Quality and conformance

Quality management establishes within an organisation a culture of quality and a system of processes and working practices to deliver the organisation's quality objectives. This involves the application of techniques for the monitoring and improvement of the quality of any aspect of a function, processes, products, services or data. The achievement of, and maintenance of compliance to, national and international standards, as appropriate, and to internal policies, including those relating to quality, service, sustainability and security.

The process of ensuring, through independent assessment and review, that appropriate working practices, quality control activities, organisational processes and quality standards are in place and adhered to and that best practices are promoted throughout the organisation. Quality assurance provides confidence to internal management and external bodies, such as customers or regulators, that quality requirements will be fulfilled. Quality assurance may relate to any area where quality standards are applied, including products, data, services and business processes.

The development and operation of a measurement capability to support agreed organisational information needs. The planning, implementation, and control of activities to measure attributes of processes, products, and services in order to assess performance, progress, and provide indications and insights to actual or potential problems, issues, and risks. The identification of requirements, selecting measures and measurement scales, establishing data collection and analysis methods, setting target values and thresholds. Measurement can be applied to organizations, projects, processes, and work products.

The independent assessment of the conformity of any activity, process, deliverable, product or service to the criteria of specified standards, best practice, or other documented requirements. May relate to, for example, asset management, network security tools, firewalls and internet security, sustainability, real-time systems, application design and specific certifications.

The assessment of safety-related software systems to determine compliance with standards and required levels of safety integrity. This involves making professional judgements on software engineering approaches, including the suitability of design, testing, and validation and verification methods, as well as the identification and evaluation of risks and the means by which they can be reduced. The establishment, maintenance and management of an assessment framework and practices.

The collection, processing, preserving, analysis, and presentation of forensic evidence based on the totality of findings including computer-related evidence in support of security vulnerability mitigation and/or criminal, fraud, counterintelligence, or law enforcement investigations.