Qualifying Software Development Companies as Suppliers
Does anyone know of any industry standard or ISO standard that Software development companies can use to show evidence of proper quality controls of their processes? My company is using more software development third-party suppliers. And we have minimum requirements that our suppliers must meet, for instance, ISO 9001 or AS9100. But software development companies seem to be blissfully unaware of implementing any type of controls to ensure that their product outputs are good. Typical manufacturing or service providers may comply with ISO 9001 or AS9100. Is there an equivalent standard that is appropriate to software development companies?
8 Replies
Trish Borzon
1018 Posts
Hi Cynthia Aylen‍ - Thanks for posting! I'm tagging a few members who might be able to provide some insights Nicole Radziwill‍ , Nancy PasquanSamuel PrasadMurali Krishnan
Cynthia, Have you explored CMMI? https://cmmiinstitute.com/
Thank you, Tamela and Duke. I appreciate your support. I had heard of CMMI; I will explore it further. And now I have a cache of goodies to explore in ANSI. This is fabulous.
I would suggest ISO/IEC 25000, better known by SQuaRE (Software Product Quality Requirements and Evaluation). A supplier could even be ISO/IEC 25000 certified by demonstrating its commitment to quality
Hi Cynthia,

We write software requirements into our Quality Agreements. Typically, we refer to ISO 27001 Information Security Management. The first few elements are Context of the organization, Leadership, Planning, and Support very similar to ISO 9001. Element 8-10 are more focused on Information Security.
If anyone is interested in learning more about CMMI, in this context or others, our quality team has certified CMMI instructors and appraisers. I would be happy to discuss CMMI.
Perhaps look at ISO/IEC 9126. It may meet your needs.