- 27
- March
When choosing an ERP system, one thing many people overlook is the software development process of the vendor company. If a vendor lacks a well-defined process, even if the software looks great initially, problems will emerge when modifications, new features, or upgrades are needed. This article explains what ISO/IEC 29110 is, why it matters, and why Grand Linux Solution has maintained this certification continuously for over 10 years.
What Is ISO/IEC 29110?
ISO/IEC 29110 is an international standard developed by ISO/IEC for software development processes in Very Small Entities (VSE) — organizations with development teams of 25 people or fewer. This standard is designed to enable small organizations to have systematic, auditable, and quality development processes comparable to international standards — without the cost burden and complexity of larger frameworks like CMMI.
Grand Linux Solution and ISO 29110
- Certified ISO/IEC 29110 for over 10 years — continuously maintained without any gap
- Every development record has been systematically tracked for over 20 years — even before the certification was obtained
- For every customer, every feature, every bug fix — the full history is traceable: who requested it, when, why it was designed that way, when it was developed, tested, and deployed
Why Does ISO 29110 Matter for ERP Buyers?
Choosing an ERP system is not just choosing "software" — it means choosing a long-term partner who will maintain the core system of your organization for the next 10-20 years. If the development company lacks a standardized process, problems will arise when:
| Scenario | Company with ISO 29110 | Company without Standards |
|---|---|---|
| Customer requests feature modification | Can trace back why it was designed this way; fix accurately | Nobody remembers; must guess and reverse engineer |
| Bug found in the system | Can identify which change caused it; fix quickly | Must search from scratch; takes days or weeks |
| Developer leaves the company | New team reads documentation and understands immediately | Knowledge leaves with the person; must start over |
| System audit required | Complete audit trail available from day one | Must rush to create documentation retroactively (often incomplete) |
| System upgrade needed | Complete list of all customizations; nothing gets lost | Unknown what was customized; upgrade breaks things |
ISO/IEC 29110 Structure — 2 Core Processes
ISO 29110 divides software development into 2 core processes that work in parallel:
| Process | Full Name | Primary Function | Outputs |
|---|---|---|---|
| PM | Project Management | Plan, track, and control the project — define scope, timeline, resources, and risks | Project Plan, Progress Report, Change Request Log |
| SI | Software Implementation | Analyze requirements, design, develop, test, and deliver | Requirement Spec, Design Doc, Test Case, Deployment Record |
Together, these 2 processes ensure every step has accompanying documentation (Work Products) that can be audited — from the day a customer submits a requirement to the day the software is deployed to production.
ISO 29110 Profile Levels
ISO 29110 defines 4 levels (Profiles) of process maturity, allowing organizations to choose the appropriate level based on their size and project complexity:
| Profile | Objective | Best For |
|---|---|---|
| Entry | Establish basic processes | Startups, very small teams just beginning to organize |
| Basic | Complete PM + SI processes | Organizations with continuous software development (Grand Linux is certified at this level) |
| Intermediate | Manage multiple projects simultaneously | Organizations with multiple teams developing multiple products |
| Advanced | Full software business management | Larger software houses requiring portfolio management |
Think of ISO 29110 as a "Patient Medical Record"
The easiest way to understand ISO 29110 is to compare it with medical records at a hospital.
When you visit a good hospital, they have your complete history — past conditions, medications, allergies, surgeries. A new doctor can open your file and understand everything immediately without asking you to repeat your history.
ISO 29110 does the same thing for software — every development, every requirement, every change request, every bug fix has a complete record:
- Who requested it — which customer, which user reported it
- What was requested — detailed requirement / change request description
- Why it was designed this way — the reasoning behind design decisions
- When it was completed — actual timeline compared to the plan
- How it was tested — test cases and test results
- When it was deployed — deployment record with version number
If a software company does not have such a system, it is like a hospital without medical records — the doctor must guess every time, the patient must repeat their history every visit. And if the original doctor leaves? All knowledge is lost.
Grand Linux and ISO 29110 — Over 10 Years Certified, Over 20 Years of Records
Grand Linux Solution Co., Ltd. has held ISO/IEC 29110 certification from TÜV NORD for 4 consecutive certificates spanning from 2015 to 2027 (over 12 years), maintaining the standard continuously — every development project, every requirement, every change request has a complete, systematic history.
| # | Version | Period | Certifying Body |
|---|---|---|---|
| 1 | ISO/IEC 29110:2011 | 2015–2018 | TÜV NORD |
| 2 | ISO/IEC 29110-4-1:2018 | 2018–2021 | TÜV NORD |
| 3 | ISO/IEC 29110-4-1:2018 | 2021–2024 | TÜV NORD |
| 4 (Current) | ISO/IEC 29110-4-1:2018 | 2024–2027 | TÜV NORD |
But what is even more significant is that — even before obtaining the first certificate, Grand Linux was already tracking development data in this manner. In total, that represents over 20 years of continuous development records, without any gap or loss.
Long-standing customers such as the Office of the Permanent Secretary for MHESI managing budgets in the tens of billions of baht, the National Science Museum (NSM) managing budgets in the billions of baht, and Thailand Greenhouse Gas Management Organization (TGO) — all can trace the complete development history from day one to the present. Every requirement, every change request, nothing is ever lost.
Benefits for Customers — When Your ERP Vendor Has ISO 29110
| Customer Scenario | What You Get from an ISO 29110 Certified Vendor |
|---|---|
| Need to modify an existing feature | Full history of why it was designed this way, who requested it, when, and under what conditions — modifications are precise without breaking other parts |
| Bug found in the system | Can identify exactly which change request caused it — because every change has a complete record |
| Project delivery / acceptance required | Complete documentation available — Requirement Specification, Test Cases, Test Results, Deployment Records |
| Team changes / new team takes over | New team reads the history documentation and understands the full context immediately — no need to start from zero |
| Audit required | Complete audit trail from day one — no need to rush creating documentation retroactively |
| System upgrade to a new version | Complete list of all customizations — know exactly what was custom-built so nothing is lost or overlooked |
Warning: When an ERP vendor lacks process standards
Knowledge lives in people's heads, not in systems. When someone leaves, the knowledge leaves with them. Nobody knows why the code was written this way, why the workflow was designed this way, or what the customer originally requested. Everything becomes a "black box" that nobody dares to touch — because they fear that any change might break something.
ISO 29110 vs ISO 27001 — What Is the Difference?
Many people confuse ISO 29110 with ISO 27001. Both are ISO standards, but they focus on completely different areas:
| Topic | ISO/IEC 29110 | ISO/IEC 27001 |
|---|---|---|
| Focus | Software development processes | Information Security Management System (ISMS) |
| Key Question | "Is the software developed systematically?" | "Is information protected securely?" |
| Objective | Quality of the software production process | Information security risk management |
| Who Should Have It | Software development companies | Any organization managing sensitive data |
Organizations that are serious about quality should have both standards — ISO 29110 ensures the production process while ISO 27001 ensures data security. When combined with Thai government information security standards, customers can have even greater confidence in their ERP vendor.
Summary — Who Is ISO 29110 For?
| You Are... | Why ISO 29110 Matters to You |
|---|---|
| An executive selecting an ERP system | A critical criterion for vendor selection — if they lack ISO 29110, their development processes may not be systematic |
| A procurement officer | Can be included as a TOR requirement — specify ISO 29110 as a minimum vendor qualification |
| An IT team managing the system | Confidence that every upgrade or system migration will have complete documentation with nothing overlooked |
| A software development company | A standard designed specifically for VSEs — not too heavy but covers all critical points |
| Someone interested in ERP implementation | ISO 29110 ensures a systematic implementation process — with Plan, Tracking, Test, and Deploy at every stage |
We have tracked the history of every line of code for over 20 years. Every customer can verify their development history at any time. This is what ISO 29110 requires — and we were doing it even before we obtained the certification.
- Sureeraya Limpaibul, Managing Director, Grand Linux Solution Co., Ltd.
If you are looking for an ERP system developed with internationally standardized processes and backed by over 20 years of complete development history, you can schedule a demo or contact the Saeree ERP consulting team today.
