Auditing for ISO 9001 requirements in the context of agile software processes

ISO 9001 demands of (software) organizations that a rigorous demonstration of their software processes be implemented and a set of guidelines followed at various levels of abstraction. What these organizations need to show, in other words, is that their software processes have been designed and implemented in a way that allows for a level of configuration and operation that complies with ISO 9001 requirements. For software organizations needing ISO 9001 certification, it is important that they establish a software process life cycle that can manage the requirements imposed by this certification standard. However, software organizations that develop their software products using the agile software processes, such as Extreme Programming (agile-XP), face a number of challenges in their effort to demonstrate that their process activities conform to ISO 9001 requirements, major ones being: product construction, traceability, and measurement. Agile software organizations must provide evidence of ISO 9001 conformity, and they need to develop their own procedures, tools, and methodologies to do so. As yet, there is no consensus on how to audit the agile software organization to ensure that their software processes have been designed and implemented in conformity with ISO 9001 requirements. Moreover, it is challenging to ensure that such lightweight documentation methodologies meet these requirements for certification purposes. The motivation of this research is to help software organizations that use agile software processes in their effort to meet the ISO 9001 certification requirements. This research project is also aimed at helping IS auditors extract auditing evidence that demonstrates conformity to the ISO 9001 requirements that must be met by agile software organizations. Extreme programming (agile-XP) has been selected for improvement as a candidate agile process. This selection was based on the literature indicating a higher adoption of agile-XP over other agile software processes. The goal of this research project is to improve the ability of the agile-XP process to meet the auditing requirements of ISO 9001. The goal of the research also focuses on helping agile software organizations in their effort to become ISO 9001 certified. The main objective of this research project is to design an auditing model that covers the measurement and traceability requirements of ISO 9001. The auditing model should provide IS auditors with auditing evidence that the software projects developed with the agile-XP process have fulfilled the requirements of ISO 9001. The objective also proposes several sub processes to enhance the early planning activities of agile-XP according to ISO 9001 requirements. To achieve these objectives, the main phases of the research methodology are: Investigation of the capability of agile-XP to achieve the requirements of ISO 9001 software process certification; modification of the early phases of agile-XP (i.e. release planning phase) using CMMI-DEV; and design of an auditing model for ISO 9001 traceability and measurement requirements. The main outcome of this research study, which is an auditing model that is aligned with the principles of agile-XP and focuses on ISO 9001 traceability and measurement requirements to provide the IS auditors with a methodological approach for the auditing process. The auditing model has been assessed based on case studies selected from the literature