ISO/IEC 29110-5-2-1:2025

International
Standard
ISO/IEC
29110-5-2-1
First edition
Systems and software
2025-11
engineering — Life cycle profiles for
very small entities (VSEs) —
Part 5-2-1:
Organizational management
guidelines
Ingénierie des systèmes et du logiciel — Profils de cycle de vie
pour très petits organismes (TPO) —
Partie 5-2-1: Lignes directrices de gestion organisationnelle
Reference number
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3  Terms and definitions . 1
4  Naming, diagramming and definition convention . 1
4.1 General .1
4.2 Naming, diagramming and definition conventions .2
4.3 Abbreviations .3
5 Overview . 3
5.1 General .3
5.2 Entry conditions to use the organizational profile .3
5.3 Processes and activities of the organizational profile .4
6 Organizational management (OM) process . 5
6.1 OM process purpose .5
6.2 OM process outcomes .5
6.3 OM roles involved .5
6.4 OM activities and tasks .5
6.4.1 Overview of the OM process .5
6.4.2 OM activities .6
6.4.3 Incorporation to the organizational repository .9
7 Resource management (RM) process . 9
7.1 RM process purpose .9
7.2 RM process outcomes .9
7.3 RM roles involved . .10
7.4 RM activities and tasks .10
7.4.1 Overview of the RM process .10
7.4.2 RM activities .10
7.4.3 Incorporation to the organizational repository .14
8 Process management (PSM) process . 14
8.1 PSM process .14
8.2 PSM process outcomes . 15
8.3 PSM roles involved . 15
8.4 PSM activities and tasks . 15
8.4.1 Overview of the PSM process . 15
8.4.2 PSM activities .16
8.4.3 Incorporation to the organizational repository .21
9 Product portfolio management (PPM) process .21
9.1 PPM process .21
9.2 PPM process outcomes . 22
9.3 PPM roles involved . 22
9.4 PPM activities and tasks . 22
9.4.1 Overview of the PPM process . 22
9.4.2 PPM activities . 23
9.5 Incorporation to the organizational repository . 26
10 Description of roles .26
11 Description of work products .27
11.1 States of work products .27
11.2 Description of work products .27
12 Software tools . 41

© ISO/IEC 2025 – All rights reserved
iii
12.1 General .41
12.2 Organizational management process tools .41
12.3 Resource management process tools .42
12.4 Process management process tools .42
12.5 Product portfolio management process tools .42
Bibliography .43

© ISO/IEC 2025 – All rights reserved
iv
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Technical ISO/IEC JTC 1, Information technology, Subcommittee SC 7,
Software and systems engineering.
This first edition cancels and replaces ISO/IEC TR 29110-5-2-1:2016, which has been technically revised.
The main changes are as follows:
— major editorial changes were made to align this document with other parts in the ISO/IEC 29110 series;
— it has been clarified that this document can be used by VSEs that have at least one operational process
implemented by projects or by services;
— Annex A has been deleted as this document can be applied to any type of VSE that has at least one
operational process;
— Annex B has been deleted because the mapping to the base standards is made in ISO/IEC 29110-4-2.
A list of all parts in the ISO/IEC 29110 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2025 – All rights reserved
v
Introduction
0.1  Introduction to the ISO/IEC 29110 series
Very small entities (VSEs) around the world are creating valuable products and services. For the purpose
of the ISO/IEC 29110 series, a VSE is an enterprise, an organisation (e.g. government agency, non-profit
organisation), a department or a project having up to 25 people. Many VSEs develop and/or maintain systems
and the software components used in those systems, either as independent products or incorporated into
the larger system. Due to this a recognition of VSEs as suppliers of high-quality products is required.
According to the World Bank, small and medium-sized enterprises (SMEs) account for about 90 % of
enterprises worldwide. According to the Organisation for Economic Co-operation and Development (OECD),
SMEs represent 99 % of all businesses and generate about 60 % of employment. Almost one person out of
three is employed in a micro firm with less than 10 employees. The European Union reports that micro firms,
with fewer than 10 persons, account for 93,5 % of all enterprises and small firms, with 10 to 49 employees,
account for 5,5 % of all enterprises. The challenge facing governments is to provide a business environment
that supports the competitiveness of this large heterogeneous business population and that promotes a
vibrant entrepreneurial culture.
From studies and surveys conducted, the majority of International Standards did not address the needs of
VSEs. Implementation of and conformity with these standards was difficult, if not impossible.
Consequently, VSEs have no, or very limited, ways to be recognized as entities that produce quality systems/
system elements including software in their domain. Therefore, VSEs are excluded from some economic
activities.
It has been found that VSEs find it difficult to relate International Standards to their business needs and
to justify the effort required to apply standards to their business practices. Most VSEs can neither afford
the resources, in terms of number of employees, expertise, budget and time, nor do they see a net benefit in
establishing over-complex systems or software life cycle processes. To address some of these difficulties,
a set of guidelines has been developed based on a set of VSE characteristics. The guidelines are based on
subsets of appropriate standards processes, activities, tasks, and outcomes, referred to as profiles. The
purpose of a profile is to define a subset of International Standards relevant to the VSEs' context; for example,
processes, activities, tasks, and outcomes of ISO/IEC/IEEE 12207 for software; and processes, activities,
tasks, and outcomes of ISO/IEC/IEEE 15288 for systems; and information products (documentation) of
ISO/IEC/IEEE 15289 for software and systems.
VSEs can achieve recognition through implementing a profile and by being audited against ISO/IEC 29110
specifications.
The ISO/IEC 29110 series can be applied at any phase of system or software development within a life
cycle. The ISO/IEC 29110 series is intended to be used by VSEs that do not have experience or expertise in
adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 standards to the needs of a specific project.
VSEs that have expertise in adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 are encouraged
to use those standards instead of the ISO/IEC 29110 series.
The ISO/IEC 29110 series is intended to be used with any lifecycle such as: waterfall, iterative, incremental,
evolutionary or agile.
Systems, in the context of the ISO/IEC 29110 series, are typically composed of hardware and software
components.
The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software and/
or service quality, and process performance. Figure 1 describes the ISO/IEC 29110 series and positions the
parts within the framework of reference.

© ISO/IEC 2025 – All rights reserved
vi
Figure 1 — ISO/IEC 29110 series
ISO/IEC 29110-1-1 introduces processes, lifecycle and standardization concepts, the taxonomy (catalogue) of
ISO/IEC 29110 profiles and the ISO/IEC 29110 series. ISO/IEC 29110-1-1 also introduces the characteristics
and needs of a VSE, and clarifies the rationale for specific profiles, documents, standards and guidelines.
ISO/IEC 29110-1-2 defines the terms common to the ISO/IEC 29110 series. ISO/IEC 29110-1-1 and
ISO/IEC 29110-1-2 are targeted at VSEs and their customers, assessors, standards producers, tool vendors
and methodology vendors.
ISO/IEC 29110-2 introduces the concepts for systems and software engineering profiles for VSEs. It
establishes the logic behind the definition and application of profiles. For standardized profiles, it specifies
the elements common to all profiles (structure, requirements, conformance, assessment). For domain-
specific profiles (profiles that are not standardised and developed outside of the ISO process), it provides
general guidance adapted from the definition of standardised profiles. ISO/IEC 29110-2 is targeted at profile
producers, tool vendors and methodology vendors.
ISO/IEC 29110-3 defines certification schemes, assessment guidelines and compliance requirements for
process capability assessment, conformity assessments, and self-assessments for process improvements.
ISO/IEC 29110-3 also contains information that can be useful to developers of certification and assessment
methods and developers of certification and assessment tools. ISO/IEC 29110-3 is addressed to people
who have direct involvement with the assessment process, for example, the auditor, certification and
accreditation bodies and the sponsor of the audit, who need guidance on ensuring that the requirements
for performing an audit have been met. ISO/IEC 29110-3 is targeted at VSEs and their customers, assessors,
accreditation bodies.
© ISO/IEC 2025 – All rights reserved
vii
ISO/IEC 29110-4 provides the specifications for all generic profiles of the generic profile group that are based
on subsets of appropriate standards elements. ISO/IEC 29110-4 is targeted at VSEs, customers, standards
producers, tool vendors and methodology vendors.
ISO/IEC 29110-5 provides a management, engineering and service delivery guidelines for profiles of the
Generic profile group. ISO/IEC 29110-5 is targeted at VSEs and their customers.
ISO/IEC 29110-6 provides the specifications for specific profiles that are based on subsets of appropriate
standards elements. ISO/IEC 29110-6 is targeted at VSEs, customers, standards producers, tool vendors and
methodology vendors.
ISO/IEC 29110-7 provides a guideline for each profile of the specific profile group. ISO/IEC 29110-7 is
targeted at VSEs and their customers.
If a new profile is needed, ISO/IEC 29110-4 or ISO/IEC 29110-6 can be developed with minimal impact to
existing documents.
0.2  Introduction to this document
This document is intended to be used with any processes, techniques and methods that enhance the VSE's
customer satisfaction and productivity.
The life cycle processes described in the ISO/IEC 29110 series are not intended to preclude or discourage
their use by organizations larger than VSEs.
Using this document, a VSE can obtain the following benefits:
— formalizing and following its business strategy in a measurable and controlled way;
— controlling projects or services’ human and material resources;
— managing the generation and accomplishment of its projects or services;
— continuously improving its operational and administrative processes;
— continuously monitoring the customers satisfaction.
Conformity requirements for implementations of this document can be found in ISO/IEC 29110-4-2.

© ISO/IEC 2025 – All rights reserved
viii
International Standard ISO/IEC 29110-5-2-1:2025(en)
Systems and software engineering — Life cycle profiles for
very small entities (VSEs) —
Part 5-2-1:
Organizational management guidelines
1 Scope
This document provides management guidelines to the organizational profile specified in ISO/IEC 29110-4-2
through organizational management, product portfolio management, resource management and process
management processes.
This document applies to VSEs that develop software or works thru operating processes.
This document is intended to be used with any processes, techniques and methods that enhance the VSEs’
customer satisfaction and productivity.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 29110-1-2, Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part
1-2: Vocabulary
3  Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 29110-1-2 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
process map
document that defines the process elements and their connexions
3.2
product
project or service that is the result of a process
4  Naming, diagramming and definition convention
4.1 General
Conventions for naming, diagramming, describing and defining profiles are defined in ISO/IEC 29110-2-1.

© ISO/IEC 2025 – All rights reserved
4.2  Naming, diagramming and definition conventions
The following process structure description and notation are used to describe the processes:
Process name – process identifier, followed by its abbreviation in parentheses “( )”.
Process purpose – high level objective of performing the process and the likely outcomes of effective
implementation of the process.
Process outcomes – observable result of the successful achievement of the process purpose. Outcomes are
identified by the abbreviation of the process name, followed by the letter “O” and a consecutive number, for
example OM.O1, RM.O2.
Input work products – Work products (WP) which can be used to perform the process and its corresponding
source, which can be another process or an external entity to the process, such as the customer. Identified
by the abbreviation of the process name
Output work products – Work products generated by the process and its corresponding destination, which
can be another process or an external entity to the process, such as customer. Identified by the abbreviation
of the process name.
Internal work products – Work products generated (i.e. output work product) and consumed (i.e. input work
product) by the process. Identified by the abbreviation of the process name.
All work products’ names initiate with capital letters. Some work products should have one or more statuses
attached to the work product name surrounded by square brackets “[ ]” and separated by ”,”. The work
product state may change during the process execution. See Clause 11 for the alphabetical list of the work
products, its descriptions, possible states and the source of the work product. The source can be another
process or an external entity to the process, such as the customer.
Roles involved – Names and abbreviation of the functions to be performed by processes, projects or services
team members. Several roles may be played by a single person and one role may be assumed by several
persons. Roles are assigned to processes, projects or to services participants based on the characteristics
of the process, project or service. The role list is identified by the abbreviation of the process name and
showed as two column table. See Clause 10 for the alphabetical list of the roles and required competencies
description.
Diagram – Graphical representation of the processes. The large round-edged rectangles indicate process
or activities, and the smaller square-edged rectangles indicate the work products. The directional or
bidirectional thick arrows indicate the major flow of information between processes or activities. The thin
directional or bidirectional arrows indicate the input or output work products. The notation used in the
diagrams does not imply the use of any specific process lifecycle.
Activity – A set of cohesive tasks of a process. The task statements in this document are not imperative. A
process activity is the first level of process workflow decomposition, and the second one is a task. Activities
are identified by process name abbreviation followed by consecutive number and the activity name.
Activity description - Each activity description is identified by the activity name and the list of related
process outcomes surrounded by parentheses “( )”. For example, PSM.01 process management planning and
monitoring (PSM.O1, PSM.O5) means that the activity PSM.01 contributes to the achievement of the listed
process outcomes: PSM.01 and PSM.05.
Tasks description table contain four columns corresponding to:
— Role - the abbreviation of role(s) involved in the task execution.
— Task - description of the tasks to be performed. Each task is identified by activity ID and consecutive
number, for example PSM.01.01, PSM.01.02. A few numbered items are added to provide additional
information intended to assist the understanding or use of tasks.
— Input work products – work products needed to execute the task.

© ISO/IEC 2025 – All rights reserved
— Output work products – work products created or modified by the execution of the task.
NOTE 1 A conditional task is executed if its associated work product (e.g. software user documentation) is required
by the customer and listed in the delivery instructions. The conditional task statement is preceded with this text: " x)
Conditional task:".
Incorporation to the organizational repository – list of work products to be saved in organizational
repository; the organizational repository strategy should be applied to some of them.
NOTE 2 Tables used in process description are for presentation purpose only.
NOTE 3 The term ‘Basic’ is using a capital ‘B’ to indicate an ISO/IEC 29110 profile (e.g. the Basic profile) while the
term ‘basic’ is used when referring to the most important part of something (e.g. basic principles).
NOTE 4 A work product is baselined when it has been approved and uploaded in the repository.
4.3 Abbreviations
AS assessor
CUS customer
OM organizational management
PG planning group
PSMG process manager
PPMG product portfolio manager
PSM process management
PPM product portfolio management
PDM product manager
PO process owner
RM resource management
RRM resource manager
VSE very small entity
5 Overview
5.1 General
This document provides organizational management (OM), resource management (RM), process
management (PSM), and product portfolio management (PPM) processes which integrate tasks based on the
selection of elements from ISO/IEC/IEEE 12207, ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 15289.
This document is intended to be used by any VSE that needs to establish organizational processes to manage
at least one operating process.
5.2  Entry conditions to use the organizational profile
To use this guideline, a VSE needs to fulfil the following entry conditions:
— The VSE is already working with at least one operating process like those suggested by the Basic profiles
in the ISO/IEC 29110 series.
© ISO/IEC 2025 – All rights reserved
— The VSE knows and carries out its business but requires formalizing its management
— The VSE identifies the external or internal best practices sources (standards, models, methods and
techniques) and uses them as a basis for the process definition and improvement.
5.3  Processes and activities of the organizational profile
This document provides four processes: an organizational management (OM), resource management (RM),
process management (PSM), and product portfolio management (PPM) processes.
All the processes of the organizational profile are interrelated (see Figure 2).
Figure 2 — Process and activities of the organizational management profile
The OM process makes sure that value is delivered by the VSE to its customers though planning, organizing,
monitoring and controlling organizational activities. The RM process obtains and provides the organization
with the necessary resources. The PSM process establishes and improves the organizational processes. The
PPM process generates projects or implements services for the organization, provides technical content to
establish the products formal agreements, and supervises its performance, while monitoring the customer
satisfaction.
The OM process will generate the strategic plan that will guide the activities of the VSE.
The RM, PSM and the PPM processes receive the strategic plan as an input that will guide the activities of the VSE.
The RM process receives the resource request from all the processes, projects or services, analyses them
and assigns resources to the processes, projects or services according to the resource policies and/or
mechanisms.
The PSM process receives the process improvement suggestions from all the processes, analyses them
and applies suggestions to the processes to improve them. The process evaluation activity evaluates the
processes implementation finding strengths and weakness and coordinates the resolution of the weakness.
The PPM process receives the request for proposal form the customers, activates the accepted projects or
services and supervises the correct execution of these products.

© ISO/IEC 2025 – All rights reserved
6 Organizational management (OM) process
6.1 OM process purpose
The purpose of the organizational management process is to make sure that value is delivered by the VSE to
customer through planning, organising, monitoring and controlling organizational activities.
6.2 OM process outcomes
OM.O1. Establish or refine an appropriate value proposition and its corresponding business model
description.
OM.O2. Develop or revise objectives for the organization, based on the business model description, and
establish the strategies and resources necessary to support those objectives.
OM.O3. Measure the achievement of the objectives, identify deviations and control actions.
6.3 OM roles involved
The roles involved in the OM process are:
— organizational manager;
— planning group.
6.4 OM activities and tasks
6.4.1 Overview of the OM process
Figure 3 shows the flow of information between the organizational management process activities including
the most relevant work products and their relationship.
Figure 3 — Organizational management process

© ISO/IEC 2025 – All rights reserved
6.4.2 OM activities
6.4.2.1 General
The organizational management process should have the following activities:
— OM.01 Collect environmental information.
— OM.02 Develop the business model description and plan objectives and strategies.
— OM.03 Measure organizational results and control.
6.4.2.2 OM.01 Collect environmental information (contributes to OM.O1)
This activity makes sure the VSE has the necessary environmental information to plan with a solid basis.
The activity provides:
— a report with market information, technology trends and competitors’ information.
The task list for OM.01 is given in Table 1.
Table 1 — OM.01 task list
Roles Task List Input work products Output work products
OM OM.01.01 Collect information about market changes. Market information [ex- Environmental informa-
ternal] tion report [identified]
1) Review changes of consumer needs and habits — Market information
OM OM.01.02 Collect information about technology Technology trends [ex- Environmental informa-
trends. ternal] tion report [identified]
1) Review latest trends in information technology — Technology trends
solutions and other related technologies
OM OM.01.03 Collect information about competitors. Competitors information Environmental informa-
[external] tion report [identified]
1) Review important actions, market strategies
and product improvements
— Competitors
information
6.4.2.3 OM.02 Develop business model description and plan (contributes to OM.O2)
This activity generates the business model description and the strategic plan based on environmental
information and budget restrictions. The activity provides:
— the business model description and the strategic plan;
— a VSE risk analysis management plan to prevent possible risks.
The task list for OM.02 is given in Table 2.

© ISO/IEC 2025 – All rights reserved
Table 2 — OM.02 task list
Roles Task List Input work products Output work products
OM OM.02.01 Identify participants to the planning Process definition [created Strategic plan [created,
group. or updated] updated]
1) The first time the group is formed with the — Process owner — Planning group
main actors of the VSE
2) In subsequent times the group is formed with
each process responsible, including operational
processes
OM OM.02.02 Schedule planning sessions. Strategic plan [created, Planning agenda [creat-
updated] ed, updated]
PG
1) Schedule planning sessions — Planning group — Date
2) Identify resources and or services needed — Location
3) Acquire resources and services needed for the — Participants
sessions
— Resources and/or
services
OM OM 02.03 Establish budget restrictions. Financial information [cre- Budget restrictions [cre-
ated, updated] ated, updated]
OM OM.02.04 Develop or revise the business model Planning agenda [created] Business model descrip-
description. tion [created, updated]
PG
1) Identify target customer segments based on — Target customer
market information and technology trends
Environmental informa-
— Value proposition
tion report [identified]
2) Establish a value proposition identifying
— Customer channels
problems, needs and desires of customers
— Partners and
3) Identify the customer relationship type(s) and
suppliers
channel(s) to be established, including sales
channel(s)
— Key processes
4) Identify key partners and suppliers needed
— Key projects
to provide value to customers and the type of
relationship to be established with them
— Key services
5) Identify key processes, projects, services,
— Key resources
activities and resources needed to provide
value to customers, including those needed to
— Key functional areas
establish and maintain customer and partners
relationship
— Organizational
structure
6) Identify key functional areas and
organizational structure
OM OM.02.05 Develop or revise objectives for the VSE. Business model descrip- Strategic plan [created,
tion [created, updated] updated]
PG
1) Develop or revise the VSE’s mission, vision and — Mission
values. Budget restrictions [creat-
— Vision
ed, updated]
2) Establish middle and short-term objectives
— Values
for the VSE, with indicators and goals for each
indicator, including sales and quality objectives,
— Objectives
based on the business model description.

© ISO/IEC 2025 – All rights reserved
TTabablele 2 2 ((ccoonnttiinnueuedd))
Roles Task List Input work products Output work products
OM OM.02.06 Establish the strategic plan for the VSE. Business model descrip- Strategic plan [created,
tion [created, updated] updated]
PG
1) Establish processes, internal projects or — Required processes
services, and functional areas needed for the
— Required internal
achievement of the objectives of the VSE.
Budget restrictions [creat-
projects
ed, updated]
2) Establish purpose, objectives, indicators and

— Required internal
goals for each process, project, service and

services
functional area, aligned with the objectives of
Strategic plan [created,
the VSE.
— Required functional
updated]
areas
3) Establish resources needed for each process,
project, service and functional area.
— Objectives
relationship table
4) Establish customer strategy.
5) Establish budget. — Vision — Customer strategy
— Objectives — Budget
OM OM.02.07 Analyse business risks. Business model descrip- VSE risk management
tion [created, updated] plan [created, updated]
PG
1) Identify risks that could interfere in the

achievement of the objectives of the VSE.

2) Assign probability and impact for each risk.
Strategic plan [created,
updated]
3) Establish mitigation actions and contingency
plans for each risk.
4) Assign responsibility for each risk.
6.4.2.4 OM.03 Measure organizational results and control (contributes to OM.O3)
This activity reviews reports from resource management, process management and product portfolio
management processes, and establishes corrective actions. If is necessary, adjust the strategic plan based on
the VSE improvements proposals. The activity provides:
— review of reports from RM, PSM and PPM processes;
— corrective actions.
The task list for OM.03 is given in Table 3.

© ISO/IEC 2025 – All rights reserved
Table 3 — OM.03 task list
Roles Task List Input work products Output work products
OM OM.03.01 Review the resource report. Resource report [created, Correction register [cre-
updated] ated, updated]
RRM
1) Periodically evaluate the achievement of

objectives related to resources. If needed,
establish actions to correct deviations or Strategic plan [created, Strategic plan [updated]
problems. updated]
2) Generate or update correction register and track
them to closure
3) If necessary, adjust the strategic plan based on
the resource report results
OM OM.03.02 Review the process progress report. Process progress report Correction register [cre-
[created, updated] ated, updated]
PSMG
1) Evaluate periodically the achievement of

objectives of the VSE related to processes. If
Strategic plan [created, Strategic plan [updated]
needed, establish actions to correct deviations
updated]
or problems.
2) Generate or update correction register and track
them to closure
3) If necessary, adjust the strategic plan of the VSE
based on the process progress report results
OM OM.03.02 Review the product portfolio report. Product portfolio report Correction register [cre-
[created, updated] ated, updated]
PPMG
1) Evaluate periodically the achievement of

objectives related to projects or services. If
needed, establish actions to correct deviations Strategic plan [updated]
or problems.
Strategic plan [created,
updated]
2) Generate or update correction register and track
them to closure.
3) If necessary, adjust the strategic plan accordingly
to the product portfolio report results.
6.4.3 Incorporation to the organizational repository
After the incorporation of the work products to organizational repository, an organizational repository
strategy should be applied. The list of work products to be saved in the organizational repository are:
— business model description;
— strategic plan;
— correction register;
— planning agenda;
— environmental information report.
7 Resource management (RM) process
7.1 RM process purpose
The purpose of resource management process is to obtain and provide the VSE with the necessary resources.
7.2 RM process outcomes
RM.O1. Define human resources and infrastructure policies to support the organization, projects or services.

© ISO/IEC 2025 – All rights reserved
RM.O2. Respond to organization and project or services requests for resources according to defined policies.
RM.O3. Monitor resource acquisition activities, human resources, training and infrastructure maintenance.
corrections to remediate problems are taken when requirements are not satisfied.
7.3 RM roles involved
The roles involved in the RM process are:
— organizational manager;
— resource manager;
— process manager;
— product portfolio manager.
7.4 RM activities and t
...