Quality Assurance Certifications

Quality Assurance Certifications

This post provides a list of the important Quality Assurance Certifications, especially for Software Industry. Usually, Software service-based companies need certifications to prove their software capabilities to acquire projects and build client trust and confidence. The certification agencies make sure that the company follows the certification guidelines before issuing the quality certificate. The rest of the post provides the purpose and key factors of these certificates.

Notes: The factors listed in this post are for reference only. The actual guidelines and mandates of these certifications based on the certificate version can be obtained from the official documentation.

ISO 9001 - International Standard for Quality Management System (QMS)

ISO 9001 expects a documented Quality Management System and an internal audit mechanism. The documentation involves Processes, Procedures, and Work Instructions. It ensures that quality is consistently improved. The other relevant certifications from the ISO 9000 family following ISO 9001 and specific to a particular industry type includes ISO 13485 (Medical Devices), ISO 17582 (Electoral organizations at all levels of government), ISO 18091 (Local government), ISO/TS 22163 (Business management system requirements for rail organizations), ISO/TS 29001 (Petroleum, petrochemical and natural gas industries), and ISO/IEC 90003 (Software engineering).

The key factors involved in the ISO 9001 certification are listed below.

Quality Management System

Management Responsibility

Resource Management

Product Realization

Measurement, Analysis, and Improvement

The different versions of the ISO 9001 certification required documentation at certain levels. The documentation requirements of some of the versions are listed below:

ISO 9001:2008 - It expects documented procedures for the six activities as listed below.

Control of documents

Control of records

Internal audit

Control of nonconforming product

Corrective action

Preventive action

ISO 9001:2015 - It states that the Organization shall:

Maintain documented information to the extent necessary to support the operation of processes

Retain documented information to have confidence that the processes are being carried out as planned

CMMI - Capability Maturity Model Integration

The CMMI model was developed by the Software Engineering Institute at Carnegie Mellon University. It also expects a documented Project and Process Management System. The various maturity levels for the processes defined by the CMMI includes Initial, Managed, Defined, Quantitatively Managed, and Optimizing. The organization can apply for CMMI level 2, 3, 4, and 5.

The key factors involved in the CMMI certification are listed below.

Project Management

Process Management

Support

Engineering

The CMMI levels are listed below:

Level 1 - Initial - The processes are unpredictable with poor control and reactive.

Level 2 - Managed - The process is characterized for projects and is often reactive.

Level 3 - Defined - The process is characterized for the organization and is proactive.

Level 4 - Quantitatively Managed - The process is measured and controlled.

Level 5 - Optimizing - The focus is on process improvement.

PCMM - People Capability Maturity Model

The core focus of PCMM is to continuously improve the management and development of the human assets of an organization.

The key factors involved in the PCMM certification are listed below.

Professional Training

Mentoring

Continuous Improvement

The maturity levels involved in the PCMM are listed below:

Level 1 - Initial - Inconsistent Management

Level 2 - Managed - People Management

Level 3 - Defined - Competency Management

Level 4 - Predictable - Capability Management

Level 5 - Optimizing - Change Management

ISO 27001 / BS 7799 - International Standard for Quality Management System (QMS)

ISO/IEC 27001 is considered as the standard for an Information Security Management System (ISMS). The purpose of ISO 27001 is to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system". The other certifications from ISO 27000 family include ISO 27002, ISO 27003, ISO 27004, ISO 27005, ISO 27006, and ISO 27007.

The key factors involved in the ISO 27001 certification are listed below.

Security Policy

Security Organization

Access Classification and Control

Personnel Security

Physical and Environmental Security

Communications and Operations Management

System Development and Maintenance

Access Control

Business Continuity

Compliance

ISO 20000 - Information Technology Service Management system (ITSM)

ISO 20000 describes the requirements for an Information Technology Service Management (ITSM) system. It's also considered as the first international standard for service management. The different version of ISO 20000 includes ISO/IEC 20000-1:2005, ISO/IEC 20000-1:2011, ISO/IEC 20000-2:2012, and ISO 20000-1.

The key factors involved in the ISO 20000 certification are listed below.

Incident Management

Problem Management

Change Management

Ticketing

Service Request Management

Six Sigma

Six Sigma is a set of management techniques and tools to improve the business process by reducing the probability of an error or defect. It assures the continuous improvement of the business process by increasing the performance and decreasing the variations in the process.

The key factors involved in the Six Sigma certification are listed below.