ISO/IEC/IEEE 23026:2023

INTERNATIONAL ISO/
STANDARD IEC/IEEE
First edition
2023-07
Systems and software engineering —
Engineering and management of
websites for systems, software and
services information
Ingénierie des systèmes et du logiciel — Ingénierie et gestion de sites
web pour les systèmes, logiciels et services d'information
Reference number
© ISO/IEC 2023
© IEEE 2023
© ISO/IEC 2023
© IEEE 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO or IEEE at the
respective address below or ISO’s member body in the country of the requester.
ISO copyright office Institute of Electrical and Electronics Engineers, Inc
CP 401 • Ch. de Blandonnet 8 3 Park Avenue, New York
CH-1214 Vernier, Geneva NY 10016-5997, USA
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org Email: stds.ipr@ieee.org
Website: www.iso.org Website: www.ieee.org
Published in Switzerland
ii
© ISO/IEC 2023 – All rights reserved
© IEEE 2023 – All rights reserved

Contents Page
Foreword . vi
Introduction .viii
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Abbreviated terms . 5
4 Planning websites .6
4.1 Defining the purpose, users, and context of the website . 6
4.2 Establishing the informational website design and sustainment strategies . 7
4.2.1 General . 7
4.2.2 Website plan . 8
4.2.3 Website maintenance planning . 8
4.2.4 Website maintenance procedures . 9
4.3 Establishing the privacy and security strategy . 9
5 Designing and engineering websites .11
5.1 Design goals and website requirements . 11
5.2 Design principles .12
5.3 Choice of devices and media .12
5.4 Engineering for website security . 13
5.4.1 General .13
5.4.2 Website operational security procedures . 14
5.4.3 Website security reviews and audits . 15
5.5 Engineering for performance, scalability, and sustainability . 15
5.5.1 General .15
5.5.2 Selecting technical formats and standards to use for the website . . 16
5.5.3 Bandwidth efficiencies . 18
5.5.4 Document type declaration . 18
5.5.5 Description metatag . 19
5.5.6 XML considerations . 19
5.5.7 Image formats, image compression and video . 19
5.5.8 Server technology independence . 19
5.5.9 Designing for performance and scale . 20
6 Testing and evaluating websites . .21
6.1 Test planning . 21
6.2 Testing for usability . 21
6.2.1 General . 21
6.2.2 Validation of markup language and accessibility conformance .22
6.2.3 Operational validation . 22
6.2.4 Active links . 23
6.2.5 Dead links . 23
6.3 Testing for performance and resilience . 23
6.4 Testing for security . 24
7 Managing the website .24
7.1 Website roles and responsibilities . 24
7.2 Control of information content . 25
7.3 Managing security . 25
8 Sustaining the website .26
8.1 General . 26
8.2 Continuous delivery, content validation, and versioning. 26
8.3 Handling disconnects . 27
iii
© ISO/IEC 2023 – All rights reserved
© IEEE 2023 – All rights reserved

8.3.1 General . 27
8.3.2 Site or page relocation . 27
8.3.3 Redirection . 27
8.4 Security monitoring and measurement .28
8.5 Backups and archiving .28
8.5.1 Backups .28
8.5.2 Archiving . 29
9 Website features.30
9.1 Web page components .30
9.1.1 General .30
9.1.2 Website home page . . 31
9.1.3 Identifying the website and its owner . 31
9.1.4 Page title, header, and headings . 32
9.2 Site navigation . 32
9.2.1 General . 32
9.2.2 Links . 33
9.2.3 Offsite warning .34
9.2.4 Usage tracking and cookies .34
9.2.5 Frames . 35
9.3 Search and indexing . 35
9.3.1 General . 35
9.3.2 Search filtering . 36
9.3.3 Keywords .36
9.3.4 Metadata for indexing . 36
9.3.5 Flushing search engines .36
9.4 Presentation of information . 37
9.4.1 Presentation of text . 37
9.4.2 Graphic images . 37
9.4.3 Animations, 3D, sound, video .38
9.4.4 Use of colour in websites .38
9.4.5 Time-sensitive content .39
9.4.6 Printing from websites . 41
9.5 Accessibility . 41
9.6 Website security . 43
9.6.1 Overall security considerations . 43
9.6.2 Website security monitoring and measurement . 43
9.6.3 Web page security designations .44
9.6.4 Security of the website code . 45
9.6.5 Website access and authentication .46
9.7 Data management .48
9.7.1 General .48
9.7.2 Website information integrity .48
9.7.3 Data encryption.49
9.7.4 Data privacy . .49
9.7.5 Intellectual property rights. 51
9.8 User interaction . 51
9.8.1 Providing user support . 51
9.8.2 Collaboration and user generated content . 52
9.9 Translation and localization . 52
9.9.1 General . 52
9.9.2 Browser language selection . 52
9.9.3 Icon use . 53
9.9.4 Holidays and time zones . 53
9.9.5 Place of origin .54
9.9.6 Hemisphericals .54
9.9.7 Metric and monetary units .54
9.9.8 Regulations . .54
9.9.9 Contact information .54
iv
© ISO/IEC 2023 – All rights reserved
© IEEE 2023 – All rights reserved

Bibliography .55
IEEE notices and abstract .58
v
© ISO/IEC 2023 – All rights reserved
© IEEE 2023 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed
for the different types of ISO/IEC documents should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating
Committees of the IEEE Standards Association (IEEE-SA) Standards Board. The IEEE develops its
standards through a consensus development process, approved by the American National Standards
Institute, which brings together volunteers representing varied viewpoints and interests to achieve the
final product. Volunteers are not necessarily members of the Institute and serve without compensation.
While the IEEE administers the process and establishes rules to promote fairness in the consensus
development process, the IEEE does not independently evaluate, test, or verify the accuracy of any of
the information contained in its standards.
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of
any claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC
had not received notice of (a) patent(s) which may be required to implement this document. However,
implementers are cautioned that this may not represent the latest information, which may be obtained
from the patent database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall
not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering, in cooperation with the Systems and Software
Engineering Standards Committee of the IEEE Computer Society, under the Partner Standards
Development Organization cooperation agreement between ISO and IEEE.
This second edition cancels and replaces the first edition (ISO/IEC/IEEE 23026:2015), which has been
technically revised.
The main changes are as follows:
— updates relating to enhanced technical capabilities for website design and sustainment;
— attention to threats to data privacy and website integrity;
— reorganization to present both the life cycle processes of website information for informational
websites and the requirements for website features.
vi
© ISO/IEC 2023 – All rights reserved
© IEEE 2023 – All rights reserved

Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.
vii
© ISO/IEC 2023 – All rights reserved
© IEEE 2023 – All rights reserved

Introduction
Continuing improvements in Internet capabilities for technical communication, and the accelerating
development of new technical protocols, products and services for website development and hosting,
have both simplified and complicated the engineering and management of websites. This document is
intended to account for new capabilities, approaches, and interests in using websites to communicate
technical information. To a large extent, use of digital communications, particularly those accessible
through the Internet or intranets, has supplanted printed publications for conveying technical
information. This trend applies to information for users, systems and services documentation, and
operational plans, policies, and procedures.
Other factors have also affected the design and operation of websites. The increasing sophistication
of information security threats to technical enterprises and their information, as well as concerns for
the privacy of Internet users, have markedly complicated the process of delivering information and
communication technology (ICT) information over the Web. This document therefore has increased
emphasis on information security and privacy concerns.
The diversity of websites for commercial marketing and social networking purposes reflects different
interests and media choices from those websites that deliver ICT reference information. This document
applies primarily to websites whose purpose is to deliver information about ICT systems, software,
and services. It includes increased emphasis on the human factors concerns for making information
easily retrievable and usable for the intended audience. It recommends practices for websites based
on World Wide Web Consortium (W3C) and related industry guidelines. It continues to address the
entire life cycle of website strategy, design, engineering, testing and validation, and management and
sustainment, which are the responsibility of the website owner and website provider.
viii
© ISO/IEC 2023 – All rights reserved
© IEEE 2023 – All rights reserved

INTERNATIONAL STANDARD ISO/IEC/IEEE 23026:2023(E)
Systems and software engineering — Engineering and
management of websites for systems, software and
services information
1 Scope
This document defines system engineering and management requirements for the life cycle of websites,
including strategy, design, engineering, testing and validation, and management and sustainment for
intranet and extranet environments. This document applies to those using web technology to present
information and communications technology (ICT) information, such as information for users of systems
and services, plans and reports for systems and software engineering projects, and documentation of
policies, plans, and procedures for IT service management. This document provides requirements for
website owners and website providers, managers responsible for establishing guidelines for website
development and operations, website engineers, designers, developers, and operations and maintenance
staff, who can be external or internal to the website owner's organization. It applies to websites for
public access and for limited access, such as for users, customers, and subscribers seeking information
on IT systems, products and services.
The requirements and recommendations in this document address the following aspects of usability of
informational websites and ease of maintenance of managed website operations:
a) locating relevant and timely information;
b) applying information security management;
c) facilitating accessibility and ease of use;
d) providing for consistent and efficient development and maintenance practices.
This document is not particularly applicable to websites used primarily for marketing or sales, to
deliver instructional material (tutorials), or to provide graphical user interfaces (GUI) for business or
consumer transactional application processing. However, this document can provide useful insights for
managing such sites.
This document does not address vendor and product considerations for website engineering and
management. This document does not include specifications for application development tools,
programming and scripting languages used for websites, metadata tags, or protocols for network
communications. It does not address tools or systems used for management or storage of information
content (data, documents) that can be presented on websites.
This document does not address the design and architecture of software and systems supporting the
Internet.
2 Normative references
There are no normative references for this document.
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
© ISO/IEC 2023 – All rights reserved
© IEEE 2023 – All rights reserved

ISO, IEC, and IEEE maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org
— IEEE Standards Dictionary Online: available at https:// dictionary .ieee .org.
NOTE For additional terms and definitions in the field of systems and software engineering, see
ISO/IEC/IEEE 24765, which is published periodically as a “snapshot” of the SEVOCAB (Systems and Software
Engineering Vocabulary) database and is publicly accessible at www .computer .org/ sevocab.
3.1.1
archival page
content (3.1.5) that is preserved as a record and not expected to change
Note 1 to entry: Due to technology upgrades, some archival pages cannot be readily rendered unless they are
upgraded along with active pages.
3.1.2
audience
category of users sharing the same or similar characteristics and needs (e.g. purpose in using the
information for users, tasks, education level, abilities, training, and experience) that determine the
content (3.1.5), structure, and use of the intended information
Note 1 to entry: There can be different audiences for information for users (e.g. management, data entry,
maintenance, engineering, business professionals).
3.1.3
breadcrumb trail
navigational aid with a displayed series of links (3.1.15) which lead from the home page (3.1.12) or
another page to the current page
3.1.4
browser
application allowing a person to retrieve and read hypertext, to view the contents (3.1.5) of hypertext
nodes [web page (3.1.26)], to navigate from one web page to another, and to interact with the content,
such as changing the visual appearance of the displayed content
3.1.5
content
interactive or non-interactive object containing information represented by text, image, video, sound,
or other media
3.1.6
cookie
small file created by the user's web browser (3.1.4) that is stored in and retrieved from the user's device
to maintain state information, including identification of users and transaction coherency
3.1.7
extranet
intranet (3.1.14) that is accessible to authorized external users for the retrieval or exchange of
information
3.1.8
faceted search
progressive search which allows users to narrow the results by selecting values for one or more
attributes
© ISO/IEC 2023 – All rights reserved
© IEEE 2023 – All rights reserved

3.1.9
feature
functional or non-functional distinguishing characteristic of a system, usually an enhancement to an
existing system
3.1.10
frame
element that divides a browser (3.1.4) window into independent windows for displaying different
content (3.1.5), or different parts of the same content (document)
3.1.11
global navigation
set of navigation (3.1.17) links (3.1.15) available on all pages of a website (3.1.27)
3.1.12
home page
web page (3.1.26) through which users typically enter the website (3.1.27), and whose URL (3.1.23) is
typically published or linked as the main web address of the site or organization
Note 1 to entry: Types of home pages include: centre page, front page, index page, main page, start page, top page.
3.1.13
Internet
worldwide interlinked computer systems and networks connected by gateways that enable the transfer
of data between them
3.1.14
intranet
managed network (3.1.16) operating within an organization with controlled and limited access
3.1.15
link
hyperlink
reference from some part of one document to some part of another document or another part of the
same document
3.1.16
managed network
network or set of networks established and controlled by one or more organizations to meet specific
organizational or business needs
3.1.17
navigation
process of accessing on-screen information by moving between different locations in a website (3.1.27)
or electronic document
3.1.18
orphan page
page on a website (3.1.27) with no link (3.1.15) from any other page on the website
3.1.19
persistent URI
persistent Uniform Resource Identifier
reference that does not need to change at the link (3.1.15) in a document and can still reach the desired
object even though that object can have changed locations
3.1.20
responsive web design
RWD
method for web page (3.1.26) construction to detect the user's screen size and orientation and
dynamically change the layout accordingly
© ISO/IEC 2023 – All rights reserved
© IEEE 2023 – All rights reserved

3.1.21
site map
textual or graphical overview of the navigation (3.1.17) structure of a website (3.1.27)
3.1.22
thumbnail
miniature image file displayed for quick identification of a larger image or video file
3.1.23
URL
Uniform Resource Locator
mechanism for identifying resources on the Internet (3.1.13) [such as a web page (3.1.26)] by specifying
the address of the resource and the access protocol used
Note 1 to entry: The term as specified by the IETF is Uniform Resource Identifier (URI) of which URL is a subset.
3.1.24
user profile
set of attributes that are unique to a specific user or user group, such as job function or subscription to
a service, used to control the parts of the system or web page (3.1.26) that users can access
3.1.25
web lead
person or group responsible to the website owner (3.1.28) for ongoing maintenance of the site's
presentation and availability
3.1.26
web page
coherent presentation of a set of content (3.1.5), objects and associated interaction objects delivered to
users through a browser (3.1.4) in accordance with Internet (3.1.13) protocols
Note 1 to entry: A web page can be generated dynamically from the server side, and can incorporate multimedia,
applets or other elements active on either the client or server side.
3.1.27
website
collection of logically connected web pages (3.1.26) managed as a single entity
Note 1 to entry: A website may contain one or more subordinate websites.
3.1.28
website owner
organization responsible for the site content (3.1.5) and site design
Note 1 to entry: The website owner may select a supplier as the website provider (3.1.29) or may also be the
website provider.
3.1.29
website provider
organization responsible for operation of the website (3.1.27) and delivery of site content (3.1.5) to users
Note 1 to entry: The website provider may also be the site owner, web lead (3.1.25), site designer, or the Internet
(3.1.13) or cloud service provider for the site.
3.1.30
wiki
website (3.1.29) that allows a group of users to add and edit content (3.1.5) collaboratively
© ISO/IEC 2023 – All rights reserved
© IEEE 2023 – All rights reserved

3.2 Abbreviated terms
3D three-dimensional
AI artificial intelligence
API application programming interface
ARIA Accessible Rich Internet Application
CI configuration item
CFR Code of Federal Regulations
CSS cascading style sheets
CVE common vulnerabilities and exposures
CVSS Common Vulnerability Scoring System
DITA Darwin Information Typing Architecture
DNS Domain Name Service
DOI Digital Object Identifier
DTD Document Type Definition (for XML or SGML specifications)
FIDO fast identity online
FTP File Transfer Protocol
GDPR General Data Protection Regulation
GIF Graphics Interchange Format
GUI graphical user interface
HIPAA Health Insurance Portability and Accountability Act
HREF HTML reference designator
HTML hypertext markup language
HTTP hypertext transfer protocol
HTTPS hypertext transfer protocol secure
ICT information and communications technology
IETF Internet Engineering Task Force
IoT Internet of Things
IP Internet Protocol
IPR intellectual property rights
JPEG Joint Photographic Experts Group (image format)
JSON Java Script Object Notation
© ISO/IEC 2023 – All rights reserved
© IEEE 2023 – All rights reserved

MAC Media Access Control
MFA multi-factor authentication
OAUTH open authentication
OTP one-time password
PCI DSS Payment Card Industry Data Security Standard
PHP hypertext preprocesor
PICS Platform for Internet Content Selection
PII personally identifiable information
PIN personal identification number
PIPEDA Personal Information Protection and Electronic Documents Act
PNG Portable Network Graphics
RDF Resource Description Framework
SGML Standard Generalized Markup Language
SQL Structured Query Language
SSL Secure Sockets Layer
SSO single sign-on
TCP Transport Control Protocol
TLS Transport Layer Security
TZD time zone designator
URI Uniform Resource Identifier
UTC Coordinated Universal Time
WAI Web Accessibility Initiative (W3C)
WCAG Web Content Accessibility Guidelines
W3C World Wide Web Consortium
XHTML Extended HyperText Markup Language
XML Extensible Markup Language
4 Planning websites
4.1 Defining the purpose, users, and context of the website
This document addresses websites that have the general purpose of providing information about ICT
systems, software, or service management. Within this scope, a broad range of purposes, audience
(users), and resulting types of content can be included, such as policies, plans, specifications, operating
procedures and instructions (user manuals), service descriptions, service agreements, knowledge
management articles, help desk scripts, test plans, technical reports, and descriptions of concepts.
© ISO/IEC 2023 – All rights reserved
© IEEE 2023 – All rights reserved

When planning for the website, the website owner shall document the purpose and intended users of
the website. This information may be placed in a plan, charter, or policy and represented by use cases
or scenarios. It influences the decisions on what information content belongs on the website and how to
organize and present the content. This governing document or another explicit statement of purpose,
suitable for use by possible stakeholders, should be posted as part of the website.
A website may address one or more diverse sets of users. The users of the website can include internal
management and technical staff, external customers, or the public. Thus, the website content can
include general user information or procedures and specialized technical information for trained
technical users. Websites may be intended for a specific group, such as internal helpdesk or external
customers. Some websites may allow users to add content as part of a collaborative community or post
comments in a wiki. Some sites include both technical information for existing customers and marketing
presentations for prospective customers. The owner of the technical information can host some sites;
other sites can run on services offered by unrelated website providers, who may have their marketing
information and third-party advertisements displayed alongside the website owners' technical content.
Sites can be intended for local or global use and offered in one or multiple languages.
Websites are often developed to serve several purposes and users of different technical backgrounds.
Therefore, the site should be designed to allow users to understand the content's scope and functionality.
The introductory pages of the site should include a description of the purpose and intended uses of the
website, with links to topics accessible within one link or search which satisfies the information needs
of casual users. Global navigation features and search functions should allow more technical users to
access needed information quickly (see 9.2).
The effective communication of the content to the user is the primary purpose of an informational
website. Ease of access to information by targeted-user communities is an example of one of the possible
design goals.
The website designers should consider responsive website design to accommodate different devices.
Websites may consist of static pages, system-generated pages, and dynamic pages, including user-
generated content. Furthermore, any of these options may be combined to provide the intended
information to the website's users. The target user community can have a wide diversity of connection
speeds, display devices, or selected presentation formats within the display windows; this may establish
some presentation constraints (consider displaying web pages to small screens on mobile devices).
The size and resolution of the screen should be considered in the design and usability of the website.
For example, most smart phones and tablets use pop-up screen keyboards which can be too small to
use without a stylus.
Website planning shall identify the target web browsers. In some cases, the website should target all
major browsers. In other cases, it may be acceptable to target a small subset of browsers or a specific
browser. The users should receive a clear notification if the site is not compatible with their browser.
Use of the terminology in this document is for ease of reference and is not mandatory for conformance
with this document.
4.2 Establishing the informational website design and sustainment strategies
4.2.1 General
Organizational effectiveness, competitive success, and even meeting legal
...