Menu
I've been asked this question about distributed source control in general by someone who's familiar with Team Foundation Server.
Is it possible to use a DVCS such as Git or Mercurial for source control and comply with standards such as ISO 9001 or CMMI?
What requirements do ISO 9001 and CMMI place on what source control tools should and should not be capable of?
Are there any things that Git/Mercurial do that ISO 9001/CMMI would Consider Harmful or that would require specific considerations?
I've found some information at http://www.ssqc.com/do25v6new.pdf but at a quick glance it doesn't seem to say much other than the need to keep records of what's changed, which versions of your software you've deployed, and which issues they fix, and there's no reason why DVCS shouldn't be able to handle that in combination with a bug tracker such as FogBugz and a CI server such as TeamCity.
952
CMMI is focused on process improvement, while ISO 9001 focuses on customer satisfaction, process improvement, product conformity and the continual improvement of the quality management system.
CMMI is a process model and ISO is an audit standard. CMMI is a set of related “best practices” derived from industry leaders and relates to product engineering and software development.
The primary focus of the ISO 9001 standard is to meet customer requirements and strive to exceed customer expectations. A Quality Management System based on ISO 9001: Defines how an organization can meet the requirements of its customers and other stakeholders. Promotes the idea of continual improvement.
ISO 9001 is defined as the international standard that specifies requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements.
First off, software is not ISO 9001 compilant. Only organizations are ISO 9001 compilant. So the question as stated really makes no sense. The only thing you could ask is if the Git or Mercurial development teams are ISO 9001 compilant. (The same goes for CMMI).
All ISO 9001 for a software development outfit really means is that you have a written process in place for everything you do (development, bug fixes, etc) and that you follow it. Well, that and you've paid someone to come do an ISO 9001 audit certifying as to the above. CMMI is a lot more involved, but for the purposes of this discussion, we can consider them similar.
You'd probably have to look pretty long and hard to find a Free Software community project that bothered to go through the massive grunt work required in creating all the process documentation and that scraped together the money to pay for an audit. If you find one, it would probably only be due to some kind of large corporate sponsor wanting it.
If the question is what those standards specify about the use of Source Control, in the case of ISO 9001 that would be nothing. The old joke is that if you take your product and drop it out a 10 story window to the loading dock below, that's just fine by ISO as long as that's your documented process and you follow it.
58
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
