Compiled by: Ali Azarkar (Padidpardaz Engineering Company)

Transcription

1 SOFTWARE AND SYSTEMS ENGINEERING STANDARDS A COMPACT LIST Compiled by: Ali Azarkar (Padidpardaz Engineering Company) Release: 1.1, June 2009

2 We shall not cease from exploration, And the end of all our exploring, Will be to arrived where we started, And know the place for the first time. T. S. Eliot, Little Gidding, Four Quartets

3 Table of Content 1. Introduction...1 ISO/IEC Standards (JTC1/SC7) ISO 5807: ISO/IEC : ISO/IEC TR : ISO/IEC TR : ISO/IEC TR : ISO/IEC TR 9294: ISO/IEC 25051: ISO/IEC 12207: ISO/IEC 14102: ISO/IEC : ISO/IEC : ISO/IEC TR : ISO/IEC TR : ISO/IEC TR : ISO/IEC : ISO/IEC TR 14471: ISO/IEC : ISO/IEC : ISO/IEC : ISO/IEC : ISO/IEC : ISO/IEC : ISO/IEC 14764: ISO/IEC TR 9294: ISO 9127: ISO/IEC TR 12182: ISO/IEC 12207: ISO/IEC 15026: ISO/IEC DTR Page i Release: 1.1

4 31. ISO/IEC CD ISO/IEC TR 15271: ISO/IEC 15288: ISO/IEC 15289: ISO/IEC : ISO/IEC : ISO/IEC : ISO/IEC : ISO/IEC : ISO/IEC TR : ISO/IEC TR : ISO/IEC NP TR ISO/IEC CD TR ISO/IEC 15910: ISO/IEC 15939: ISO/IEC 15940: ISO/IEC 16085: ISO/IEC TR 16326: ISO/IEC TR FDIS ISO/IEC DTR ISO/IEC 19501: ISO/IEC TR 19759: ISO/IEC TR 19760: ISO/IEC : ISO/IEC FCD ISO/IEC NP ISO/IEC DTR ISO/IEC FDIS ISO/IEC DTR ISO/IEC 24773: ISO/IEC TR 24774: ISO/IEC CD TR Page ii Release: 1.1

5 63. ISO/IEC 25000: ISO/IEC 25001: ISO/IEC CD ISO/IEC 25012: ISO/IEC 25020: ISO/IEC TR 25021: ISO/IEC 25030: ISO/IEC CD ISO/IEC FCD ISO/IEC 25051: ISO/IEC CD ISO/IEC 25062: ISO/IEC CD ISO/IEC WD ISO/IEC CD ISO/IEC FCD ISO/IEC 26514: ISO/IEC 26702: ISO/IEC CD ISO/IEC AWI ISO/IEC NP ISO/IEC NP ISO/IEC NP ISO/IEC NP ISO/IEC 42010: ISO/IEC CD ISO/IEC NP ISO/IEC 90003: ISO/IEC TR 90005: ISO/IEC NP ISO/IEC 24744: IEEE Standards Page iii Release: 1.1

6 94. IEEE Std IEEE Std IEEE std IEEE Std IEEE Std IEEE Std. P IEEE Std IEEE Std. P IEEE Std IEEE Std IEEE Std IEEE Std IEEE Std. P IEEE Std IEEE Std IEEE Std IEEE Std IEEE Std.: 1058a IEEE Std IEEE Std. P IEEE Std. 1062a IEEE Std IEEE Std IEEE Std IEEE Std IEEE Std IEEE Std IEEE Std. P IEEE Std IEEE Std IEEE Std IEEE Std Page iv Release: 1.1

7 126. IEEE Std. 1233a IEEE Std IEEE Std IEEE Std IEEE Std IEEE Std IEEE Std IEEE Std. P IEEE Std IEEE Std. P IEEE Std. P IEEE Std IEEE Std. P IEEE Std IEEE Std IEEE Std IEEE Std IEEE Std IEEE Std. P IEEE Std IEEE Std IEEE Std. P IEEE Std IEEE Std IEEE Std. P IEEE Std. P IEEE Std. P IEEE Std. P IEEE Std. P IEEE Std. P IEEE Std IEEE Std. ISO/IEC 23026:2006(E) Page v Release: 1.1

8 158. IEEE Std. P IEEE Std. P IEEE Std ISO/IEC 42010:2007(E) Military Standards MIL-STD MIL-STD-961E MIL-STD-962D(1) DOD M MIL-STD DOD-STD-1679A DI-MCCR DI-MCCR-80491A DI-MCCR DI-MCCR DI-IPSC DI-NUOR DI-IPSC-81427A DI-IPSC-81428A DI-IPSC-81429A DI-IPSC-81433A DI-IPSC-81435A DI-IPSC-81438A DI-IPSC-81439A DI-IPSC-81440A DI-IPSC-81441A DI-IPSC-81442A DI-IPSC-81443A DI-IPSC-81444A DI-IPSC-81445A DI-IPSC DI-IPSC Page vi Release: 1.1

9 189. DI-TMSS DI-MGMT DI-MGMT DI-IPSC MIL-HDBK-348(1) NOT MIL-HDBK-1467 NOT AQAP-150 ED AQAP-160 ED ITOP ITOP QAP-268 ED ISO British Standard Institute BS 4058: BS : BS 7649: BS 7830: BS : BS IEC : BS IEC 61713: BS ISO/IEC 12207: BS ISO/IEC : BS ISO/IEC : BS ISO/IEC : BS ISO/IEC : BS ISO/IEC : BS ISO/IEC : BS ISO/IEC : BS ISO/IEC : BS ISO/IEC 14764: BS ISO/IEC 15026: BS ISO/IEC 15288: Page vii Release: 1.1

10 220. BS ISO/IEC 15289: BS ISO/IEC : BS ISO/IEC : BS ISO/IEC : BS ISO/IEC : BS ISO/IEC : BS ISO/IEC 15910: BS ISO/IEC 15939: BS ISO/IEC 16085: BS ISO/IEC 16326: BS ISO/IEC : BS ISO/IEC 24744: BS ISO/IEC 24773: BS ISO/IEC 25000: BS ISO/IEC 25001: BS ISO/IEC 25012: BS ISO/IEC 25020: BS ISO/IEC 25030: BS ISO/IEC 25051: BS ISO/IEC 25062: BS ISO/IEC 26514: BS ISO/IEC 26702: BS ISO/IEC 42010: BS ISO/IEC 90003: BS ISO/IEC : BS ISO/IEC ISP : BS ISO/IEC TR 12182: BS ISO/IEC TR : BS ISO/IEC TR 14759: BS ISO/IEC TR 15271: BS ISO/IEC TR 15846: PD ISO/IEC TR : Page viii Release: 1.1

11 252. PD ISO/IEC TR : PD ISO/IEC TR 14471: PD ISO/IEC TR : PD ISO/IEC TR : PD ISO/IEC TR 19760: PD ISO/IEC TR 19760: PD ISO/IEC TR 24774: PD ISO/IEC TR 25021: PD ISO/IEC TR 90005: PD ISO/IEC TR : PD ISO/IEC TR : PD ISO/IEC TR : PD ISO/IEC TR 9294: ANSI Standards British Computer Society ISIRI ISIRI - ISO ISIRI-ISO ISIRI ISIRI ISIRI ISIRI ISIRI ISIRI ISIRI ISIRI ISIRI ISIRI ISIRI ISIRI ISIRI ISIRI Page ix Release: 1.1

12 281. ISIRI ISIRI ISIRI ISIRI Page x Release: 1.1

13 1. Introduction This collection can be considered as a compact list of standards developed for software and system engineering Scope It covers most of important and relevant standards, developed and/or raised by major authorities in this context. To define its scope, some points should be cleared first: Major and more important standards (in order to be used and adopted somehow for domestic purposes) are listed. Information about standards are extracted from web sites of their corresponding formal authorities. With some exceptions, sithdrawn and superseded standards are not listed at all. More updated revisions are listed instead. This list is not complete; both in terms of covering all relevant standards and covering all types of standards (active, superseded, withdrawn, archive, and so on). More other resources, in addition to formal web sites, are given at the end of this Chapter Purpose The purpose of this document are: Providing a short list as well as introduction to important software and system engineering standards Enumerating relevant standards in the field 1-3. Document Structure The document is structured into Parts, Chapters and Sections. Each part lists standards proposed by a specific standardization body (e.g., ISO and IEEE). Each Chapter then Page 1 of 343 Release: 1.1

14 describes an individual standard. Sections gives more detailed information about each specific standard Document History Release 1.0: First draft of the document. (April 2009) Release 1.1: Document revised and updated. ISIRI standards added. References updated. Defense standards completed. (June 2009) 1-5. Copyright Notices This document is free to use and distribute. All comments regarding its enrichment and improvement are highly welcome and appreciated Resources & References [1] International Standard Organization: [2] International Standard Organization Online Pages for Standards: [3] International Standard Organization SC7 (JTC1/SC7): [4] Institute of Electrical and Electronics Engineers (IEEE), Computer Society: [5] Institute of Electrical and Electronics Engineers (IEEE) Computer Society IEEE Computer Society/Software & Systems Engineering Standards Committee: [6] IEEEXplore Browsing Standards: The page allows finding a standard by its range (number), as well as its revision history. [7] Systems and Software Consortium: [8] International Electro-technical Commission (IEC): IEC is a notfor-profit, non-governmental international standards organization that prepares and publishes International Standards for all electrical, electronic and related technologies collectively known as "electro-technology". IEC standards cover a Page 2 of 343 Release: 1.1

15 vast range of technologies from power generation, transmission and distribution to home appliances and office equipment, semiconductors, fiber optics, batteries, solar energy, nanotechnology and marine energy as well as many others. The IEC also manages three global conformity assessment systems that certify whether equipment, system or components conform to its International Standards. [9] The International Council on Systems Engineering (INCOSE): INCOSE is a not-for-profit membership organization founded in Its mission is to advance the state of the art and practice of systems engineering in industry, academia, and government by promoting interdisciplinary, scaleable approaches to produce technologically appropriate solutions that meet societal needs. [10] Defense Standardization Program (official US Department of Defense Repository): The site provides fast access to DoD standards for software engineering. [11] British Computer Society: [12] British Standard Institute: [13] Browsing British Standard Institute Standards (Software and Networking): Page 3 of 343 Release: 1.1

16 ISO/IEC Standards (JTC1/SC7) Almost all standards regarding software and system engineering are developed by ISO JTC 1/SC 7 (Software and systems engineering) sub-committee. This part covers most important ISO/IEC standards regarding software and system engineering. Page 4 of 343 Release: 1.1

17 2. ISO 5807: Title Information processing -- Documentation symbols and conventions for data, program and system flowcharts, program network charts and system resources charts 2-2. Abstract Defines symbols to be used in information processing documentation and gives guidance on conventions to their use in data flowcharts, program flowcharts, system flowcharts, program network charts, system resources charts. Applicable in conjunction with ISO 2382/ Status Published Standard Page 5 of 343 Release: 1.1

18 3. ISO/IEC : Title Software engineering -- Product quality -- Part 1: Quality model 3-2. Abstract 3-3. Status Revised. See ISO/IEC TR :2003, ISO/IEC TR :2003, and ISO/IEC TR :2004 Page 6 of 343 Release: 1.1

19 4. ISO/IEC TR : Title Software engineering -- Product quality -- Part 2: External metrics 4-2. Abstract ISO/IEC TR :2003 provides external metrics for measuring attributes of six external quality characteristics defined in ISO/IEC ISO/IEC TR :2003 defines external metrics, ISO/IEC TR defines internal metrics and ISO/IEC defines quality in use metrics, for measurement of the characteristics or the subcharacteristics. Internal metrics measure the software itself, external metrics measure the behavior of the computer-based system that includes the software, and quality in use metrics measure the effects of using the software in a specific context of use. The metrics listed in ISO/IEC TR :2003 are not intended to be an exhaustive set. Developers, evaluators, quality managers and acquirers may select metrics from ISO/IEC TR :2003 for defining requirements, evaluating software products, measuring quality aspects and other purposes. Users of ISO/IEC TR :2003 can select or modify and apply metrics and measures from ISO/IEC TR :2003 or may define application-specific metrics for their individual application domain. ISO/IEC TR :2003 is intended to be used together with ISO/IEC ISO/IEC TR :2003 contains an explanation of how to apply software quality metrics, a basic set of metrics for each sub-characteristic and an example of how to apply metrics during the software product life cycle. ISO/IEC TR :2003 does not assign ranges of values of these metrics to rated levels or to grades of compliance, because these values are defined for each software product or a part of the software product, by its nature, depending on such factors as category of the software, integrity level and users' needs. Some attributes may have a desirable range of values, which does not depend on specific user needs but depends on generic factors; for example, human cognitive factors. Page 7 of 343 Release: 1.1

20 4-3. Status Published Standard Page 8 of 343 Release: 1.1

21 5. ISO/IEC TR : Title Software engineering -- Product quality -- Part 3: Internal metrics 5-2. Abstract ISO/IEC TR :2003 provides internal metrics for measuring attributes of six external quality characteristics defined in ISO/IEC ISO/IEC TR defines external metrics, ISO/IEC TR :2003 defines internal metrics and ISO/IEC defines quality in use metrics, for measurement of the characteristics or the subcharacteristics. Internal metrics measure the software itself, external metrics measure the behavior of the computer-based system that includes the software, and quality in use metrics measure the effects of using the software in a specific context of use. The metrics listed in ISO/IEC TR :2003 are not intended to be an exhaustive set. Developers, evaluators, quality managers, maintainers, suppliers, users and acquirers may select metrics from ISO/IEC TR :2003 for defining requirements, evaluating software products, measuring quality aspects and other purposes. Users of ISO/IEC TR :2003 can select or modify and apply metrics and measures from ISO/IEC TR :2003 or may define application-specific metrics for their individual application domain. For internal metrics view, there are pure internal metrics proposed for reference purposes. ISO/IEC TR :2003 is intended to be used together with ISO/IEC ISO/IEC TR :2003 contains: an explanation of how to apply software quality metrics; a basic set of metrics for each sub-characteristic; an example of how to apply metrics during the software product life cycle. ISO/IEC TR :2003 does not assign ranges of values of these metrics to rated levels or to grades of compliance, because these values are defined for each software product or a part of the software product, by its nature, depending on such factors as Page 9 of 343 Release: 1.1

22 category of the software, integrity level and users' needs. Some attributes may have a desirable range of values, which does not depend on specific user needs but depends on generic factors; for example, human cognitive factors Status Published Standard Page 10 of 343 Release: 1.1

23 6. ISO/IEC TR : Title Software engineering -- Product quality -- Part 4: Quality in use metrics 6-2. Abstract ISO/IEC TR :2004 provides quality in use metrics for measuring the attributes defined in ISO/IEC ISO/IEC TR defines external metrics and ISO/IEC TR defines internal metrics for measurement of the sub-characteristics defined in ISO/IEC Internal metrics measure the software itself, external metrics measure the behavior of the computer-based system that includes the software, and quality in use metrics measure the effects of using the software in a specific context of use. The metrics listed in ISO/IEC TR are not intended to be an exhaustive set. Developers, evaluators, quality managers and acquirers may select metrics from ISO/IEC TR for defining requirements, evaluating software products, measuring quality aspects and other purposes. ISO/IEC TR is intended to be used together with ISO/IEC ISO/IEC TR contains: an explanation of how to apply software quality metrics; a basic set of metrics for each characteristic; and an example of how to apply metrics during the software product life cycle. It includes as informative annexes a quality in use evaluation process and a reporting format Status Published Standard Page 11 of 343 Release: 1.1

24 7. ISO/IEC TR 9294: Title Information technology -- Guidelines for the management of software documentation 7-2. Abstract ISO/IEC TR 9294:2005 offers guidance on the management of software documentation to managers responsible for the production of software or software-based products. This guidance is intended to assist managers in ensuring that effective documentation is produced in their organizations. ISO/IEC TR 9294:2005 addresses the policies, standards, procedures, resources and plans with which managers must concern themselves in order to manage software documentation effectively. The guidance given is intended to be applicable to all types of software, from the simplest program to the most complex software suite or software system. All types of software documentation are covered, relating to all stages of the software life cycle. The principles of software documentation management are the same whatever the size of a project. For small projects, much of the detail given in ISO/IEC TR 9294:2005 may not apply, but the principles remain the same. Managers may tailor the recommendations to their particular needs. The guidance given is from the point of view of software documentation management. Detailed advice is not provided on, for example, the content and layout of software documents Status Published Standard Page 12 of 343 Release: 1.1

25 8. ISO/IEC 25051: Title Software engineering -- Software product Quality Requirements and Evaluation (SQuaRE) -- Requirements for quality of Commercial Off-The-Shelf (COTS) software product and instructions for testing 8-2. Abstract ISO/IEC 25051:2005 defines quality requirements for COTS software products. A COTS software product includes the product description, the user documentation, and the software contained on a computer sensible media. The quality requirements, functionality, reliability, usability, efficiency, maintainability, portability, and quality in use are consistent with the definitions of SQuaRE. In addition to the quality requirements, ISO/IEC 25051:2005 also defines requirements for test documentation. The test documentation purpose is to demonstrate the conformity of the software with the requirements. The documentation contains a test plan, the description of the tests cases, and the tests results. ISO/IEC 25051:2005 can be used by suppliers, certification bodies, testing laboratories, accreditation bodies, regulatory authorities and acquirers Status Published Standard (Translated to Persian by ISIRI) Page 13 of 343 Release: 1.1

26 9. ISO/IEC 12207: Title Systems and software engineering -- Software life cycle processes 9-2. Abstract ISO/IEC 12207:2008 establishes a common framework for software life cycle processes, with well-defined terminology, that can be referenced by the software industry. It contains processes, activities, and tasks that are to be applied during the acquisition of a software product or service and during the supply, development, operation, maintenance and disposal of software products. Software includes the software portion of firmware. ISO/IEC 12207:2008 applies to the acquisition of systems and software products and services, to the supply, development, operation, maintenance, and disposal of software products and the software portion of a system, whether performed internally or externally to an organization. Those aspects of system definition needed to provide the context for software products and services are included. ISO/IEC 12207:2008 also provides a process that can be employed for defining, controlling, and improving software life cycle processes. The processes, activities and tasks of ISO/IEC 12207: either alone or in conjunction with ISO/IEC may also be applied during the acquisition of a system that contains software Status Published Standard Page 14 of 343 Release: 1.1

27 10. ISO/IEC 14102: Title Information technology -- Guideline for the evaluation and selection of CASE tools Abstract Within systems and software engineering, Computer-Aided Software Engineering (CASE) tools represent a major part of the supporting technologies used to develop and maintain information technology systems. Their selection must be carried out with careful consideration of both the technical and management requirements. ISO/IEC 14102:2008 defines both a set of processes and a structured set of CASE tool characteristics for use in the technical evaluation and the ultimate selection of a CASE tool. It follows the software product evaluation model defined in ISO/IEC :1998. ISO/IEC 14102:2008 adopts the general model of software product quality characteristics and sub-characteristics defined in ISO/IEC :2001 and extends these when the software product is a CASE tool; it provides product characteristics unique to CASE tools. This larger set of characteristics is then organized into four groups: characteristics related to life cycle process functionality; characteristics related to CASE tool usage functionality; general quality characteristics; general characteristics not related to quality. This grouping provides a more manageable approach to the overall evaluation and selection process. The technical evaluation can indicate how well a CASE tool meets its user's stated requirements. It can also indicate how well the tool meets its claimed functionality. The objective of the technical evaluation process is to provide quantitative results on which the final selection can be based. Measurement assigns numbers (or other ratings) to attributes of entities; a major activity of evaluation is to obtain these Page 15 of 343 Release: 1.1

28 measurements for use in selection. The final selection results should aim to achieve objectivity, repeatability and impartiality. These objectives and the confidence in the outcomes will in part depend on the resources allocated to the overall evaluation and selection process. The user of ISO/IEC 14102:2008 is asked to deal with these issues at an early stage. To be widely acceptable, these CASE tool evaluation and selection processes must be of value to the users of CASE tools, and to the suppliers of CASE to the community at large. The information outlined in ISO/IEC 14102:2008 should lead to more cost effective selections of CASE tools and to a greater uniformity in how CASE tool functions and features are described Status Published Standard Page 16 of 343 Release: 1.1

29 11. ISO/IEC : Title Information technology -- Software measurement -- Functional size measurement -- Part 1: Definition of concepts Abstract ISO/IEC :2007 defines the concepts of FSM (Functional Size Measurement). The concepts of Functional Size Measurement (FSM) are designed to overcome the limitations of earlier methods of sizing software by shifting the focus away from measuring how the software is implemented to measuring size in terms of the functions required by the user Status Published Standard Page 17 of 343 Release: 1.1

30 12. ISO/IEC : Title Information technology -- Software measurement -- Functional size measurement -- Part 2: Conformity evaluation of software size measurement methods to ISO/IEC : Abstract Status Revised. See: ISO/IEC :2002 ISO/IEC :2007 ISO/IEC TR :2003 ISO/IEC TR :2002 ISO/IEC TR :2004 ISO/IEC :2006 Page 18 of 343 Release: 1.1

31 13. ISO/IEC TR : Title Information technology -- Software measurement -- Functional size measurement -- Part 3: Verification of functional size measurement methods Abstract ISO/IEC TR :2003 establishes a framework for verifying the statements of an FSM Method and/or for conducting tests requested by the verification sponsor, relative to the following performance properties: repeatability and reproducibility; accuracy; convertibility; discrimination threshold; applicability to Functional Domains. NOTE Statements and test requests relative to other performance properties are outside the scope of ISO/IEC TR :2003. ISO/IEC TR :2003 aims to ensure that the output from the verification is objective, impartial, consistent and repeatable. The verification report, produced as a result of applying ISO/IEC TR :2003, will enable the prospective user to select the FSM Method which best meets their needs Status Published Standard Page 19 of 343 Release: 1.1

32 14. ISO/IEC TR : Title Information technology -- Software measurement -- Functional size measurement -- Part 4: Reference model Abstract Status Published Standard Page 20 of 343 Release: 1.1

33 15. ISO/IEC TR : Title Information technology -- Software measurement -- Functional size measurement -- Part 5: Determination of functional domains for use with functional size measurement Abstract ISO/IEC TR :2004 describes the characteristics of Functional Domains and the procedures by which characteristics of Functional User Requirements (FUR) can be used to determine Functional Domains. Two example methods for implementing these principles are provided in the annexes. Either of the methods may be used directly, or by using Functional Domains defined locally by: FSM Method to determine if a particular FSM Method is applicable to the Functional Domain(s) represented by their specific FUR; Describing, for a given set of FUR, the Functional Domain to which the FUR belong; and FSM Method owners and designers describing the Functional Domain(s) to which the FSM Method can be applied as outlined in ISO/IEC : Status Published Standard Page 21 of 343 Release: 1.1

34 16. ISO/IEC : Title Information technology -- Software measurement -- Functional size measurement -- Part 6: Guide for use of ISO/IEC series and related International Standards Abstract ISO/IEC :2006 provides a summary of the FSM (Functional Size Measurement) related International Standards and the relationship between; the ISO/IEC series FSM framework International Standards that provide the definitions and concepts of FSM and conformance and verification of FSMMs (Functional Size Measurement Methods), and the ISO/IEC standard FSMMs, i.e. ISO/IEC 19761, ISO/IEC 20926, ISO/IEC and ISO/IEC An FSMM is a software sizing method that conforms to the mandatory requirements of ISO/IEC ISO/IEC also provides a process to assist users to select an FSMM that meets their requirements. It also gives guidance on how to use Functional Size (FS). FSMMs include, but are not limited to, ISO/IEC 19761, ISO/IEC 20926, ISO/IEC and ISO/IEC 24570, as well. Recommending a specific FSMM is outside the scope of ISO/IEC Status Published Standard Page 22 of 343 Release: 1.1

35 17. ISO/IEC TR 14471: Title Information technology -- Software engineering -- Guidelines for the adoption of CASE tools Abstract Since CASE (computer aided software engineering) adoption is a subject of the broader technology transition problem, ISO/IEC TR 14471:2007 addresses the adoption practices appropriate for a wide range of computing organizations. ISO/IEC TR 14471:2007 neither dictates nor advocates particular development standards, software processes, design methods, methodologies, techniques, programming languages, or life-cycle paradigms. ISO/IEC TR 14471:2007 will: identify critical success factors (CSF); propose a set of adoption processes; guide successful adoption in consideration of organizational and cultural environment. The following groups are targeted as potential audiences: CASE users; information systems managers; chief information officers (CIO); CASE suppliers; software engineering consultants; those involved in the acquisition of CASE tools and technology. Therefore ISO/IEC TR 14471:2007 addresses aspects of CASE tools adoption. It is best used in conjunction with ISO/IEC for CASE tool evaluation and selection. It is Page 23 of 343 Release: 1.1

36 complementary to related ISO/IEC documents which deal with the general aspects of these topics. The purpose of ISO/IEC TR 14471:2007 is to provide a recommended practice for CASE adoption. It provides guidance in establishing processes and activities that are to be applied for the successful adoption of CASE technology. The use of ISO/IEC TR 14471:2007 will help to maximize the return and minimize the risk of investing in CASE technology. However, ISO/IEC TR 14471:2007 does not establish compliance criteria Status Published Standard Page 24 of 343 Release: 1.1

37 18. ISO/IEC : Title Information technology -- Software product evaluation -- Part 1: General overview Abstract Status Published Standard Page 25 of 343 Release: 1.1

38 19. ISO/IEC : Title Software engineering -- Product evaluation -- Part 2: Planning and management Abstract Status Published Standard Page 26 of 343 Release: 1.1

39 20. ISO/IEC : Title Software engineering -- Product evaluation -- Part 3: Process for developers Abstract Status Published Standard Page 27 of 343 Release: 1.1

40 21. ISO/IEC : Title Software engineering -- Product evaluation -- Part 4: Process for acquirers Abstract Status Published Standard Page 28 of 343 Release: 1.1

41 22. ISO/IEC : Title Information technology -- Software product evaluation -- Part 5: Process for evaluators Abstract Status Published Standard Page 29 of 343 Release: 1.1

42 23. ISO/IEC : Title Software engineering -- Product evaluation -- Part 6: Documentation of evaluation modules Abstract Status Published Standard Page 30 of 343 Release: 1.1

43 24. ISO/IEC 14764: Title Software Engineering -- Software Life Cycle Processes -- Maintenance Abstract ISO/IEC 14764:2006 describes in greater detail management of the Maintenance Process described in ISO/IEC 12207, including Amendments. It also establishes definitions for the various types of maintenance. ISO/IEC 14764:2006 provides guidance that applies to planning, execution and control, review and evaluation, and closure of the Maintenance Process. The scope of ISO/IEC 14764:2006 includes maintenance for multiple software products with the same maintenance resources. "Maintenance" in ISO/IEC 14764:2006 means software maintenance unless otherwise stated. ISO/IEC 14764:2006 provides the framework within which generic and specific software maintenance plans may be executed, evaluated, and tailored to the maintenance scope and magnitude of given software products. It provides the framework, precise terminology and processes to allow the consistent application of technology (tools, techniques and methods) to software maintenance. ISO/IEC 14764:2006 provides guidance for the maintenance of software. The basis for the Maintenance Process and its activities comes from the definitions of ISO/IEC It defines the activities and tasks of software maintenance, and provides maintenance planning requirements. It does not address the operation of software and the operational functions, e.g. backup, recovery and system administration, which are normally performed by those who operate the software. ISO/IEC 14764:2006 is written primarily for maintainers of software and additionally for those responsible for development and quality assurance. It may also be used by acquirers and users of systems containing software who may provide inputs to the maintenance plan. Page 31 of 343 Release: 1.1

44 24-3. Status Published Standard Page 32 of 343 Release: 1.1

45 25. ISO/IEC TR 9294: Title Information technology -- Guidelines for the management of software documentation Abstract ISO/IEC TR 9294:2005 offers guidance on the management of software documentation to managers responsible for the production of software or software-based products. This guidance is intended to assist managers in ensuring that effective documentation is produced in their organizations. ISO/IEC TR 9294:2005 addresses the policies, standards, procedures, resources and plans with which managers must concern themselves in order to manage software documentation effectively. The guidance given is intended to be applicable to all types of software, from the simplest program to the most complex software suite or software system. All types of software documentation are covered, relating to all stages of the software life cycle. The principles of software documentation management are the same whatever the size of a project. For small projects, much of the detail given in ISO/IEC TR 9294:2005 may not apply, but the principles remain the same. Managers may tailor the recommendations to their particular needs. The guidance given is from the point of view of software documentation management. Detailed advice is not provided on, for example, the content and layout of software documents Status Published Standard Page 33 of 343 Release: 1.1

46 26. ISO 9127: Title Information processing systems -- User documentation and cover information for consumer software packages Abstract Describes user documentation and cover information supplied with software packages. Is applicable to software packages sold off-the-shelf to consumers for business, scientific, educational and home use. References: ISO 6592; ISO Status Published Standard Page 34 of 343 Release: 1.1

47 27. ISO/IEC TR 12182: Title Information technology -- Categorization of software Abstract Status Published Standard Page 35 of 343 Release: 1.1

48 28. ISO/IEC 12207: Title Systems and software engineering -- Software life cycle processes Abstract ISO/IEC 12207:2008 establishes a common framework for software life cycle processes, with well-defined terminology, that can be referenced by the software industry. It contains processes, activities, and tasks that are to be applied during the acquisition of a software product or service and during the supply, development, operation, maintenance and disposal of software products. Software includes the software portion of firmware. ISO/IEC 12207:2008 applies to the acquisition of systems and software products and services, to the supply, development, operation, maintenance, and disposal of software products and the software portion of a system, whether performed internally or externally to an organization. Those aspects of system definition needed to provide the context for software products and services are included. ISO/IEC 12207:2008 also provides a process that can be employed for defining, controlling, and improving software life cycle processes. The processes, activities and tasks of ISO/IEC 12207: either alone or in conjunction with ISO/IEC may also be applied during the acquisition of a system that contains software Status Published Standard Page 36 of 343 Release: 1.1

49 29. ISO/IEC 15026: Title Information technology -- System and software integrity levels Abstract Status Published Standard Page 37 of 343 Release: 1.1

50 30. ISO/IEC DTR Title Systems and Software Engineering -- Systems and Software Assurance -- Part 1: Concepts and vocabulary Abstract Status Under-Development Standard Page 38 of 343 Release: 1.1

51 31. ISO/IEC CD Title Systems and Software Engineering -- Systems and Software Assurance -- Part 2: Assurance case Abstract Status Under-Development Standard Page 39 of 343 Release: 1.1

52 32. ISO/IEC TR 15271: Title Information technology -- Guide for ISO/IEC (Software Life Cycle Processes) Abstract Status Published Standard Page 40 of 343 Release: 1.1

53 33. ISO/IEC 15288: Title Systems and software engineering -- System life cycle processes Abstract ISO/IEC 15288:2008 establishes a common framework for describing the life cycle of systems created by humans. It defines a set of processes and associated terminology. These processes can be applied at any level in the hierarchy of a system's structure. Selected sets of these processes can be applied throughout the life cycle for managing and performing the stages of a system's life cycle. This is accomplished through the involvement of all interested parties, with the ultimate goal of achieving customer satisfaction. ISO/IEC 15288:2008 also provides processes that support the definition, control and improvement of the life cycle processes used within an organization or a project. Organizations and projects can use these life cycle processes when acquiring and supplying systems. ISO/IEC 15288:2008 concerns those systems that are man-made and may be configured with one or more of the following: hardware, software, data, humans, processes (e.g., processes for providing service to users), procedures (e.g., operator instructions), facilities, materials and naturally occurring entities. When a system element is software, the software life cycle processes documented in ISO/IEC 12207:2008 may be used to implement that system element. ISO/IEC 15288:2008 and ISO/IEC 12207:2008 are harmonized for concurrent use on a single project or in a single organization Status Published Standard Page 41 of 343 Release: 1.1

54 34. ISO/IEC 15289: Title Systems and software engineering -- Content of systems and software life cycle process information products (Documentation) Abstract ISO/IEC 15289:2006 was developed to assist users of systems and software life cycle processes to manage information items (documents). It is based on the life cycle processes specified in ISO/IEC or ISO/IEC 12207:1995/AMD 1:2002/AMD 2. Information items are essential to preserving what transpired when using system life cycle processes, and may be identified as deliverable documents. ISO/IEC 15289:2006 identifies the purpose and content of all identified systems and software life cycle information items as required for the various life cycle processes. The information item contents are defined according to generic document types (which may be referred to as information item types) and the specific purpose of the document. ISO/IEC 15289:2006 may be applied to any of the activities and tasks of a project, system or software product, or service life cycle. It is not limited by the size, complexity or criticality of the project. It may be applied to all forms of information items, information item content, and document delivery media. Information items may be combined or subdivided as needed for project or organizational purposes. The nomenclature for information items, document titles and contents is informative Status Published Standard Page 42 of 343 Release: 1.1

55 35. ISO/IEC : Title Information technology -- Process assessment -- Part 1: Concepts and vocabulary Abstract This part of ISO/IEC 15504:2004 provides overall information on the concepts of process assessment and its use in the two contexts of process improvement and process capability determination. It describes how the parts of the suite fit together, and provides guidance for their selection and use. It explains the requirements contained within ISO/IEC 15504, and their applicability to performing assessments. Readers of this guide should familiarize themselves with the terminology and structure of the document suite, and then reference the appropriate parts of the suite for the context in which they propose to conduct an assessment. A more detailed description of the use of ISO/IEC is given in clause Status Published Standard Page 43 of 343 Release: 1.1

56 36. ISO/IEC : Title Information technology -- Process assessment -- Part 2: Performing an assessment Abstract ISO/IEC :2003 defines the requirements for performing process assessment as a basis for use in process improvement and capability determination. Process assessment is based on a two dimensional model containing a process dimension and a capability dimension. The process dimension is provided by an external process reference model, which defines a set of processes characterized by statements of process purpose and process outcomes. The capability dimension consists of a measurement framework comprising six process capability levels and their associated process attributes. The assessment output consists of a set of process attribute ratings for each process assessed, termed the process profile, and may also include the capability level achieved by that process. ISO/IEC :2003 identifies the measurement framework for process capability and the requirements for: performing an assessment; process reference models; process assessment models; verifying conformity of process assessment. The requirements for process assessment defined in ISO/IEC :2003 form a structure which: facilitates self-assessment; provides a basis for use in process improvement and capability determination; takes into account the context in which the assessed process is implemented; Page 44 of 343 Release: 1.1

57 produces a process rating; addresses the ability of the process to achieve its purpose; is applicable across all application domains and sizes of organization; and may provide an objective benchmark between organizations. The minimum set of requirements defined in ISO/IEC :2003 ensures that assessment results are objective, impartial, consistent, repeatable and representative of the assessed processes. Results of conformant process assessments may be compared when the scopes of the assessments are considered to be similar; for guidance on this matter, refer to ISO/IEC Status Published Standard Page 45 of 343 Release: 1.1

58 37. ISO/IEC : Title Information technology -- Process assessment -- Part 3: Guidance on performing an assessment Abstract ISO/IEC (all parts) provides a framework for the assessment of processes. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services. ISO/IEC :2004 provides guidance on meeting the minimum set of requirements for performing an assessment contained in ISO/IEC It provides an overview of process assessment and interprets the requirements through the provision of guidance on: performing an assessment; the measurement framework for process capability; process reference models and process assessment models; selecting and using assessment tools; competency of assessors; verification of conformity. ISO/IEC :2004 also provides an exemplar documented assessment process that conforms to the requirements of 4.2 in ISO/IEC Status Published Standard Page 46 of 343 Release: 1.1

59 38. ISO/IEC : Title Information technology -- Process assessment -- Part 4: Guidance on use for process improvement and process capability determination Abstract ISO/IEC (all parts) provides a framework for the assessment of processes. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services. ISO/IEC :2004 provides guidance on meeting the minimum set of requirements for performing an assessment contained in ISO/IEC It provides an overview of process assessment and interprets the requirements through the provision of guidance on: performing an assessment; the measurement framework for process capability; process reference models and process assessment models; selecting and using assessment tools; competency of assessors; verification of conformity. ISO/IEC :2004 also provides an exemplar documented assessment process that conforms to the requirements of 4.2 in ISO/IEC Status Published Standard Page 47 of 343 Release: 1.1

60 39. ISO/IEC : Title Information technology -- Process Assessment -- Part 5: An exemplar Process Assessment Model Abstract ISO/IEC :2006 describes an exemplar Process Assessment Model (PAM), conformant with the ISO/IEC requirements for PAM. It provides guidance by way of example, on the nature and structure of PAMs, and on the variety and function of different indicators of process performance and capability. It also provides guidance, through example, on the requirements for conformance of PAMs, and on the approaches for demonstration of conformance. ISO/IEC provides a framework for the assessment of process capability. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services. ISO/IEC provides a framework for the assessment of process capability. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services. It is also intended for use by assessors in the performance of process assessment, and by organizations involved in the development of process reference models, process assessment models or process assessment processes Status Published Standard Page 48 of 343 Release: 1.1

61 40. ISO/IEC TR : Title Information technology -- Process assessment -- Part 6: An exemplar system life cycle process assessment model Abstract ISO/IEC provides a framework for the assessment of process capability. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services. ISO/IEC TR :2008 describes an exemplar Process Assessment Model (PAM) for system life cycle processes, conformant with the ISO/IEC requirements for a PAM. The ISO/IEC TR :2008 exemplar PAM is derived from the Process Reference Model (PRM) defined in ISO/IEC 15288, associated with the process attributes defined in ISO/IEC The resulting PAM is a two-dimensional PAM which provides indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC 15288, and the process attributes as defined in ISO/IEC It can be used to perform a process assessment conformant with ISO/IEC , either in the context of a process improvement programme or for process capability determination. ISO/IEC TR :2008 describes: the overall structure of the PAM with its process dimension (derived from ISO/IEC 15288) and capability dimension (derived from the measurement framework defined in ISO/IEC ); process performance indicators (base practices and work products) for 26 processes drawn from ISO/IEC 15288; process capability indicators (generic practices, generic resources and generic work products) which characterize, for any process attribute of the capability Page 49 of 343 Release: 1.1