ISO 9001: Quality Management
The ISO 9001 standard provides the framework for a Quality Management System (QMS). It is not just about the final product, but about the processes that create and deliver it. One of the main objectives of Omnicom's Policy and Standard is to ensure the delivery of secure, accessible, and high-quality systems and software, aligning with international standards such as ISO 9001.
Understanding ISO 9001
ISO 9001 is the international standard that specifies requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements.
The Seven Quality Management Principles
ISO 9001 is based on seven key principles that guide an effective QMS:
- Customer focus: Understanding and meeting customer needs and striving to exceed their expectations.
- Leadership: Establishing a unified purpose and direction and creating conditions in which people are engaged in achieving the organization’s quality objectives.
- Engagement of people: Competent, empowered, and engaged people at all levels are essential to enhance the organization's capability to create and deliver value.
- Process approach: Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes.
- Improvement: Successful organizations have an ongoing focus on improvement.
- Evidence-based decision making: Decisions based on the analysis and evaluation of data and information are more likely to produce desired results.
- Relationship management: For sustained success, an organization manages its relationships with interested parties, such as suppliers.
Like ISO 27001, the QMS also operates on the Plan-Do-Check-Act (PDCA) cycle for continuous improvement.
ISO 9001 for Osborn Developers: A Practical Guide
As a developer on the Osborn project, you are at the core of creating a quality product. Your work directly impacts whether the final software meets the high standards set by Omnicom and our customers. Here’s how the quality principles apply to your daily work in our Django and React stack.
Your Role in the QMS
- Customer Focus: Your "customer" can be an end-user, another development team using your API, or an internal stakeholder.
- Developer Action: Actively participate in Jira task grooming to understand the why behind a feature. Write code that meets both functional and non-functional requirements (performance, usability, security).
- Process Approach: Quality is not accidental; it's the result of a consistent process.
- Developer Action: Strictly adhere to Osborn's established Development Workflow, coding standards, and branching strategies. Use the Bitbucket CI/CD pipeline correctly.
- Improvement: Quality is a moving target. Continuous improvement is key.
- Developer Action: Participate constructively in Pull Request code reviews. Proactively refactor code to improve its structure. Learn from bugs found in Sentry and apply those lessons to future work.
- Evidence-based Decision Making: Use data, not just gut feeling, to guide your work.
- Developer Action: Write and maintain a robust suite of unit and integration tests. Pay attention to the results of static code analysis and code coverage reports from tools like
pytest-cov. When optimizing, use profiling data to identify real bottlenecks.
- Developer Action: Write and maintain a robust suite of unit and integration tests. Pay attention to the results of static code analysis and code coverage reports from tools like
Integration with the Osborn SDLC
Quality is a continuous activity integrated into Osborn's SDLC.
Requirements Analysis
- Translate business needs from the Jira task into clear, unambiguous, and testable technical requirements.
Architecture and Design Phase
- Design for quality by promoting modularity and loose coupling, making the system easier to test and maintain.
Development Phase
- Write clean, maintainable code that adheres to our coding standards.
- Implement comprehensive unit and integration tests.
- Participate in peer code reviews via Bitbucket Pull Requests.
Testing Phase
- This phase is about validating that the system meets all specified requirements.
- Our Bitbucket pipeline automates much of this, running a suite of tests to check for:
- Functionality: Does the software do what it's supposed to do?
- Security: Have security vulnerabilities been tested for and mitigated? (Links to ISO 27001)
- Accessibility: Does the software meet accessibility standards? (Links to ISO 30071-1)
Operations/Maintenance
- Monitor application logs and performance metrics in tools like Sentry and CloudWatch to proactively identify quality issues in production.
- Use feedback from users and monitoring tools to drive the backlog for the next cycle of improvements.