References and Regulations
This appendix compiles the technical standards, certification-related literature, and relevant regulations referenced in the preparation of the TQS specification. Official document links are provided for each item.
35.2.1. Technical Standard References
The following documents were referenced in defining the technical standards of the TQS specification.
| Document | Link |
|---|---|
| Google Java Style Guide | https://google.github.io/styleguide/javaguide.html |
| Spring Boot Reference | https://docs.spring.io/spring-boot/reference/ |
| Vue.js Style Guide | https://vuejs.org/style-guide/ |
| Conventional Commits | https://www.conventionalcommits.org/ |
| Semantic Versioning | https://semver.org/ |
| OWASP Top 10 | https://owasp.org/www-project-top-ten/ |
| RFC 2119 | https://www.rfc-editor.org/rfc/rfc2119 |
| jOOQ Documentation | https://www.jooq.org/doc/latest/manual/ |
| Flyway Documentation | https://documentation.red-gate.com/fd |
| PostgreSQL Documentation | https://www.postgresql.org/docs/ |
| Testcontainers | https://testcontainers.com/ |
| Tailwind CSS | https://tailwindcss.com/docs |
| Vitest | https://vitest.dev/ |
| Pinia | https://pinia.vuejs.org/ |
| Vue Router | https://router.vuejs.org/ |
| Axios | https://axios-http.com/ |
| vue-i18n | https://vue-i18n.intlify.dev/ |
| Playwright | https://playwright.dev/ |
| WCAG 2.1 | https://www.w3.org/TR/WCAG21/ |
35.2.2. Certification-Related References
The following documents were referenced in designing the TQS certification system and comparing it with external certifications.
| Document | Link |
|---|---|
| ISO/IEC 27001:2022 | https://www.iso.org/standard/27001 |
| ISO 9001:2015 | https://www.iso.org/standard/62085.html |
| CMMI Institute | https://cmmiinstitute.com/ |
| AICPA SOC 2 | https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/sorhome |
| KISA ISMS-P | https://isms.kisa.or.kr/ |
| OWASP Dependency-Check | https://owasp.org/www-project-dependency-check/ |
| JaCoCo | https://www.jacoco.org/jacoco/ |
| Google Java Format | https://github.com/google/google-java-format |
| CircleCI Documentation | https://circleci.com/docs/ |
| Lighthouse | https://developer.chrome.com/docs/lighthouse/ |
35.2.3. Relevant Regulations
The following are domestic (South Korean) regulations related to the security and infrastructure standards of the TQS specification. The relevant provisions and their relationship to TQS are summarized for each regulation.
| Regulation | Relevant Provisions | TQS Relationship |
|---|---|---|
| Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. | Article 47 (Certification of Information Protection Management System) | ISMS-P mandatory certification, referenced in TQS security standards |
| Personal Information Protection Act | Article 29 (Obligation for Safety Measures) | Linked to TQS security checklist items such as encryption and access control |
| Electronic Government Act | Article 45 (Safety Verification of Information Systems) | Referenced for public institution information system security standards |
| Act on the Development of Cloud Computing and Protection of Its Users | Article 23 (Improvement of Reliability) | Referenced for TQS-Infra cloud environment standards |
35.2.3.1. Regulation Application Notice
TQS is a proprietary internal certification standard and is therefore not a direct subject of the above regulations. However, the security standards in the TQS specification have been designed to reflect the technical requirements of these regulations.
If a project that has obtained TQS certification is subject to the above regulations, compliance with TQS checklist security items supports the technical implementation of the legal requirements. However, since TQS certification does not replace statutory certifications, the relevant statutory certifications must be obtained separately when legally required.
35.2.4. Literature Management Principles
The references and regulations list is managed according to the following principles.
- Link validity verification: The validity of all reference document links must be verified during specification revisions. Links must be updated immediately when they change.
- Version specification: Documents that depend on a specific version must specify that version. Documents without a specified version are assumed to reference the latest version.
- Regulation revision tracking: When relevant regulations are revised, the related items in the TQS specification must also be reviewed and updated as necessary.
- Addition requests: Requests to add new references or relevant regulations must be submitted to the TQS Committee for review before inclusion.