Mapping ISO 9001 to Scrum Practices

ISO 9001 quality management system is directly mapped to a Scrum framework in an agile software development environment. How? Let’s see the ISO requirements and the corresponding scrum practices that we follow.

ISO recommends starting with a quality manual for software development. This will ensure and improve quality in your software development life cycle and monitor client satisfaction. Once you have the quality manual that describes the process for software development, the next step is to implement it. The implementation uses the scrum framework. In Scrum, we have three main roles- product owner, scrum master and the scrum team. They are responsible for implementing the process. ISO also recommends developing a hierarchy that will help to improve the overall process performance. ISO focuses on continual improvement; scrum also focuses on the same. ISO recommends all QMS to be planned, implemented, measured and improved. Scrum also works on similar lines – sprint plan, sprint execution, sprint review and sprint retrospective.

The table below maps all required ISO clauses for software development to the corresponding scrum practice.


Sl. No

ISO Clause


Scrum Practices


5.2 – Customer focusEnsure customer requirements are met with the aim of enhancing customer satisfactionProduct backlog creation and grooming


5.5.1 – Responsibility and AuthorityResponsibilities and authorities are definedDifferent roles in the scrum – product owner, scrum master and scrum team


5.5.3 – Internal communicationEnsure that appropriate communication processes are establishedDaily stand up meeting , product backlog grooming, sprint review, sprint retrospective


7.1 – Planning of product realizationPlanning and development of productProduct backlog creation, Sprint planning, sprint backlog creation, and user stories


7.2.1 – Determination of requirementsEnsure Requirements are captured properlyUser stories with acceptance criteria


7.2.2 – Review of requirementsEnsure that review of requirements is doneArchitectural and business review of user stories before estimation


7.2.3 – Customer CommunicationCustomer communication regarding requirements, bugs etc.Daily standup meeting


7.3.1 – Design and development planningPlan and control the design and development of productSprint planning, estimation of user stories and assigning points


7.3.2 – Design and development inputsInputs relating to product requirements shall be determined and records maintainedUser stories with acceptance criteria


7.3.3 – Design and development outputsOutputs of design and development shall be in a form suitable for verification against the design anddevelopment input and shall be approved prior to releaseSprint review


7.3.4 – Design and development ReviewAt suitable stages, systematic reviews of design and development shall be performed in accordance withplanned arrangementsSprint Retrospective


7.3.5 – Design and development verificationVerification shall be performed in accordance with planned arrangements to ensure that the design and development outputs have met the design and development input requirementsTesting – Sprint Execution


7.3.6 – Design and development validationDesign and development validation shall be performed in accordance with planned arrangements toensure that the resulting product is capable of meeting the requirements for the specified application or

intended use, where known

UAT- Sprint Execution


7.3.7 – Control of design and development changesDesign and development changes shall be identified and records maintainedChange management, sprint planning, sprint review


8.2.1 – Customer satisfactionThe organization shallmonitor information relating to customer perception as to whether the organization has met customer


Sprint Review


8.2.4 – Monitoring and measurement of productThe organization shall monitor and measure the characteristics of the product to verify that productrequirements have been metSprint review, daily standup meeting, sprint planning, burn down charts


8.3 – Control of nonconforming productThe organization shall ensure that product which does not conform to product requirements is identified and controlled to prevent its unintended use or deliveryTesting, Sprint review


8.4 – Analysis of dataThe organization shall determine, collect and analyze appropriate data to demonstrate the suitability and effectiveness of the quality management system and to evaluate where continual improvement of theeffectiveness of the quality management system can be madeBurn down charts, sprint retrospective


8.5.1 – Continual ImprovementOrganization shall continually improve the effectiveness of the quality management systemSprint retrospective, sprint review


8.5.2 – Corrective ActionOrganization shall take action to eliminate the causes of nonconformities in order to prevent recurrenceRoot cause analysis, Sprint Retrospective


8.5.3 – Preventive ActionOrganization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrenceRoot cause analysis, Sprint retrospective, product backlog grooming

ISO 9001 and Scrum are not two different things. They both try to improve the software development process. And a company that wants to delight customers and improve on quality needs to adopt both.

Author : Krishna Chandran Date : 06 Nov 2013