About Us
Choose how we work together to meet your QA needs now and as you scale

Industries we work with

ECommerce
Energy
Finance
Gaming
Healthcare
It
Insurance
Manufacturing
Telecom

Engagement models

Dedicated QA teams
Project Based QA
QA Consulting

Growth stage

For Startups
For Scaling teams
For enterprise

Client Success Stories

See real results across industries, stages, and models

Our case studies
Explore how we raise software quality though our technical expertise

Test Types

API Testing
Compatibility
Functional
Localization
Performance
Regression
Security
Usability
User Acceptance

Methods

Agile testing
Test Automation
End to End testing
AI Informed testing

Domains

Website
Mobile ApP
Web Applications
Big Data

Tools

Appium
Selenium
JMEter
TestVia

Learn from our years of experience

In-depth insights and practical guides to improve your QA strategy

Our White papers
Our Resources

ISO 29119 for Software Testing: A Practical Take

Published: August 23, 2022

Updated: August 16, 2025

Watch the Recording

Prefer video? You can watch this session where we walk through the key ideas covered in this article.

ISO 29119 is a family of software testing standards that attracts strong opinions. Some see it as a useful baseline, others worry it can turn into a gate that blocks practical work. In our “Inside ISO 29119” session with standards editor Jon D. Hagar, we set out to explain what the standard is, how it is organized, and when it earns its keep. This summary captures that discussion and adds guidance for leaders deciding whether and how to apply it.

Why ISO 29119 exists

Before ISO 29119, organizations faced a patchwork of documents covering vocabulary, documentation, and testing practices, often overlapping and sometimes silent on important areas. ISO and IEEE set out to create a coherent family that gives buyers and suppliers a shared baseline for planning, managing, and assessing testing. The aim is consistency across contexts where a common frame of reference reduces misunderstanding during contracting or audits. That does not mean it fits every project or that it should replace judgment. It is a standard you can draw from, not an instruction book to follow blindly.

The standard was developed by volunteers from roughly twenty countries through ISO and IEEE processes. Interest and adoption patterns vary by region and industry. Hagar noted more early interest from parts of Asia and some European organizations, with North American teams tending to be more context driven. That range of perspectives is reflected in the standard’s flexibility, and in the ongoing debate about its limits.

What the standard covers

ISO 29119 is organized into parts that relate to concepts, processes, documentation, techniques, and keyword-driven approaches.

Part 1 sets concepts and vocabulary. It includes definitions, the place of testing within life cycles, roles, and examples of metrics. It creates a shared language so teams do not talk past each other.
Part 2 defines testing processes at three layers. There is an organizational layer for policy and strategy, a project or test management layer for planning, monitoring, and reporting, and an execution layer that covers designing tests, setting up environments, running tests, and handling incidents. The process model is risk-based by design.
Part 3 describes test documentation. It defines what goes into plans, specifications, results, incident reports, and summaries. It provides outlines and examples so teams can produce consistent artifacts when they are needed.
Part 4 catalogs testing techniques. It lists well-documented functional and structural techniques such as boundary value analysis, equivalence partitioning, statement and branch coverage, with guidance on design and measures for each technique.
Part 5 addresses keyword-driven testing. It explains how to structure and interface keyword assets, often in support of automation.

Two additional points matter for leaders. First, the standard references related ISO and IEEE standards for systems and software engineering, verification and validation, and assessments. It fits into a broader family that large organizations may already use. Second, the editors intentionally kept Part 4 to established techniques that are well described in the literature. Newer practices such as exploratory testing and DevOps-oriented approaches were discussed in committee and may appear in future parts or technical reports as consensus builds.

Compliance, tailoring, and real-world use

Part 2 includes a conformance section that uses “shall” statements. This exists because some contexts require clear compliance language, for example regulated procurement or cross-border contracts. The same part also explains tailoring. Tailoring is how an organization selects, adapts, or omits processes and documents to fit the project’s risks and constraints, with stakeholder agreement. Hagar emphasized that thoughtful tailoring is expected. It is how you protect agility and avoid performing ceremonies that do not help.

In practice, few projects need the full document set. A common pattern is an organizational testing policy and template, a project-level test plan that references that policy, a focused test specification for critical flows, and a clear incident report workflow that distinguishes environment issues from product defects. Teams then generate periodic status summaries that roll up measures leaders care about. The rest stays on the shelf until an auditor or a specific risk profile warrants it.

Where ISO 29119 tends to fit

The standard is most useful when you need a shared baseline across organizations and jurisdictions. Examples include international supplier management, safety-related domains that already integrate ISO or IEEE families, and large enterprises that want consistency across many product teams. It can also help when a buyer needs to assess a vendor’s testing maturity without prescribing a specific toolchain.

It is less helpful on small, fast-moving efforts that already have a healthy test culture and clear delivery feedback loops. In these contexts the cost of interpreting and tailoring a formal standard can exceed the benefit. Even there, the vocabulary and technique catalog can be handy reference material for onboarding and reviews.

Concerns you should address up front

Several risks surface repeatedly in the debate. Leaders can address them with explicit choices.

A standard used as a gate can exclude capable teams. If you require conformance, define what “tailored conformance” looks like and accept evidence that maps current practices to the intent of the clauses. Focus on outcomes and risk reduction, not paperwork volume.
Heavy documentation can throttle iteration. Limit documents to those that change decisions or satisfy obligations. Keep everything else lightweight and living, for example short plans linked to backlogs and automated status views.
Process checklists can crowd out thinking. Treat processes as prompts. Ask teams to explain why a given clause is material or not for their context. Make that reasoning transparent and time-boxed.
Technique catalogs can imply one right way. Use Part 4 as a menu, then pick techniques that match the risk and the technology. Pair cataloged techniques with exploratory work where it adds coverage and speed.

How to read the process model in an agile context

The process model is often drawn linearly, and readers can infer a waterfall. The standard explicitly allows iteration. A practical interpretation for agile teams looks like this. Keep a lean organizational policy that sets risk themes and reporting expectations. Create a project-level test plan that fits on a page and links to the backlog, environments, and data strategies. Design tests alongside user stories with risk in mind. Execute continuously, handle incidents through the same workflow you use for defects, and publish short, regular status notes that reflect risk and readiness. You get alignment and traceability without heavy stage gates.

Documentation without the paperwork bloat

Part 3’s document list can look long. It is a catalog, not a mandate. In many teams, two or three artifacts cover most needs. An organizational test strategy defines principles and minimum expectations. A project-level plan states scope, risks, environments, data, and responsibilities, and references the organizational strategy. A concise completion report closes the loop with what was tested, what escaped, and what process changes will prevent similar escapes. When contracts or audits require more, draw from the catalog rather than inventing formats from scratch.

Techniques and what comes next

Part 4’s techniques are useful when you need a shared reference. They help reviewers and new joiners understand how tests were designed and why. They also provide measures that keep conversations about coverage specific. The technique list is not exhaustive and it does not eliminate the need for unscripted exploration. In the webinar, Hagar anticipated future parts or companion reports for areas like exploratory testing and DevOps-aligned practices, subject to consensus and evidence. Expect the family to evolve on a three to five year cadence, and plan to revisit your interpretation as it does.

Questions to ask before you adopt or require ISO 29119

What problem are we trying to solve: shared vocabulary, contracting and audit readiness, consistent reporting, process improvement, or something else
Which risks justify formal process and documentation, and which can be handled with lighter routines
What would tailored conformance look like for our portfolio, and who approves that tailoring
Which parts of the technique catalog map cleanly to our technology stack, and where do we need complementary practices
How will we measure whether adopting parts of the standard improves outcomes such as change failure rate, escaped defects, and time to restore service

Clear answers keep the standard in service of outcomes rather than the other way around.

The XBOSoft Perspective

We approach ISO 29119 the way we approach any tool. We start with the problem to be solved, then map the smallest set of practices and artifacts that create clarity and reduce risk. In regulated or multi-party environments, the vocabulary, process structure, and document templates can shorten negotiations and improve traceability. In product teams that already deliver well, we borrow selectively, for example using the incident taxonomy to separate environment issues from product defects, or the technique catalog to strengthen design reviews. Tailoring is where the value lives, and we treat it as a design exercise, not an afterthought. If you want help deciding where ISO 29119 fits and how to right-size it for your context, we can facilitate that decision and set up practices your teams can run week after week.

Next Steps

Explore More on Software Quality
Understand ISO 29119 and its relevance to modern QA.
Visit the Defining, Measuring, and Implementing Software Quality page

Implement Standards That Add Value
We can help you adapt ISO 29119 principles without overloading teams.
Contact Us

Download the “Software QA Evaluation Framework” White Paper
Practical insights for aligning QA standards with measurable improvement.
Get the White Paper

Client Success Stories

Learn from our years of experience