Quality characteristics of the software can be measured with a set of attributes defined for each characteristic. These characteristics help evaluating the quality of software, but they do not define a guidance of constructing high quality software products. Quality characteristics are defined in the standard ISO/IEC 9126. [ 2 ] Quality management system requirements are defined in the ISO 9001 standard. The main goal of these requirements is to satisfy the customer needs, which is the measure of quality software product. [ 3 ] BCI’12, September 16–20, 2012, Novi Sad, Serbia.

Copyright © 2012 by the paper’s authors. Copying permitted only for private and academic purposes. This volume is published and copyrighted by its editors. Local Proceedings also appeared in ISBN 978-86-7031-200-5, Faculty of Sciences, University of Novi Sad.

ISO is the International Organization for Standardization that has membership from countries all around the world. It has developed about 19000 International Standards and about 1000 new standards every year.

ISO standards published in recent years are in fields of information and societal security, climate change, energy efficiency and renewable resources, sustainable building design and operation, water services, nanotechnologies, intelligent transport systems, food safety management, and health informatics. [ 5 ] 3. SOFTWARE QUALITY STANDARDS 3.1 ISO/IEC 9126 ISO/IEC 9126 is one of the best software quality standards in the world. It is intended to specify the required software product quality for software development and software evaluation. This standard is divided into four parts: • • • • quality model external metrics internal metrics quality in use metrics This quality model can be applied in many sectors. It describes the quality model framework that explains the relationships between the different approaches to quality and it consists of six characteristics them is divided into a set of sub-characteristics:  Functionality – a set of software attributes with specific properties that provide functions that satisfy the needs of the user  Reliability – A set of software attributes with ability to maintain its specific level of performance under the specific stated conditions for a stated period of time.

 Usability – A set of software attributes that are measure of the effort needed user to learn to use the product.

 Efficiency – A set of software attributes that represents the ability of the software product to provide relationship between level of performance of the software and the amount of recourses that are used under the stated conditions.

 Maintainability – A set of software attributes that are needed to avoid unexpected effects from specified modifications. This characteristic describes the ease with which the software product can be changed.

 Portability – A set of software attributes that are needed for software to be transferred from one environment to another. This is important when the application is made for using on different distributed platforms. [ 8 ][9] Internal Metrics are metrics that are static and that do not rely on software execution and describe the internal metrics used to measure the characteristics and sub-characteristics identified in quality model.

External metrics rely on running software and they describe the external metrics used to measure the characteristics and subcharacteristics identified in quality model.

Quality in use metrics can be measured only when the final product is used in real environment with real conditions and it identifies the metrics used to measure the effects of the quality characteristics.

For example internal metrics can be data corruption prevention. Its purpose will be to find the completeness of the implementation of data corruption prevention. The method of application can be: comparing the number of implemented instances of data corruption prevention and number of instances of operations specified in requirements capable of destroying data.

Mathematically, the result can be expressed as X=A/B, where A is the number of implemented instances of data corruption prevention and B is the number of instances of operations specified in requirements capable of destroying data. The value X should be 0<=X<=1. If it is closer to 1, data corruption prevention is more complete. Inputs to this measurement are: Requirement specification, Design, Source code and Review Report. Example of the external metrics can be maintainability compliance. Its purpose will be to find compliance of the maintainability of the product to be applicable regulations, standards and conventions. The method of application can be: comparing the number of items requiring compliance that have been met and number of items requiring compliance in the specification.

Mathematically, the result can be expressed as X=1-A/B, where A is the Number of maintainability compliance items specified that have not been implemented during testing and B is the Total number of maintainability compliance items specified. The value X should be 0<=X<=1. If it is closer to 1, maintainability compliance is better. Inputs to this measurement are: product description (user manual or Specification) of compliance and related standards, conventions or regulations, test specification and report. The target audience is suppliers and users. [9]

The process of issuing ISO certificates is done by appropriate accreditation bodies. Regarding the evident fact that ISO 9000 presents significant addition to any company, many countries have accreditation bodies that are supposed to authorize further certification bodies. The two, accreditation and certification bodies charge for their services.

The accreditation bodies have joint concept to provide that certificate released by some of the accredited certification bodies is internationally approved. The accreditation bodies operate under ISO/IEC 17011 and certification bodies operate under ISO/IEC 17021. [ 10 ] [ 11 ] In the past years ISO 9000 has proven to be very important and effective tool that cannot be overlooked. According to a study done in Sweden which was focused on factors for implementing the standard, benefits gained after implementation and motives for implementing it, it was determined that the essential interests for getting certification is to increase corporate reputation and quality. Another meaningful outcome is that the effectiveness of ISO 9000 can be influenced by the motivation which brought the idea for certification. [ 12 ] 5. MEANING OF ISO CERTIFICATE Many times while looking for goods or services customers run into labels that say ISO 9001:2000, ISO 9001:2008, or, ISO 9000. The idea of having these labels is to help the customers to find what they are looking for and to make sure that the retailers comprehend what is expected from them and that they are delivering an expected, reconciling product.

ISO 9001 has a goal to implement a group of requirements that when definitely implemented, should supply the costumer and the retailer with confirmation that the goods and services supplied: • •

Meet the needs and expectations

Comply with applicable regulations The product design, procession of incoming orders, acquiring, supervising and evaluation of products and processes, arrangement of measuring accessories, dissolving customer’s complains, improving or preventive activities, claims to animate constant progression on the QMS, supplier’s top management to quality, the customer focus, adequacy of resources, employee competence, process management (this includes production, service delivery and relevant administrative and support processes) are among the topics considered by the requirements. Another important requirement for the supplier to monitor customer perceptions about the quality of the goods and services provided.

The label ISO 9001 and having the certificate does not specify requirements for the products or services offered for purchasing. The customer should exactly define his needs and presumptions for the product or service.

The submission to ISO 9001 means that in regards toward the quality management there is a systematic approach established by the supplier and that the business is managed to provide that the needs of the customer are of high matter and that they are undoubtedly apprehended, admitted and conformed. Anyway, the affirmation of submission to ISO 9001 should not be interpreted as an alternative for a proclamation to the agreement of the product.

Being familiar with the fact that a company has ISO 9001 certificate could be useful for the customers. The customer is included in some of the requirements for the purchasing process which refer the following cases: • • requirements regarding the purchasing information that should be provided so that suppliers clearly understand their customers' needs the ways in which supplied products can be verified as meeting the requirements of the customer The client has the obligation to specify to the supplier what is expected by the product. This practice is bets because otherwise the product that the company shall not receive what is needed or expected and might not satisfy their requirements. Another very important detail is the further use and the needs of the product which should be specified by the client.

In order to check if the QMS of the supplier meets the requirements of ISO 9001 the customer could receive a declaration affirming that the QMS meets the ISO 9001 requirements, the supplier could be inspected by the customer to see if the QMS meets ISO 9001 and the requirements of the customer, or, a third party could lead an assessment to check the conformity to ISO 9001requirements and to issue an appropriate certificate.

In order to improve confidence level some certification bodies are accredited by national or international accreditation bodies. These bodies verify the independence and competence of the certification body to carry out the certification process. A lot of these accreditation bodies have agreements under the cover of the IAF (International Accreditation Forum) in order to develop international common admission to uphold the WTO (World Trade Organization) and free trade principles. [ 14 ][ 17 ][23] 5.1 State Agencies for Software Quality In some countries there are government agencies that are meant to improve the software quality. Some of them have resulted as very good practices that give excellent results and are further recommended to be implemented in other countries.

For example in the US there are specific Food and Drug Administration Standards that assign requirements for software used in medical applications.

The FDA made validation requirements that are applied to software used in medical devices, software that is a medical device, and to software used in production of such device or in implementation of its manufacturer’s quality system. The process of software validation defined by the FDA is considered to be acceptance through testing and analysis and confirmation by impartial proof that software specifications are appropriate to intended users and their inquiries and that all implemented requirements can be constantly performed.

Among the goals of this standard is to be as compatible with ISO 9001 although there may be some differences. Some of the requirements are considered as not specific enough with the ISO 9001, so the FDA pointed them in their rules. [20] [21] Similar to this, the Council of Canadian quality assurance standards (SCC), promotes the country’s voluntary national standards that are directed by the quality management principles defined in ISO 9001:2000 with several improvements. [24] In North Carolina Office of Information Technology (ITS), in 2004 they decided to make changes on the way the software quality assurance testing is performed and to create some criteria for developers. This was brought up because of the significant difference in the way some agencies handled the developing cycle.

ITS decided to save complications by consolidating SQA testing methods under ITS. The idea was to let agencies subscribe to quality assurance tools presented by the ITS and not to purchase tools themselves. This is supposed to unify the application testing with less fuss.

The SaaS delivering model has become quite popular and it quickly spread worldwide. The main reason organizations try SaaS is the possibility to save on implementation. The software runs on servers owned by SaaS and the host also mobilizes its own IT personnel to handle problems in order not to worry about maintenance. In this case the customers pay for service, not for ownership. [ 16 ][ 18 ] The State of New York has established a State System Development Lifecycle (SDLC) that is written using a common language and has enough detail to enable a Project Manager to plan and manage a system. It is consisted of standard phases and processes that should be followed indifferent of the environment and tools.

Regarding the quality of the software, there is Quality Assurance Plan that is established and executed by Software quality Assurance Analyst who is also collaborating in the test scripts and data preparation. According to the Quality Assurance Plan associated with the project management lifecycle, software quality testing process should be made of three components: quality standards, quality assurance processes, and quality controls.

With the Software Quality Standards the programming standards are defined same as development/testing standards that are accorded throughout the project.

The Software Quality Assurance Processes describes and makes procedures that are later implemented by the Project Team to provide management with evidence that these procedures are being adopted, and to meet the quality standards. Further the Software Quality Controls encloses a series of reviews and audits that evaluate deliverables according to stated standards and acceptance criteria. The controls are consisted of software testing techniques and reviews. [22] 6. HOW TO GET ISO CERTIFICATE Basically there are four major steps that a company needs to get ISO certificate.

The first step is to prepare the documentation. The company needs a written quality manual, procedures, and some forms. They will all have to meet the requirements of the ISO quality standard but it will also have to fit the company’s quality goals. Next step is the training part. All of the employees will require some training. The quantity of training depends on each individual’s responsibilities.

Further the company should practice and use that quality system for a few months. This might bring some changes that need to be made. Another important thing in this step is to keep records about the quality system. In a few months the quality system and the employees should be ready for the registration audit. The final part is to get audited. The time involved conducting a registration audit and the number of required auditors varies with to the size of the company. The auditors can range the problems as “non-conformances” or “observations”. Non-conformances can be defined as “major” or “minor”. Major can cause the company not to get certificate. The minors may in some cases prevent the certification depending on the number and severity of the problems. On the other hand, observations do not cause the lost of certification. They are a sort of suggestions on how to make improvements to the quality system. [9] ISO standards: ISO 12207, ISO 15504 & ISO 9126, ISACA – CETIC Meeting [19] Quality management systems — Requirements, ISO 9001 Third edition [21] “General Principles of Software Department of Health and Human Services

U.S. [22] “System Development Lifecycle” New York City Project Management (http://www.cio.ny.gov/pmmp/guidebook2/Phase.pdf) [23] ISO 9001 – What does it mean in the supply chain [24] Canadian Quality Assurance (QA) & Control Standards (http://www.mastercontrol.com/quality-managementsoftware/quality-assurance/canadian.html)