Standardisation Testing and Quality Certification

Last updated

Standardisation Testing and Quality Certification
AbbreviationSTQC
Formation1980(44 years ago) (1980)
TypeDigital Information
Headquarters New Delhi
Location
  • Pan India
Region served
India
Official language
English and Hindi
Director General
Shri M. Vellaipandi [1]
Parent organisation
 Ministry of Electronics and Information Technology
Budget
1.2 billion (US$15 million) [2]
Website www.stqc.gov.in

Standardisation Testing and Quality Certification (STQC) Directorate, established in 1980, is an authoritative body offering quality assurance services to IT and Electronics domains. [3] [4] [5]

Contents

STQC delivers these services as a part of the Ministry of Electronics and Information Technology for the Government of India. The primary aim of STQC is to ensure the delivery of quality products and services adhering to international standards at competitive prices, thereby enabling processes within the IT and electronics industry to achieve competitiveness. [6]

STQC has been serving its mission by delivering a spectrum of quality assurance services, including Testing, Calibration, certification Services and IT and e-governance Training, with accreditation or recognition from national/international bodies for testing & calibration standards. STQC is recognized as the Core Assurance Service Provider in the IT and Electronics sector in India and actively participates in national forums such as the Bureau of Indian Standards, Quality Council of India (QCI), National Accreditation Board for Testing and Calibration Laboratories (NABL), and other major industry associations. [7]

STQC's Organizational Structure

Operating within the Government of India's Ministry of Electronics and Information Technology jurisdiction, STQC adheres to an organizational structure that optimizes its ability to fulfill its mission - delivering quality assurance services in the IT (Information Technology) and electronics sectors. The setup is hierarchical and cohesive, incorporating a range of laboratories, centres, and key functional units. [8]

The STQC Organization Structure comprises five main units under which the STQC Directorate works. [9] These units are:

  1. Hon’ble Minister (Electronics & IT)
  2. Hon’ble Minister of State (Electronics & IT)
  3. Secretary (MeitY)
  4. Addl Secretary (MeitY)
  5. Director General (STQC Directorate)

These are the core structures under these units:

MeitY: Ministry of Electronics and Information Technology

STQC is an attached office under MeitY, a crucial link between the government and quality assurance services in IT and Electronics.

STQC Directorate

At MeitY, STQC functions under the Directorate, forming strategic direction and policies for STQC. They help with e-governance-related activities alongside the National e-Governance Plan (NeGP) and ‘Centre for e-Governance’ (CEG) established by MeitY. [10]

National-level Laboratories (NLL)

  1. Regional Laboratories: Four regional laboratories of STQC are strategically located across India, namely, ERTL (North) Delhi, ERTL (East) Kolkata, ERTL(South) Thiruvananthapuram, ERTL(West) Mumbai, to provide quality assurance services meeting the specific needs of respective regions. [3]
  2. State-Level Laboratories: Ten state-level laboratories have been established by STQC at Bangalore, Chennai, Hyderabad, Pune, Goa, Jaipur, Mohali, Solan, Guwahati & Agartala to decentralize services/outreach. [3]

High Precision Calibration Centres

STQC operates two calibration centres – the high precision centres: one in Delhi and another in Bangalore. [3] These facilities boast cutting-edge technology for calibrating electronic and allied industries and electro-technical and non-electrical parameters.

Functional Units

  1. Testing and Calibration Services: STQC offers a range of testing and calibration services, including Electro Technical Calibration, Non-Electrical Calibration, High Precision Calibration, Onsite Calibration, and Medical Equipment Calibration. [11]
  2. IT and e-Governance Services: STQC provides quality assurance services in IT and e-Governance, covering Software and System Testing, IT and e-Governance Training, Management System and Product Certification, and e-Governance Conformity Assessment. [3] [11]
  3. Certification Services: STQC extends Certification Services for both products and management systems, covering ISO/IEC 27001 Information Security Management System Certification, Product Safety Certification based on IEC Standards, ISO 9001 Quality Management System Certification, IECEE-CB Certification based on IEC Standards, Website Quality Certification, Common Criteria Certification, Smart Card Testing and Certification, Bio-metric Devices Testing and Certification, Software and System certification. [3] [11]

National Centre for e-Governance Standards and Technology

To maintain standards in e-governance projects and bring standardization practices in the IT/Software sector, STQC has established the National Centre for e-Governance Standardisation (NCeGSt). The centre has developed a Conformity Assessment Framework (CAF) for e-governance projects, ensuring adherence to the standardized practices leading to Quality Assurance of such Projects. [3]

Accreditations and Recognitions

STQC laboratories and services possess national and international accreditations and recognitions. [12] These include certifications from professional organizations like Raad Voor Accreditatie (RvA), [13] IEC Conformity Assessment for Electro-technical Equipment and Components (IECEE), IEC Quality Assessment System for Electronic Components (IECQ), National Accreditation Board for Testing and Calibration Laboratories (NABL), and Quality Council of India (QCI). [12] The two notable IT test laboratories in Bangalore and Kolkata have received accreditation from the American Association for Laboratory Accreditation (A2LA). [3]

STQC Processes and Procedures

To enable quality assurance in Electronics and Information Technology (IT), Standardisation Testing and Quality Certification (STQC) operates a comprehensive range of processes and procedures. These procedures and processes are in line with the roles each centre is assigned to. [3] [8] [12] This organization uses a nationwide network of laboratories and centres to offer a wide variety of services to public and private organizations within the Electronics and Information Technology (IT) space:

Electronics and Electrical Testing and Calibration

STQC provides calibration services, such as Electro Technical Calibration, Non-Electrical Calibration, High Precision Calibration, Onsite Calibration and Medical Equipment Calibration. Multiple STQC laboratories have obtained national and international accreditations and recognitions in the testing and calibration sector. STQC has set up specialized institutions like the Indian Institute of Quality Management (IIQM) for quality-related training programs and the Centre for Reliability (CFR) for reliability-related services.

IT & e-Governance Services (E-Governance Conformity Assessment)

STQC offers quality assurance services for the IT and e-governance sector, adhering to National and International standards. [3] These services include Software and System Testing, IT and e-Governance Training, Management System and Product Certification (IT and e-Gov), and e-Governance Conformity Assessment.

STQC also maintains e-Governance standards and has set up the National Centre for e-Governance Standards and Technology. The Conformity Assessment Framework (CAF) for e-Governance projects has been developed and is operational, further reinforcing STQC's commitment to standardized practices in the IT and software sectors. [14]

STQC offers a range of conformity assessment services that evaluate key quality attributes at different stages of IT projects. These evaluations cover functionality, performance, security, usability, maintainability and service quality. Conformity assessment activities occur at different phases or stages of IT projects, such as pilot, pre-go-live and post-go-live phases, within staging or production environments.

The conformity assessment services offered by STQC include: [14]

  1. Architecture Review & Audit: This involves a detailed examination of the architecture of IT systems to ensure that they align with best practices and predefined standards.
  2. Software Application Testing:
    1. Functional Testing: Ensures that software applications meet specified functional requirements.
    2. Non-functional Testing: Includes performance, security, usability and other non-functional aspects assessments.
  3. Information Security Audit & Testing:
    1. Application Security: Evaluate the security features of applications.
    2. Vulnerability Assessment: Identifies and assesses vulnerabilities within systems.
    3. Penetration Testing: Simulates cyber-attacks to identify weaknesses in the security infrastructure.
  4. Documentation Review (Processes & Products): Evaluates policies, procedures and software documentation to ensure they align with quality standards.
  5. Process Audit: This process covers audits of design, development, operation and maintenance life cycle processes. It also includes audits of information security management processes and IT service management processes.
  6. IT & Non-IT Infrastructure Audit: The audit process covers audits of data centres, disaster recovery sites, gateways, networks, hardware and facilities (front office and back office).
  7. Service Quality (SLA Compliance):
    1. SLA Measurements: Involves measurement of service level agreement compliance.
    2. SLA Measurement System Audit: Audits the system used for measuring SLA compliance.

In addition to its primary functions of testing and calibration, the Standardization Testing and Quality Certification (STQC) organization runs specialized institutions to expand its comprehensive quality services. One such institution is the Indian Institute of Quality Management (IIQM). The IIQM is a dedicated body that provides training programs in the area of quality. This includes imparting knowledge and skills to individuals and professionals who want to excel in the field of quality management.

Another example is the Centre for Reliability (CFR), a specialized division within STQC that provides services specifically aimed at ensuring product, system or process reliability. The CFR provides focused solutions and support in the reliability space, thus contributing to the assurance of consistent and dependable performance across various contexts.

IT System & Product Certification

STQC is a provider of certification for IT products and management systems. It provides a list of certified products as well. [15] Its certification services cover a wide range, including Management System Certification Schemes (such as ISO 9001 Quality Management System Certification, ISO 20000-1 for IT Service Management (ITSM), and ISO/IEC 27001 Information Security Management System Certification) and Product Certification Schemes (Product Safety Certification based on IEC Standards and IECEE-CB Certification based on IEC Standards).

In the field of IT and e-governance, STQC offers Website Quality Certification, Common Criteria Certification, Bio-metric device testing and Certification, Smart Card Testing and Certification, e-procurement System Certification (ePS), and Software and System Certification. STQC's certification/assurance services have gained international recognition with accreditation from professional bodies such as Raad Voor Accreditatie (RvA), [13] IEC Conformity Assessment for Electro-technical Equipment and Components (IECEE), IEC Quality Assessment System for Electronic Components (IECQ), National Accreditation Board for Testing and Calibration Laboratories (NABL), Quality Council of India (QCI), etc. [3]

STQC also has the Rules and Procedures for Biometric Device Certification (STQC/BDCS/D01) guidelines. [16] [11] The objective of this certification program is to enable user agencies to use dependable, safe and secure devices for offline authentication by making available quality-assured biometric devices (for authentication/enrolment) and QR code scanner devices. These certified devices are expected to comply with UIDAI specifications. [16]

India, through STQC, is a signatory to the Common Criteria Recognition Arrangement (CCRA) with the Indian Common Criteria Certification Scheme (IC3S) for the evaluation and certification of IT products for security in accordance with CC standards, ver 3.1/ISO/IEC 15408 up to assurance level EAL4. [17] This recognition allows certificates issued by STQC in India to be accepted in other member countries without the need for re-certification, thus solidifying STQC's role as the certification authority for DeITY/STQC in India.

The STQC's List of Appointments Rule

The document STQC/BDCS/D05, specifically known as the "List of Appointments," is part of the Standardisation Testing and Quality Certification (STQC) framework. [18] This document identifies and describes the persons and other resources involved in the certification activities carried out by the Certification Body. The roles and responsibilities assigned to these persons are essential for effectively operating the certification process. The main positions and roles identified in the "List of Appointments" are:

  1. Members of the Advisory Board: These individuals provide expert advice and guidance based on their experience and knowledge.
  2. Members of Management Committee: These are individuals responsible for overseeing and managing the strategic aspects of the certification activities.
  3. Head, BDCS (Business Development and Customer Support): This leader manages and directs the Business Development and Customer Support unit within STQC.
  4. Members of the Certification Committee: These individuals are involved in the committee responsible for making decisions about the certification process.
  5. Management Representative: A designated representative communicates with top management and ensures the quality management system is effectively implemented.
  6. Certification Operations Personnel: Individuals directly involved in the day-to-day operations of the certification process.

The document titled "List of Appointments" serves as a reference to clarify the key individuals holding these positions. In addition, document STQC/BDCS/D06, "Responsibility Matrix," is referenced as a complementary document. [18] This matrix outlines the responsibilities assigned to each individual listed in the "List of Appointments". It guides the roles and tasks each person is expected to perform within the broader context of certification activities.

Related Research Articles

Conformance testing — an element of conformity assessment, and also known as compliance testing, or type testing — is testing or other activities that determine whether a process, product, or service complies with the requirements of a specification, technical standard, contract, or regulation. Testing is often either logical testing or physical testing. The test procedures may involve other criteria from mathematical testing or chemical testing. Beyond simple conformance, other requirements for efficiency, interoperability, or compliance may apply. Conformance testing may be undertaken by the producer of the product or service being assessed, by a user, or by an accredited independent organization, which can sometimes be the author of the standard being used. When testing is accompanied by certification, the products or services may then be advertised as being certified in compliance with the referred technical standard. Manufacturers and suppliers of products and services rely on such certification including listing on the certification body's website, to assure quality to the end user and that competing suppliers are on the same level.

The ISO 9000 family is a set of five quality management systems (QMS) standards by the International Organization for Standardization (ISO) that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. ISO 9002 is a model for quality assurance in production and installation. ISO 9003 for quality assurance in final inspection and test. ISO 9004 gives guidance on achieving sustained organizational success.

Accreditation is the independent, third-party evaluation of a conformity assessment body against recognised standards, conveying formal demonstration of its impartiality and competence to carry out specific conformity assessment tasks.

<span class="mw-page-title-main">Certification</span> Formal confirmation of certain characteristics of an object, person or organization

Certification is part of testing, inspection and certification and the provision by an independent body of written assurance that the product, service or system in question meets specific requirements. It is the formal attestation or confirmation of certain characteristics of an object, person, or organization. This confirmation is often, but not always, provided by some form of external review, education, assessment, or audit. Accreditation is a specific organization's process of certification. According to the U.S. National Council on Measurement in Education, a certification test is a credentialing test used to determine whether individuals are knowledgeable enough in a given occupational area to be labeled "competent to practice" in that area.

<span class="mw-page-title-main">Product certification</span> Performance and quality assurance

Product certification or product qualification is the process of certifying that a certain product has passed performance tests and quality assurance tests, and meets qualification criteria stipulated in contracts, regulations, or specifications.

ISO/IEC 17025General requirements for the competence of testing and calibration laboratories is the main standard used by testing and calibration laboratories. In most countries, ISO/IEC 17025 is the standard for which most labs must hold accreditation in order to be deemed technically competent. In many cases, suppliers and regulatory authorities will not accept test or calibration results from a lab that is not accredited. Originally known as ISO/IEC Guide 25, ISO/IEC 17025 was initially issued by ISO/IEC in 1999. There are many commonalities with the ISO 9000 standard, but ISO/IEC 17025 is more specific in requirements for competence and applies directly to those organizations that produce testing and calibration results and is based on more technical principles. Laboratories use ISO/IEC 17025 to implement a quality system aimed at improving their ability to consistently produce valid results. Material in the standard also forms the basis for accreditation from an accreditation body.

The Standards Council of Canada (SCC) / Conseil canadien des normes (CCN) is a Canadian organization with the mandate to promote voluntary standardization in Canada. The SCC is responsible for:

An environmental audit is a type of evaluation intended to identify environmental compliance and management system implementation gaps, along with related corrective actions. In this way they perform an analogous (similar) function to financial audits. There are generally two different types of environmental audits: compliance audits and management systems audits. Compliance audits tend to be the primary type in the US or within US-based multinationals.

The South African National Accreditation System (SANAS) is the official accreditation body for South Africa. Founded in 1996, SANAS is headquartered in Pretoria, South Africa. SANAS accreditation certificates are a formal recognition by the Government of South Africa that an organisation is competent to perform specific tasks.

<span class="mw-page-title-main">Bureau of Indian Standards</span> Indian organization for developing standards

The Bureau of Indian Standards (BIS) is the National Standards Body of India under Department of Consumer affairs, Ministry of Consumer Affairs, Food & Public Distribution, Government of India. It is established by the Bureau of Indian Standards Act, 2016 which came into effect on 12 October 2017. The Minister in charge of the Ministry or Department having administrative control of the BIS is the ex-officio President of the BIS. BIS has 500 plus scientific officers working as Certification Officers, Member secretaries of technical committees and lab OIC's.

<span class="mw-page-title-main">British Approvals Service for Cables</span>

British Approvals Service for Cables is an independent accredited certification body headquartered in Milton Keynes, United Kingdom. Here, the organization's dedicated testing laboratory also operates which is believed to be the largest of its type in Europe. BASEC was established in 1971 and principally provides product certification services for all types of cable and wire, ancillary products and management systems within the cable industry. The organization maintains operations throughout the world including Africa, Middle East, America, Asia and Europe.

The United Kingdom Accreditation Service (UKAS) is the sole national accreditation body recognised by the British government to assess the competence of organisations that provide certification, testing, inspection and calibration services. It evaluates these conformity assessment bodies and then accredits them where they are found to meet relevant internationally specified standards.

<span class="mw-page-title-main">National Accreditation Board for Testing and Calibration Laboratories</span>

National Accreditation Board for Testing and Calibration Laboratories (NABL) provides accreditation to Conformity Assessment Bodies (Laboratories) in India. NABL Schemes include Accreditation (Recognition) of Technical competence of testing, calibration, medical testing laboratories, Proficiency testing providers (PTP) & Reference Material Producers (RMP) for a specific scope following ISO/IEC 17025, ISO 15189, ISO/IEC 17043 & ISO 17034:2016 Standards. It has Mutual Recognition Arrangement (MRA) with Asia Pacific Accreditation Cooperation (APAC), International Laboratory Accreditation Cooperation (ILAC).

IEC 62443 is an international series of standards that address cybersecurity for operational technology in automation and control systems. The standard is divided into different sections and describes both technical and process-related aspects of automation and control systems cybersecurity.

<span class="mw-page-title-main">Korea Testing & Research Institute</span>

The Korea Testing & Research Institute, abbreviated as KTR, is a testing and certification institute in South Korea which performs integrate testing, certification, and technical consulting for all fields of the industry.

ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.

eCOGRA is a London-based testing agency and standards organisation in the realm of online gambling. The company was established in 2003 in the United Kingdom at the behest of the online gaming industry as the first industry self-regulation system. eCOGRA is a testing laboratory, inspection body, and certification body, specializing in the certification of online gaming software and the audit of Information Security Management Systems.

The testing, inspection and certification (TIC) sector consists of conformity assessment bodies who provide services ranging from auditing and inspection, to testing, verification, quality assurance and certification. The sector consists of both in-house and outsourced services.

References

  1. "STQC Directorate". Ministry of Electronics and Information Technology. Ministry of Electronics and Information Technology. Retrieved 7 October 2023.
  2. Government (2019), p. 324.
  3. 1 2 3 4 5 6 7 8 9 10 11 "Standardization Testing and Quality Certification (STQC)". India Standards Portal. Retrieved 6 October 2023.
  4. "Standardisation Testing and Quality Certification (STQC) Directorate". STQC. LinkedIn. Retrieved 7 October 2023.[ better source needed ]
  5. "STQC". STQC. Twitter. Retrieved 7 October 2023.
  6. "Standardisation Testing and Quality Certification (STQC)". Department of Justice. Ministry of Law and Justice. Retrieved 6 October 2023.
  7. "Standardisation Testing and Quality Certification (STQC), New Delhi". The India Science, Technology and Innovation. The India Science, Technology and Innovation.
  8. 1 2 "ABOUT STQC". STQC. STQC. Retrieved 6 October 2023.
  9. "STQC Organization Structure". e-Governance Standards & Guidelines. e-Governance Standards & Guidelines. Retrieved 6 October 2023.
  10. "Centre For e-Governance". Ministry of Electronics & Information Technology. Ministry of Electronics & Information Technology. Retrieved 6 October 2023.
  11. 1 2 3 4 "COMMON CRITERIA CERTIFICATION". STQC Directorate. STQC Directorat. Retrieved 6 October 2023.
  12. 1 2 3 "STQC ACCREDITATIONS". STQC Directorate. STQC Directorate. Retrieved 6 October 2023.
  13. 1 2 "Raad voor Accreditatie". RvA. Retrieved 7 October 2023.
  14. 1 2 "Procedure for Assessment of System and Software" (PDF). STQC: 1–13. 1 May 2014. Retrieved 7 October 2023.
  15. "List of all IT & eGovernance Certified Products and Service in below Category-wise:". STQC. STQC. Retrieved 7 October 2023.
  16. 1 2 "Rules and Procedures for Biometric Device Certification" (PDF). STQC (01): 1–26. 4 January 2021. Retrieved 7 October 2023.
  17. "Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 3: Security assurance components". ISO (the International Organization for Standardization). ISO. Retrieved 7 October 2023.
  18. 1 2 "IT & E-GOVERNANCE". STQC. STQC. Retrieved 7 October 2023.

Sources

Ministry of Electronics & Information Technology — Annual Report 2018–19 (PDF) (Report). Government of India. 2019. Archived (PDF) from the original on 5 November 2019. Retrieved 6 November 2019.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.