SSE4306

Chapter 2
Software Quality Standards
 Learning Outcomes
At the end of this chapter student should be able

– Understand the term 'standard'

– Going through the journey of standards
– Define the role and purpose of SQA standards
– Realize the importance of standards
– Can explain the process of certification

2
 What Are Standards?
• A standard might simply be defined as 'a set of rules for ensuring
quality’.

• A standard is an agreed way of doing something. It could be about

making a product, managing a process, delivering a service or supplying
materials – standards can cover a huge range of activities undertaken by
organizations and used by their customers.

3
 Term Definition

• The term 'standard', used in generic sense and has been defined by
D. Reck as:

'that which is set up as a unit of reference; a form, type, example, instance, or

combination of conditions accepted as correct and perfect, and hence as a basis
of comparison; a criterion established by custom, public opinion, or general
consent; model'.

4
 Journey of Standards
• Uses of standards documents are not an advantage but a necessary
part of industrial operations and customer satisfaction.
• It is important to be aware of standards provisions for those involved
in assuring quality and providing direction for future planning.
• In order to understand and appreciate the standards applied, it is
essential to have the basic knowledge of history of standards and its
development process.

5
 Early Standards

• International Association for Testing Materials (IATM) (1895) -

materials standards.
• AIEE (1910) - established a standards group.
• AIEE (1916) - a national standard body.
• American Engineering Standards Committee (AESC) (1918) renamed
to American Standard Association (ASA) after few years of operation.
• International Federation of National Standardizing Association (IAS)
(1926) - re-establish standards movement on an international basis.

6
 Early Standards
• International Organization of Standardization (ISO) (October 1946) -
first provisional General Assembly, where the rules and constitutions
were adopted and its provisions began to be authorized by national
standardization bodies.

• American Standard Association (1969) - the name was changed to

the American National Standards Institute (ANSI).

7
 Benefits of standards to software quality
• The ability to apply methodologies and procedures of the highest
professional level
• Better mutual understanding and coordination among development
teams and also between development and maintenance teams.
• Greater cooperation between the software developer and external
participants in the project based on the adoption of standards as part of
the contract.

8
 Benefits of standards to software quality
• Decreased number of defects and errors in software
• Less rework as a result of less software defects
• Reduced development and maintenance cost
• Increased software reliability
• Increased customer satisfaction

9
 What is SQA?

• Planned and Systematic Approach to the Evaluation of the Quality

of and Adherence to:
– Software Product Standards
– Processes
– Procedures
• Assures that Standards and Procedures are Established and
Followed throughout the Software Development Process

10
 Standards and Procedures

• Framework for which Software Evolves

• Standards
– Established Criteria to which Software Products are Compared
• Procedures
– Established Criteria to which Development and Control Procedures are
Followed
• SQA is based on the Following of Standards and Procedures

11
 Standards and Procedures

• Proper documentation of Standards and Procedures is

necessary for SQA
• SQA Activities of Process Monitoring, Product Evaluation,
and Auditing rely on these Standards and Procedures
• Any number of different Standards and Procedures can be
used on a given system

12
 Standards and Procedures

• Requirement Standards
– Specify the Form and Content of how Requirements are defined in a System
– Establishes a System of how to write a Requirement
• Short Phrase Describing Requirement
• Elaborate into more Detail
– Use a Numbering System for the Major Requirements and Sub-Requirements
– Many Major Companies have Software to aid in the Requirement Writing
Process

13
 Standards and Procedures

• Design Standards
– Specify the Content and Form of how Design Documents are
Developed
– Provide Rules and Methods to Transfer:
• Software Requirements to Software Design
• Software Design into Software Design Documentation
– Many Major Companies have Design Development Software to aid
in the Process

14
 Standards and Procedures

• Code Standards
– Specify what Language the Code is written in and Define any Restrictions on
Language Features
– Code Standards Define:
• Legal Language Structures
• Style Conventions
• Rules for Data Structures and Interfaces
• Internal Code Documentation
– Using Methods such as “Peer Reviews”, “Buddy Checks”, and Code Analysis
can Enforce Standards

15
 Standards and Procedures

• Code Standards
– A good thing but too many will Force Productivity and Creativity to Suffer
– Examples of Good Code Standards:
• Reduction or Elimination of Global Variables
• Function and Method Sizes should be Minimized
• Each Line of Code should be Seventy Characters Maximum
• One Code Statement per Line
• Etc…

16
 Standards and Procedures

• Documentation Standards
– Specify Form and Content for Planning, Control, and Product Documentation
– Provide Consistency throughout a System
– Documentation can be written in any form
– Each Practice should be Documented so it can be Repeated or Changed later
if needed

17
 Organizations involved in SQA Standards Development

Most prominent developers of SQA standards:

 IEEE (Institute of Electric and Electronic Engineers) Computer Society

 ISO (International Organization for Standardization)

 DOD (US Department of Defense)

 ANSI (American National Standards Institute)

 IEC (International Electrotechnical Commission)

 EIA (Electronic Industries Association)

18
 Software quality assurance standards
Several standards that are related to software quality assurance are available.
• IEEE: Institute of Electrical and Electronics Engineers Computer Society
– Software Engineering Standards Committee (e.g. IEEE Std 1228-1994 Standard for Software Safety Plans)
– Quality measurement: IEEE Std 1061-1992 Standard for Software Quality Metrics Methodology
• ISO: International Organization for Standardization (e.g.
– ISO/IEC 2382-7:1989 Vocabulary-Part 7: Computer Programming)
– ISO 9000-3 Quality Management and Quality Assurance Standards - Part 3: Guidelines for the application of
9001 to the development, supply, installation and maintenance of computer software
• DOD: Department of Defence – USA
– CMMI, CMMI SE/SW

• IEC: International Electrotechnical Commission (e.g. IEC 61508:2010)

– Functional safety of electrical/electronic/programmable electronic safety-related systems

19
 Software quality assurance standards by tasks
• General project management: IEEE Std 1058-1998
– Standard for Software Project Management Plans
• Producing plans: IEEE Std 730 - 2014
– Software Quality Assurance Plans
• Lifecycle: IEEE Std 1074 – 1991
– IEEE Standard for Developing a Software Project Life Cycle Process-defines the
set of activities that constitute the processes that are mandatory for the
development and maintenance of software.
• Requirements: IEEE Std 1233-1996
– Guide for developing System Requirements Specifications

20
 Software quality assurance standards by tasks
• Maintenance-IEEE Std 14764-2006
– This standard defines the process for performing the maintenance of software. It
prescribes requirements for process, control and management of the planning,
execution and documentation of the software maintenance activities.

• Productivity: IEEE Std 1045-1992

– Standard for Software Productivity Metrics.
– Defines a framework for measuring and reporting productivity of the software
process. E.g. measure the productivity of the software process for creating code
and documentation products.

21
 IEEE Std 1012 - IEEE Standard for Software
Verification and Validation
• To provide, for both critical and non-critical software, uniform and minimum
requirements for the format and content of Software Verification and Validation Plans
(SVVPs);

• To define, for critical software, specific minimum Verification and Validation (V&V)
tasks and their required inputs and outputs that shall be included in SVVPs; and

• To suggest optional V&V tasks to be used to tailor SVVPs as appropriate for the
particular V&V effort.

22
 IEEE Std 828 – 2005 IEEE Standard for
Software Configuration Management Plans
• The standard identifies requirements for configuration identification, configuration
control, configuration status accounting and reporting, and configuration audits and
reviews.

• The implementation of those requirements provides a means by which the evolution

of the software product items are recorded, communicated and controlled.

• This provides assurance of the integrity and continuity of the software product items
as they evolve through the software development and maintenance life cycle.

23
IEEE Std 730-2014 Standard for software quality Plan

• This is another example of a standard that is used widely in software quality assurance

• The standard specifies the format and content of software quality assurance plans

• It describes in details how a software quality assurance plan can be implemented

24
 Other IEEE standards
• IEEE Std 1061-1992
– IEEE Standard for Software Quality Metrics Methodology
• IEEE Std 1028 -2008
– IEEE Standard for Software Reviews and Audits
• IEEE Std 830 -1998-
– IEEE Recommended Practice for Software Requirements
• And much more

25
 Certification of Standards

• Why organizations needs certification for standards they

apply ?
– To enable a software development organization to demonstrate consistent
ability to assure acceptable quality of its software products or maintenance
services.
– In other words, Certification is a meaning that standards are applied correctly
and completely

26
 Certification of Standards
– Certification also help to obtain more business because many customers require
that organizations obtain certain standards.

– Certification is granted by an external body. Third party certification bodies

provide independent confirmation that organizations meet the requirements of a
certain standard and hence a certificate is given to that organizations

– Example:
https://youtu.be/35apMveQS8Y
https://www.mstb.org/ProductCert.html

27
 Quality Management System
Definition:
• A Quality Management System is a collection of policies, procedures,
plans, resources, processes, practices, and the specification of
responsibilities and authority of an organization designed to achieve
product and service quality levels, customer satisfaction and company
objectives.

28
 ISO 9000
• ISO 9000 is one of the popular standard series. It is a written set of standard which
describe and define the basic elements/clauses of the quality system needed to
ensure that an organization’s products/or services meet or exceed customer needs
and expectations.

• ISO 9000 deals with the fundamentals of quality management systems

• ISO 9000 is based on documentation and is based on the following:

- Document what you do;
- Do what your document;
- Prove it and improve it

29
 Approach to ISO 9000
• ISO 9000 provides a starting place for all-encompassing quality efforts. The
standards merely stipulate where organizations need documentation to validate
processes and approaches but never dictate how much they require.

• ISO 9000 is not a product registration standard; it in no way measures or

recognizes the quality of a company's product, nor does it mean that two
companies with ISO 9000 registrations are equivalent.

30
 Approach to ISO 9000
• ISO 9000 requires:
– Management that is committed, involved, focused and responsive.
– People who are organized, responsible, authorized, competent, empowered and knowledgeable.
– Processes that are visible, traceable, consistent, repeatable, measurable and documentable.
– Documents that are appropriate, relevant, simple, understandable and consistent with processes in
use.
• The ISO 9000 standards basically have three requirements.
– First, the company must document the quality system and business process in detail.
– Second, the company must make sure each employee understands and follows the guidelines put
forth by the documentation.
– And third, the documented quality system must be constantly monitored through internal and
external audits, and changed or updated when necessary.

31
 ISO 9000
• Any organization wishing to adopt ISO standards should start be using
ISO 9000 and then select the appropriate standard according to the
type of their business
• The ISO 9000 standard is continually being revised by standing technical
committees and advisory groups, who receive feedback from those
professionals who are implementing the standard. The latest version is
ISO 9000- 2015

32
 Other ISO Standards
ISO 9001 is the broadest standard and provides a model for design, development,
production, installation and servicing
ISO 9002 is limited to production, installation and servicing
ISO 9003 is further limited to inspection and testing
ISO 9000-3 (ISO/IEC/IEEE 90003:2018) is further limited for software quality
A company should first use ISO 9000 to design and to implement a quality
system. Once the quality has been installed, the company may use the quality
assurance models of ISO 9001, ISO 9002, or ISO 9003 to demonstrate the
adequacy of the quality system.

33
 Basic Steps in ISO 9000 Registration

• Planning
• Training
• Preparing documentation
• Internal assessment
• Internal auditing
• Pre-registration assessment
• Registration assessment
• Certification

34
35
A three-step process to ISO 9000 registration includes:
1. Management involvement and organizational commitment, along with team
spirit.
2. The preparation process, which entails understanding the requirements,
developing a good assessment of current compliance (gap analysis),
establishing an internal audit system and documenting the processes.
3. Audit preparation, which includes undergoing a simulation, everyone
understanding the quality policy and showing a professional attitude, and
fostering a good working relationship with external auditors.

36
 Registration road map
ISO 9000 registration steps include the following:

• Know what you are doing.

• Involve management and make them understand the concepts and obtain their commitment.
• Establish a quality steering committee with empowerment.
• Train management and employees.
• Communicate a registration plan.
• Develop an implementation plan.
• Create self-assessment questions.
• Establish a quality manual and procedures.
• Establish an internal auditing system.
• Measure compliance to the procedures.
• Review results and act appropriately.
• Call independent assessors in to audit.

37
 Positive effects of ISO 9000 certification

• Improving processes’ procedures

• Improving process understanding
• Improving existing quality policies and programs
• Completing Quality Manual
• Improving communication between management and employees
• Increasing company’s credibility

38
 Benefits of ISO 9000
• Companies become registered to ISO 9000 to meet customer demands and expectations, achieve
increased quality levels, obtain market advantage over competitors and meet the European
Union's regulation requirements. Benefits of ISO 9000 registration include higher perceived
quality, improved customer satisfaction, competitive edge and reduced customer quality audits.
Internally, ISO 9000 registration brings better documentation, greater quality awareness, positive
cultural change and increased efficiency and productivity. Meeting requirements alone cannot
guarantee the quality of a product or service. Every supplier must implement an overall quality
management system, covering every aspect throughout the entire life cycle of a product or service.

Lack of management commitment, lack of procedures and documentation, and not following set
procedures prevents organizations from achieving ISO 9000 registration. ISO 9000's focus is
conformity to practices specified in a registrant's own quality system. Its purpose is to enhance and
facilitate trade. Registration means conformity to documented practices. ISO 9000 is not an award. 

39
 Benefits of ISO 9000
• ISO 9000 provides a foundation and complementary approach to quality by focusing on process
documentation and maintaining appropriate records. The standards lay the foundation for a total quality
management program by concentrating on three fundamental aspects: implementing quality controls,
documenting the various processes and procedures, and ensuring that the appropriate quality emphasis is
established and followed by everyone in the organization. ISO 9000 standards form a template for the
creation of a sound quality process. ISO 9000 enables suppliers to provide assurance that they have
established an operational quality system.

International customers have started to make ISO 9000 compliance an integral part of their purchase
agreements. Customers use the standards as a way to differentiate the offerings of various suppliers,
particularly when products and services are substantially similar. Customers see compliance as a way to gain
a degree of assurance that suppliers are doing what they say they are doing.

The organization seeking registration has a great deal of flexibility in deciding on the scope of the
registration. Individual product lines or functional entities can be registered separately, a single site can be
registered or a division with multiple sites/locations can be registered.
40
 Negative aspects of ISO 9000

• Extra time and money involved in the registration process.

• Distraction from other quality programs
• A lot of work

41
 The Success Factors in ISO 9000 Registration

• Clear planning
• Hard work of each employee
• Commitment from top level
• Management support at every level
• Cross-functional team work
• Weekly meetings
• Extensive training resulting in knowledgeable individuals

42
 Making ISO9000 works for you
o Implementing ISO 9000 leads to improved competitiveness because participants:
o Enforce an explicit statement of declared aims or specifications.
o Enforce a system of monitoring and keeping records.
o Provide the necessary discipline to carry out audits and reviews of systems to get to the root causes of
problems.
o Define responsibilities.
o Provide an auditable system that can be verified by external auditors.
o Help to successfully implement the feedback loop.
o Focus on customer needs.
o Apply a supplier/customer relationship with well-defined and mutually agreed-upon requirements.
o Develop a prevention attitude throughout the company, accompanied by an early detection and correction
system.
o Establish clearly documented procedures, understood by everyone concerned.
o Provide adequate quality training for everyone that includes general comprehension of what quality means
and training in the use of specific tools.
43
 Managerial Implications

• ISO 9000 are becoming an integral part of global business

• Managers must understand what the critical success factors
are before starting the ISO 9000 registration
• There are extensive benefits to the company beyond the
certification.
• Consider certification to other standards.

44
ISO 9001 Quality Management

45
 What is ISO 9001?
• ISO 9001 is a standard that sets out the requirements for a quality
management system.
• It helps businesses and organizations to be more efficient and improve
customer satisfaction.
• With over 1.1 million certificates issued worldwide, ISO 9001 helps
organizations demonstrate to customers that they can offer products and
services of consistently good quality. It also acts as a tool to streamline their
processes and make them more efficient at what they do.
• A common framework for all management system standards
– ISO9001 uses high level structure, that was developed within ISO community to try and
provide the level of consistency for all management system standards, to ensure
consistency

46
 What is a quality management system?
• A quality management system is a way of defining how an organization can meet the
requirements of its customers and other stakeholders affected by its work.

• ISO 9001 is based on the idea of continual improvement.

• It doesn’t specify what the objectives relating to “quality” or “meeting customer

needs” should be, but requires organizations to define these objectives themselves
and continually improve their processes in order to reach them.

47
 What benefits will it bring to my business or organization?

Implementing a quality management system will help you:

• Assess the overall context of your organization to define who is affected by your work
and what they expect from you. This will enable you to clearly state your objectives
and identify new business opportunities.

• Put your customers first, making sure you consistently meet their needs and enhance
their satisfaction. This can lead to repeat custom, new clients and increased business
for your organization.

48
 What benefits will it bring to my business or organization?
(Cont.)
• Work in a more efficient way as all your processes will be aligned and understood by
everyone in the business or organization. This increases productivity and efficiency,
bringing internal costs down.

• Meet the necessary statutory and regulatory requirements.

• Expand into new markets, as some sectors and clients require ISO 9001 before doing
business.

• Identify and address the risks associated with your organization

49
 Why was ISO 9001 revised?
• All ISO standards are reviewed and revised regularly to make sure they remain
relevant to the marketplace. ISO 9001 has been updated to take into account the
different challenges that businesses now face.
• For example, increased globalization has changed the way we do business and
organizations often operate more complex supply chains, and there are increased
expectations from customers.
• ISO 9001 needs to reflect these changes in order to remain relevant
• A new version of the standard, ISO 9001:2015, has been launched, replacing the
previous version (ISO 9001:2008).

50
 Why was ISO 9001 revised? (Cont.)
Acting ISO Secretary-General Kevin McKinley concludes,
“The world has changed, and this revision was needed to reflect this. Technology is
driving increased expectations from customers and businesses.
Barriers to trade have dropped due to lower tariffs, but also because of strategic
instruments like International Standards.
We are seeing a trend towards more complex global supply chains that demand
integrated action. So organizations need to perform in new ways, and our quality
management standards need to keep up with these expectations.
I am confident that the 2015 edition of ISO 9001 can help them achieve this.”.

51
ISO 9001:2015
 ISO 9001:2015 
Quality management systems -- Requirements
• The standard was developed by ISO/TC 176/SC 2, whose secretariat is
held by BSI, ISO member for the UK.
– are the ISO Subcommittee for Quality Systems.
– responsible for the development of ISO 9001 Quality management systems –
Requirements, the most widely used International Standard in the world.
– In addition, we produce the key ISO 9004 standard which provides guidelines for organizations
who wish to go beyond ISO 9001, as well as other guidance standards such as ISO 10005, ISO
10006 and ISO 10007.
•Structure: ISO 9001:2015 now follows the same overall structure as
other ISO management system standards (High-Level Structure), making
it easier for anyone using multiple management systems.
53
 ISO 9001:2015 
Quality management systems -- Requirements
• ISO 9001:2015 specifies requirements for a quality management system when an
organization:
a) needs to demonstrate its ability to consistently provide products and
services that meet customer and applicable statutory and regulatory
requirements, and
b) aims to enhance customer satisfaction through the effective application of
the system, including processes for improvement of the system and the
assurance of conformity to customer and applicable statutory and regulatory
requirements.
All the requirements of ISO 9001:2015 are generic and are intended to be
applicable to any organization, regardless of its type or size, or the products and
services it provides.
54
 What are the key improvements to ISO 9001:2015?

o Increased emphasis on achieving value for the organization and its customers
o A greater emphasis on leadership and organizational context
o Focus on risk-based thinking. This has always been part of the standard, but the
new version gives it increased prominence.
o Emphasis on objectives, measurements and change
o Stakeholder-focused communication and awareness
o Decreased emphasis on documentation

55
ISO9001- Key Differences

56
ISO 9001- Different Terminology

57
 What benefits does the new version bring?

The new version of the standard brings the user a number of benefits.
ISO 9001:2015:
• Puts greater emphasis on leadership engagement

• Helps address organizational risks and opportunities in a structured manner

• Uses simplified language and a common structure and terms, particularly helpful
to organizations using multiple management systems
• Addresses supply chain management more effectively
• Is more user-friendly for service and knowledge-based organizations

58
 Should I be certified to ISO 9001?
• Certification - when an independent certification body audits your practices against
the requirements of the standard – is not a requirement of ISO 9001, but is a way
of showing stakeholders that you have implemented the standard properly.

• For some companies, third- party certification may be a requirement. For example,
some governments or public bodies may only contract suppliers that have been
certified to ISO 9001.

• ISO does not perform certification. For more information about the certification
process, see www.iso.org and the publication ISO 9001:2015 – How to use it.
59
 Malaysian Standards Development Structure
• Department of Standards Malaysia (DSM) is the National Standards Body for
Malaysia established under Standards of Malaysia Act 1996.

• SIRIM Berhad is appointed as the sole national standards development agency by

DSM.

• DSM is responsible for all policy matters with regard to standardization and
operational responsibility is delegated to SIRIM Berhad.

• Amendment of Act 549 in year 2012 has allowed Standards Malaysia to appoint
more Standards Development Agency (SDAs) for faster development of Malaysian
Standards (MS) according to its areas of expertise.

60
 DSM’S AND SIRIM BERHAD’S TASKS
DSM
• Standards policy development and implementation
• Participation in International and Regional Bodies
• Accreditation of laboratories and certification bodies

SIRIM Berhad
• Managing the standards development infrastructure
• Managing Malaysian representation in regional and international standards bodies
• Publishing, printing, selling and distributing Malaysian Standards

61
 Ministry of International Trade and Industry (MITI)
DSM
Malaysian Standards and -Policy & Advisory
Accreditation Council (MSAC)

Department of Standards
- National standards & Accreditation Body
Malaysia

National Standards National Accreditation National IEC

Committee Committee Committee

Development & Accreditation of Malaysian

Use of Malaysian Laboratories and Participation in IEC
Standards Certification bodies
20 Sectorial
SIRIM Committees Overseeing External Technical
National Committees
Standards (SWOs)
Development

62
National Standards Infrastructure Managed (2004)

Sectorial Committees 20

Technical Committees/Working Groups 234

Current standards projects undertaken 600

Standards-Writing Organisations (SWOs) 14

Committees members involved 2,400

63
 STANDARDS OF MALAYSIA ACT
REQUIREMENTS IN STANDARDS OF
MALAYSIA ACT (ARTICLES 15 (1), (5) & 15 (3),

 Requirements to publish in Government Gazette:

- approvals
- withdrawals

 Mandatory provisions for opportunity to comment before adoption of

standards

64
IMPLEMENTATION OF CODE OF GOOD PRACTICE
Policies and procedures governed by Quality Manual-

Quality manual specifies:

 Adherence to Code of Good Practice

 IS0/IEC Guide 59:1994, Code of Good

Practice for Standardization

65
66
 PARTICIPATION AND COMPOSITION OF
COMMITTEES

Participation in Standards Development is accessible to all interested parties through

representation at:

> Sectorial Committees (ISCs);

> Technical Committees (TCs);

> Working Groups (WGs); and

> Public comment process.

67
 PARTICIPATION AND COMPOSITION
OF COMMITTEES
 GOVERNMENT AGENCIES

 TRADE AND MANUFACTURERS ASSOCIATIONS

 PROFESSIONAL BODIES

 RESEARCH ORGANISATIONS

 CONSUMER ASSOCIATIONS

 INSTITUTIONS OF HIGHER LEARNING

 INDUSTRIES

68
 TRANSPARENCY IN DEVELOPMENT OF
MALAYSIA STANDARD
 Announcement of approved new work item*
 Announcement of drafts for Public comment*
 Publication of work programme*
 Announcement of approved/withdrawal of standards*
 Publication of approved standard in Government Gazette
 Sales of Malaysian Standards
 Catalogue of MS - searchable online at SIRIM’s web
* Media: Website/newspapers/Standards Quality News

69
 Summary
• A standard might simply be defined as 'a set of rules for ensuring
quality'.
• Standards improve software quality by adopting highest professional
procedures
• There are several benefits for using standards
• Several organizations produce different standards
• Certification is important to ensure that standard has been applied
correctly and adequately

70
71