{"id":415,"date":"2026-04-23T10:08:48","date_gmt":"2026-04-23T08:08:48","guid":{"rendered":"https:\/\/www.covalgo.at\/blog\/?p=415"},"modified":"2026-04-23T15:45:48","modified_gmt":"2026-04-23T13:45:48","slug":"iqms-a-certified-integrated-quality-management-system-implemented-completely-in-polarion","status":"publish","type":"post","link":"https:\/\/www.covalgo.at\/blog\/2026\/04\/23\/iqms-a-certified-integrated-quality-management-system-implemented-completely-in-polarion\/","title":{"rendered":"IQMS \u2013 a certified integrated quality management system implemented completely in Polarion"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

Author: Nico Ondracek
https:\/\/safecubed.com\/<\/a><\/p>\n\n\n\n

Abstract – Certified iQMS in Polarion: End-to-End Quality Management<\/h2>\n\n\n\n

When being audited for compliance to quality and safety norms, many companies struggle with the fragmentation of their process landscapes and development environments across multiple tools. Using Polarion as a unified platform brings all normative requirements, processes and development artifacts into one fully consistent and auditable system.<\/p>\n\n\n\n

This article explores how such an integrated Quality Management System (iQMS) can be implemented in Polarion to be fully prepared both for projects with high quality requirements and audits.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

<\/p>\n\n\n\n

With Polarion, we achieved IRIS and ISO 9001 certification for our own quality management system\u2014this post shows how.<\/p>\n\n\n\n

Key topics:<\/strong> iQMS, Polarion ALM, quality management, compliance, traceability, auditability, process integration, certification<\/p>\n\n\n\n

<\/p>\n\n\n\n

The Full Article<\/h2>\n\n\n\n

Introduction<\/h3>\n\n\n\n

Based on our many years of experience in consulting and working within the automotive and railway industries, we have consistently observed three distinct approaches to quality management:<\/p>\n\n\n\n

First, standards and norms are often stored in company-wide databases or as PDF documents on network drives. While these are typically easy to access, demonstrating end-to-end traceability remains a persistent challenge and usually requires significant manual effort.<\/p>\n\n\n\n

Second, company-wide processes are commonly documented in Word files or process modeling tools and then distributed as released PDFs. Although they can provide guidance during development and serve as useful references during audits, maintaining and updating them is cumbersome. Ensuring consistency across roles, processes, and artifacts is particularly difficult without dedicated tool support.<\/p>\n\n\n\n

Third, development projects\u2014covering technical requirements, system design, and verification\u2014are often well managed in specialized tools such as Polarion. However, the overall safety case and process compliance are frequently documented outside these systems, resulting in a disconnect between project execution and company-level quality processes.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

<\/p>\n\n\n\n

For our own quality management system, we set out to unify these fragmented approaches within Polarion\u2014and our successful IRIS and ISO 9001 certifications demonstrate that we achieved this goal. This post outlines how we got there.<\/p>\n\n\n\n

Step 1 \u2013 the standards<\/h3>\n\n\n\n

Although Polarion supports the import of Excel and Word files, this step can be quite labor-intensive. In practice, standards are often only available as PDFs, with inconsistent structures, wording, and types of requirements, making a straightforward import difficult.<\/p>\n\n\n\n

To avoid complications later on, it is essential to carefully review the licensing model of your standards provider in advance. Depending on the terms, a full import may not be permitted, or access to imported content may need to be restricted. These aspects, however, are beyond the scope of this article.<\/p>\n\n\n\n

Once the relevant standards have been properly identified and structured, you can fully leverage Polarion\u2019s reporting and traceability capabilities. For example, you can build glossaries, extract and visualize all relevant process requirements from a given standard, and\u2014most importantly\u2014link these requirements to your projects. This enables you to highlight gaps for your internal teams or demonstrate to auditors that all requirements have been comprehensively addressed.<\/p>\n\n\n\n

Step 2 \u2013 the quality management project<\/h3>\n\n\n\n

This step forms the core of our approach. Every organization operates with a mix of formal and informal processes, so our first task was to identify, consolidate, and document them. Even at our relatively small scale, we quickly realized that maintaining consistency across roles and processes using only a handful of Word documents was highly inefficient and error-prone.<\/p>\n\n\n\n

Drawing from our experience in (often model-based) system and software development, we recognized that a single source of truth<\/strong> is essential. We therefore began iteratively developing a Polarion configuration\u2014effectively a process meta-model\u2014that enabled us to establish exactly that: a unified environment in which each artifact and role is defined once and reused consistently.<\/p>\n\n\n\n

As a result, we created a structured set of work item types, each with clearly defined attributes and link roles. This allowed us to model process outputs, responsibilities, and dependencies in a transparent and traceable way\u2014precisely the level of detail expected by auditors and valuable for all process stakeholders.<\/p>\n\n\n\n

However, this introduced a new challenge. While static documents like PDFs may be difficult to maintain, they often include intuitive visualizations such as process diagrams. In contrast, no one wants to reconstruct an entire process mentally from linked work items alone. To address this, we implemented parameterized report pages that automatically visualize complete process information in the form of turtle diagrams (a key representation used in IRIS). With some additional effort, other diagram types can be supported as well.<\/p>\n\n\n\n

Finally, we created a central process overview page that dynamically links to all individual process reports, allowing users to navigate the full process landscape easily and access information in a clear and intuitive way.<\/p>\n\n\n\n

<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

<\/p>\n\n\n\n

This evaluation of the process model is not limited to a process-centric view\u2014it can be applied to any work item. For example, we can easily identify which processes a given role is responsible for and automatically generate up-to-date role descriptions. By assigning these roles to specific employees, everyone gains clear visibility into the artifacts they are responsible for\u2014a significant improvement in transparency and accountability.<\/p>\n\n\n\n

Defining processes and roles is an important first step\u2014but it does not yet describe what these processes actually do<\/em>. Processes consume inputs, utilize resources, and produce outputs. This is where the strength of the model becomes evident: each company artifact is defined exactly once within the process model. If an artifact changes\u2014such as review checklists, audit reports, or integrations like an issue tracking system\u2014only a single reference needs to be updated, and consistency is maintained across the entire system.<\/p>\n\n\n\n

This unified structure also makes it straightforward to identify all relevant artifacts and compute the (K)PIs associated with each process\u2014since these metrics are embedded directly within the model.<\/p>\n\n\n\n

For both internal and external audits, standard Polarion QA capabilities can be leveraged. It becomes easy to identify gaps, such as requirements not linked to any process or processes without assigned roles, significantly simplifying process reviews. Finally, for documents created directly in Polarion\u2014such as the quality policy\u2014built-in review and release workflows, including electronic signatures, ensure compliance and proper governance.<\/p>\n\n\n\n

<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

<\/p>\n\n\n\n

The process logic is defined within the configuration rather than in static documents, making it independent of any specific organizational structure and inherently transferable.<\/p>\n\n\n\n

Step 3 \u2013 the actual development projects<\/h3>\n\n\n\n

IRIS audits also require evidence that projects adhere to the defined quality management processes. To address this, our iQMS includes a dedicated Polarion project template that provides exactly what is needed for projects subject to external assessments, such as ISO 26262.<\/p>\n\n\n\n

While such development projects can, in principle, be audited independently, the predefined structure and processes significantly support both project execution and assessment activities\u2014and are consistently applied in practice.<\/p>\n\n\n\n

<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

<\/p>\n\n\n\n

For example, every project requires an issue tracking process. When the corresponding ISO 26262 requirements are directly linked to company-wide processes, and this traceability is clearly visualized in report pages, compliance becomes immediately evident during an assessment. As a result, no additional documentation is required\u2014everything can be demonstrated seamlessly within a single system, without the need to switch tools.<\/p>\n\n\n\n

Summary<\/h3>\n\n\n\n

The implementation of step 2 closes a significant gap commonly found in the process landscapes of many organizations. Our approach not only made a strong impression on our auditor\u2014which is always valuable\u2014but also enables us to fully leverage Polarion to continuously improve our development processes. Ultimately, this is the true objective of quality and safety standards.<\/p>\n\n\n\n

Our successful certification further demonstrates that Polarion is not just a requirements management tool, but a comprehensive lifecycle management platform capable of supporting and governing company-wide processes.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

<\/p>\n\n\n\n

Author: Nico Ondracek
https:\/\/safecubed.com\/<\/a><\/p>\n\n\n\n

\"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"

Author: Nico Ondracekhttps:\/\/safecubed.com\/ Abstract – Certified iQMS in Polarion: End-to-End Quality Management When being audited for compliance to quality and safety norms, many companies struggle with the fragmentation of their process landscapes and development environments across multiple tools. Using Polarion as a unified platform brings all normative requirements, processes and development artifacts into one fully […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,7],"tags":[9,32,10],"class_list":["post-415","post","type-post","status-publish","format-standard","hentry","category-allgemein","category-application-life-cycle-management","tag-alm","tag-iqms","tag-polarion"],"_links":{"self":[{"href":"https:\/\/www.covalgo.at\/blog\/wp-json\/wp\/v2\/posts\/415","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.covalgo.at\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.covalgo.at\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.covalgo.at\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.covalgo.at\/blog\/wp-json\/wp\/v2\/comments?post=415"}],"version-history":[{"count":34,"href":"https:\/\/www.covalgo.at\/blog\/wp-json\/wp\/v2\/posts\/415\/revisions"}],"predecessor-version":[{"id":463,"href":"https:\/\/www.covalgo.at\/blog\/wp-json\/wp\/v2\/posts\/415\/revisions\/463"}],"wp:attachment":[{"href":"https:\/\/www.covalgo.at\/blog\/wp-json\/wp\/v2\/media?parent=415"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.covalgo.at\/blog\/wp-json\/wp\/v2\/categories?post=415"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.covalgo.at\/blog\/wp-json\/wp\/v2\/tags?post=415"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}