ISO compliance rules for quality assurance: a short guide
9 mins read
June 19, 2023

ISO compliance rules for quality assurance: a short guide

The International Organization for Standardization (ISO) develops and publishes worldwide technical, industrial, and commercial standards. Some are applicable for QA professionals as well. We'll take a look at the ones you need to get through the audit.

Martin Koch
Kirill Chabanov

Which ISO standards are usually applied to software quality assurance?

ISO Software and systems engineering is a series of five international standards used for software testing. The development of ISO software testing standards began in May 2007, based on existing standards such as the Institute of Electrical and Electronics Engineers’ IEEE 829 (Test documentation), IEEE 1008 (Unit Testing), BSI Group’s BS 7925-1 (Vocabulary), and BS 7925-2 (Software components). Initially, the ISO had no working group with significant software testing experience, so the ISO created WG26, which by 2011 contained members from more than 20 different countries. 

At first, ISO focused on developing four sections for the ISO 29119: Concepts and definitions, Test processes, Test documentation, and Test techniques. A fifth part concerning process assessment was considered for addition, ultimately becoming ISO/IEC 33063:2015, which ties to 29119-2’s Test processes. Finally, the actual fifth part of ISO 29119 was published in November 2016 concerning the concept of Keyword-driven testing.

Till to date, no significant revisions have occurred to the five parts of the standard. These five parts are:

  • ISO 29119-1:2013, Part 1: Concepts and definitions, published in September 2013
  • ISO 29119-2:2013, Part 2: Test processes, published in September 2013
  • ISO 29119-3:2013, Part 3: Test documentation, published in September 2013
  • ISO 29119-4:2015, Part 4: Test techniques, published in December 2015
  • ISO 29119-5:2016, Part 5: Keyword-driven testing, published in November 2016

Part 1: Concepts and Definitions (ISO 29119-1:2013)

This standard facilitates the other parts of ISO 29119 by introducing its vocabulary and providing examples of its application in practice. Part 1 provides for the QA:

  • Definitions of different testing terms
  • Software testing concept descriptions
  • Ways to apply these definitions and the concepts to the other parts of the standard

Part 2: Test Processes (ISO 29119-2:2013)

This standard focuses on defining a generic test process model that organizations can use when testing software. It comprises test process descriptions for organizational software testing processes, test management at the project level, and dynamic test process levels. Different software development models like Waterfall, Agile and Lean can use these defined test processes.

Well-organised test processes can be more than just a regulatory checkbox. A smart testing architecture will save your employees over 10 hours per week, make your software more robust, and speed up releases as well.

testing strategy template

Get a testing strategy template for compliant and 100% more efficient testing

Part 3: Test Documentation (ISO 29119-3:2013)

This part of the ISO standard deals with software test documentation and includes different templates that can be used during the testing process. These templates support the three primary test process levels:

  1. Organizational Test Process Documentation: This includes templates for Test Policy and Organizational Test Strategy.
  2. Test Management Process Documentation: This part covers Test Plan, Test Status, and Test Completion.
  3. Dynamic Test Process Documentation: This part is responsible for providing templates for Test Design Specifications, Test Case Specifications, Test Procedure Specifications, Test Data Requirements, Test Environment Requirements, Test Results, Test Execution Logs, and Defects Report.

Part 4: Test Techniques (ISO 29119-4:2015)

Part 4 provides standard definitions of software test design techniques and corresponding coverage metrics that can be used while the test design and implementation processes as defined in Part 2. The ISO-standard’s test design techniques are divided into three main categories: specification, structure, and experience-based test design techniques.

  • Specification-based test design techniques: These techniques are based on the functional specification of the Application Under Test (AUT). These are also called black-box testing techniques. Some recommended test design techniques in this group are:

    • Equivalence partitioning
    • Boundary-value analysis
    • Combinatorial test design techniques
    • Decision table testing
    • Cause-effect graphing
    • State transition testing
    • Functional Scenario-based testing


  • Structure-based test design techniques: These structural test design techniques are based on the internal structure of the AUT covering code. These are also called white-box testing techniques. Some of the recommended techniques are:

    • Branch Testing
    • Branch Condition Testing
    • Branch Condition Combination Testing
    • Data Flow Testing
    • Decision Testing
  • Experience-based Test design Techniques: These testing techniques rely entirely on the tester’s experience. For example, error guessing and check-list-based testing are two of the most commonly used techniques.

Part 5: Keyword-driven Testing (ISO 29119-5:2016)

This standard focuses on keyword-driven testing techniques, which is an approach to specifying software automated test scripts. This standard is designed for users who want to develop BDD/TDD testing automation frameworks.

It depends on the type of application to which standards need to be applied. For example, medical applications, aviation industry applications, and financial applications are susceptible and follow the ISO’s proper testing standards. Usually, applications involving risks to human life or financial loss are tested by following all ISO testing standards.

What are the main ISO compliance requirements that should be observed for software QA?

ISO compliance involves adhering to the requirements of ISO standards without the formalized certification process, as ISO Compliance does not include formal audits to get the certifications. Still, they follow the guidelines defined by ISO-9001 for QA. 

ISO 9001 is a standard for QA – basically a set of rules and regulations. Now, it’s the company’s decision if they want ISO Compliance or complete ISO-9001 QA certification.

  • ISO 9001: ISO 9001 provides the guidelines for establishing a quality management system (QMS) by ensuring high-quality products and services to customers every time. The primary goal is to help businesses implement overall standards that can help measure all of their business processes. 
  • ISO 9126: Software engineers and manufacturers consider ISO 9126 as one of the most robust software quality standards globally. It’s developed to provide manufacturers and engineers with the software product quality requirements. It splits up software quality into six significant characteristics: Portability, Maintainability, Efficiency, Usability, Reliability, and Functionality.
  • ISO 25010:2011: One of the more modern standards is ISO 25010:2011. This standard is applied to software engineering to ensure that the product meets certain quality standards. It comprises eight significant characteristics. It takes six from ISO 9126 characteristics but adds two other elements: Security and Compatibility. As a result, ISO 25010:2011 is considered a more robust standard than ISO 9126.

Keeping your QA compliant requires a compliant tool. Meet aqua, an AI-powered test management system used in heavily regulated industries for over 10 years. Banks, insurance companies, and government agencies have all passed dozens of regulatory audits while using auqa as their primary QA tool. The solution receive constant features updates, including cutting-edge AI functionality such as auto-generating test steps from the requirement.

Get a mature, modern, and compliant test management system

Try aqua
On this page:
See more
Speed up your releases x2 with aqua
Start for free
What are ISO standards for testing?

ISO (International Organisation for Standardisation) is a non-governmental organisation that provides standards for various industries and fields, including testing.

What are the main ISO compliance requirements for software QA?

The ISO/IEC standards for software testing include:

  • ISO/IEC 29119: a systematic and standardised way to design, plan, execute, report, and evaluate the testing of software
  • ISO/IEC 12207: the processes for software life cycle management and provides guidance for software testing
  • ISO/IEC 15504: a framework for evaluating the capability of software processes and provides guidance for software testing
What is ISO in QA?

ISO and QA are closely related, as many ISO standards provide guidelines for implementing effective quality management systems, including processes for quality planning, quality control, and quality improvement. Organisations that adhere to ISO standards often have well-established QA processes and are committed to providing high-quality products and services to their customers.

ISO 9001 is the most widely recognised and adopted standard for quality management systems (QMS). It provides a systematic and continuous approach to QA, from identifying customer needs to monitoring and improving processes and services. Organisations that are certified to ISO 9001 demonstrate their commitment to providing quality products and services, and to continuous improvement of their QA processes.

closed icon