Topic: Software Testing Standards-ISO Levels

ISO (International Standards Organization)

The term ISO 9000 refers to a set of quality management standards. ISO 9000 currently includes three quality standards: ISO 9000:2000, ISO 9001:2000, and ISO 9004:2000. In the past, ISO had three standards: ISO 9001:1994, ISO 9002:1994, and ISO 9003:1994. Now there's only one standard: ISO 9001:2000! ISO 9002 and ISO 9003 have been dropped. ISO 9001:2000 presents requirements, while ISO 9000:2000 and ISO 9004:2000 present guidelines. All of these are process standards (not product standards). ISO first published its quality standards in 1987, revised them in 1994, and then republished an updated version in 2000. These new standards are referred to as the "ISO 9000 2000 Standards". ISO's purpose is to facilitate international trade by providing a single set of standards that people everywhere would recognize and respect. The ISO 9000 2000 Standards apply to all kinds of organizations in all kinds of areas. ISO standards are too generic to be successfully implemented to software industry. A special version of ISO for Software Industry also exists, its called ISO 9000-3 [13]. Many people get confused between ISO 9001 and ISO 9000-3.The following statement best explain the difference between ISO 9001 and ISO 9000-3 "ISO prepared the 9000-3:1997 quality guidelines to help organizations to apply the ISO 9001:1994 requirements to computer software. Use ISO 9000-3 if you develop, supply, install, and maintain computer software. ISO 9000-3:1997 is really an expanded version of the old ISO 9001:1994 standard. ISO has simply copied the old text from ISO 9001 and pasted it into the new version of ISO 9000-3, and then added some new text that refers only to software.". The ISO 9000 standards are being improved/modified continuously. The next ISO standard review will abolish ISO 9000-3 and would make this a part of ISO 9001 - this would reduce the above mentioned confusion.

20.3. TickIT: TickIT initiative came about as a result of a report commissioned by the British Department of Trade and Industry (DTI) to review the state of software quality and development in industry. This report showed that there was a reluctance on the part of the software producers to adopt ISO9000 as it was pitched at a high level of generality, the terminology was difficult to interpret for software and the guidance documentation was confusing. As a result of the findings of this report, the British Government decided to appoint the British Computer Society (BCS) to lead an initiative called TickIT. The aim of this initiative was to create a detailed method for organization, procedures and rules for a Software Sector Certification Scheme (SSCS) which would cover the assessment and certification of an organization's software quality management scheme to ISO9000/BS5750. A successful audit by a TickIT-accredited certification body results in the award of a certificate of compliance to ISO 9001:2000, endorsed with a TickIT logo. One may consider TickIT as a British guide to using ISO 9001 and ISO 9000-3. So how does ISO/TickIT compare to CMM. Both these standards have a common concern for quality. While ISO identifies the minimal requirements for a quality system, the CMM underlies the need for a continuous improvement. The ISO members maintain that if you read ISO 9001 in depth then you would realize that it does address the continuous process improvement. e.g. Corrective Action clause in ISO may be considered to address continuous improvement. Both ISO and CMM have been accepted world wide. Some organizations, e.g. NASA, have adopted ISO, while other organizations e.g. Department Of Defense, have opted for CMM.