ISO/IEC 29110-4-2:2021

INTERNATIONAL ISO/IEC
STANDARD 29110-4-2
First edition
2021-03
Systems and software engineering —
Lifecycle profiles for Very Small
Entities (VSEs) —
Part 4-2:
Software engineering: Profile
specifications: Organizational
management profile group
Reference number
©
ISO/IEC 2021
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2021 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Abbreviated terms . 2
4 Conformance . 2
4.1 Conformance situations . 2
4.2 Process conformance . 3
5 Naming, diagramming and definition conventions . 3
6 Minimal conditions for organizational management profile use . 3
7 Organizational management profile specifications . 3
7.1 General . 3
7.2 Organizational management process requirements . 3
7.3 Resource management process requirements . 4
7.4 Process management process requirements . 4
7.5 Project portfolio management process requirements . 4
Annex A (informative) Organizational management profile base document references .6
Annex B (informative) Organizational management profile PRM .12
Bibliography .16
© ISO/IEC 2021 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives or www .iec .ch/ members
_experts/ refdocs).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html. In the IEC, see www .iec .ch/ understanding -standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
A list of all parts in the ISO/IEC 29110 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html and www .iec .ch/ national
-committees.
iv © ISO/IEC 2021 – All rights reserved

Introduction
Very Small Entities (VSEs) around the world are contributing to valuable products and services. For
the purpose of the ISO/IEC 29110 series, a Very Small Entity (VSE) is an enterprise, an organisation,
a department or a project having up to 25 people. Since many VSEs develop and/or maintain system
elements and software components used in systems, or sold to be used by others, a recognition of VSEs
as suppliers of high-quality products is required.
According to the Organization for Economic Co-operation and Development (OECD) SME and
Entrepreneurship Outlook 2019 report, ‘Small and medium-sized enterprises (SMEs) and
entrepreneurship are essential drivers of economic and social well-being. Representing 99 % of all
businesses, generating about 60 % of employment and totalling between 50 % and 60 % of value added
in the OECD area’. The challenge facing OECD governments is to provide a business environment that
supports the competitiveness of this large heterogeneous business population and that promotes a
vibrant entrepreneurial culture.
From studies and surveys conducted, it is clear that the majority of International Standards do not
address the needs of VSEs. Implementation of and conformance with these standards is difficult, if not
impossible. Subsequently VSEs have no, or very limited, ways to be recognized as entities that produce
quality systems/system elements including software in their domain. Therefore, VSEs are often cut off
from some economic activities.
It has been found that VSEs find it difficult to relate International Standards to their business needs
and to justify the application of standards to their business practices. Most VSEs can neither afford the
resources, in terms of number of employees, expertise, budget and time, nor do they see a net benefit
in establishing systems or software lifecycle processes. To rectify some of these difficulties, a set of
guides has been developed according to a set of VSE characteristics. The guides are based on subsets of
appropriate standards processes, activities, tasks, and outcomes, referred to as Profiles. The purpose
of a profile is to define a subset of International Standards relevant to the VSEs’ context; for example,
processes, activities, tasks, and outcomes of ISO/IEC/IEEE 12207 for software; and processes, activities,
tasks, and outcomes of ISO/IEC/IEEE 15288 for systems; and information products (documentation) of
ISO/IEC/IEEE 15289 for software and systems.
VSEs can achieve recognition through implementing a profile and by being audited against
ISO/IEC 29110 specifications.
The ISO/IEC 29110 series can be applied at any phase of system or software development within a
lifecycle. This series is intended to be used by VSEs that do not have experience or expertise in adapting/
tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 standards to the needs of a specific project. VSEs
that have expertise in adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 are encouraged
to use those standards instead of ISO/IEC 29110.
The ISO/IEC 29110 series is intended to be used with any lifecycles such as: waterfall, iterative,
incremental, evolutionary or agile. The lifecycle processes described in the ISO/IEC 29110 series are
not intended to preclude or discourage their use by larger organisations than VSEs.
The lifecycle processes defined in the ISO/IEC 29110 series can be used by VSEs when using, as well as
when creating and supplying, a system or software. They can be applied at any level in a system’s or
software’s structure and at any stage in the lifecycle.
Systems, in the context of the ISO/IEC 29110 series, are typically composed of hardware and software
components.
The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software
and/or service quality, and process performance. See Table 1.
© ISO/IEC 2021 – All rights reserved v

Table 1 — ISO/IEC 29110 target audience
ISO/IEC 29110 Title Target audience
ISO/IEC TR 29110-1 Overview VSEs and their customers, assessors,
standards producers, tool vendors
and methodology vendors.
ISO/IEC 29110-2 Framework for profile Profile producers, tool vendors and
preparation methodology vendors.
Not intended for VSEs.
ISO/IEC 29110-3 Certification and assessment VSEs and their customers, assessors,
guidance accreditation bodies.
ISO/IEC 29110-4 Profile specifications VSEs, customers, standards produc-
ers, tool vendors and methodology
vendors.
ISO/IEC TR 29110-5 Management, engineering and VSEs and their customers.
service delivery guidelines
ISO/IEC 29110-6 Specific profile specifications VSEs, customers, standards produc-
ers, tool vendors and methodology
vendors.
ISO/IEC TR 29110-7 Specific profile guidelines VSEs and their customers.
If a new profile is needed, ISO/IEC 29110-4 or ISO/IEC 29110-6 and/or ISO/IEC TR 29110-7
ISO/IEC TR 29110-5 can be developed with minimal impact on existing documents.
ISO/IEC TR 29110-1 defines the terms common to the ISO/IEC 29110 series. It introduces processes,
lifecycle and standardization concepts, the taxonomy (catalogue) of ISO/IEC 29110 profiles and
the ISO/IEC 29110 series. It also introduces the characteristics and needs of a VSE, and clarifies the
rationale for specific profiles, documents, standards and guides.
ISO/IEC 29110-2 introduces the concepts for systems and software engineering profiles for VSEs. It
establishes the logic behind the definition and application of profiles. For standardized profiles, it
specifies the elements common to all profiles (structure, requirements, conformance, assessment). For
domain-specific profiles (profiles that are not standardized and developed outside of the ISO process),
it provides general guidance adapted from the definition of standardized profiles.
ISO/IEC 29110-3 defines certification schemes, assessment guidelines and compliance requirements
for process capability assessment, conformity assessments, and self-assessments for process
improvements. ISO/IEC 29110-3 also contains information that can be useful to developers of
certification and assessment methods and developers of certification and assessment tools.
ISO/IEC 29110-3 is addressed to people who have direct involvement with the assessment process, e.g.
the auditor, certification and accreditation bodies and the sponsor of the audit, who need guidance on
ensuring that the requirements for performing an audit have been met.
ISO/IEC 29110-4-m provides the specification for all profiles in one profile group that are based on
subsets of appropriate standards elements.
ISO/IEC TR 29110-5-m-n provides a management and engineering guide for each profile in one
profile group.
ISO/IEC 29110-6-m provides the specification for specific profiles that are based on subsets of
appropriate standards elements.
ISO/IEC TR 29110-7-x provides a guide for each profile in the specific profile group.
This document provides the specifications for the organizational management profile of the
management profile group. It is based on subsets of appropriate standards elements.
Figure 1 describes the ISO/IEC 29110 International Standards (IS) and Technical Reports (TR) and
positions the parts within the framework of reference. Overview, assessment guide, management and
vi © ISO/IEC 2021 – All rights reserved

engineering guide are available from ISO as freely available Technical Reports (TR). The Framework
document, profile specifications and certification schemes are published as International Standards (IS).
Figure 1 — ISO/IEC 29110 series
© ISO/IEC 2021 – All rights reserved vii

INTERNATIONAL STANDARD ISO/IEC 29110-4-2:2021(E)
Systems and software engineering — Lifecycle profiles for
Very Small Entities (VSEs) —
Part 4-2:
Software engineering: Profile specifications:
Organizational management profile group
1 Scope
This document provides a profile specification for the organizational management profile. The
organizational management profile applies to VSEs involved in systems engineering and/or software
engineering development.
This document provides links to the subset of ISO/IEC/IEEE 12207 and ISO 9001 organizational,
resources, processes and project portfolio process elements from the organizational perspective.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 29110-2-1, Software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 2-1:
Framework and taxonomy
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 29110-2-1 apply.
ISO and IEC maintain terminological databases for use in standardisation at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1.1
organizational management
task and responsibilities to direct and control an organisation
Note 1 to entry: See ISO/IEC TR 29110-1.
3.1.2
organizational management profile
profile targeted at VSEs to provide them with additional organizational management (3.1.1) guidance
and selected requirements
[SOURCE: ISO/IEC TR 29110-1:2016, 3.35, modified — "and selected requirements" has been added.]
© ISO/IEC 2021 – All rights reserved 1

3.1.3
project portfolio management
centralised management of one or more portfolios of projects to achieve strategic objectives
Note 1 to entry: This definition is adapted from Reference [14].
3.1.4
resource management
identification, estimation, allocation, and monitoring of the means used to develop a product or perform
a service
[SOURCE: ISO/IEC/IEEE 24765:2017, 3.3467]
3.1.5
small and medium-sized enterprise
enterprise with less than 250 persons employed
Note 1 to entry: This definition is adapted from Reference [7].
3.2 Abbreviated terms
MF measurement framework
OM organizational management
PPM project portfolio management
PSM process management
RM resource management
SME small and medium-sized enterprise
VSE Very Small Entity
4 Conformance
4.1 Conformance situations
This document can be implemented by organisations or projects implementing and using the processes
and products required by this document. Therefore, organisations can claim conformance to this
document.
There are two types of conformance situations:
— process conformance: conformance to the requirements in the process part of the profile
specification;
— product conformance: conformance to the requirements in the product part of the profile
specification.
Conformance may be interpreted differently for various situations. The relevant situation shall be
identified in the claim of conformance.
Conformance can be attested by a third party. It can be mandated as part of procurement and
contractual processes.
2 © ISO/IEC 2021 – All rights reserved

4.2 Process conformance
A VSE can claim conformance to the process part of the profile if it meets all the mandatory profile
process requirements as identified in its specification (Clause 7), and the associated properties and
requirements as described in the base standards when applicable.
NOTE Requirements of this document are mandatory and use the word "shall".
5 Naming, diagramming and definition conventions
Conventions for naming, diagramming, describing and defining profiles are defined in ISO/IEC 29110-2-1.
6 Minimal conditions for organizational management profile use
To use the organizational management profile, it is assumed that the VSE already fulfils the following
conditions:
a) There is a group of up to 25 people call itself a VSE.
b) There is or will be at least one productive process deployed in the VSE.
c) There is or will be a project management process deployed in the VSE.
7 Organizational management profile specifications
7.1 General
This clause contains the specification of the standardised profile requirements. It contains the
specification for the following profile elements:
— organizational management process (7.2);
— resource management process (7.3);
— process management process (7.4);
— project portfolio management process (7.5).
These requirements are the result of organizational management, resource management, process
management and project portfolio management purpose achievement.
Annex A specifies the applicable requirements from source standards ISO/IEC/IEEE 12207 and
ISO 9001.
Annex B gives additional information on the process reference model for the organizational profile.
7.2 Organizational management process requirements
As a result of successful implementation of the organizational management process:
a) mission, vision, values and required functional areas shall be defined, communicated and
maintained;
b) functional areas and processes responsibility and authority shall be assigned;
c) a strategic plan, budget and measurable objectives shall be defined, communicated, maintained
and monitored;
© ISO/IEC 2021 – All rights reserved 3

d) a customer strategy focusing on enhancing customer satisfaction shall be defined, communicated,
maintained and monitored;
e) required resources needed for the VSE's operation shall be identified and made available;
f) required processes and their objectives shall be identified, communicated and monitored;
g) a risk management plan shall be defined, communicated, reviewed, maintained and monitored.
7.3 Resource management process requirements
As a result of successful implementation of the resource management process:
a) policies and mechanisms for resources procurement shall be defined, communicated, enhanced
and monitored;
b) the necessary competence of the VSE's personnel shall be determined; skills of personnel shall be
developed, maintained or enhanced;
c) requested and necessary human resources shall be provided to processes and to projects;
d) requested, stable, necessary and reliable infrastructure elements shall be provided or acquired to
operate the processes and the projects;
e) the infrastructure shall be maintained and controlled;
f) conflicts in multi-project resource demands shall be resolved considering the capabilities of, and
constraints on, existing internal resources or resources to be obtained from external providers;
g) an organizational repository strategy shall be defined, communicated, enhanced and monitored.
7.4 Process management process requirements
As a result of successful implementation of the process management process:
a) process definition, training, deployment, performance, evaluation and improvement activities shall
be planned, communicated and monitored;
b) processes objectives, resources, information and documentation shall be identified, recorded,
reviewed and made available;
c) responsibilities and authorities for performing the process shall be defined, assigned and
communicated to
...