Certification, that is, the assessment by an independent entity accredited to carry out audits, is an area that has not been contemplated by the ISO/IEC 25000 series of standards until now. Nevertheless, software product certification is of great interest to developers and/or purchasers of software products, since it allows for identifying the quality of a software product in a quick and standardized way. For that reason, in recent years AENOR (Spanish Association for Standardisation and Certification) and the software product quality evaluation laboratory AQC Lab have been working on a certification scheme based on the ISO/IEC 25000 series of standards, which has already yielded results with the evaluation of the maintainability and the functional suitability of several products.
In order to support this process of evaluation, improvement and certification of the software product, a Software Product Quality Evaluation and Certification Ecosystem is being built, which identifies all the entities involved in the process for obtaining a software product quality certificate. The Ecosystem consists of the following entities:
-
Organizations interested in the evaluation, improvement and certification of their software products. These organizations can be software development companies, entities that have outsourced the development of their software, or companies interested in the acquisition of a software product. These organizations are the central element of the Ecosystem, and their interest in software product quality is precisely what motivates its evaluation and certification.
-
Certification/audit body. An important part of this Ecosystem is the body responsible for awarding software product quality certificates. Thanks to this entity of the ecosystem, the evaluation process is extended, including the certification step that was previously missing in ISO/IEC 25000. AENOR can be highlighted as an example of certification body. With more than 20 years of experience of performing quality audits over products in other sectors, since 2006 AENOR has been developing and enhancing a model for the governance of ICT based on ISO standards. The ISO/IEC standard has recently been included in this ICT governance model in order to carry out this kind of software product quality audits. To do this, AENOR has developed an internal regulation for software product certification, so that by reviewing an evaluation report issued by an accredited laboratory and auditing the company that develops the product at their premises enables AENOR to issue a certificate specifying the quality level of the product.
-
Accredited software product quality evaluation laboratory. One of the needs that were initially identified in order to evaluate software product quality was counting on an external entity capable of providing an independent evaluation. In this way, the certification body takes the software product quality evaluation reports made by the independent laboratory as an input to the certification process. In addition, accreditation according to ISO/IEC 17025 confirms the technical competence of the laboratory and guarantees the reliability of the evaluation results. Thus, the evaluations carried out by an accredited laboratory enable both software development companies and organizations that outsource or acquire software to get an independent report that indicates the quality of the evaluated software product. AQC Lab can be highlighted as an example of this type of entity, since in 2012 it became the first laboratory that carries out software product evaluations conforming to the ISO/IEC 25000 series of standards to be accredited to ISO/IEC 17025 by ENAC (Spanish National Accreditation Body).
-
Expert consultants in software quality. Before taking part in an official evaluation and certification process, it is recommended that companies get support from expert consultants (whether in-house or external) that help them to improve their software products and control their quality throughout their life cycle, in order to tackle the certification process with confidence. Thanks to this type of entity of the Ecosystem, organizations that want to certify the quality of their products can get support from experienced staff in order to assure the quality of their software products.
-
Companies developing tools for software product measurement. Evaluation laboratories and expert quality consultants need measuring tools to carry out their processes. Therefore, it is necessary that there are companies that develop these tools in alignment with the measurements and thresholds set by the evaluation laboratory and the certification body. Among these tools, Kiuwan can be highlighted, since it has already begun to align their measurements with the quality model defined by the AQC Lab, although there also exist other free software tools, such as SonarQube. Thanks to this type of entity of the Ecosystem, technological environments that support software product measurement and evaluation are available for everyone, making it easier to get successful resuls in the evaluation and certification process.
Thus, by means of these tools, these expert consultants in software quality, the laboratory AQC Lab, and AENOR, organizations can evaluate, improve and certify the quality of their software products in conformity with ISO/IEC 25000, establishing in this way the first complete Ecosystem to carry out this process.