iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 29110-3-2:2018

(Main)

Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 3-2: Conformity certification scheme

Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 3-2: Conformity certification scheme

This document: - defines the rules applicable for certification of the implementation of systems engineering, software engineering and service delivery processes complying with the requirements given in ISO/IEC 29110‑4-m, Profile specifications; and - provides the necessary information and confidence to customers about the way certification of their suppliers has been granted. Certification of the implementation of systems and software engineering processes (named "certification" in this document) is a third-party conformity assessment activity (see ISO/IEC 17000:2004, 5.5). Bodies performing this activity are therefore third-party conformity assessment bodies (named "certification body/bodies" in this document). NOTE This document is primarily intended to be used as a criteria document for the accreditation or peer assessment of certification bodies which seek to be recognized as being competent to certify that a Very Small Entity (VSE) complies with ISO/IEC 29110‑4-m, Profile Specifications. Some of its requirements could also be found useful by any other parties involved in the conformity assessment of such certification bodies. Systems and software engineering processes certification does not attest the fitness of the systems and or software products offered by a VSE. It is important to note that certification of the implementation of systems and software engineering processes according to ISO/IEC 29110‑4-m, Profile Specifications, is a process certification and not a management systems certification neither a product certification. Certification of the implementation of systems and software engineering processes (SEP) of a very small entity (VSE) is one means of providing assurance that the VSE has implemented systems and software engineering processes to the development or maintenance of systems and or software. Requirements for the implementation of SEP can originate from a number of sources, and this International Standard has been developed to assist in the certification of SEP that fulfil the requirements of ISO/IEC 29110‑4-m, Profile Specifications. The contents of this document can also be used to support certification of SEP that are based on other sets of specified SEP requirements. This document is intended for use by bodies that carry out audit and certification of SEP for VSEs. It gives generic requirements for such certification bodies performing audit and certification in the field of SEP for VSEs. Such bodies are referred to as certification bodies. This wording is not intended to be an obstacle to the use of this document by bodies with other designations that undertake activities covered by the scope of this document. Indeed, this document is intended to be usable by anyone involved in the assessment of SEP for VSEs. Certification activities involve the audit of a VSE's SEP. The form of attestation of conformity of a VSE's SEP to a specific lifecycle profile standard setting the applicable SEP (for example ISO/IEC 29110‑4-1 or ISO/IEC 29110‑4-3) or other specified requirements are normally a certification document or a certificate. This certification is outside the scope of ISO/IEC 29169 to the assessment to process quality characteristics and organizational maturity, and does not cover the results of process assessment. ISO/IEC 29110-3-3 describes such a scheme. It is for the VSE being certified to develop its own processes (including ISO/IEC 29110‑4-m SEP), other sets of specified SEP requirements, other processes and it is for the VSE to decide how the various components of these will be arranged. It is therefore for certification bodies that operate in accordance with this document to take into account the culture and practices of their clients with respect to the implementation of SEP, including, if applicable, within the wider organization.

Ingénierie des systèmes et du logiciel — Profils de cycle de vie pour très petits organismes (TPO) — Partie 3-2: Programme de certification de la conformité

General Information

Status
Published
Publication Date
25-Apr-2018
ICS
35.080 - Software
Technical Committee
ISO/IEC JTC 1/SC 7 - Software and systems engineering
Drafting Committee
ISO/IEC JTC 1/SC 7/WG 24 - Systems and software standards for Very Small Entities
Current Stage
9093 - International Standard confirmed
Completion Date
10-May-2024
Ref Project

Buy Standard

ISO/IEC 29110-3-2:2018 - Systems and software engineering -- Lifecycle profiles for Very Small Entities (VSEs)ISO/IEC 29110-3-2:2018 - Systems and software engineering -- Lifecycle profiles for Very Small Entities (VSEs)
PreviousNext
Standard
ISO/IEC 29110-3-2:2018 - Systems and software engineering -- Lifecycle profiles for Very Small Entities (VSEs)
English language
22 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 29110-3-2
First edition
2018-04
Systems and software engineering —
Lifecycle profiles for Very Small
Entities (VSEs) —
Part 3-2:
Conformity certification scheme
Ingénierie des systèmes et du logiciel — Profils de cycle de vie pour
très petits organismes (TPO) —
Partie 3-2: Programme de certification de la conformité
Reference number
ISO/IEC 29110-3-2:2018(E)
©
ISO/IEC 2018

---------------------- Page: 1 ----------------------
ISO/IEC 29110-3-2:2018(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2018 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 29110-3-2:2018(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 2
3 Terms and definitions . 2
4 Symbols and abbreviated terms . 2
5 General requirements . 3
5.1 General . 3
5.2 Management of impartiality . 3
6 Structural requirements . 3
7 Resource requirements . 3
7.1 Certification body personnel . 3
7.1.1 General. 3
7.1.2 Management of competence for personnel involved in the certification process . 3
7.1.3 Contract with the personnel . 3
7.1.4 Personal attributes . . 3
7.1.5 Generic SEP competence requirements . 4
7.1.6 Competence requirements for Personnel granting certification . 4
7.1.7 Competence requirements for SEP auditors. 5
7.2 Resources for evaluation .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC/IEEE 24748-1:2024(Main)
Systems and software engineering — Life cycle management — Part 1: Guidelines for life cycle management

This document provides guidance for the life cycle management of systems and software, complementing the processes described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207. This document: — addresses systems concepts and life cycle concepts, models, stages, processes, process application, key points of view, adaptation and use in various domains and by various disciplines; — establishes a common framework for describing life cycles, including their individual stages, for the management of projects that provide or acquire either products or services; — defines the concept of a life cycle; — supports the use of the life cycle processes within an organization or a project; organizations and projects can use these life cycle concepts when acquiring and supplying either products or services; — provides guidance on adapting a life cycle model and the content associated with a life cycle or a part of a life cycle; — describes the relationship between life cycles and their use in applying the processes in ISO/IEC/IEEE 15288 (systems aspects) and ISO/IEC/IEEE 12207 (software systems aspects); — shows the relationships of life cycle concepts to the hardware, human, services, process, procedure, facility and naturally occurring entity aspects of projects; — describes how its concepts relate to detailed process standards, for example, in the areas of measurement, project management, risk management and model-based systems and software engineering.

  • Standard
    76 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 24748-2:2024(Main)
Systems and software engineering — Life cycle management — Part 2: Guidelines for the application of ISO/IEC/IEEE 15288 (system life cycle processes)

The proposed project is a revision of ISO/IEC/IEEE 24748-2:2018, Systems and software engineering — Life cycle management — Part 2: Guidelines for the application of ISO/IEC/IEEE 15288 (System life cycle processes). There are no scope changes. ISO/IEC/IEEE 24748-2 is a guideline for the application of ISO/IEC/IEEE 15288. It addresses system, life cycle, organizational, project, and process, concept application, principally through reference to ISO/IEC/IEEE 24748-1 and ISO/IEC/IEEE 15288. It gives guidance on applying ISO/IEC/IEEE 15288 from the aspects of strategy, planning, application in organizations, and application on projects. It also provides comparison of the differences between ISO/IEC/IEEE 15288 current revision and the prior version, ISO/IEC 15288:2015.

  • Standard
    63 pages
    English language
    sale 15% off
ISO
ISO/IEC 25002:2024(Main)
Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Quality model overview and usage

This document establishes a framework for defining quality models which are composed of quality characteristics and sub-characteristics. In particular, this document provides: — the concept of a quality model; — the structure and semantics of quality models; — the relationship between quality models and the other concepts, including measurement, requirement definition, and evaluation; — guidelines, requirements and examples for using quality models.

  • Standard
    17 pages
    English language
    sale 15% off
ISO
ISO/IEC 19770-1:2017/Amd 1:2024(Amendment)
Information technology — IT asset management — Part 1: IT asset management systems — Requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
ISO
ISO/IEC 19770-6:2024(Main)
Information technology — IT asset management — Part 6: Hardware identification tag

This document provides specifications for a transport format which enables the digital encapsulation of this data. This document refers to an encapsulation of hardware identification (HWID) data as a HWID tag, just as ISO/IEC 19770-2 refers to software identification (SWID) tags for software identification. This document applies to the following. — Tag producers: organizations that create HWID tags for use by others in the market. A tag producer can be part of the organization creating the hardware or a third-party organization. These organizations can be broken down into two major categories. — Device or component providers: entities responsible for the manufacturing or creation of the hardware device and/or associated operating system, virtual environment, or application platform. Platform providers which support this document can additionally provide tag management capabilities at the level of the platform or operating system. — Tag tool providers: entities that provide tools to create hardware identification tags. For example, tools within development environments that generate hardware identification tags, or installation tools that can create tags on behalf of the installation process, and/or desktop management tools that can create tags for underlying hardware, virtual machines, or platforms that did not originally have a hardware identification tag. — Tag consumers: tools and/or organizations who utilize information from HWID tags are broken down into the following two major categories. — Device or component consumers: entities that purchase, install, integrate, and/or otherwise deploy physical or virtual hardware or components. — IT discovery and processing tool providers: entities that provide tools to collect, store, and process hardware identification tags. These tools may be targeted at a variety of different market segments, including security, asset management, and logistics. This document deals only with hardware device or component identification. This document does not detail information technology asset management (ITAM) processes required for discovery and management of hardware (which is provided in ISO/IEC 19770-1) software identification tags (as defined by ISO/IEC 19770-2), entitlement tags (as defined by ISO/IEC 19770-3), or resource utilization measurements (as defined by ISO/IEC 19770-4).

  • Standard
    41 pages
    English language
    sale 15% off
ISO
ISO/IEC 25019:2023(Main)
Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Quality-in-use model

This document defines a quality-in-use model composed of three characteristics (which are further subdivided into sub-characteristics) that can influence stakeholders when products or systems are used in a specified context of use. This model is applicable to the entire spectrum of information system and IT service system, including both computer systems in use and software products in use. This document provides a set of quality characteristics for specifying, measuring, evaluating and improving quality-in-use. In this document, because context of use is specified as prerequisite of quality-in-use, context of use is necessary to be re-specified to change prerequisite when a product or service intend to fulfil to context of use changes. The model can be applied, in particular, by those responsible for specifying and evaluating software product quality, such as developers, acquirers, quality assurance and control staff, and independent evaluators. Activities during product development that can benefit from the use of the quality model can include, but are not limited to: — identifying requirements for information system and IT service system in use; — validating the comprehensiveness of a quality-in-use requirements specification; — identifying information system and IT service system design objectives for quality-in-use; — identifying quality-in-use control criteria as part of overall quality assurance; — identifying acceptance criteria for information system and IT service system or information systems; — establishing measures to address the consequences of using products in specified context-of -use; — presenting evaluation items for ethics considerations when using information system and IT service system; — supporting governance of digitalization activities.

  • Standard
    31 pages
    English language
    sale 15% off
ISO
ISO/IEC 25010:2023(Main)
Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Product quality model

This document defines a product quality model, which is applicable to ICT (information and communication technology) products and software products. The product quality model is composed of nine characteristics (which are further subdivided into subcharacteristics) that relate to quality properties of the products. The characteristics and subcharacteristics provide a reference model for the quality of the products to be specified, measured and evaluated. NOTE 1 In this document, a product refers to an ICT product that is part of an information system. ICT product components include subsystems, software, firmware, hardware, data, communication infrastructure, and other elements that are part of the ICT product. This model can be used for requirements specification and evaluation of the target products’ quality throughout their lifecycle by several stakeholders, including developers, acquirers, quality assurance and control staff and independent evaluators. Activities in the product lifecycle that can benefit from the use of this model include: — eliciting and defining product and information system requirements; — validating the comprehensiveness of requirements definition; — identifying product and information system design objectives, and design necessary process for achieving quality; — identifying product and information system testing objectives; — identifying quality control criteria as the part of quality assurance; — identifying acceptance criteria for a product and/or an information system; — establishing measures of product quality characteristics in support of these activities. NOTE 2 Usage of the quality model for measurement is explained in Annex C.

  • Standard
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 15026-3:2023(Main)
Systems and software engineering — Systems and software assurance — Part 3: System integrity levels

This document specifies the concept of integrity levels with the corresponding integrity level requirements for achieving the integrity levels. Requirements and recommended methods are provided for defining and using integrity levels and their corresponding integrity level requirements. This document covers systems, software products, and their elements, as well as relevant external dependences. This document is applicable to systems and software and is intended for use by: a) definers of integrity levels such as industry and professional organizations, standards organizations, and government agencies; b) users of integrity levels such as developers and maintainers, suppliers and acquirers, system or software users, assessors of systems or software and administrative and technical support staff of systems and/or software products. One important use of integrity levels is by suppliers and acquirers in agreements, for example, to aid in assuring safety, financial, or security characteristics of a delivered system or product. This document does not prescribe a specific set of integrity levels or their integrity level requirements. In addition, it does not prescribe the way in which integrity level use is integrated with the overall system or software engineering life cycle processes. It does, however, provide an example of use of this document in Annex A.

  • Standard
    21 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 7052:2023(Main)
Software engineering — Controlling frequently occurring risks during development and maintenance of custom software

This document: — describes frequently occurring risks during development and maintenance of custom software; — describes possible controls for frequently occurring risks; — describes the related: — activities, facilities and roles typically used for these controls; — properties of products and processes; — standards, measurements, testing and assessment of the properties of products and processes.

  • Technical report
    36 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 24748-6:2023(Main)
Systems and software engineering — Life cycle management — Part 6: System and software integration

This document: — provides supplemental requirements and guidance for the planning and performing of the integration processes given in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207; — provides guidance on the relationship between the integration process and other life cycle processes. — specifies requirements for information items to be produced as a result of using the integration process, including the content of the information items. This document is applicable to: — those who use or plan to use ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288, or both, on projects dealing with human-made systems, software-intensive systems, and products and services related to those systems, regardless of the project scope, methodology, size, or complexity; — anyone planning or performing integration activities to aid in ensuring that the application of the integration process and its relationships to other system life cycle processes conform to ISO/IEC/IEEE 15288 or ISO/IEC/IEEE 12207.

  • Standard
    42 pages
    English language
    sale 15% off