SmartISO: the solution for SMEs aiming to compete with large enterprises

The quality of business processes is an indispensable value for small and medium-sized enterprises (SMEs) striving to meet international standards and, consequently, enhance their reputation in the eyes of clients and public entities. Quality also involves the correct management of data, as outlined by the European regulation for the protection of personal data (GDPR) and numerous international standards (e.g., ISO 27000 family). However, the economic investments required pose an obstacle for small and young entities to achieve quality, creating a competitive gap with more mature entities that make these investments to consolidate and manage risks in a structured and organized manner.

Furthermore, quality should be perceived as a guide, and while external consultations are necessary, expertise should remain internal to the company and be internalized by all employees.

These reflections led to the development of SmartISO, a solution that, as the name suggests, aims to make quality standards more effective in companies.

The Context

The idea originates, as often happens, from an internal need: better management of projects. It is assumed that defining requirements in the software domain is challenging. Software houses often attribute this difficulty solely to clients. However, in reality, it becomes apparent that requirement gathering is necessarily approximate at the project's start, undergoing numerous revisions – it's a natural process.

Yet, clients' primary need is to know the project cost before fully understanding all requirements. Economic evaluations, however, are influenced not only by requirements but also by various variables: personnel variation and training, salaries, skills, suppliers, project alternation, resource average occupation, and an evaluation aligning with the client's spending capacity. So, how does one generate a competitive economic proposal? With a mix of experience, company assets built over time, but above all, with organization and processes – in other words, quality.

Origins of SmartISO
The first step to elevate our quality level was studying standards and researching/experimenting with tools already available in the market. We soon realized that most were designed for large enterprises, tailored for workgroups consisting of numerous developers and long-term projects. These solutions didn't perfectly fit our context and needs, which reflect those of many SMEs. At this point, two paths emerged: adapting our work methods to tools designed for large enterprises or developing a tailor-made solution for us and all SMEs. As you may have guessed, we chose the latter and began bringing our ideas to life, modifying our processes and developing software to support them, aiming to achieve a good trade-off between the extra effort required of developers and control.

Working with SmartISO
SmartISO is a mix of software components and processes involving all project management phases.

All clients are cataloged within the platform, and one or more projects are recorded for each client. Projects are managed through various initiatives representing the minimum units of work for SmartISO.

The first phase is analysis, including meetings, requirement gathering, wireframe and software interface definition (e.g., REST API, MQTT, etc.), high-level design, and defining development teams and leads (ours and the client's). In this phase, data types, stakeholders, and risks related to not meeting requirements, with possible mitigation/resolution actions, are also assessed. Using this information and a cost evaluation model considering individual salaries and skills, the technical office can calculate economic estimates. Based on these estimates, the commercial area managers can draft economic proposals, and through the platform, manage client acceptance or modifications, considering various agreed-upon maintenance plans.

Next is the development phase, defining low-level design, refining requirements, transforming them into operational activities, and reviewing the allocated budget. In this phase, SmartISO integrates with typical SW development tools, assigning and monitoring task progress. The solution enables project managers to monitor initiative progress through project management indices (e.g., SPI, CPI, EAC, VAC). After the development phase, the implemented SW can be monitored through vulnerability scans and ticket management tools.

SmartISO can also automatically generate source code and technical documentation, improving formal communication between developers and reducing software component integration costs. Finally, SmartISO includes a section dedicated to organizational aspects, offering the ability to model elements that are cross-compliant, such as checklists and disaster recovery plans.

Applications of SmartISO
SmartISO is a versatile solution for project management in various contexts. By using an organized yet flexible approach alongside the supporting IT tools provided by SmartISO, it's possible to effectively manage projects of various natures. This allows for easily achieving adequate quality levels and evidence facilitating easier access to standard certifications.

The Future for SmartISO
SmartISO is a dynamic solution in constant evolution, providing an efficient way to achieve adequate quality levels without excessive effort. This tool has shown that proper control and the adoption of international standards are not only desirable but also act as incentives for staff and encourage improvement initiatives. The project was realized thanks to the funds from the Tech Fast Lombardia grant and continues to be in development, aiming to support GFM and SME evolutions through new functionalities.