Standardisation Testing and Quality Certification

Standardisation Testing and Quality Certification (STQC) Directorate, established in 1980, is an authoritative body offering quality assurance services to IT and Electronics domains.

STQC delivers these services as a part of the Ministry of Electronics and Information Technology for the Government of India. The primary aim of STQC is to ensure the delivery of quality products and services adhering to international standards at competitive prices, thereby enabling processes within the IT and electronics industry to achieve competitiveness.

STQC has been serving its mission by delivering a spectrum of quality assurance services, including Testing, Calibration, certification Services and IT and e-governance Training, with accreditation or recognition from national/international bodies for testing & calibration standards. STQC is recognized as the Core Assurance Service Provider in the IT and Electronics sector in India and actively participates in national forums such as the Bureau of Indian Standards, Quality Council of India (QCI), National Accreditation Board for Testing and Calibration Laboratories (NABL), and other major industry associations.

STQC's Organizational Structure
Operating within the Government of India's Ministry of Electronics and Information Technology jurisdiction, STQC adheres to an organizational structure that optimizes its ability to fulfill its mission - delivering quality assurance services in the IT (Information Technology) and electronics sectors. The setup is hierarchical and cohesive, incorporating a range of laboratories, centres, and key functional units.

The STQC Organization Structure comprises five main units under which the STQC Directorate works. These units are:


 * 1) Hon’ble Minister (Electronics & IT)
 * 2) Hon’ble Minister of State (Electronics & IT)
 * 3) Secretary (MeitY)
 * 4) Addl Secretary (MeitY)
 * 5) Director General (STQC Directorate)

These are the core structures under these units:

MeitY: Ministry of Electronics and Information Technology
STQC is an attached office under MeitY, a crucial link between the government and quality assurance services in IT and Electronics.

STQC Directorate
At MeitY, STQC functions under the Directorate, forming strategic direction and policies for STQC. They help with e-governance-related activities alongside the National e-Governance Plan (NeGP) and ‘Centre for e-Governance’ (CEG) established by MeitY.

National-level Laboratories (NLL)

 * 1) Regional Laboratories: Four regional laboratories of STQC are strategically located across India, namely, ERTL (North) Delhi, ERTL (East) Kolkata, ERTL(South) Thiruvananthapuram, ERTL(West) Mumbai, to provide quality assurance services meeting the specific needs of respective regions.
 * 2) State-Level Laboratories: Ten state-level laboratories have been established by STQC at Bangalore, Chennai, Hyderabad, Pune, Goa, Jaipur, Mohali, Solan, Guwahati & Agartala to decentralize services/outreach.

High Precision Calibration Centres
STQC operates two calibration centres: one in Delhi and another in Bangalore. These facilities are for calibrating electronic and allied industries and electro-technical and non-electrical parameters.

Functional Units

 * 1) Testing and Calibration Services: STQC offers a range of testing and calibration services, including Electro Technical Calibration, Non-Electrical Calibration, High Precision Calibration, Onsite Calibration, and Medical Equipment Calibration.
 * 2) IT and e-Governance Services: STQC provides quality assurance services in IT and e-Governance, covering Software and System Testing, IT and e-Governance Training, Management System and Product Certification, and e-Governance Conformity Assessment.
 * 3) Certification Services: STQC extends Certification Services for both products and management systems, covering ISO/IEC 27001 Information Security Management System Certification, Product Safety Certification based on IEC Standards, ISO 9001 Quality Management System Certification, IECEE-CB Certification based on IEC Standards, Website Quality Certification, Common Criteria Certification, Smart Card Testing and Certification, Bio-metric Devices Testing and Certification, Software and System certification.

National Centre for e-Governance Standards and Technology
To maintain standards in e-governance projects and bring standardization practices in the IT/Software sector, STQC has established the National Centre for e-Governance Standardisation (NCeGSt). The centre has developed a Conformity Assessment Framework (CAF) for e-governance projects, ensuring adherence to the standardized practices leading to Quality Assurance of such Projects.

Accreditations and Recognitions
STQC laboratories and services possess national and international accreditations and recognitions. These include certifications from professional organizations like Raad Voor Accreditatie (RvA), IEC Conformity Assessment for Electro-technical Equipment and Components (IECEE), IEC Quality Assessment System for Electronic Components (IECQ), National Accreditation Board for Testing and Calibration Laboratories (NABL), and Quality Council of India (QCI). The two notable IT test laboratories in Bangalore and Kolkata have received accreditation from the American Association for Laboratory Accreditation (A2LA).

STQC Processes and Procedures
To enable quality assurance in Electronics and Information Technology (IT), Standardisation Testing and Quality Certification (STQC) operates a comprehensive range of processes and procedures. These procedures and processes are in line with the roles each centre is assigned to. This organization uses a nationwide network of laboratories and centres to offer a wide variety of services to public and private organizations within the Electronics and Information Technology (IT) space:

Electronics and Electrical Testing and Calibration
STQC provides calibration services, such as Electro Technical Calibration, Non-Electrical Calibration, High Precision Calibration, Onsite Calibration and Medical Equipment Calibration. Multiple STQC laboratories have obtained national and international accreditations and recognitions in the testing and calibration sector. STQC has set up specialized institutions like the Indian Institute of Quality Management (IIQM) for quality-related training programs and the Centre for Reliability (CFR) for reliability-related services.

IT & e-Governance Services (E-Governance Conformity Assessment)
STQC offers quality assurance services for the IT and e-governance sector, adhering to National and International standards. These services include Software and System Testing, IT and e-Governance Training, Management System and Product Certification (IT and e-Gov), and e-Governance Conformity Assessment.

STQC also maintains e-Governance standards and has set up the National Centre for e-Governance Standards and Technology. The Conformity Assessment Framework (CAF) for e-Governance projects has been developed and is operational, further reinforcing STQC's commitment to standardized practices in the IT and software sectors.

STQC offers a range of conformity assessment services that evaluate key quality attributes at different stages of IT projects. These evaluations cover functionality, performance, security, usability, maintainability and service quality. Conformity assessment activities occur at different phases or stages of IT projects, such as pilot, pre-go-live and post-go-live phases, within staging or production environments.

The conformity assessment services offered by STQC include:
 * 1) Architecture Review & Audit: This involves a detailed examination of the architecture of IT systems to ensure that they align with best practices and predefined standards.
 * 2) Software Application Testing:
 * 3) Functional Testing: Ensures that software applications meet specified functional requirements.
 * 4) Non-functional Testing: Includes performance, security, usability and other non-functional aspects assessments.
 * 5) Information Security Audit & Testing:
 * 6) Application Security: Evaluate the security features of applications.
 * 7) Vulnerability Assessment: Identifies and assesses vulnerabilities within systems.
 * 8) Penetration Testing: Simulates cyber-attacks to identify weaknesses in the security infrastructure.
 * 9) Documentation Review (Processes & Products): Evaluates policies, procedures and software documentation to ensure they align with quality standards.
 * 10) Process Audit: This process covers audits of design, development, operation and maintenance life cycle processes. It also includes audits of information security management processes and IT service management processes.
 * 11) IT & Non-IT Infrastructure Audit: The audit process covers audits of data centres, disaster recovery sites, gateways, networks, hardware and facilities (front office and back office).
 * 12) Service Quality (SLA Compliance):
 * 13) SLA Measurements: Involves measurement of service level agreement compliance.
 * 14) SLA Measurement System Audit: Audits the system used for measuring SLA compliance.

Comprehensive quality-related services
In addition to its primary functions of testing and calibration, the Standardization Testing and Quality Certification (STQC) organization runs specialized institutions to expand its comprehensive quality services. One such institution is the Indian Institute of Quality Management (IIQM). The IIQM is a dedicated body that provides training programs in the area of quality. This includes imparting knowledge and skills to individuals and professionals who want to excel in the field of quality management.

Another example is the Centre for Reliability (CFR), a specialized division within STQC that provides services specifically aimed at ensuring product, system or process reliability. The CFR provides focused solutions and support in the reliability space, thus contributing to the assurance of consistent and dependable performance across various contexts.

IT System & Product Certification
STQC is a provider of certification for IT products and management systems. It provides a list of certified products as well. Its certification services cover a wide range, including Management System Certification Schemes (such as ISO 9001 Quality Management System Certification, ISO 20000-1 for IT Service Management (ITSM), and ISO/IEC 27001 Information Security Management System Certification) and Product Certification Schemes (Product Safety Certification based on IEC Standards and IECEE-CB Certification based on IEC Standards).

In the field of IT and e-governance, STQC offers Website Quality Certification, Common Criteria Certification, Bio-metric device testing and Certification, Smart Card Testing and Certification, e-procurement System Certification (ePS), and Software and System Certification. STQC's certification/assurance services have gained international recognition with accreditation from professional bodies such as Raad Voor Accreditatie (RvA), IEC Conformity Assessment for Electro-technical Equipment and Components (IECEE), IEC Quality Assessment System for Electronic Components (IECQ), National Accreditation Board for Testing and Calibration Laboratories (NABL), Quality Council of India (QCI), etc.

STQC also has the Rules and Procedures for Biometric Device Certification (STQC/BDCS/D01) guidelines. The objective of this certification program is to enable user agencies to use dependable, safe and secure devices for offline authentication by making available quality-assured biometric devices (for authentication/enrolment) and QR code scanner devices. These certified devices are expected to comply with UIDAI specifications.

India, through STQC, is a signatory to the Common Criteria Recognition Arrangement (CCRA) with the Indian Common Criteria Certification Scheme (IC3S) for the evaluation and certification of IT products for security in accordance with CC standards, ver 3.1/ISO/IEC 15408 up to assurance level EAL4. This recognition allows certificates issued by STQC in India to be accepted in other member countries without the need for re-certification, thus solidifying STQC's role as the certification authority for DeITY/STQC in India.

The STQC's List of Appointments Rule
The document STQC/BDCS/D05, specifically known as the "List of Appointments," is part of the Standardisation Testing and Quality Certification (STQC) framework. This document identifies and describes the persons and other resources involved in the certification activities carried out by the Certification Body. The roles and responsibilities assigned to these persons are essential for effectively operating the certification process. The main positions and roles identified in the "List of Appointments" are:
 * 1) Members of the Advisory Board: These individuals provide expert advice and guidance based on their experience and knowledge.
 * 2) Members of Management Committee: These are individuals responsible for overseeing and managing the strategic aspects of the certification activities.
 * 3) Head, BDCS (Business Development and Customer Support): This leader manages and directs the Business Development and Customer Support unit within STQC.
 * 4) Members of the Certification Committee: These individuals are involved in the committee responsible for making decisions about the certification process.
 * 5) Management Representative: A designated representative communicates with top management and ensures the quality management system is effectively implemented.
 * 6) Certification Operations Personnel: Individuals directly involved in the day-to-day operations of the certification process.

The document titled "List of Appointments" serves as a reference to clarify the key individuals holding these positions. In addition, document STQC/BDCS/D06, "Responsibility Matrix," is referenced as a complementary document. This matrix outlines the responsibilities assigned to each individual listed in the "List of Appointments". It guides the roles and tasks each person is expected to perform within the broader context of certification activities.