ISO 9001 for software

Hello everyone, I am new here, I am excited.
I am doing certification for a company that has never been certified in order to receive ISO 9001:2015, the company in question works in software modeling in automotive, marine and precision agriculture. The operational processes were written in a generic formula, they could apply to any company, however I was looking for something that more closely describes the execution process for processing the software we produce. Is there a "best practice," for a SW development and validation process in an automation-automotive context? Because we program software for electrical control in a hybrid/electric car, as well as parts always related to automation functionality in the field of sports boats, we are also involved in smart agriculture, and we are developing a prototype for a surface treatment robot, like a sander for the hulls of large ships and can also paint large industrial walls.

Now that you know my context, what I ask is:
- How can I describe software production?
- What kind of KPIs can I use that can verify the state of well-being of the company?
The KPIs I have taken those pertaining to turnover, customers, number of projects, cross-referencing this data with each other denotes that the company since it has been open, has been growing continuously. I would like to have a KPI that is more adherent to software production.

This is my first job as an auditor, I have recently finished my studies but I have never approached this kind of company.

Thank you all for your attention
From Italy

Bye to all

 

Completely agree with @Andy Nichols post. Just a few add-ons - mostly to give you an idea of the depth of the pool you're jumping into.

Does the company have a defined software lifecycle process? You mention automotive so I would expect there's a standard with which your software lifecycle process needs to comply. (If not, there are some generic standards that may help.)

One thing to be aware of, especially with software, is that some "typical" software metrics are readily manipulated to look good. For example, number of lines of code developed per day is a totally useless metric but I see people using that because they don't know of anything else. Progress is always hard to measure in software (you can write a billion lines of code and still be no closer to the goal).

There's also a famous (at least to me) Dilbert cartoon about employees getting rich based on "bug bounties" (pay for the number of bugs you found and fixed).

Depending on the language, you can probably get tools to measure things like complexity and do static analysis to reveal potential issues. This generally generates a ton of data that has to be sifted through, but the information can help you drive improvements.

We look at bugs / types of bugs reported from the field and do the analysis on where they should have been caught (phase escapes). As @Andy Nichols points out, though, this gets pretty deep into the bowels of software development and only someone with software experience is likely to be able to really understand or drive this.

Whatever metrics you choose, be sure to NOT use them punitively. That leads to distrust and cover-up. Take the philosophy that all problems are management problems.

On a related topic, be sure the company is addressing cybersecurity. There are all sorts of materials available for guidance (but needs software expertise).

 

Yes it is. I’m adult, 40yo, and graduated at 38yo in energetic industrial engineering, and plus I’m a protected category worker, My assumption was mandatory and my boss give me this task, to upgrade our certification from ISO 2008 to ISO 2015.

I’m not familiar with sd, but I will implement the sgi of the organizzation, knowing how to develop software is not essential. I should know the key steps though, I agree with you on that, but in the old certification there was no mention of software, it was referred to as a generic service and treated as such. I would like to make a module that describes all the steps and key points that software development requires, because in case I get fired at least I know how to do something more.

I can’t find somebody help me, the only can do is my boss, and I don’t want to ask him that question. He is never in the office, And when there is he is busy and he is always running.

Thanks for the link,
I did that automotive spice search, but it talks about assesments of assesments, I need to know what I can use as assesments if I can't adjust them.

Can you explain better this point? Because I am never told what the programmers are doing, I just see things happening. I'm quality assistant, I'm not the manager, so if something goes wrong I don't particularly care, however, maybe I can learn something and when they fire me I can add on my resume.


I ask you as a courtesy though, what should I chiewd to the programmers. What process should I follow, what are the key steps?

I’ll do with the people, sure, after that I’ll go to the leadership and see them my job. I’ve a good relationship with both



Thanks for you reply from Italy

 

Me too... Go on...

To my knowledge there is no standard, we are a medium-small business and my boss manages to keep up with all the projects, at least during key points. If I have to ask him what are the key points where he intervenes, I would like to have a panel of questions to ask him and how to use the information gathered, which I am not able to do now. So I would need to understand what to ask and how to use that information, because I don't have a clue.

We don't do that kind of programming, but software modeling and simulations. You use mathlab and simulink, it's not exactly writing code from 0 but modeling.... Sorry if I was not clear from the beginning.

Dilbert is amazing!!!

The bugs let's get too specific, we are still in the context of ISO 9001, I would like to describe how to do something. I understand that it could help me to build a kpi, but I don't think with mathlab programming bugs can be significant of anything.

Completely agree with this point!! I manage problem, I don’t destroy nothing

I’m pretty sure that my company addressing CS


Thanks to all from Italy

 

Thanks very much for this diagram, but, in mine opinion, this graph lead the process to write a program to zero, we do modellization with math lab. So please, tell me what I need to know to drawn a diagram like this, but in the modellization field

 

I can show this diagram to a programmer collegue, hope you can help me fill it with enough useful information to create a form describing the programming proces
[/QUOTE]

 

I don't know
I'm in this company from june 2021
In Italy things work differently, especially if they are not mandatory

 

Exactly... We are going to upgrade to 2015 next month

 

No, we don't have IAF certification
I'm in italy