符合 ISO 9001、27001、20000 管理系統認證之企業應用系統開發流程研究

Abstract

本研究主要探討軟體工程的開發流程與多項ISO管理系統整合應用，以整合性的思維，解決同時應用軟體開發流程與ISO管理系統及相關稽核等議題。本研究以單一個案的方式深入探討同時存在ISO 9001、ISO 27001、ISO 20000三項管理系統認證下，其對於企業應用系統開發部門運用的方式與可能產生的影響或困難進行研究與分析;並企圖在發現如何有效的將軟體開發流程與三項ISO管理系統有效的整合運用。 本研究主要結果與發現包括: 1. 軟體開發流程與ISO 9001、27001、20000管理系統整合應用上之規劃方式、應用過程及相關可能之產出文件進行整理與分析之結果。 2. 以綜觀性角度發現整合後之開發流程運用ISO各管理系統之範圍劃分準則性。 3. 以軟體開發流程為基本導向，整合三項ISO管理系統並通過認證之實證個案研究結果，讓大型企業資訊系統開發部門可同時應用ISO 9001、27001、20000三項管理系統，獲得軟體流程的品質改善、資訊安全風險控管與更有效交付服務及更高的顧客滿意度等ISO相關認證的綜效。

This research aims to explore the integration of software development process and various ISO management system verifications. Based on the concept of integration, this study aims to solve several audit issues related to software development process and ISO management system. By focusing on a single case that has ISO 9001, 27001 and 20000 management system verifications, this research thoroughly studies and analyzes possible methods and difficulties in the development of the enterprise application systems and relevant influences, to discover a means of effective integration of the software development process and the three ISO management system verifications. The major findings and results of this research include: 1. The management and analysis of the output documents related to the planning and the application procedures in integrating software development process and ISO 9001, 27001 and 20000 management system verifications. 2. A standard division of each ISO management system according to the different stages of software development application is made from a general perspective. 3. With software development process as a basic orientation, the result of the case study can enable large enterprise systems that integrate the three ISO 9001, 27001 and 20000 management systems to improve products related to ISO verification: such as the quality of the software development process, the risk control of information security and efficient customer services as well as satisfaction.