ISO/IEC 29110-4-3:2018

INTERNATIONAL ISO/IEC
STANDARD 29110-4-3
First edition
2018-09
Systems and software engineering —
Lifecycle profiles for very small
entities (VSEs) —
Part 4-3:
Service delivery — Profile
specification
Ingénierie des systèmes et du logiciel — Profils de cycle de vie pour
très petits organismes (TPO) —
Partie 4-3: Prestation de services — Spécification de profil
Reference number
©
ISO/IEC 2018
© ISO/IEC 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2018 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
1.1 Fields of application . 1
1.2 Target audience . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Abbreviated terms . 7
5 Conformance . 8
6 Work unit requirements for the Service Delivery profile . 8
6.1 General . 8
6.2 Governance (GO) process . 9
6.3 Service Control (CO) process .10
6.4 Service Relationship (RE) process .10
6.5 Service Incident (IN) process .10
7 Work product requirements for the Service Delivery profile .11
7.1 General .11
7.2 Governance (GO) work products .11
7.3 Service Control (CO) work products .14
7.4 Service Relationship (RE) work products .18
7.5 Service Incident (IN) work products .19
Annex A (informative) Service Delivery requirements imported from base standards .21
Annex B (informative) Service Delivery Guidelines requirements traceability mapping .49
Annex C (informative) Service delivery audit checklist .61
Annex D (informative) Mapping of ISO/IEC 29110-4-3 to ISO/IEC 20000-1:2011 .64
Bibliography .67
© ISO/IEC 2018 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso
.org/iso/foreword .html.
This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
A list of all parts in the ISO/IEC 29110 series is available on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at https: //www .iso .org/members .html.
iv © ISO/IEC 2018 – All rights reserved

Introduction
Very Small Entities (VSEs) around the world are creating valuable products and services. For the
purpose of ISO/IEC 29110, a Very Small Entity (VSE) is an enterprise, an organization, a department
or a project having up to 25 people. Since many VSEs develop and/or maintain system and software
components used in systems, either as independent products or incorporated in larger systems, a
recognition of VSEs as suppliers of high quality products is required.
According to the Organization for Economic Co-operation and Development (OECD) SME and
Entrepreneurship Outlook report (2005), ”Small and Medium Enterprises (SMEs) constitute the
dominant form of business organization in all countries world-wide, accounting for over 95 % and
up to 99 % of the business population depending on country”. The challenge facing governments
and economies is to provide a business environment that supports the competitiveness of this large
heterogeneous business population and that promotes a vibrant entrepreneurial culture.
From studies and surveys conducted, it is clear that the majority of International Standards do not
address the needs of VSEs. Implementation of and conformance with these standards is difficult, if not
impossible. Consequently, VSEs have no, or very limited, ways to be recognized as entities that produce
quality systems/system elements including software in their domain. Therefore, VSEs are excluded
from some economic activities.
It has been found that VSEs find it difficult to relate International Standards to their business needs
and to justify the effort required to apply standards to their business practices. Most VSEs can neither
afford the resources, in terms of number of employees, expertise, budget and time, nor do they see a
net benefit in establishing over-complex systems or software life cycle processes. To address some of
these difficulties, a set of guides has been developed based on a set of VSE characteristics. The guides
are based on subsets of appropriate standards processes, activities, tasks and outcomes, referred to as
Profiles. The purpose of a profile is to define a subset of International Standards relevant to the VSEs'
context; for example, processes, activities, tasks and outcomes of ISO/IEC/IEEE 12207 for software; and
processes, activities, tasks and outcomes of ISO/IEC/IEEE 15288 for systems; and information products
(documentation) of ISO/IEC/IEEE 15289 for software and systems.
VSEs can achieve recognition through implementing a profile and by being audited against ISO/
IEC 29110 specifications.
The ISO/IEC 29110 series of standards and technical reports can be applied at any phase of system or
software development within a life cycle. This series of standards and technical reports is intended to
be used by VSEs that do not have experience or expertise in adapting/tailoring ISO/IEC/IEEE 12207 or
ISO/IEC/IEEE 15288 standards to the needs of a specific project. VSEs that have expertise in adapting/
tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 are encouraged to use those standards instead of
ISO/IEC 29110.
ISO/IEC 29110 is intended to be used with any lifecycle such as: waterfall, iterative, incremental,
evolutionary or agile.
Systems, in the context of ISO/IEC 29110, are typically composed of hardware and software components.
The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software
and/or service quality and process performance. See Table 1.
© ISO/IEC 2018 – All rights reserved v

Table 1 — ISO/IEC 29110 target audience
ISO/IEC 29110 Title Target audience
ISO/IEC 29110-1 Overview VSEs and their customers, assessors, stand-
ards producers, tool vendors and methodol-
ogy vendors.
ISO/IEC 29110-2 Framework for profile Profile producers, tool vendors and methodol-
preparation ogy vendors.
Not intended for VSEs.
ISO/IEC 29110-3 Certification and assessment VSEs and their customers, assessors, accredi-
guidance tation bodies.
ISO/IEC 29110-4 Profile specifications VSEs, customers, standards producers, tool
vendors and methodology vendors.
ISO/IEC 29110-5 Management, engineering and VSEs and their customers.
service delivery guides
If a new profile is needed, ISO/IEC 29110-4 and ISO/IEC TR 29110-5 can be developed with minimal
impact to existing documents.
ISO/IEC 29110-1 defines the terms common to the ISO/IEC 29110 series. It introduces processes,
lifecycle and standardization concepts, the taxonomy (catalogue) of ISO/IEC 29110 profiles and the ISO/
IEC 29110 series. It also introduces the characteristics and needs of a VSE and clarifies the rationale for
specific profiles, documents, standards and guides.
ISO/IEC 29110-2 introduces the concepts for systems and software engineering profiles for VSEs. It
establishes the logic behind the definition and application of profiles. For standardized profiles, it
specifies the elements common to all profiles (structure, requirements, conformance, assessment). For
domain-specific profiles (profiles that are not standardized and developed outside of the ISO process),
it provides general guidance adapted from the definition of standardized profiles.
ISO/IEC 29110-3 defines certification schemes, assessment guidelines and compliance requirements for
process capability assessment, conformity assessments and self-assessments for process improvements.
ISO/IEC 29110-3 also contains information that can be useful to developers of certification and
assessment methods and developers of certification and assessment tools. ISO/IEC 29110-3 is addressed
to people who have direct involvement with the assessment process, e.g. the auditor, certification and
accreditation bodies and the sponsor of the audit, who need guidance on ensuring that the requirements
for performing an audit have been met.
ISO/IEC 29110-4-m provides the specification for all profiles in one profile group (a profile group may
contain a single profile or multiple profiles). A profile is specified in terms of requirements imported
from appropriate
...