ISO international software systems Standards updates from New Zealand IT stakeholders

Issue 29 – July 2011

SC 7 creates a wide range of Standards, including Standards for international governance, service management, and testing, which are of particular relevance to New Zealand. SC 7, 'Software systems and engineering', is Subcommittee 7 of the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) Joint Technical Committee (JTC) 1, 'Information technology'.

New Zealand participates on SC 7 via an international review group comprised of New Zealand information technology (IT) stakeholders from government and industry. These stakeholders are involved in a number of Working Groups (WG) within SC 7, including WG 40, 'IT Governance frameworks', WG 26, 'Software testing', and WG 25 'IT service management'. In May 2011, several New Zealand IT stakeholders went to Paris to attend an SC 7 meeting on software systems and engineering Standards. Updates from some of these stakeholders are included below.

Head of the New Zealand delegation to SC 7 – Alison Holt

Holt is also Convener of WG 40, with Co Convener Myles Ward from the Inland Revenue Department. 'A key question managers are asking now is 'should we use the cloud?',' says Holt. 'At the Plenary meeting we agreed that later this year WG 40 will publish the output of a 2-year Study Group on Cloud Computing as an ISO/IEC 'Technical Report on cloud governance'. This will be a very useful document, which will help to answer questions that boards and senior executives are asking on the safety of putting their IT services in the cloud, and how risks can be mitigated.'

Oliver Bell – Director of Standards (Southeast Asia, Australia, and New Zealand), Microsoft

Bell has been involved in SC 7 for 2 years and says, 'SC 7's work on governance of IT technology at board level helps the world to understand why governance is important and helps to define what IT governance is.

'Being involved in SC 7 helps me in two ways. One, to work out what matters in the New Zealand environment, and two, to take this information to Microsoft Corporation so they recognise what's going on in New Zealand when designing products.

'Standards work is a discreet way to get a picture of the global IT requirements. SC 7 is a large international working group, which provides a great opportunity to understand what's happening in all sorts of areas in software and systems engineering, and a fantastic networking opportunity.'

At the Plenary, Bell presented on 'interoperability' and the 'consumerisation of IT'. 'People now bring technology to work and expect it to work – they are making choices for themselves – rather than the CIO outlining what can be used in an organisation,' says Bell. 'At the Plenary we agreed to form a Study Group to look at the Governance of Consumer IT in Business Domains, to tackle this new challenge. We'll look at how to provide better governance guidance in this environment where consumers are making the choices.'

Bell is the Chair of the study group, which includes representatives from The Netherlands, South Africa, India, Japan, South Korea, Australia, and the UK. The study group will have its first formal meeting in London in September 2011.

Dr Brian Cusack – Director, AUT University Digital Forensic Research Laboratories

'AUT sponsors my involvement in SC 7, which means that I can keep them up to date on Standards development and they can ensure teaching materials reflect current trends, and that IT developers in training are exposed to industry best practice and the concepts of standardisation,' says Cusack. 'I'm a member of WG 40 and WG 6 'Corporate governance of IT', Project editor of the 'Governance of digital forensic risk' Standard, and I participate in four new work items (NWIs). There's a sense of contributing to a greater good by participating in Standards development. The potential to achieve harmonisation, better industry communication, and optimised economic performance through standardisation are key drivers.'

At the Plenary meeting, Cusack presented a NWI update on 'Governance guidelines for digital forensics'. Digital forensics preparedness helps directors of enterprises to assure the enterprise from the certainty of legal risk. The proposed Standard provides five strategic portfolios for directors to assure readiness and a four step framework of 'Establish, monitor, evaluate, and direct'. 'The NWI relates to governance level standardisation so that directors of enterprises can assure the forensic risk against a set of principles, an implementation framework, and a set of five strategies,' says Cusack. 'Digital forensics may be implemented in any organisation for best practice at board level.

'At the Plenary we agreed to send the NWI for ballot, to invite a co-editor from SC 27 'IT security techniques', and to continue work on the 'Governance guidelines for digital forensics'. WG 40 is making good progress on a range of governance related work items.'

Steve Willsher, Business Development Manager, Qual IT Solutions Limited

Willsher became involved in SC 7 through Matt Mansell at the Department of Internal Affairs. 'Qual IT is a software testing services company and we have a made a considerable investment in being involved in SC 7 – it's a good way to give something back to the testing community,' says Willsher. 'I'm an engineer and I really believe in Standards for engineering. In my previous work I saw the value of quality management Standards and I can see parallels between quality management Standards and software testing Standards.'

At the Plenary meeting, the WG 26 meeting was attended by about 25 people representing Brazil, UK, New Zealand, France, Germany, Malaysia, Canada, America, India, China, Japan, South Korea, Sweden, Finland, Denmark, and Australia. Attendees reviewed comments on the draft international Standard ISO 29119 Software and systems engineering – Software testing – Part 1, 2, 3, and 4, and reached consensus on updates to the Standard. Mansell is one of the official editors of ISO 29119 and Willsher is providing editing support and managing the vocabulary section of the new Standard.

'The development of a core Standard for software testing will have a positive effect on IT in New Zealand and in government in particular,' says Willsher. 'The International Software Testing Qualifications Board (ISTQB) has helped raise tester professionalism in the industry and in New Zealand; however this is a syllabus and not a Standard. The IEEE and British Standards are too narrow in their focus and industry models such as test process improvement have not been widely adopted in New Zealand. This leaves a gap for overarching frameworks like ISO 29119. The development of ISO 29119 will help to standardise the quality of testing services provided by vendors in New Zealand.'

Willsher was also asked to join an 'application management' study group, which was initiated at the Plenary meeting.

Read about how participation by New Zealand IT stakeholders in ISO international software systems Standards is critical for government and industry.

For more information about SC 7 please email isoadmin@standards.co.nz.

Related Standards

Related Touchstone articles

Published in business and ICT.