Software Validation - Information Services in ISO 9001

[Marc]

> Francis Cottier asked,
> Does anyone know of organizations who are using the ISO 9000 QMS to manage
> their I.T. departments? ...I suspect that this is part of the fallout from the Y2K fiasco.

From: ISO Standards Discussion
Date: Tue, 13 Jun 2000 13:16:43 -0500
Subject: Re: ISO 9000 and Information Systems /Cottier/Vianna

From: "Vianna, Sidney"

If the goal of applying ISO 9000 to the IT Group is to provide information security, then the new BS7799 Standard is a much better suited tool.

- From the Website for BS 7799

"...BS 7799 is a British Standard which was developed as a result of industry, government and commerce demand for a common framework to enable companies to develop, implement and measure effective security management practice and to provide confidence in inter-company trading. It is based on the best current information security practices of leading British and international businesses and has met with international acclaim. Discussions are ongoing with a view to agreeing BS 7799 as an International (ISO) standard. BS 7799 has been provided to address the needs of information security management systems within organizations. ..."

With e-commerce's tidal wave rolling on, we should see a lot of interest on this standard.

Thanks and Best Regards

Sidney Vianna

 

[Marc]

From: ISO Standards Discussion
Date: Mon, 19 Jun 2000 09:42:31 -0500
Subject: Re: Software validation /Brown/Coffelt

From: "CW"

Hello David,

"What or whom determines validation or certification of testing software?"

If the test software is originated by your company employees, then whomever is designated by your company as having responsibility for this activity according to your procedures. This could be the software development engineer who did the code to be tested and also wrote the test software and designed the testing, or it could be any other person so assigned responsibility and authority to approve the test software.

If the test software is originated by an external vendor (say COTS tools to be used on COTS applications even if combined with original company code) then the vendor is the one that validates/certifies that the test tools work completely, correctly and accurately.

"Can anyone provide input?" Yes, unless your policies/procedures prohibit it.

"....assume responsibility for the activity of proofing test software?" Whomever is assigned/designated to have not only responsibility, but also authority to approve the test software for use in testing/verification/validation of your software product.

Don't forget to include the test data that is to be used...it also needs to be approved for use - just include it in your test software certification/validation activities.

Nice to hear from someone that isn't taking the position that software test tools/data doesn't have to be certified/(calibrated).....

Good luck,
Arline

<< From: David Brown
An old subject brought to the surface again. As our company approaches
registration. I am wary of the software certification or validation
requirements. What or whom determines validation or certification of
testing software? The obligatory requirements that mediators battle over
seem far removed from the actual goal that hopefully will be achieved. Can
anyone provide input. On the what or the whom validates or certifies and
will assume responsibility for the activity of proofing testing software? >>