iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 29110-3-2:2018

(Main)

Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 3-2: Conformity certification scheme

Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 3-2: Conformity certification scheme

This document: - defines the rules applicable for certification of the implementation of systems engineering, software engineering and service delivery processes complying with the requirements given in ISO/IEC 29110‑4-m, Profile specifications; and - provides the necessary information and confidence to customers about the way certification of their suppliers has been granted. Certification of the implementation of systems and software engineering processes (named "certification" in this document) is a third-party conformity assessment activity (see ISO/IEC 17000:2004, 5.5). Bodies performing this activity are therefore third-party conformity assessment bodies (named "certification body/bodies" in this document). NOTE This document is primarily intended to be used as a criteria document for the accreditation or peer assessment of certification bodies which seek to be recognized as being competent to certify that a Very Small Entity (VSE) complies with ISO/IEC 29110‑4-m, Profile Specifications. Some of its requirements could also be found useful by any other parties involved in the conformity assessment of such certification bodies. Systems and software engineering processes certification does not attest the fitness of the systems and or software products offered by a VSE. It is important to note that certification of the implementation of systems and software engineering processes according to ISO/IEC 29110‑4-m, Profile Specifications, is a process certification and not a management systems certification neither a product certification. Certification of the implementation of systems and software engineering processes (SEP) of a very small entity (VSE) is one means of providing assurance that the VSE has implemented systems and software engineering processes to the development or maintenance of systems and or software. Requirements for the implementation of SEP can originate from a number of sources, and this International Standard has been developed to assist in the certification of SEP that fulfil the requirements of ISO/IEC 29110‑4-m, Profile Specifications. The contents of this document can also be used to support certification of SEP that are based on other sets of specified SEP requirements. This document is intended for use by bodies that carry out audit and certification of SEP for VSEs. It gives generic requirements for such certification bodies performing audit and certification in the field of SEP for VSEs. Such bodies are referred to as certification bodies. This wording is not intended to be an obstacle to the use of this document by bodies with other designations that undertake activities covered by the scope of this document. Indeed, this document is intended to be usable by anyone involved in the assessment of SEP for VSEs. Certification activities involve the audit of a VSE's SEP. The form of attestation of conformity of a VSE's SEP to a specific lifecycle profile standard setting the applicable SEP (for example ISO/IEC 29110‑4-1 or ISO/IEC 29110‑4-3) or other specified requirements are normally a certification document or a certificate. This certification is outside the scope of ISO/IEC 29169 to the assessment to process quality characteristics and organizational maturity, and does not cover the results of process assessment. ISO/IEC 29110-3-3 describes such a scheme. It is for the VSE being certified to develop its own processes (including ISO/IEC 29110‑4-m SEP), other sets of specified SEP requirements, other processes and it is for the VSE to decide how the various components of these will be arranged. It is therefore for certification bodies that operate in accordance with this document to take into account the culture and practices of their clients with respect to the implementation of SEP, including, if applicable, within the wider organization.

Ingénierie des systèmes et du logiciel — Profils de cycle de vie pour très petits organismes (TPO) — Partie 3-2: Programme de certification de la conformité

General Information

Status
Published
Publication Date
25-Apr-2018
ICS
35.080 - Software
Technical Committee
ISO/IEC JTC 1/SC 7 - Software and systems engineering
Drafting Committee
ISO/IEC JTC 1/SC 7/WG 24 - Systems and software standards for Very Small Entities
Current Stage
9093 - International Standard confirmed
Start Date
10-May-2024
Completion Date
19-Apr-2025
Ref Project

Relations

Amended By
ISO/IEC 29110-3-2:2018/Amd 1:2025 - Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 3-2: Conformity certification scheme — Amendment 1: Removal of requirement for 3-year recertification
Effective Date
07-Jan-2025
ISO/IEC 29110-3-2:2018 - Systems and software engineering -- Lifecycle profiles for Very Small Entities (VSEs)ISO/IEC 29110-3-2:2018 - Systems and software engineering -- Lifecycle profiles for Very Small Entities (VSEs)
PreviousNext
Standard
ISO/IEC 29110-3-2:2018 - Systems and software engineering -- Lifecycle profiles for Very Small Entities (VSEs)
English language
22 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 29110-3-2
First edition
2018-04
Systems and software engineering —
Lifecycle profiles for Very Small
Entities (VSEs) —
Part 3-2:
Conformity certification scheme
Ingénierie des systèmes et du logiciel — Profils de cycle de vie pour
très petits organismes (TPO) —
Partie 3-2: Programme de certification de la conformité
Reference number
©
ISO/IEC 2018
© ISO/IEC 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2018 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 2
3 Terms and definitions . 2
4 Symbols and abbreviated terms . 2
5 General requirements . 3
5.1 General . 3
5.2 Management of impartiality . 3
6 Structural requirements . 3
7 Resource requirements . 3
7.1 Certification body personnel . 3
7.1.1 General. 3
7.1.2 Management of competence for personnel involved in the certification process . 3
7.1.3 Contract with the personnel . 3
7.1.4 Personal attributes . . 3
7.1.5 Generic SEP competence requirements . 4
7.1.6 Competence requirements for Personnel granting certification . 4
7.1.7 Competence requirements for SEP auditors. 5
7.2 Resources for evaluation . 7
8 Process requirements . 7
8.1 General . 7
8.2 Application . 7
8.3 Application review . 8
8.4 Evaluation . 8
8.4.1 Evaluation Plan . . . 8
8.4.2 Audit plan . 8
8.4.3 Audit team selection and assignments .10
8.4.4 Determining audit time .10
8.4.5 Multi-site sampling .11
8.4.6 Communication of audit team tasks.11
8.4.7 Communication concerning audit team members .11
8.4.8 Communication of audit plan.11
8.4.9 Conducting on-site and remote audits .11
8.4.10 Initial certification audit .15
8.4.11 Initial certification audit conclusions .16
8.4.12 Personnel for evaluation .16
8.4.13 Information for evaluation .17
8.4.14 Resources for evaluation .17
8.4.15 Use of evaluations results completed prior to the application for certification .17
8.4.16 Nonconformities .17
8.4.17 Additional evaluation tasks .17
8.4.18 Results of evaluation .17
8.5 Review .17
8.6 Certification decision .17
8.6.1 General.17
8.6.2 Actions prior to making a decision .17
8.7 Certification documentation .18
8.8 Directory of certified VSEs .18
8.9 Surveillance.18
8.10 Changes affecting certification .18
© ISO/IEC 2018 – All rights reserved iii

8.11 Termination, reduction, suspension or withdrawal of certification .19
8.12 Records .19
8.13 Complaints and appeals .19
9 Management system requirements .19
Annex A (informative) Considerations for the audit programme, scope or plan .20
Bibliography .22
iv © ISO/IEC 2018 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the WTO
principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary
information.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
A list of all parts in the ISO/IEC 29110 series can be found on the ISO website.
© ISO/IEC 2018 – All rights reserved v

Introduction
Very Small Entities (VSEs) around the world are creating valuable products and services. For the
purpose of ISO/IEC 29110, a Very Small Entity (VSE) is an enterprise, an organization, a department
or a project having up to 25 people. Since many VSEs develop and/or maintain system elements and
software components used in systems, or sold to be used by others, a recognition of VSEs as suppliers of
high quality products is required.
According to the Organization for Economic Co-operation and Development (OECD) SME and
Entrepreneurship Outlook report (2005) ‘Small and Medium Enterprises (SMEs), i.e. Enterprises
which employ fewer than 250 persons, constitute the dominant form of business organization in all
countries world-wide, accounting for o
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 29110-3-2:2018/Amd 1:2025(Amendment)
Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 3-2: Conformity certification scheme — Amendment 1: Removal of requirement for 3-year recertification
  • Standard
    1 page
    English language
    sale 15% off
  • Draft
    1 page
    English language
    sale 15% off
  • Draft
    1 page
    English language
    sale 15% off
ISO
ISO/IEC TS 19770-10:2025(Main)
Information technology — IT asset management — Part 10: Guidance for implementing ITAM

This document covers the following information technology asset management (ITAM) system processes: a) management system processes for the overall system of IT asset management (not described in ISO/IEC 19770-1 in detail), which are specified in this document for comprehensive coverage and consistency of explanations; these include: — understanding the external context and shareholder needs (7.1, 7.2 and 10.2); — leadership, policy and organization (10.3); — establishing and maintaining the management system (10.4); — planning and risk management (10.5); — support (including resources, competence, awareness, and communication – 10.6); — executing functional and life cycle processes (10.7); — performance evaluation and improvement (10.8); b) functional management processes for IT assets (not described in ISO/IEC 19770-1 in detail), which are cross-cutting processes that integrate with life-cycle processes for IT assets and which are shared with most IT management system standards, though sometimes slightly differently grouped; these include: — change management (11.2; also required by ISO/IEC 19770-1); — data management; — license management; — security management; — relationship and contract management; — financial management; — service level management; — other risk management; c) life cycle management processes for IT assets as specified in ISO/IEC 19770-1, which are grouped and named slightly differently by different methodologies; these include: — specification; — development; — acquisition; — release; — deployment; — operation; — retirement. This document is applicable to all ITAM implementations. This document can be applied to all types of IT assets and by all types and sizes of organizations.

  • Technical specification
    144 pages
    English language
    sale 15% off
ISO
ISO/IEC 20582:2025(Main)
Software and systems engineering — Capabilities of build and deployment tools

This document defines the requirements for capabilities of build and deployment tools to support and automate building, packaging, and deploying work. This document is intended for use in evaluating and selecting build and deployment tools according to the procedures defined in ISO/IEC 20741. This document is applicable to different development methodologies and approaches (e.g. Waterfall, Agile, or DevOps).

  • Standard
    32 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 33060:2025(Main)
Information technology — Process assessment — Process assessment model for system life cycle processes

This document defines a process assessment model for system life cycle processes, conformant with the requirements of ISO/IEC 33004, for use in performing a conformant assessment in accordance with the requirements of ISO/IEC 33002.

  • Technical specification
    65 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 33062:2025(Main)
Information technology — Process assessment — Process assessment model for quantitative processes to support higher levels of process capability in ISO/IEC 33020

This document defines a process assessment model for quantitative processes, conforming to the requirements of ISO/IEC 33004, for use in performing a process assessment in accordance with the requirements of ISO/IEC 33002.

  • Technical specification
    18 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-5-6-4:2025(Main)
Systems and software engineering — Life cycle profiles for very small entities (VSEs) — Part 5-6-4: Systems engineering guidelines for the generic Advanced profile

This document describes processes targeted at VSEs that want to sustain and grow as an independent competitive system development organization. This document provides management and engineering guidelines for the systems engineering Advanced profile of the generic profile group. This document is applicable to VSEs that do not develop critical systems and have little or no experience with systems engineering (SE) process planning and implementation using the ISO/IEC/IEEE 15288. This document is also applicable to VSEs which are familiar with the management and engineering guidelines of the systems engineering Intermediate profile (ISO/IEC TR 29110 5-6-3) for their system development projects and are involved in the development of more than one project in parallel with more than one work team.

  • Standard
    83 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-5-1-1:2025(Main)
Systems and software engineering — Life cycle profiles for very small entities (VSEs) — Part 5-1-1: Software engineering guidelines for the generic Entry profile

This document provides the management and engineering guidelines to the software Entry profile specified in ISO/IEC 29110-4-1 through project management and software implementation processes. This document applies to VSEs that do not develop safety-critical software. This document applies for software development projects, which can fulfil an external or internal agreement. This document applies to start-up VSEs (e.g. VSEs that started their operation less than three years ago) and/or VSEs working on small projects (e.g. projects with a size of less than six person-months).

  • Standard
    36 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-5-1-2:2025(Main)
Systems and software engineering — Life cycle profiles for very small entities (VSEs) — Part 5-1-2: Software engineering guidelines for the generic Basic profile

This document provides management and engineering guidelines to the software Basic profile specified in ISO/IEC 29110-4-1 through project management and software implementation processes. This document applies to VSEs that do not develop safety-critical software. This document applies for software development projects, which can fulfil an external or internal agreement. This document is applicable to VSEs developing a single product by a single work team.

  • Standard
    93 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 32430:2025(Main)
Software engineering — Software non-functional size measurement

This document defines a method for measuring the non-functional size of the software. It complements ISO/IEC 20926:2009, which defines a method for measuring the functional size of the software. This document also describes the complementarity of functional and non-functional sizes, so that deriving the sizes from the functional and the non-functional requirements does not result in duplication in the distinct functional and non-functional sizes. In general, there are many types of non-functional requirements. Moreover, non-functional requirements and their classification evolve over time as the technology advances. This document does not intend to define the type of NFR for a given context. Users can choose ISO 25010 or any other standard for the definition of NFR. It is assumed that users size the NFR based on the definitions they use. This document covers a subset of non-functional requirements. It is expected that, with time, the state of the art can improve and that potential future versions of this document can define an extended coverage. The ultimate goal is a version that, together with ISO/IEC 20926:2009, covers every aspect that can be required of any prospective piece of software, including aspects such as process and project directives that are hard or impossible to trace to the software's algorithm or data. The combination of functional and non-functional sizes would then correspond to the total size necessary to bring the software into existence. Estimating the cost, effort and duration of the implementation of the NFR is outside the scope of this document.

  • Standard
    71 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 29119-5:2024(Main)
Software and systems engineering — Software testing — Part 5: Keyword-driven testing

This document defines an efficient and consistent solution for keyword-driven testing by: — giving an introduction to keyword-driven testing; — providing a reference approach to implement keyword-driven testing; — defining requirements on frameworks for keyword-driven testing to enable testers to share their work items, such as test cases, test data, keywords, or complete test specifications; — defining requirements for tools that support keyword-driven testing; these requirements are applicable to any tool that supports the keyword-driven approach (e.g. test automation, test design and test management tools); — defining interfaces and a common data exchange format to ensure that tools from different vendors can exchange their data (e.g. test cases, test data and test results); — defining levels of hierarchical keywords, and advising use of hierarchical keywords; this includes describing specific types of keywords (e.g. keywords for navigation or for checking a value) and when to use "flat" structured keywords; — providing an initial list of example generic technical (low-level) keywords, such as "inputData" or "checkValue"; these keywords can be used to specify test cases on a technical level and can be combined to create business-level keywords as required. This document is applicable to all those who want to create keyword-driven test specifications, create corresponding frameworks, or build test automation based on keywords.

  • Standard
    55 pages
    English language
    sale 15% off