Security in IT or in the Internet of Things means quality in the software.
Compared to other sectors such as vehicle, railway, mechanical engineering or aviation, IT is a very young sector. Well-known politicians only recently discovered the ubiquitous information technology, such as the Internet, which can provide some amusement for some of us readers.
Not a week goes by without a message being published about so-called IT security incidents. Today everyone knows that there are weaknesses and even gaps in information technology systems. There is no longer any doubt that these vulnerabilities will be exploited. There are already statements that certain organizations are specifically using weaknesses in IT technology to carry out manipulations. An example of this could have been the last US presidential election. Increasing digitization, networking of machines, cloud computing and the Internet of things, etc. will exacerbate this threat.
The old industry (old economy), such as the above-mentioned car manufacturers and aircraft manufacturers, have had painful experiences over the past hundred years and have developed methods and technologies to protect the life and limb of users and passengers and also demand these in a binding manner a. While in the software industry the philosophy is all too often still represented that it is more important that the software works and that certain quality requirements, such as documentation, can be neglected. Can you imagine a drug without a package insert? Hardly, because you want to be able to read about the dosage of the medication and the side effects. When it comes to software, you may find yourself looking for this instruction leaflet (technical documentation) in vain. OK,
At this point we are talking about software applications, such as automated manufacturing process control, traffic monitoring both on the road and in the air, fully automated food production, but recently also individual applications for each individual person, such as the app for taking medication.
Inadequacies and weaknesses in software or hardware are a question of product quality. An essential part of quality management is the risk assessment for the respective product. Software as a product has a completely different and sometimes much more life-threatening aspect today than it did 50 years ago. If you now believe that software cannot be deadly, then ask your vehicle mechatronics technician what can happen if your vehicle’s on-board computer has a bug (software error). A large number of the bugs are not known at all, since they are regularly fixed in your workshop via an update.
Quality standards for software
For this reason, software must be subject to the same quality standards as we have in the food, pharmaceutical, automotive, etc. industries.
Consequently, every entrepreneur should operate quality management with functional risk management in order to avoid errors and minimize dangers. Especially in an industry like IT, small mistakes can affect a lot of people. For example, quality management in pharmaceutical companies has a long tradition. It is well known that small causes can have a big effect. If only one substance were minimally modified during production, the effect of the drug would be completely different in the end – a risk to health that is very difficult or impossible to assess.
The legislature reacts to scandals in the pharmaceutical industry or food scandals with strict regulation. As a result, the quality requirements are increased and the requirements for product approvals are tightened.
Something similar is developing in the IT industry today. Software that is used in aircraft, trains and motor vehicles is subject to significantly higher quality and functional safety requirements.
The General Data Protection Regulation in the area of data protection is another example. The quality requirements have also been increased here, even if some data protectionists would go even further. The legal text does not yet explicitly contain the terms quality management and risk management, but as an entrepreneur you would do well to include these legal data protection requirements in your quality management and risk management.
Just as you, as an entrepreneur or managing director, do proper bookkeeping, you should also establish and practice quality management in the company. There are enough reasons to start quality management in IT, software development or in the much-vaunted high-tech sector – so that not only does the product make it big, but people really benefit from it.