The software product quality evaluation and certification process conforming to ISO/IEC 25000 consists of the following six steps:
- The process begins when the organization interested in software product quality requests an assessment to an accredited laboratory, such as AQC Lab. To do so, they must fill out a form indicating which software product characteristics they want to evaluate. This form is analyzed by the laboratory to issue an evaluation contract specifying the service conditions. Once this contract is accepted, the organization provides the software product to be evaluated to the laboratory. From here, the laboratory conducts the evaluation using a framework (model, process and tools) based on ISO/IEC 25000 and accredited by ENAC. This process usually has an estimated duration of 2-3 weeks, depending on the characteristics of the product under evaluation.
- The result of the previous step is an evaluation report describing the results, which is given to the applicant organization. In this step, it may happen that the quality level of the evaluated software product is not good enough, in which case the applicant organization, supported by the expert consultants shown in the ecosystem, should refactor the product to improve the quality level. In this case, the time this step can take depends on the number of defects to be solved and the amount of resources the organization can spend for that purpose. Once the product is refactored, the organization must repeat the first step of the process to obtain a favorable evaluation report.
- One the software product has reached an adequate quality level in an evaluation, the organization may contact a certification body such as AENOR to request a product certification, indicating the reference to the prior evaluation carried out by an accredited laboratory.
- The certification body will contact the laboratory to request the results of the evaluation whose reference was indicated by the applicant organization. Thus, the certification body will confirm the accuracy of the evaluation and the results indicated by the applicant organization.
- The laboratory will review the evaluation records and provide the requested information to the certification body.
- Finally, the certification body will analyze the evaluation report provided by the laboratory and, following their internal audit regulations for software product certification, will visit the applicant organization to inspect the product and its characteristics. As a result of this certification audit process, the certification body will issue a report and provide the organization with a certificate recognizing the quality of the evaluated software product. This report identifies, among others, the applicant organization, the certified product and its particular version, the quality characteristics evaluated, and the evaluation report which supports the certificate and was issued by and accredited laboratory.
Thanks to the ecosystem and this process of evaluation and certification, there are several companies that have submitted their products for evaluation, some of which have also worked on improvement refactoring and have subsequently achieved a certificate for their product.