Mapping ISO 9001 to Scrum Practices

ISO 9001 quality management system is directly mapped to a Scrum framework in an agile software development environment. How? Let’s see the ISO requirements and the corresponding scrum practices that we follow.

ISO recommends starting with a quality manual for software development. This will ensure and improve quality in your software development life cycle and monitor client satisfaction. Once you have the quality manual that describes the process for software development, the next step is to implement it. The implementation uses the scrum framework. In Scrum, we have three main roles- product owner, scrum master and the scrum team. They are responsible for implementing the process. ISO also recommends developing a hierarchy that will help to improve the overall process performance. ISO focuses on continual improvement; scrum also focuses on the same. ISO recommends all QMS to be planned, implemented, measured and improved. Scrum also works on similar lines – sprint plan, sprint execution, sprint review and sprint retrospective.

The table below maps all required ISO clauses for software development to the corresponding scrum practice.


Sl. No

ISO Clause


Scrum Practices


5.2 – Customer focus Ensure customer requirements are met with the aim of enhancing customer satisfaction Product backlog creation and grooming


5.5.1 – Responsibility and Authority Responsibilities and authorities are defined Different roles in the scrum – product owner, scrum master and scrum team


5.5.3 – Internal communication Ensure that appropriate communication processes are established Daily stand up meeting , product backlog grooming, sprint review, sprint retrospective


7.1 – Planning of product realization Planning and development of product Product backlog creation, Sprint planning, sprint backlog creation, and user stories


7.2.1 – Determination of requirements Ensure Requirements are captured properly User stories with acceptance criteria


7.2.2 – Review of requirements Ensure that review of requirements is done Architectural and business review of user stories before estimation


7.2.3 – Customer Communication Customer communication regarding requirements, bugs etc. Daily standup meeting


7.3.1 – Design and development planning Plan and control the design and development of product Sprint planning, estimation of user stories and assigning points


7.3.2 – Design and development inputs Inputs relating to product requirements shall be determined and records maintained User stories with acceptance criteria


7.3.3 – Design and development outputs Outputs of design and development shall be in a form suitable for verification against the design anddevelopment input and shall be approved prior to release Sprint review


7.3.4 – Design and development Review At suitable stages, systematic reviews of design and development shall be performed in accordance withplanned arrangements Sprint Retrospective


7.3.5 – Design and development verification Verification shall be performed in accordance with planned arrangements to ensure that the design and development outputs have met the design and development input requirements Testing – Sprint Execution


7.3.6 – Design and development validation Design and development validation shall be performed in accordance with planned arrangements toensure that the resulting product is capable of meeting the requirements for the specified application or

intended use, where known

UAT- Sprint Execution


7.3.7 – Control of design and development changes Design and development changes shall be identified and records maintained Change management, sprint planning, sprint review


8.2.1 – Customer satisfaction The organization shallmonitor information relating to customer perception as to whether the organization has met customer


Sprint Review


8.2.4 – Monitoring and measurement of product The organization shall monitor and measure the characteristics of the product to verify that productrequirements have been met Sprint review, daily standup meeting, sprint planning, burn down charts


8.3 – Control of nonconforming product The organization shall ensure that product which does not conform to product requirements is identified and controlled to prevent its unintended use or delivery Testing, Sprint review


8.4 – Analysis of data The organization shall determine, collect and analyze appropriate data to demonstrate the suitability and effectiveness of the quality management system and to evaluate where continual improvement of theeffectiveness of the quality management system can be made Burn down charts, sprint retrospective


8.5.1 – Continual Improvement Organization shall continually improve the effectiveness of the quality management system Sprint retrospective, sprint review


8.5.2 – Corrective Action Organization shall take action to eliminate the causes of nonconformities in order to prevent recurrence Root cause analysis, Sprint Retrospective


8.5.3 – Preventive Action Organization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence Root cause analysis, Sprint retrospective, product backlog grooming

ISO 9001 and Scrum are not two different things. They both try to improve the software development process. And a company that wants to delight customers and improve on quality needs to adopt both.

Author : Krishna Chandran Date : 06 Nov 2013