can be better spent validating the test in the first place. It is important to note that a test which is valid for the testing of a particular software package may not be valid for another package which is similar. Some further validation may be necessary to confirm its suitability.
Caution needs to be exercised to ensure that a sufficient level of validation is performed commensurate with the level of remanent software risk which is acceptable to the client. Similarly, care is needed to ensure that the range and selection of data values used in test cases is sufficient to adequately test the software.
5.3 Control of records . (ISO/IEC 17025, clause 4.12) Record control is all about the collection, approval, change control, storing and archiving of records. Proper control of the following records is required to ensure that test results are reliable:
- the requirements specification for the software being tested,
- the agreed test plan,
- the test methods, test procedures, test cases developed to implement the test plan,
- records of validation of test cases,
- records of validation of test tools,
- records of hardware and software configurations (both software being tested and software on which it is running) including records of any changes,
- records of test personnel - who did the test - are they competent, qualified, authorized?
- test results—how did the system behave? Compliance outcomes and criteria.
- records of checking of results.
- test reports—interim, final. Records of checking of reports. Issuing authority. The need to control records is paramount. Inadequate record control prevents back-tracking
The need to control records is paramount. Inadequate record control prevents back-tracking and analysis. Inadequate records can lead to incorrect conclusions or confusion regarding what needs to be done or what was done. In the worst case scenario, proper records are needed as a defense in case of litigation.
5.4 Assuring the quality of test results . (ISO/IEC 17025, clause 5.9) Any process, once established, needs monitoring to ensure that it continues to deliver the expected outcomes and testing is no different. Even when a capable, validated, repeatable test method is applied, it is still possible for the results to be incorrect due to unpredictable changes in hardware or software or due to changes in environmental or human factors. Therefore it is considered necessary to implement a quality assurance regime whereby some form of check is made on an occasional basis to ensure that the testing process is continuing to produce expected results.
The level of checking can be dependent on the risk involved. Checks can include
- Repeat testing by another person
- Testing of a reference sample
- Testing by alternative means
An experienced tester will not assume that a test will continue to deliver the correct result and will take some action to monitor the ongoing validity of the test results.
6. How do we know that the testing meets ISO/IEC 17025?
ISO/IEC 17025 is used worldwide as the yardstick for independent, third party accreditation of testing laboratories operating in a wide range of technical disciplines. Such accreditation is accepted as prima facie evidence that the accredited laboratory has been assessed against the requirements of the standard by an independent third party laboratory accreditation body, such as NATA.
Accreditation is the outcome of a process of assessment of the operation of a test facility against the requirements of ISO/IEC 17025 by a laboratory accreditation body. The laboratory’s operation is assessed against both the management system aspects and the technical aspects of the standard. Upon successful completion the laboratory is issued with an accreditation certificate and is able to use this to:
- confirm to its management that