Start for free
icon icon icon

ISO compliance rules for quality assurance: a short guide

The International Organization for Standardization (ISO) develops and publishes worldwide technical, industrial, and commercial standards. Some are applicable for QA professionals as well. We’ll take a look at the ones you need to get through the audit.

Which ISO standards are usually applied to software quality assurance?

ISO Software and systems engineering is a series of five international standards used for software testing. The development of ISO software testing standards began in May 2007, based on existing standards such as the Institute of Electrical and Electronics Engineers’ IEEE 829 (Test documentation), IEEE 1008 (Unit Testing), BSI Group’s BS 7925-1 (Vocabulary), and BS 7925-2 (Software components). Initially, the ISO had no working group with significant software testing experience, so the ISO created WG26, which by 2011 contained members from more than 20 different countries. 

At first, ISO focused on developing four sections for the ISO 29119: Concepts and definitions, Test processes, Test documentation, and Test techniques. A fifth part concerning process assessment was considered for addition, ultimately becoming ISO/IEC 33063:2015, which ties to 29119-2’s Test processes. Finally, the actual fifth part of ISO 29119 was published in November 2016 concerning the concept of Keyword-driven testing.

Till to date, no significant revisions have occurred to the five parts of the standard. These five parts are:

  • ISO 29119-1:2013, Part 1: Concepts and definitions, published in September 2013
  • ISO 29119-2:2013, Part 2: Test processes, published in September 2013
  • ISO 29119-3:2013, Part 3: Test documentation, published in September 2013
  • ISO 29119-4:2015, Part 4: Test techniques, published in December 2015
  • ISO 29119-5:2016, Part 5: Keyword-driven testing, published in November 2016

Part 1: Concepts and Definitions (ISO 29119-1:2013)

This standard facilitates the other parts of ISO 29119 by introducing its vocabulary and providing examples of its application in practice. Part 1 provides for the QA:

  • Definitions of different testing terms
  • Software testing concept descriptions
  • Ways to apply these definitions and the concepts to the other parts of the standard

Part 2: Test Processes (ISO 29119-2:2013)

This standard focuses on defining a generic test process model that organizations can use when testing software. It comprises test process descriptions for organizational software testing processes, test management at the project level, and dynamic test process levels. Different software development models like Waterfall, Agile and Lean can use these defined test processes.

Part 3: Test Documentation (ISO 29119-3:2013)

This part of the ISO standard deals with software test documentation and includes different templates that can be used during the testing process. These templates support the three primary test process levels:

  1. Organizational Test Process Documentation: This includes templates for Test Policy and Organizational Test Strategy.
  2. Test Management Process Documentation: This part covers Test Plan, Test Status, and Test Completion.
  3. Dynamic Test Process Documentation: This part is responsible for providing templates for Test Design Specifications, Test Case Specifications, Test Procedure Specifications, Test Data Requirements, Test Environment Requirements, Test Results, Test Execution Logs, and Defects Report.

Part 4: Test Techniques (ISO 29119-4:2015)

Part 4 provides standard definitions of software test design techniques and corresponding coverage metrics that can be used while the test design and implementation processes as defined in Part 2. The ISO-standard’s test design techniques are divided into three main categories: specification, structure, and experience-based test design techniques.

  • Specification-based test design techniques: These techniques are based on the functional specification of the Application Under Test (AUT). These are also called black-box testing techniques. Some recommended test design techniques in this group are:

  • Equivalence partitioning
  • Boundary-value analysis
  • Combinatorial test design techniques
  • Decision table testing
  • Cause-effect graphing
  • State transition testing
  • Functional Scenario-based testing


  • Structure-based test design techniques: These structural test design techniques are based on the internal structure of the AUT covering code. These are also called white-box testing techniques. Some of the recommended techniques are:

  • Branch Testing
  • Branch Condition Testing
  • Branch Condition Combination Testing
  • Data Flow Testing
  • Decision Testing
  • Experience-based Test design Techniques: These testing techniques rely entirely on the tester’s experience. For example, error guessing and check-list-based testing are two of the most commonly used techniques.

Part 5: Keyword-driven Testing (ISO 29119-5:2016)

This standard focuses on keyword-driven testing techniques, which is an approach to specifying software automated test scripts. This standard is designed for users who want to develop BDD/TDD testing automation frameworks.

It depends on the type of application to which standards need to be applied. For example, medical applications, aviation industry applications, and financial applications are susceptible and follow the ISO’s proper testing standards. Usually, applications involving risks to human life or financial loss are tested by following all ISO testing standards.

What are the main ISO compliance requirements that should be observed for software QA?

ISO compliance involves adhering to the requirements of ISO standards without the formalized certification process, as ISO Compliance does not include formal audits to get the certifications. Still, they follow the guidelines defined by ISO-9001 for QA. 

ISO 9001 is a standard for QA – basically a set of rules and regulations. Now, it’s the company’s decision if they want ISO Compliance or complete ISO-9001 QA certification.

  • ISO 9001: ISO 9001 provides the guidelines for establishing a quality management system (QMS) by ensuring high-quality products and services to customers every time. The primary goal is to help businesses implement overall standards that can help measure all of their business processes. 

  • ISO 9126: Software engineers and manufacturers consider ISO 9126 as one of the most robust software quality standards globally. It’s developed to provide manufacturers and engineers with the software product quality requirements. It splits up software quality into six significant characteristics: Portability, Maintainability, Efficiency, Usability, Reliability, and Functionality.

  • ISO 25010:2011: One of the more modern standards is ISO 25010:2011. This standard is applied to software engineering to ensure that the product meets certain quality standards. It comprises eight significant characteristics. It takes six from ISO 9126 characteristics but adds two other elements: Security and Compatibility. As a result, ISO 25010:2011 is considered a more robust standard than ISO 9126.

Privacy vs Confidentiality in QA security testing
More →
Software testing talks: KPIs for QA, expensive mistakes, and daily stand-ups
More →
Replacing Jira on-premises for QA testing purposes
More →