Standards and Certificates

Several national and international standards institutes, professional and industry-oriented organizations have been involved in the development of SQA standards.

The following institutes and organizations are the main developers of SQA and software engineering standards −

  • IEEE (Institute of Electrical and Electronics Engineers) Computer Society
  • ISO (International Organization for Standardization)
  • DOD (US Department of Defense)
  • ANSI (American National Standards Institute)
  • IEC (International Electro Technical Commission)
  • EIA (Electronic Industries Association)

These organizations provide updated international standards to the quality of professional and managerial activities performed in software development and maintenance organizations.

They also provide SQA certification through independent professional quality audits. These external audits assess achievements in the development of SQA systems and their implementation. Certification, which is granted after the periodic audits, will be valid only until the next audit, and therefore must be renewed. At present, the ISO 9000 Certification Service is the most prominent provider of SQA certification in Europe and other countries.

They also provide the tools for self-assessment of an organization’s SQA system and its operation. The Capacity Maturity Model (CMM) developed by the Software Engineering Institute (SEI), Carnegie Mellon University, and ISO/IEC Std 15504 are the examples of this approach.

SQA Standards

Software quality assurance standards can be classified into two main classes −

  • Software quality assurance management standards, including certification and assessment methodologies (quality management standards)

  • Software project development process standards (project process standards)

Quality Management Standards

These focus on the organization’s SQA system, infrastructure and requirements, while leaving the choice of methods and tools to the organization. With quality management standards, organizations can steadily assure that their software products achieve an acceptable level of quality.

Example − ISO 9000-3 and the Capability Maturity Model (CMM)

Project Process Standards

These focus on the methodologies for implementing the software development and maintenance projects. These standards include the following −

  • The steps to be taken
  • Design documentation requirements
  • Contents of design documents
  • Design reviews and review issues
  • Software testing to be performed
  • Testing topics

Naturally, due to their characteristics, many SQA standards in this class can serve as software engineering standards and vice versa.

The characteristics of these two classes of standards are summarized in the following table.

Characteristics Quality Management Standards Project Process Standards
The target unit Management of software development, maintenance and the specific SQA units A software development and maintenance project team
The main focus Organization of SQA systems, infrastructure and requirements Methodologies for carrying out software development and maintenance projects
The standard’s objective “What” to achieve “How” to perform
The standard’s goal Assuring the supplier’s software quality and assessing its software process capability Assuring the supplier’s software quality and assessing its software process capability Assuring the quality of a specific software project.
Examples ISO 9000-3 SEI’s CMM ISO/IEC 12207 IEEEStd 1012-1998

ISO 9001 Certification

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies. ISO technical committees prepare the International Standards. ISO collaborates closely with the International Electro-technical Commission (IEC) on all matters of electro-technical standardization.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. Draft of the International Standards adopted by the technical committees is circulated to the member bodies for voting. ISO 9001 was prepared by Technical Committee ISO/TC 176, Quality management and quality assurance, Subcommittee SC 2, Quality systems.

Process Approach

This International Standard promotes the adoption of a process approach when developing, implementing, and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting the customer requirements. For an organization to function effectively, it has to determine and manage numerous linked activities. An activity or set of activities using resources, and managed in order to enable the transformation of inputs into outputs, can be considered as a process.

Often the output from one process directly forms the input to the next. The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management to produce the desired outcome, can be referred to as the “process approach”.

An advantage of the process approach is the ongoing control that it provides over the linkage between the individual processes within the system of processes, as well as over their combination and interaction. When used within a quality management system, such an approach emphasizes the importance of the following −

  • Understanding and meeting the requirements
  • Need to consider the processes in terms of added value
  • Obtain the results of process performance and effectiveness
  • Continual improvement of processes based on objective measurement

ISO 9001 - Application to Software: the TickIT Initiative

TickIT was launched in the late 1980s by the UK software industry in cooperation with the UK Department for Trade and Industry to promote the development of a methodology for adapting ISO 9001 to the characteristics of the software industry known as the TickIT initiative.

TickIT is, additionally, specializing in information technology (IT). It covers the entire range of commercial software development and maintenance services. TickIT, now managed and maintained by the DISC Department of BSI (the British Standards Institute), is accredited for the certification of IT organizations in the UK and Sweden.

Its activities include −

  • Publication of the TickIT Guide, which supports the software industry’s efforts to spread ISO 9001 certification. The current guide (edition 5.0, TickIT, 2001), which includes references to ISO/IEC 12207 and ISO/IEC 15504, is distributed to all TickIT customers.

  • Performance of audit-based assessments of software quality systems and consultation to organizations on the improvement of software development and maintenance processes in addition to their management.

  • Conduct ISO 9000 certification audits.

TickIT auditors who conduct audit-based assessments and certification audits are registered by the International Register of Certificated Auditors (IRCA). Registered IRCA auditors are required, among other things, to have experience in management and software development; they must also successfully complete an auditor's course.

Registered lead auditors are required to have a demonstrated experience in conducting and directing TickIT audits.