ISO/IEC/IEEE 24748-1:2024

International
Standard
ISO/IEC/IEEE
24748-1
Second edition
Systems and software
2024-03
engineering — Life cycle
management —
Part 1:
Guidelines for life cycle
management
Ingénierie des systèmes et du logiciel — Gestion du cycle de vie —
Partie 1: Lignes directrices pour la gestion du cycle de vie
Reference number © ISO/IEC 2024
© ISO/IEC 2024
© IEEE 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO or IEEE at the
respective address below or ISO’s member body in the country of the requester.
ISO copyright office Institute of Electrical and Electronics Engineers, Inc
CP 401 • Ch. de Blandonnet 8 3 Park Avenue, New York
CH-1214 Vernier, Geneva NY 10016-5997, USA
Phone: +41 22 749 01 11
Email: copyright@iso.org Email: stds.ipr@ieee.org
Website: www.iso.org Website: www.ieee.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
ii
Contents Page
Foreword .v
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Life cycle-related concepts .11
4.1 General .11
4.2 System concepts .11
4.2.1 General .11
4.2.2 Systems . 12
4.2.3 System structure . 12
4.2.4 Enabling systems . 13
4.3 Life cycle concepts . 15
4.3.1 System life cycle model . 15
4.3.2 System life cycle stages .18
4.3.3 Stages in a SoI and its enabling systems .19
5 Life cycle stages .20
5.1 General . 20
5.2 Concept stage .21
5.2.1 Overview .21
5.2.2 Purpose . 22
5.2.3 Outcomes . 22
5.3 Development stage . 23
5.3.1 Overview . 23
5.3.2 Purpose . 23
5.3.3 Outcomes . 23
5.4 Production stage .24
5.4.1 Overview .24
5.4.2 Purpose .24
5.4.3 Outcomes .24
5.5 Utilization stage .24
5.5.1 Overview .24
5.5.2 Purpose . 25
5.5.3 Outcomes . 25
5.6 Support stage . 25
5.6.1 Overview . 25
5.6.2 Purpose . 25
5.6.3 Outcomes . 26
5.7 Retirement stage. 26
5.7.1 Overview . 26
5.7.2 Purpose . 26
5.7.3 Outcomes . 26
6 Life cycle model adaptation.27
6.1 General .27
6.2 Adaptation sequence .27
6.2.1 General .27
6.2.2 Identification of the project environment and characteristics .27
6.2.3 Solicitation of inputs . 28
6.2.4 Selection of appropriate standards . 28
6.2.5 Selection of development approach . 28
6.2.6 Selection of life cycle model . 29
6.2.7 Selection of process model . 29
6.2.8 Documentation of decisions and rationale . 29

© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
iii
6.3 Life cycle model adaptation guidance . 29
6.3.1 General . 29
6.3.2 Scope adaptation . 30
6.3.3 Stage adaptation . 30
6.3.4 Life cycle model adaptation for domains, disciplines and specialties . 30
6.4 Evaluation-related activities . 33
7 Relationship with detailed process standards .34
Annex A (informative) Process concepts .36
Annex B (informative) Organizational concepts .49
Annex C (informative) Project concepts . 51
Annex D (informative) Process views .56
Annex E (informative) Guidance on development approaches and build planning .66
Annex F (informative) Candidate joint stakeholder reviews .69
Annex G (informative) Problem reporting capability.72
Bibliography . 74
IEEE notices and abstract .77

© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
iv
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating
Committees of the IEEE Standards Association (IEEE-SA) Standards Board. The IEEE develops its standards
through a consensus development process, approved by the American National Standards Institute, which
brings together volunteers representing varied viewpoints and interests to achieve the final product.
Volunteers are not necessarily members of the Institute and serve without compensation. While the IEEE
administers the process and establishes rules to promote fairness in the consensus development process,
the IEEE does not independently evaluate, test, or verify the accuracy of any of the information contained in
its standards.
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, SC 7,
Software and systems engineering, in cooperation with the Systems and Software Engineering Standards
Committee of the IEEE Computer Society, under the Partner Standards Development Organization
cooperation agreement between ISO and IEEE.
This second edition cancels and replaces the first edition (ISO/IEC/IEEE 24748-1:2018), which has been
technically revised.
The main changes are as follows:
— added system of systems topics based on ISO/IEC/IEEE 21839, ISO/IEC/IEEE 21840 and
ISO/IEC/IEEE 21841;
— added references for interfacing and interoperating systems and general updates from
ISO/IEC/IEEE 15288:2023;
— added more recent life cycle models such as DEVOPS.
A list of all parts in the ISO/IEC/IEEE 24748 series can be found on the ISO and IEC websites.

© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
v
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
vi
Introduction
The purpose of this document is to facilitate the use of the process content of ISO/IEC/IEEE 15288 and
ISO/IEC/IEEE 12207, by providing unified and consolidated guidance on life cycle management of systems
and software. This is to help ensure consistency in system concepts and life cycle concepts, models, stages,
processes, process application, key points of view, adaptation and use in various domains as the two
International Standards are used in combination. That in turn helps a project team design a life cycle model
for the system-of-interest to facilitate managing the progress of their project. Hence, ISO/IEC/IEEE 15288
and ISO/IEC/IEEE 12207 are the documents that apply the concepts found in this document to specific
processes.
NOTE ISO/IEC/IEEE 16326 and ISO/IEC/IEEE 24641 also apply the concepts found in this document, in the
process context for project management and model-based approaches respectively.
This document also aids in identifying and planning use of life cycle processes described in
ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207 that enable the project to be completed successfully, meeting
its objectives/requirements for each stage and for the overall project.
There is also increasing recognition of the importance of helping to ensure that all life cycle stages and all
aspects within each stage are supported with thorough guidance to enable alignment with any process
documents that can be created later that focus on areas besides systems and software, including hardware,
humans, data, processes (e.g. review process), procedures (e.g. operator instructions), facilities and naturally
occurring entities (e.g. water, organisms, minerals).
By addressing these needs specifically in this document, the users of the process-focused ISO/IEC/IEEE 12207
and ISO/IEC/IEEE 15288 benefit not only from having one complementary document that addresses the
management of life cycles of systems that provide products or services, but also from a framework that links
life cycle management aspects to more than just the systems or software aspects of products or services.
Additional discussion for system of systems can be found in ISO/IEC/IEEE 21839, ISO/IEC/IEEE 21840 and
ISO/IEC/IEEE 21841.
In the context of this document, ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207, there is a continuum of
human-made systems from those that use little to no software to those in which software is the primary
interest. When software is the predominant system or element of interest, ISO/IEC/IEEE 12207 should be
used. Both documents have the same process model, share most activities and tasks and differ primarily in
descriptive notes. The determination of the applicability of ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207
should be decided by the nature of the system and its enabling systems. Often, a mixed tailoring of each
standard can be appropriate.
ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207 also have published guidance documents
(ISO/IEC/IEEE 24748-2 and ISO/IEC/IEEE 24748-3), respectively, to support use of the two International
Standards individually.
© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
vii
International Standard ISO/IEC/IEEE 24748-1:2024(en)
Systems and software engineering — Life cycle
management —
Part 1:
Guidelines for life cycle management
1 Scope
This document provides guidance for the life cycle management of systems and software, complementing
the processes described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207. This document:
— addresses systems concepts and life cycle concepts, models, stages, processes, process application, key
points of view, adaptation and use in various domains and by various disciplines;
— establishes a common framework for describing life cycles, including their individual stages, for the
management of projects that provide or acquire either products or services;
— defines the concept of a life cycle;
— supports the use of the life cycle processes within an organization or a project; organizations and projects
can use these life cycle concepts when acquiring and supplying either products or services;
— provides guidance on adapting a life cycle model and the content associated with a life cycle or a part of
a life cycle;
— describes the relationship between life cycles and their use in applying the processes in ISO/IEC/IEEE 15288
(systems aspects) and ISO/IEC/IEEE 12207 (software systems aspects);
— shows the relationships of life cycle concepts to the hardware, human, services, process, procedure,
facility and naturally occurring entity aspects of projects;
— describes how its concepts relate to detailed process standards, for example, in the areas of measurement,
project management, risk management and model-based systems and software engineering.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO, IEC and IEEE maintain terminology databases for use in standardization at the following addresses:
— IEC Electropedia: available at https:// www .electropedia .org/
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEEE Standards Dictionary Online: available at https:// dictionary .ieee .org/
NOTE Definitions for other system and software engineering terms can be found in ISO/IEC/IEEE 24765, available
at www .computer .org/ sevocab.

© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
3.1
acquirer
stakeholder (3.49) that acquires or procures a system (3.51), product (3.33) or service (3.45) from a supplier (3.50)
Note 1 to entry: Other terms commonly used for an acquirer are buyer, customer (3.13), owner, purchaser, or internal/
organizational sponsor.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.1]
3.2
acquisition
process (3.30) of obtaining a system (3.51), product (3.33) or service (3.45)
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.2]
3.3
activity
set of cohesive tasks (3.56) of a process (3.30)
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.3]
3.4
agile
development approach based on iterative development, frequent inspection and adaptation, and incremental
deliveries in which requirements (3.39) and solutions evolve through collaboration in cross-functional teams
and through continual stakeholder (3.49) feedback
[SOURCE: ISO/IEC/IEEE 26515:2018, 3.1, modified — The defined term has been changed from "agile
development" to "agile"; note 1 to entry has been removed.]
3.5
agreement
mutual acknowledgement of terms and conditions under which a working relationship is conducted
EXAMPLE Contract, memorandum of agreement.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.4]
3.6
architecture
fundamental concepts or properties of a system (3.51) in its environment (3.18) and governing principles for
the realization and evolution of this system and its related life cycle (3.24) processes (3.30)
[SOURCE: ISO/IEC/IEEE 42020:2019, 3.3, modified — "entity" has been replaced with "system"; notes to
entry have been removed.]
3.7
artefact
work product (3.33) that is produced and used during a project to capture and convey information
[SOURCE: ISO 19014-4:2020, 3.9, modified — The definition has been made singular.]
3.8
audit
independent examination of a work product (3.33) or set of work products to assess compliance with
specifications, standards, contractual agreements (3.5), or other criteria
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.7]

© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
3.9
baseline
formally approved version of a configuration item (3.12), regardless of media, formally designated and fixed
at a specific time during the configuration item's life cycle (3.24)
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.8]
3.10
concept of operations
verbal and graphic statement, in broad outline, of an organization’s (3.28) assumptions or intent in regard to
an operation or series of operations of new, modified, or existing organizational systems (3.51)
Note 1 to entry: The concept of operations frequently is embodied in long-range strategic plans and annual operational
plans. In the latter case, the concept of operations in the plan covers a series of connected operations to be carried out
simultaneously or in succession to achieve an organizational performance objective. See also operational concept (3.26).
Note 2 to entry: The concept of operations provides the basis for bounding the operating space, system capabilities,
interfaces (3.22) and operating environment (3.18).
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.9]
3.11
concern
matter of interest or importance to a stakeholder (3.49)
Note 1 to entry: A concern pertains to any influence on a system (3.51) in its environment (3.18), including
developmental, technological, business, operational, organizational, political, economic, legal, regulatory, ethical,
ecological and social influences.
[SOURCE: ISO/IEC/IEEE 42020:2019, 3.8, modified — EXAMPLE has been removed; note 1 to entry has
been added.]
3.12
configuration item
item or aggregation of hardware, software, or both, that is designated for configuration management and
treated as a single entity in the configuration management process (3.30)
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.11]
3.13
customer
organization (3.28) or person that receives a product (3.33) or service (3.45)
EXAMPLE Consumer, client, user (3.60), acquirer (3.1), buyer, or purchaser.
Note 1 to entry: A customer can be internal or external to the organization.
[SOURCE: ISO /IEC/IEEE 15288:2023, 3.12]
3.14
design, noun
specification of system elements (3.52) and their relationships, that is sufficiently complete to support a
compliant implementation of the architecture (3.6)
Note 1 to entry: Design provides the detailed implementation-level physical structure, behaviour, temporal
relationships and other attributes of system elements.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.13]

© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
3.15
design characteristics
design attributes or distinguishing features that pertain to a measurable description of a product (3.33) or
service (3.45)
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.14]
3.16
DevOps
development and operations
set of principles and practices which enable better communication and collaboration between relevant
stakeholders (3.49) for the purpose of specifying, developing, and operating software and systems (3.51),
products (3.33) and services (3.45), and continuous improvements in all aspects of the life cycle (3.24)
Note 1 to entry: Extensions include DevSecOps which addresses concerns (3.11) related to security (3.44) throughout
development and operations.
[SOURCE: ISO/IEC/IEEE 32675:2022, 3.1, modified —Note 1 to entry has been added.]
3.17
enabling system
system (3.51) that supports a system-of-interest (3.53) during its life cycle (3.24) stages (3.48) but does not
necessarily contribute directly to its function during operation
EXAMPLE Production-enabling system, which is required when a system-of-interest enters the production stage.
Note 1 to entry: Each enabling system has a life cycle of its own.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.15, modified — The second sentence of note 1 to entry has been
removed.]
3.18
environment
context determining the setting and circumstances of all influences upon a system (3.51)
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.16]
3.19
incident
anomalous or unexpected event, set of events, condition, or situation at any time during the life cycle (3.24)
of a project (3.34), product (3.33), service (3.45), or system (3.51)
Note 1 to entry: An incident is elevated and treated as a problem (3.29) when the cause of the incident needs to be
analysed and corrected to prevent reoccurrence to avoid or minimise loss of life, or damage of property or natural
resources.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.17]
3.20
information item
separately identifiable body of information that is produced, stored, and delivered for human use
[SOURCE: ISO/IEC/IEEE 15289:2019, 3.1.12, modified — The preferred term “information product” has been
removed; notes to entry have been removed.]
3.21
iteration
repeating the application of the same process (3.30) or set of processes on the same level of the
system (3.51) structure
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.28]

© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
3.22
interface
point at which two or more logical, physical, or both, system elements (3.52) or software system elements
meet and act on or communicate with each other
[SOURCE: ISO/IEC/IEEE 24748-6:2023, 3.1.3]
3.23
interoperating system
system (3.51) that exchanges information with the system-of-interest (3.53) and uses the information that
has been exchanged
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.20]
3.24
life cycle
evolution of a system (3.51), product (3.33), service (3.45), project (3.34) or other human-made entity from
conception through retirement (3.41)
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.21]
3.25
life cycle model
framework of processes (3.30) and activities (3.3) concerned with the life cycle (3.24) which can be organized
into stages (3.48), acting as a common reference for communication and understanding
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.22]
3.26
operational concept
verbal and graphic statement of an organization’s (3.28) assumptions or intent in regard to an operation or
series of operations of a specific system (3.51) or a related set of new, existing or modified systems
Note 1 to entry: The operational concept is designed to give an overall picture of the operations using one or more
specific systems or set of related systems, in the organization’s operational environment (3.18) from the users’ (3.60)
and operators’ (3.27) perspective. See also concept of operations (3.10).
Note 2 to entry: The operational concept is about systems, while a concept of operations typically refers to
organizations.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.23]
3.27
operator
individual or organization (3.28) that performs the operations of a system (3.51)
Note 1 to entry: The role of operator and the role of user (3.60) may be vested, simultaneously or sequentially, in the
same individual or organization.
Note 2 to entry: An individual operator combined with knowledge, skills and procedures can be considered as an
element of the system.
Note 3 to entry: An operator may perform operations on a system that is operated, or of a system that is operated,
depending on whether or not operating instructions are placed within the system boundary.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.24]
3.28
organization
person or group of people that has its own functions with responsibilities, authorities and relationships to
achieve its objectives
EXAMPLE Company, corporation, firm, enterprise, manufacturer, institution, charity, sole trader, association, or
parts or combination thereof.
© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
[SOURCE: ISO 9000:2015, 3.2.1, modified — Notes to entry have been removed; EXAMPLE has been added.]
3.29
problem
difficulty, uncertainty, or otherwise realized and undesirable event, set of events, condition, or situation that
requires investigation and corrective action
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.26]
3.30
process
set of interrelated or interacting activities (3.3) that transforms inputs into outputs
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.27]
3.31
process outcome
observable result of the successful achievement of the process purpose (3.32)
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.30]
3.32
process purpose
high-level objective of performing the process (3.30) and the likely outcomes of effective implementation of
the process
Note 1 to entry: The purpose of implementing the process is to provide benefits to the stakeholders (3.49).
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.29, modified — The term "high-level" has been hyphenated.]
3.33
product
output of an organization (3.28) that can be produced without any transaction taking place between the
organization and the customer (3.13)
Note 1 to entry: The dominant element of a product is that it is generally tangible.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.32]
3.34
project
endeavour with defined start and finish criteria undertaken to create a product (3.33) or service (3.45) in
accordance with specified resources (3.40) and requirements (3.39)
Note 1 to entry: A project is sometimes viewed as a unique process (3.30) comprising co-coordinated and controlled
activities (3.3) and composed of activities from the technical management (3.58) and technical processes defined in
ISO/IEC/IEEE 12207 and ISO/IEC/IEEE 15288.
Note 2 to entry: Continuous development approaches such as agile (3.4) and DevOps (3.16) can use different
terminology for the creation of product and services.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.33, modified — Note 1 to entry has been updated to reference
ISO/IEC/IEEE 12207 and ISO/IEC/IEEE 15288.]
3.35
qualification
process (3.30) of demonstrating whether an entity is capable of fulfilling specified requirements (3.39)
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.39]

© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
3.36
quality characteristic
inherent characteristic of a product (3.33), service (3.45), process (3.30), or system (3.51) related to a
requirement (3.39)
[SOURCE: ISO 9000:2015, 3.10.2, modified — "an object" has been replaced with "a product, service, process,
or system"; notes to entry have been removed.]
3.37
quality management
coordinated activities to direct and control an organization (3.28) with regard to quality
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.42]
3.38
recursion
repeating the application of the same process (3.30)
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.31]
3.39
requirement
statement that translates or expresses a need and its associated constraints and conditions
[SOURCE: ISO/IEC/IEEE 29148:2018, 3.1.19, modified — Notes to entry have been removed.]
3.40
resource
asset that is utilised or consumed during the execution of a process (3.30)
Note 1 to entry: Resource includes diverse entities, such as funding, personnel, facilities, capital equipment, tools and
utilities, such as power, water, fuel and communication infrastructures.
Note 2 to entry: Resources include those that are reusable, renewable or consumable.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.37]
3.41
retirement
withdrawal of active support by the operation and maintenance organization (3.28), partial or
total replacement by a new system (3.51), installation of an upgraded system, or final decommissioning and
disposal
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.38]
3.42
risk
effect of uncertainty on objectives
Note 1 to entry: An effect is a deviation from the expected -- positive or negative. A positive effect is also known as an
opportunity.
Note 2 to entry: Objectives can have different aspects [such as financial, health and safety (3.43), and environmental
goals] and can apply at different levels (such as strategic, organization-wide, project, product and process).
Note 3 to entry: Risk is often characterized by reference to potential events and consequences, or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes
in circumstances) and the associated likelihood of occurrence.
Note 5 to entry: Uncertainty is the state, even partial, of deficiency of information related to understanding or
knowledge of an event, its consequence, or likelihood.
[SOURCE: ISO Guide 73:2009, 1.1, modified — The last sentence in note 1 to entry has been added.]

© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
3.43
safety
expectation that a system (3.51) does not, under defined conditions, lead to a state in which human life,
health, property, or the environment (3.18) is endangered
Note 1 to entry: The term is alternately defined as freedom from risks (3.42) that are not tolerable.
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.48, modified — Note 1 to entry has been added.]
3.44
security
protection against intentional subversion or forced failure, containing a composite of four attributes:
confidentiality, integrity, availability, and accountability, plus aspects of a fifth, usability, all of which have
the related issue of their assurance
Note 1 to entry: Security includes authenticity, accountability, confidentiality, integrity, availability, non-repudiation,
and reliability, all of which have the related issue of their assurance.
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.49, modified — Note 1 to entry has been added.]
3.45
service
output of an organization (3.28) with at least one activity (3.3) necessarily performed between the
organization and the customer (3.13)
Note 1 to entry: The dominant elements of a service are generally intangible.
Note 2 to entry: A service is coherent, discrete and can be composed of other services.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.42]
3.46
software item
source code, object code, control code, control data, or a collection of these items
Note 1 to entry: A software item can be viewed as a system element (3.52) of ISO/IEC/IEEE 12207 and of
ISO/IEC/IEEE 15288. Software items are typically configuration items (3.12).
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.53, modified — Note 1 to entry has been updated to reference
ISO/IEC/IEEE 12207 and ISO/IEC/IEEE 15288.]
3.47
software product
set of computer programs, procedures, and possibly associated documentation and data
Note 1 to entry: A software product is a software system (3.51) viewed as the output [product (3.33)] resulting from a
process (3.30).
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.54]
3.48
stage
period within the life cycle (3.24) of an entity that relates to the state of its description or realization
Note 1 to entry: As used in this document, stages relate to major progress and achievement milestones of the entity
through its life cycle.
Note 2 to entry: Stages often overlap.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.43]

© ISO/IEC 2024 – All rights reserved
© IEEE 2024 – All rights reserved
3.49
stakeholder
individual or organization (3.28) having a right, share, claim, or interest in a system (3.51) or in its possession
of characteristics that meet their needs and expectations
EXAMPLE End users (3.60), end user organizations, supporters, developers, customers (3.13), producers, trainers,
maintainers, disposers, acquirers (3.1), suppliers (3.50), regulatory bodies, and people influenced positively or
negatively by a system.
Note 1 to entry: Some stakeholders can have interests that oppose each other or oppose the system.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.44]
3.50
supplier
organization (3.28) or an individual that enters into an agreement (3.5) with the acquirer (3.1) for the supply
of a product (3.33) or service (3.45)
Note 1 to entry: Other terms commonly used for supplier are contractor, producer, seller or vendor.
Note 2 to entry: The acquirer and the supplier sometimes are part of the same organization.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.45]
3.51
system
arrangement of parts or elements that together exhibit a stated behaviour or meaning that the individual
constituents do not
Note 1 to entry: A system is sometimes considered as a product (3.33) or as the services (3.45) it provides.
Note 2 to entry: In practice, the interpretation of its meaning is frequently clarified by the use of an associative noun,
e.g. aircraft system. Alternatively, the word “system” is substituted simply by a context-dependent synonym, e.g.
aircraft, though this potentially obscures a system principles perspective.
Note 3 to entry: A complete system includes all of the associated equipment, facilities, material, computer programs,
firmware, technical documentation, services and personnel required for operations and support to the degree
necessary for self-sufficient use in its intended environment (3.18).
[SOURCE: ISO/
...