Wednesday, February 08, 2006

ISO

I wrote a while ago about how ISO can actually be used as a positive thing for a company, which I suppose most developers at the grunt level would disagree with. It's true though: you just have to use it to describe your processes, rather than prescribe them.

There is a basic dichotomy, however: The company management may not have the least interest in improving the processes. They just want the pretty sticker for the front door that says, "Yes indeed! We're ISO approved! You can do business with us!" After that, they may not give a fig whether or not the processes are actually being followed, except to the extent that they won't get into legal trouble. This is why so many developers hate ISO. For ten months out of the year, they're told to bypass, sneak around, don't bother with the process, we have to get those customers happy. Or if they follow a process, they may get penalized for it. "What do you mean it'll take you two months to do that? We can't put that on the form! Put down three weeks!" Then, of course, when it does take two months, everyone has to work overtime since the project is so far behind schedule.

For the other two months of the year, they're told, "OK, here's the process. You have to have it memorized. If an auditor comes by, make sure you have the document in front of you. Just read it to the auditor. Don't make trouble. Don't volunteer anything. We just want our little sticker; we don't care about the process."

It's a shame. There's real value in ISO. I wonder if there are any companies that can find it?