166090&_r=Hotmail_Endtext&_m=EXT
            >
          • hpsamios
            ... Mary, We ve been looking at the same thing (no specific implementation ideas yet). This article written by the people at Primavera seemed to offer a good
            Message 5 of 9 , Aug 10, 2009
            • 0 Attachment
              --- In scrumdevelopment@yahoogroups.com, "maryannejunge" <maryannejunge@...> wrote:
              >
              Mary,

              We've been looking at the same thing (no specific implementation ideas yet). This article written by the people at Primavera seemed to offer a good approach:

              http://www.agile2007.com/agile2007/downloads/proceedings/055_ISO%209001_833.pdf

              Hans

              > Thanks so much for the feedback. I like your approach and think this is a great way to help us comply with the ISO standard.
              >
              > --- In scrumdevelopment@yahoogroups.com, Roy Morien <roymorien@> wrote:
              > >
              > >
              > > This is an interesting discussion I think. It seems to me that many people who talk about process improvement are actually taking about process compliance. Maybe I have a jaundiced view of ISO standards adherence, but being certified as complying to a poor process does not seem to me to be very helpful.
              > >
              > >
              > >
              > > I would view the situation this way; Scrum (and I guess XP and DSDM also) recommend certain patterns of behaviour, certain 'things that you should do' when you are developing software in accordance with that method. For example, Scrum recommends 3 major roles in the process. Scrum recommends the maintenance of a Product Backlog that is kept up to date. Scrum recommends a Daily Stand-up ... and so on. An SOP document would, I would suggest, contain mention of these, and a compliance audit would verify that these things are being done.
              > >
              > >
              > >
              > > But no ISO standard, no SOP or any compliance audit is going to be able to say 'The Daily Standup must be efficiently run and effective', or 'the members of the project team must always think carefully about the test scripts that they write'. Thinking carefully, being effective at a meeting, applying your skills in a thoughtful and organised manner, being creative in your thinking etc. are not things that can be standardised and documented in a SOP Manual.
              > >
              > >
              > >
              > > Unfortunately, in the past, many Procedure Manuals seemed to acknowledge this in a negative manner, and so tried to impose such a rigorous and rigid process on developers that sought to eradicate creativity, loose thinking etc. It almost became a matter of 'If you fill out this form, and make sure you tick all the boxes, then you must have done things properly'. The old saying of 'Plan the Work and Work the Plan' is a bit like this philosophy. Creating a detailed plan and then adhering to that plan rigorously was seen as good process. As we (mostly) all now acknowledge, that just didn't work ... that just could not work.
              > >
              > >
              > > So, methods such as Scrum recommend a particular project organisation, recommend certain roles, recommend certain practices and 'ways to behave' which can be formalised into an SOP ... and then adherance or compliance with those recommendations can be audited. But it is up to the people involved to make it effective. And not just by apparent exact compliance.
              > >
              > >
              > >
              > > Regards,
              > >
              > > Roy Morien
              > >
              > >
              > > To: scrumdevelopment@yahoogroups.com
              > > From: kurt.haeusler@
              > > Date: Tue, 4 Aug 2009 22:05:45 +0200
              > > Subject: Re: [scrumdevelopment] How does Scrum comply to ISO 9001:2008?
              > >
              > >
              > >
              > >
              > >
              > > Hi,
              > > in my previous job, I prepared a SOP (Standard Operating Procedure)
              > > document for our software development department as part of the
              > > companies ISO 9001 QMS (although I believe in our case it was
              > > 9001:2000). It only required that we described and documented our
              > > process. We specifically mentioned our agile values in the SOP, and
              > > referred to the focus on working code and verbal communication over
              > > documentation. As far as I know, ISO doesn't prescribe much in the way
              > > of the process itself, only in the way it is documented and audited, and
              > > how the continual improvement procedure (which fits in really nicely
              > > with scrum) is managed and documented. I had no special ISO training and
              > > was able to basically write down how we did things, in a structure that
              > > I copied from the other departments SOPs (until we had our own SOP, the
              > > hardware development department's SOP also applied to Software, which
              > > was pointed out in an audit as not reflecting reality.). Our ISO contact
              > > just tidied things up a bit. When were audited, the auditor was familiar
              > > with XP, which I think helped, and he just made sure we worked according
              > > to the SOP, had the artefacts mentioned inside, (scrum board, burndown
              > > charts, backlog etc), and that was it. Not much drama at all.
              > >
              > > When you say ISO requires documents to be approved etc, do you mean the
              > > meta-documents like the SOP, or does :2008 actually prescribe software
              > > development documentation such as requirements and functional
              > > specification etc?
              > >
              > > Having an auditor that knows something about agile does apparently help
              > > though.
              > >
              > > But to answer the question in the topic, I don't think Scrum itself has
              > > to apply to ISO 9001, the process itself, which usually includes a fair
              > > bit more than just scrum (I think in our SOP, Scrum was just a small
              > > paragraph), just has to be documented to a certain standard and has to
              > > be audited.
              > >
              > > maryannejunge wrote:
              > > > I have been recently trained as a Scrum Master and I am also the ISO
              > > > contact. My company is certified to ISO 9001:2008 and we are
              > > > currently piloting 2 projects using the Agile/Scrum methodology, but
              > > > I have been asked how do we maintain our ISO certification using
              > > > Scrum. ISO requires documents to be approved prior to issue and that
              > > > records of reviews for design and development steps are maintained.
              > > > Does anyone have any feedback on how to effectively do this while
              > > > doing Scrum?
              > > >
              > > >
              > >
              > >
              > >
              > >
              > >
              > >
              > >
              > >
              > >
              > > _________________________________________________________________
              > > View photos of singles in your area Click Here
              > > http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fdating%2Eninemsn%2Ecom%2Eau%2Fsearch%2Fsearch%2Easpx%3Fexec%3Dgo%26tp%3Dq%26gc%3D2%26tr%3D1%26lage%3D18%26uage%3D55%26cl%3D14%26sl%3D0%26dist%3D50%26po%3D1%26do%3D2%26trackingid%3D1046138%26r2s%3D1&_t=773166090&_r=Hotmail_Endtext&_m=EXT
              > >
              >
            • Hillel Glazer
              I m very sad to see yet another organization being abused by ISO 9000. When ISO 9000 first came out it held much promise for guiding organizations towards
              Message 6 of 9 , Aug 10, 2009
              • 0 Attachment
                I'm very sad to see yet another organization being abused by ISO 9000.

                When ISO 9000 first came out it held much promise for guiding organizations towards improved management over the quality of their work.  Unfortunately, like CMM, CMMI, and many others, it has fallen into abuse as a "compliance" scheme rather than one of improved quality.

                Scrum is a means by which work is organized, prioritized, accounted for and communicated (among other things).  To ISO 9000, Scrum should merely appear as a "work instruction", method, or means of communication.  Scrum is just another way to demonstrate that your organization has a clue about how it will produce results.  Several aspects of how Scrum works can accomplish certain aspects of your quality system (such as how your Scrum team identifies issues, does retrospectives, or seeks validation or verification of their understanding from the customer), but insofar as your Scrum activities "complying" with ISO 9000, there's really nothing to worry about as long as you're not abusing Scrum as an excuse for undisciplined chaos stuffed into a time box you erroneously call a Sprint.

                There's nothing in Scrum that would invalidate what you do with ISO 9000.  However, from the way you describe how your organization perceives ISO 9000, it's highly likely that your approach to ISO 9000 forces much waste and non-value-add to product development whether you're using Scrum or not.

                Several people have given you excellent advice and resources already, my only contribution at this point is to suggest that you take a few steps back and really pause to understand what ISO 9000 is really trying to accomplish (regardless of how your organization implemented it), and learn about ways to make those concepts come true.  Then, take a look at your organization's processes and question whether or not they're really necessary to meet those expectations.

                Your ISO 9000 auditor may not agree with your assessment, but that doesn't mean he or she is right.  All it means is that your organization has chosen to waste time, money, quality, and staff morale just so they can get their certification.

                Cheers!
                -->>  Hillel
                --
                Hillel Glazer, Principal & CEO
                Entinex, Inc.
                Get value from CMMI, not artifacts.(TM)

                www.entinex.com | www.AgileCMMI.com | www.CMMIFAQ.info
                O-


                On Mon, Aug 10, 2009 at 4:41 PM, hpsamios <hpsamios@...> wrote:
                --- In scrumdevelopment@yahoogroups.com, "maryannejunge" <maryannejunge@...> wrote:
                >
                Mary,

                We've been looking at the same thing (no specific implementation ideas yet).  This article written by the people at Primavera seemed to offer a good approach:

                http://www.agile2007.com/agile2007/downloads/proceedings/055_ISO%209001_833.pdf

                Hans

                > Thanks so much for the feedback.  I like your approach and think this is a great way to help us comply with the ISO standard.
                >
                > --- In scrumdevelopment@yahoogroups.com, Roy Morien <roymorien@> wrote:
                > >
                > >
                > > This is an interesting discussion I think. It seems to me that many people who talk about process improvement are actually taking about process compliance. Maybe I have a jaundiced view of ISO standards adherence, but being certified as complying to a poor process does not seem to me to be very helpful.
                > >
                > >
                > >
                > > I would view the situation this way; Scrum (and I guess XP and DSDM also) recommend certain patterns of behaviour, certain 'things that you should do' when you are developing software in accordance with that method. For example, Scrum recommends 3 major roles in the process. Scrum recommends the maintenance of a Product Backlog that is kept up to date. Scrum recommends a Daily Stand-up ... and so on. An SOP document would, I would suggest, contain mention of these, and a compliance audit would verify that these things are being done.
                > >
                > >
                > >
                > > But no ISO standard, no SOP or any compliance audit is going to be able to say 'The Daily Standup must be efficiently run and effective', or 'the members of the project team must always think carefully about the test scripts that they write'. Thinking carefully, being effective at a meeting, applying your skills in a thoughtful and organised manner, being creative in your thinking etc. are not things that can be standardised and documented in a SOP Manual.
                > >
                > >
                > >
                > > Unfortunately, in the past, many Procedure Manuals seemed to acknowledge this in a negative manner, and so tried to impose such a rigorous and rigid process on developers that sought to eradicate creativity, loose thinking etc.  It almost became a matter of 'If you fill out this form, and make sure you tick all the boxes, then you must have done things properly'. The old saying of 'Plan the Work and Work the Plan' is a bit like this philosophy. Creating a detailed plan and then adhering to that plan rigorously was seen as good process. As we (mostly) all now acknowledge, that just didn't work ... that just could not work.
                > >
                > >
                > > So, methods such as Scrum recommend a particular project organisation, recommend certain roles, recommend certain practices and 'ways to behave' which can be formalised into an SOP ... and then adherance or compliance with those recommendations can be audited. But it is up to the people involved to make it effective. And not just by apparent exact compliance.
                > >
                > >
                > >
                > > Regards,
                > >
                > > Roy Morien
                > >
                > >
                > > To: scrumdevelopment@yahoogroups.com
                > > From: kurt.haeusler@
                > > Date: Tue, 4 Aug 2009 22:05:45 +0200
                > > Subject: Re: [scrumdevelopment] How does Scrum comply to ISO 9001:2008?
                > >
                > >
                > >
                > >
                > >
                > > Hi,
                > > in my previous job, I prepared a SOP (Standard Operating Procedure)
                > > document for our software development department as part of the
                > > companies ISO 9001 QMS (although I believe in our case it was
                > > 9001:2000). It only required that we described and documented our
                > > process. We specifically mentioned our agile values in the SOP, and
                > > referred to the focus on working code and verbal communication over
                > > documentation. As far as I know, ISO doesn't prescribe much in the way
                > > of the process itself, only in the way it is documented and audited, and
                > > how the continual improvement procedure (which fits in really nicely
                > > with scrum) is managed and documented. I had no special ISO training and
                > > was able to basically write down how we did things, in a structure that
                > > I copied from the other departments SOPs (until we had our own SOP, the
                > > hardware development department's SOP also applied to Software, which
                > > was pointed out in an audit as not reflecting reality.). Our ISO contact
                > > just tidied things up a bit. When were audited, the auditor was familiar
                > > with XP, which I think helped, and he just made sure we worked according
                > > to the SOP, had the artefacts mentioned inside, (scrum board, burndown
                > > charts, backlog etc), and that was it. Not much drama at all.
                > >
                > > When you say ISO requires documents to be approved etc, do you mean the
                > > meta-documents like the SOP, or does :2008 actually prescribe software
                > > development documentation such as requirements and functional
                > > specification etc?
                > >
                > > Having an auditor that knows something about agile does apparently help
                > > though.
                > >
                > > But to answer the question in the topic, I don't think Scrum itself has
                > > to apply to ISO 9001, the process itself, which usually includes a fair
                > > bit more than just scrum (I think in our SOP, Scrum was just a small
                > > paragraph), just has to be documented to a certain standard and has to
                > > be audited.
                > >
                > > maryannejunge wrote:
                > > > I have been recently trained as a Scrum Master and I am also the ISO
                > > > contact. My company is certified to ISO 9001:2008 and we are
                > > > currently piloting 2 projects using the Agile/Scrum methodology, but
                > > > I have been asked how do we maintain our ISO certification using
                > > > Scrum. ISO requires documents to be approved prior to issue and that
                > > > records of reviews for design and development steps are maintained.
                > > > Does anyone have any feedback on how to effectively do this while
                > > > doing Scrum?
              Your message has been successfully submitted and would be delivered to recipients shortly.