ISO 29119 one standard to rule them all?

There seems to be some noise of late around a new testing standard, which in the news it has the ability to create a structured, rigid framework similar to other processes to deliver testing outcomes.

ISO 29119 has the potential to not only increase the processing cost, but to also increase the maintenance costs and personnel cost as well if implemented this standard to produce endless streams of documentation. Standards can be used as guidelines, but from reading the early stages of some of the areas of the standard there are 4 layers of the processes some of which don’t relate to testing.

Shouldn’t we as testers be driven to finding the best possible outcomes to assist the ultimate goal of quality, time and money for our organisations and employer?

This new standard coupled with its rigid framework and methodologies, could prevent flexibility within the context of the environment it may be used. Which begs the question – Is the underlying need to implement it commercial in nature?

The general one size fits all approach to standards doesn’t work without revisiting the current standards affected, reviewing and the standards tabeled to effectively see where the standard could be applied. From my understanding the standards created some in the early stages of review prior to agreement in a standard may not have been tried and tested in the wild.

The standard appears to be targeted towards all shapes and sized organisations and a generic approach in nature to implement a framework to *enforce* a method of audit on testing why not software development?

But there is in one of the revisions to ISO 9000 there was the need for code to be “reviewed” and commented accordingly.

Ridiculous isn’t it so why impose yet another standard to audit on testing then? Let us then presume it is counterproductive when implemented for the wrong reasons?

James Christie [@james_christie] has spoken at CAST2014 on ISO29119 and standards in testing an interesting perspective on standards and the integrity around standards.

James has also contributed to some discussion in the form of posts on perspectives on his own blog:

Not all standards are bad for example PCI compliance standards and medical standards. These fit within the context of a number of domains for applying use and development of technologies within these domains, but they also ensure a level of regulation for safety and security requirements.

The PCI compliance standards’ goal, for example, is to ensure we can as consumers have a method of security and protection over these transactional payments so we aren’t exploited financially as a result.

The current standards are revised often and new standards are tabled and created as a result to cover, for example eCommerce platforms updated on Nov 2013. Recertification is the norm to ensure that the level of security standards for PCI-PA-DSS is adhered to and met for the payment application.

However, like ISO 29119 there is the potential for them to be applied in other contexts when generalised like ISO 9000 and ISO 9001 for signage examples are as follows:

(ISO 9000/9001)
Through over certification ISO 9000 and ISO 9001 have been both found to be accredited to food standards. Wait a minute, what on earth is going on?

The below ISO 9001 image personally made me laugh whilst I prepared a meal the other night and turned over the packet and noticed:


With regards to ISO 29119, ISST currently has a petition against the new standard ISO 29119 and it can be found here. In mentioning of the above standard. Other standards mentioned in software testing in parts are affected by ISO 29119.

Why are these standards being made redundant?

  • IEEE-829
  • IEEE-1008
  • BS 7925-1
  • BS 7925-2

Would ISO 29119 also then make ISO 9000 and ISO 9001 redundant?

In parts of both of these standards some of the above mentioned, implemented and supplemented with each. ISO 29119 has the potential to erode the current standards and certifications currently installed.

This may need re-certification after another review in 2015?

The impact of such a dynamic standard change world wide and locally if appearing overnight for the approved and completed standard would and may impact many industries inclusive of:

  • IT
  • Manufacturing
  • Robotics
  • Management Consulting

Which use ISO 9000, 9001 and IEEE standards mentioned quite extensively.

To take stock of recent events some of these industries still recovering from the mass outsourcing trend of the last 5 or more years, Would this be yet another setback to these industries let alone testing?

ISO 29119 ‘claims’ to be internationally recognised.

Ahem ….

it maybe:

  • in the context of a committee or group
  • by a representative per country in a working group

But what about the individuals to be audited against the standard. I must have missed the memo, the boat on that one. Honestly we need take a step back, take stock of such standard trying to push for a such a large regulated change into the market.

I think that such an Idea of a testing standard is novel in nature to have a testing standard one that encompasses what we do. A new standard if proposed should be context dependent and focus on cost reduction for testing to define quality as a goal to aspire to!

If such a standard existed many elements would need to be changed to enhance the methods of delivery.

  1. Remove the insistence of testing as a assurance of quality and the definitions associated.
  2. Remove the mindsets of testing as the gatekeepers of quality they assist in the outcome of quality.
  3. Remove the accountability of testing being a single point of accountability for a product or solution.
  4. Remove roadblocks to delivery for testing if a product is delivered to the desired outcome and context.

Yet, when it imposes the, how, what, where and when to perform testing without justification. How does this help in providing evidence in the testing performed?

Where the documentation is adequate and covers the context of what, how and what the testing approach is to be taken. This now changes so what? Do we as testers systematically update documents based on the ISO 29119 standard? Or define a one sized fits all approach to developing documentation?

I’ll leave you with this final thought, As a professional trying to do their job. Who likes to be wrapped over the knuckles ‘for just doing their job’. No One!



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s