This post provides a list of the important Quality Assurance Certifications, especially for Software Industry. Usually, Software service-based companies need certifications to prove their software capabilities to acquire projects and build client trust and confidence. The certification agencies make sure that the company follows the certification guidelines before issuing the quality certificate. The rest of the post provides the purpose and key factors of these certificates.
Notes: The factors listed in this post are for reference only. The actual guidelines and mandates of these certifications based on the certificate version can be obtained from the official documentation.
ISO 9001 - International Standard for Quality Management System (QMS)
ISO 9001 expects a documented Quality Management System and an internal audit mechanism. The documentation involves Processes, Procedures, and Work Instructions. It ensures that quality is consistently improved. The other relevant certifications from the ISO 9000 family following ISO 9001 and specific to a particular industry type includes ISO 13485 (Medical Devices), ISO 17582 (Electoral organizations at all levels of government), ISO 18091 (Local government), ISO/TS 22163 (Business management system requirements for rail organizations), ISO/TS 29001 (Petroleum, petrochemical and natural gas industries), and ISO/IEC 90003 (Software engineering).
The key factors involved in the ISO 9001 certification are listed below.
- Quality Management System
- Management Responsibility
- Resource Management
- Product Realization
- Measurement, Analysis, and Improvement
The different versions of the ISO 9001 certification required documentation at certain levels. The documentation requirements of some of the versions are listed below:
ISO 9001:2008 - It expects documented procedures for the six activities as listed below.
- Control of documents
- Control of records
- Internal audit
- Control of nonconforming product
- Corrective action
- Preventive action
ISO 9001:2015 - It states that the Organization shall:
- Maintain documented information to the extent necessary to support the operation of processes
- Retain documented information to have confidence that the processes are being carried out as planned
CMMI - Capability Maturity Model Integration
The CMMI model was developed by the Software Engineering Institute at Carnegie Mellon University. It also expects a documented Project and Process Management System. The various maturity levels for the processes defined by the CMMI includes Initial, Managed, Defined, Quantitatively Managed, and Optimizing. The organization can apply for CMMI level 2, 3, 4, and 5.
The key factors involved in the CMMI certification are listed below.
- Project Management
- Process Management
The CMMI levels are listed below:
Level 1 - Initial - The processes are unpredictable with poor control and reactive.
Level 2 - Managed - The process is characterized for projects and is often reactive.
Level 3 - Defined - The process is characterized for the organization and is proactive.
Level 4 - Quantitatively Managed - The process is measured and controlled.
Level 5 - Optimizing - The focus is on process improvement.
PCMM - People Capability Maturity Model
The core focus of PCMM is to continuously improve the management and development of the human assets of an organization.
The key factors involved in the PCMM certification are listed below.
- Professional Training
- Continuous Improvement
The maturity levels involved in the PCMM are listed below:
Level 1 - Initial - Inconsistent Management
Level 2 - Managed - People Management
Level 3 - Defined - Competency Management
Level 4 - Predictable - Capability Management
Level 5 - Optimizing - Change Management
ISO 27001 / BS 7799 - International Standard for Quality Management System (QMS)
ISO/IEC 27001 is considered as the standard for an Information Security Management System (ISMS). The purpose of ISO 27001 is to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system". The other certifications from ISO 27000 family include ISO 27002, ISO 27003, ISO 27004, ISO 27005, ISO 27006, and ISO 27007.
The key factors involved in the ISO 27001 certification are listed below.
- Security Policy
- Security Organization
- Access Classification and Control
- Personnel Security
- Physical and Environmental Security
- Communications and Operations Management
- System Development and Maintenance
- Access Control
- Business Continuity
ISO 20000 - Information Technology Service Management system (ITSM)
ISO 20000 describes the requirements for an Information Technology Service Management (ITSM) system. It's also considered as the first international standard for service management. The different version of ISO 20000 includes ISO/IEC 20000-1:2005, ISO/IEC 20000-1:2011, ISO/IEC 20000-2:2012, and ISO 20000-1.
The key factors involved in the ISO 20000 certification are listed below.
- Incident Management
- Problem Management
- Change Management
- Service Request Management
Six Sigma is a set of management techniques and tools to improve the business process by reducing the probability of an error or defect. It assures the continuous improvement of the business process by increasing the performance and decreasing the variations in the process.
The key factors involved in the Six Sigma certification are listed below.
- Statistical Methodology Improving Customer Satisfaction
- Reducing Variability and Defects