Software QA Standards and Certifications – Who Are They For?

There are several industry affiliations or certifications in the quality, software quality and software testing domains, but who do the software QA standards and certifications really apply to and for who’s benefit? Do they benefit the end user? the procuring organization? the development team? When pursuing any standard certification, we think that these key questions are often forgotten and need to be emphasized. This blog introduces some of these software QA standards and certifications but is certainly not all-inclusive. 

  • ISO 9000 applies to product and process quality usually for manufacturing applications although some have applied them to software development at the organizational level. You see ISO 9000 on many products that you buy that go through a manufacturing process but rarely on software.
  • CMMI – On the other hand, Capability Maturity Model Integration is a framework of best practices with certifications for software development processes as well as some service-oriented processes also at the organizational or department level. CMMI-DEV, describes best practices in managing, measuring and monitoring software development processes. Many of the larger software companies do not comply with these certifications and they often used for large government procurements for software service providers to satisfy as part of an RFP process. The value of the certifications to the buyer or client is not well documented and anecdotal as those with certifications have limited conclusive evidence that they can build better software than other firms that do not. One has to remember that the origins of CMMI are with the Software Engineering Institute at Carnegie Mellon University via a federal government funded initiative. The problem was that the government was hiring firms to build software. To reduce the risk of hiring a firm that was haphazard and couldn’t deliver, they made prospective bidders be CMMI certified in order to bid on projects which assured them that the bidding organizations had well-documented processes. This is not entirely congruent with the needs of today’s software companies trying to iterate quickly and build software that may have changing requirements. CMMI has sought to adapt to the market and is now offering a certification related to Agile development processes, but again, the value is not well understood to the end-user, or client when considering which service provider to use, especially since there is limited data on whether certification is correlated to actually building better quality software.
  • TMM – Another certification at the organizational level specifically related to software testing is the Testing Maturity Model (TMM) was first developed by the Illinois Institute of Technology and closely mirrors the CMMI framework. It is a test management framework, similar to TMAP, a test management approach developed in the Netherlands by Sogeti. Companies can be certified in these standards which demonstrates the ability to follow a documented testing process. As with the CMMI certifications, the benefits of these certifications demonstrate that test processes are structured and repeatable. Again, this is good, but it is no guarantee of testing ability.
  • ISTQB is a certifications board for individuals which has many different types of certifications. These certifications demonstrate that a person has a level of knowledge (basic, advanced) of certain sub-domains in the software testing area. Such certifications include mobile testing, security testing, test management, etc. The strength and benefit of this certification is that it provides a common vocabulary and base knowledge level for going forward when developing your hands-on expertise. It also provides a basis for communication amongst testers and organizations so that for instance, you don’t have to explain the term test case, when you are conversing about test plans, other than perhaps the level of detail and context.
  • ISO 27001 – This is a certification at the organizational level, that we at XBOSoft, have achieved.The ISO/IEC 27000 family of standards helps organizations keep information assets secure. By becoming certified, we want to ensure our clients that we manage the security of assets, both theirs and ours using a systematic approach so that it remains secure. This includes people, processes, and IT systems by applying a risk management process to sensitive information such as financials, intellectual property, employee details or information that they entrust to us.
  • PMI PMP – Project Management Institute, Project Management Professional. This certification is obtained by individuals in the field of project management. This certification shows that an individual understands basic concepts in project management such as budgets, estimating, risk management and work breakdown methods. As with the ISTQB certifications, again there are different levels and sub-certifications and they do not prove that an individual can do the job in practice, but demonstrate that they have the basic knowledge and foundation from which to gain hands-on experience.

At XBOSoft, our leaders and management team often speak at industry conferences sharing their knowledge as thought leaders in the field, discussing the future of software quality and testing and problems that we’ve solved in our over 10 years in business. We have a bias towards hands-on experience and proven expertise rather than having software QA standards certifications and box-checking. While we don’t really believe in certifications unless they are explicitly beneficial to ourselves and our clients, we still have many individuals in the company that are certified PMP and ISTQB at many levels. These certifications are not job requirements but serve as a common foundation. Our requirements are more related to what they can do hands-on and what experience and problems they can solve on the job. Of course, these certificates (knowledge) helps them to prepare for the task at hand, but nothing replaces real hands-on work and problem solving/analysis capabilities. If you need help, let us know.