ISO/IEC TR 12182:2015

TECHNICAL ISO/IEC TR
REPORT 12182
Second edition
2015-05-01
Systems and software engineering —
Framework for categorization of IT
systems and software, and guide for
applying it
Ingénierie des systèmes et du logiciel — Cadre pour la catégorisation
des systèmes et du logiciel de la technologie de l’information et guide
pour son application
Reference number
©
ISO/IEC 2015
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Framework for categorization . 3
4.1 General . 3
4.2 Model for categorization . 3
4.3 Structure of classification axes . 5
5 Guide for applying the framework for categorization . 9
5.1 Description table for categorization . 9
5.2 Procedure for categorization . 9
5.3 Example of defining categorization.10
5.4 Example of using categorization .11
5.4.1 Applicability of technologies .11
5.4.2 Supporting IT decisions .13
Annex A (informative) Examples of defining applicability of Systems and Software
Engineering Standards using categorizations .15
Annex B (informative) Examples of supporting IT decisions: required level of quality .17
Bibliography .20
© ISO/IEC 2015 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
Details of any patent rights identified during the development of the document will be in the Introduction
and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT), see the following URL: Foreword — Supplementary information.
The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee
SC 7, Software and Systems Engineering.
This second edition cancels and replaces the first edition (ISO/IEC TR 12182:1998), which has been
technically revised.
iv © ISO/IEC 2015 – All rights reserved

Introduction
This Technical Report has several purposes which are directed to its various intended audiences in
the systems and software engineering community, including the developers and users of systems and
software engineering standards.
Since ISO/IEC TR 12182:1998 was published, more than 15 years passed with various changes in
Information Technology (IT) arena. Those changes include the following:
— IT evolution by hardware advancement, operating systems growth, and communication network
changes;
— advent of new type of applications such as entire enterprise applications including ERP (Enterprise
Resource Planning), SCM (Supply Chain Management); social systems including online financial
systems, healthcare systems, traffic management systems; embedded systems including car
electronics; and highly interactive systems handling multi-media and using mobile technologies
such as smart phones and tablet computers;
— Internet becoming one of important lifelines;
— emergence of SaaS (software as a service), big data systems and cloud computing services;
— growing impact of the quality of systems and software, in particular safe and secure manner.
By taking these important situational changes, the role and contribution expected for IT industry
becomes dramatically increasing, and in order to respond to these expectation, several improvements
to the ISO/IEC TR 12182:1998 are made in this revision as follows:
— the scope is enhanced from software to systems and software;
— a framework for describing categorizations is provided in place of a specific set of categorizations;
— relationship to other International Standards available in systems and software engineering
area is added.
The categorization of systems and software itself should evolve over time because systems and software
engineering is a fast growing field, and therefore this Technical Report does not provide a specific set of
categorizations but a framework for categorizations in contrast to the previous one.
For developers and providers of systems and software technologies such as software products,
techniques and tools, and research results, this Technical Report will provide the way to define categories
of systems and software to which a particular technology can apply. This will help the technology users
sort out a right set of technologies, which are applicable (and effective) in the context of their use.
For developers of systems and software engineering standards, this Technical Report will provide
ability to position and prioritize specific usage of standards and clauses within the structure of systems
and software engineering standards. It is also intended that, wherever applicable, new or on-going
projects can identify and use the target categories to provide guidelines on how to apply the standards
in different contexts of use. Addressing target categories will not only ease the coordination among
projects but also increase the value of standards for their users.
© ISO/IEC 2015 – All rights reserved v

TECHNICAL REPORT ISO/IEC TR 12182:2015(E)
Systems and software engineering — Framework for
categorization of IT systems and software, and guide for
applying it
1 Scope
This Technical Report specifies the manner in which categorizations of IT systems and software are
organized and expressed. It provides the framework for categorizations, and a guide for applying it. This
allows any community to clarify their scope of the systems by using their own definition of categories.
The scope of application of the framework is intended to IT systems and software, including services
provided by IT systems, where they can be of main targets but not limited to.
The purpose of this Technical Report includes the following:
a) developers of systems and software engineering standards can define their applicability to different
categories of target systems and software using annexes or guidelines, so that their users can easily
identify relevant standards and clauses that they can apply;
b) suppliers of systems and software engineering tools and methods can clarify the types of target
systems and software to which their technologies are applicable or limited so that their users can
easily choose the right tools and methods among many candidates for their use;
c) providers of services can define characteristics of their services using classification axes so that
they can specify the quality of their services;
d) developers and evaluators of the systems and software can categorize systems and software of
similar characteristics by using classification axes so that they can obtain a better estimation and
quality evaluation of their target systems and software to be developed;
e) the systems and software engineering community can exchange their research ideas and best
practices with defined scope of application.
This Technical Report does not provide a specific set of categorizations but the framework for
categorizations and a guide for applying it to achieve the above purposes.
It is important that standards on systems and software engineering are properly applied to the
procurement or development of certain kinds of systems. This Technical Report provides a categorization
framework and a guide for applying it to assist in (1) defining the area of application of standards, and
(2) positioning new standards. The annex of this Technical Report provides descriptive examples for
relevant standards, each of which describes the area of application of the standard by using defined
categorization.
NOTE Giving guidance on applicability might not be relevant to all standards.
2 Normative references
No normative references are made for the application of this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
© ISO/IEC 2015 – All rights reserved 1

3.1
stakeholder
individual or organization having a right, share, claim, or interest in the target system and its
categorization that meet their needs and expectations
[SOURCE: ISO/IEC 15939:2007, 2.37, “system” replaced by “target system”]
3.2
concern
interest in something relevant to one or more of its stakeholders
[SOURCE: ISO/IEC/IEEE 42010:2011, 3.7, “system” replaced by “something”]
3.3
IT system
system which uses information technologies
3.4
target system
system to be categorized, which can be an IT system and software, including service provided by IT system
3.5
categorization
specific way to allocate a target system into a category
3.6
categorization space
universal set of systems and software which has one or more classification axes as its individual
dimension, by which stakeholder’s concerns on categorization are expressed
3.7
classification axis
total range of a mapping of systems and software for categorizing them from a particular perspective
3.8
equivalence class
range on a classification axis which has a rule to judge whether a target system is to be mapped to
the range or not
3.9
category
subset of categorization space, which the stakeholders are interested in, specified using a combination
of one or more equivalence classes
3.10
architecture
fundamental organization of a system embodied in its components, their relationships to each other,
and to the environment, and the principles guiding its design and evolution
[SOURCE: ISO/IEC 15288:2008, 4.5]
3.11
environment
context determining the setting and circumstances of all influences upon a system
[SOURCE: ISO/IEC/IEEE 42010:2011, 3.8]
2 © ISO/IEC 2015 – All rights reserved

3.12
developer
individual or organization that performs development activities (including requirements analysis,
design, testing through acceptance) during the system or software life cycle process
[SOURCE: ISO/IEC 25000:2014, 4.6]
3.13
acquirer
person or organisation that acquires or procures a system, software product, or software service (which
may be part of a system) from a supplier
[SOURCE: ISO/IEC 12207:2008, 4.1, modified]
3.14
supplier
organization or individual that enters into an agreement with the acquirer for the supply of a
product or service
[SOURCE: ISO/IEC 12207:2008, 4.47]
3.15
independent evaluator
individual or organization that performs an evaluation independently from developers and acquirers
[SOURCE: ISO/IEC 25040:2011, 4.30]
3.16
quality characteristic
category of software quality attributes that bears on software quality
[SOURCE: ISO/IEC 25000:2014, 4.34]
3.17
quality in use
degree to which a product or system can be used by specific users to meet their needs to achieve specific
goals with effectiveness, efficiency, freedom from risk and satisfaction in specific contexts of use
[SOURCE: ISO/IEC 25000:2014, 4.24]
4 Framework for categorization
4.1 General
This clause introduces the framework for categorization of IT systems and software, which can be used
for mapping target systems into groups based on different stakeholder perspectives. The framework
comprises model for categorization (see 4.2) and structure of classification axes (see 4.3).
4.2 Model for categorization
Figure 1 depicts the model for categorization of systems. The model consists of key concepts and the
relationship among them, which can be used to define categorizations of specific systems for different
stakeholders.
A stakeholder of a categorization has several concerns to accomplish his/her purpose for using the
categorization. Stakeholder’s concerns on categorization are expressed by a categorization space,
on which categories are defined. A classification axis is a range, which has one or more equivalence
classes, into either of which a system can be classified. A categorization space is defined with one or
more classification axes. A named category is a subset of categorization space which is specified with a
combination of one or more equivalence classes.
© ISO/IEC 2015 – All rights reserved 3

has is expressed by
1.*
Stakeholder Concern on
Categorizaon Classificaon
categorizaon
space axis
of categorizaon
1.*
1.*
purpose
is defined as
is specified
1.*
a subset of 1.*
with
Equivalence
Category
class
1.*
name
definion
regards as a target
to be categorized
is categorized into
0.*
Target
system
Figure 1 — Model for categorization
For example, if a stakeholder of categorization is interested in “large scale embedded systems” as his/her
target category, he/she can define a categorization space with two classification axes: hardware/
execution environment and function size, and can specify the target category, as shown in Figure 2.
Classification axis2:
Target category:
Function size
Large scale embedded systems
Very large
Large
System A
equivalence
Middle System B
Y
classes
Small
X
Classification axis1:
Very small
Hardware/Execution
Embedded Non-embedded
environment
equivalence classes
Figure 2 — Example of defining a category using two classification axes
The hardware/execution environment axis has two equivalence classes: Embedded and Non-embedded,
each of which has a rule that classify the target system into the class. The rule of the equivalence class
“Embedded” can be defined like: the target system must be classified into “Embedded” if it has one or
more computers on which software runs for handling specific machines or devices, and that of “Non-
embedded” is as the negation of it. On the other hand, the function size axis has continuous ranges and
the rule of each equivalence class is defined as an interval on the axis. For example, the equivalence
class “Small” can be defined like: the target system is classified into “Small” if its functional size is in the
interval X to Y.
In Figure 2, system A is in “Embedded” on the hardware/execution environment axis and is in “Large” on
the function size axis, and as a result is classified into the target category “Large scale embedded system”,
while system B are not. In this manner, any target system can be classified into either of categories on a
categorization space.
4 © ISO/IEC 2015 – All rights reserved

4.3 Structure of classification axes
This subclause provides the structure of classification axes, which can be used to define specific
categories. Figure 3 shows the concepts related to target systems, which can be considered when
identifying classification axes.
has Is addressed by
has
Stakeholder Concern on Target Architecture/
of target system system needs system Structure
1.*
1.* 1.*
has
operates
handles
on
1.*
0.* 1.*
Operaonal
Data Property
Environment
Figure 3 — Concepts related to systems which lead to classification axes
Target systems address stakeholder concerns. Target systems also have their own architectures/structures
and properties, operates on some operational environments, and handles data. These aspects have (both
external and internal) contribution to the classification axes related to target systems.
NOTE The stakeholder of a target system may be the same as the stakeholder of a categorization.
Classification axes are hierarchically organized, as described in Figure 4.
Discrete
AbstractAbstract AbstractAbstract Classification axis
Classification Classification
…………………………………
CClassification lassification AAxisxis CClassification lassification AAxisxis
axisaxis
stst ndnd
oon n 11 LaLayeyerr on on 22 LaLayeyerr
Non-discrete
Classification axis
Abstract layers
rd
3 and lower layers are user-definable, and the lowest
layer must be concrete, on which equivalence classes
are defined.
Figure 4 — Hierarchy of classification axes
Classification axes on the first layer are intended to cover possible classification axes for categorizing
target systems. Axes on this layer are abstract in the sense that they can be used only for categorizing
classification axes; i.e., they do not have equivalence classes and therefore cannot be used directly for
creating a categorization space.
Table 1 defines the classification axes on the first layer, which are originated from the concepts in Figure 3.
Table 1 — Definition of classification axes in the first layer
Axis in the first layer Definition
Axes from the viewpoint of system architecture/structure. In case that the target
Architecture/Structure system is one of the components composing a larger system, the axes are identified
from the relations among the components.
Axes from the viewpoint of the properties of the system. The axes are identified
Property from the attributes or computational styles that the system itself or its software
has.
Axes from the viewpoint of the operational environment on which the system oper-
Operational environment
ates
Data
Axes from the viewpoint of the data that the system mainly handles. The axes are
identified from the type, property or variety of the data.
(Property of data)
© ISO/IEC 2015 – All rights reserved 5

Table 1 (continued)
Axis in the first layer Definition
Axes from the viewpoint of each stakeholder’s role of the system
Example of stakeholder’s role (defined in ISO/IEC 25010):
Stakeholder of target
system
Primary user/ Secondary user (Content provider/System manager/Administrator/
Security manager/Maintainer/Analyzer/Porter)/Indirect user
Classification axes on the second layer are also abstract, and is intended to be an exhaustive set of
classification axes for IT systems and software, but not limited to defined in Table 2; i.e., the stakeholder
can define his/her new axes.
Table 2 — Definition of classification axes in the second layer
Axis in the Axis in the
Definition
first layer second layer
Axes based on concepts identified from code-level software compo-
Static structure
nents or modules and relationships among them
Architecture/
Axes based on concepts identified from executable components such
Dynamic structure
as processes and tasks and relationships among them
Structure
Axes based on concepts identified from the execution environment
Deployment structure
of the system and its positioning on them
Function Axes based on the function that the system has
Applied technology Axes based on the technology that system applies and uses
Type of information
Axes based on the style in which system processes information
Property processing
Quality
Axes based on the level of the quality attribute that the system has
characteristic
Size Axes based on the level of the size of the system
Application domain Axes based on the domain where the system is used
Axes based on the condition imposed on the place where the system
Place to use
is used
Operational
Axes based on the level of damage on the users and the environ-
environment
Mission criticality
ments when the system failure occurs
Aspect of provision/
Axes based on the form of selling and distribution of the system
acquisition
Axes based on media relating to presentation, communication and
Media
store
Property of storage Axes based on property of storage for data
Data
(Property of Life Axes based on level of duration of data’s being effective
data)
Volume Axes based on level of amount of data
Axes based on level of impact and influence on stakeholders and
Criticality
environment caused by the system due to inaccuracy or loss of data
Context of use Axes based on the purpose or scenarios of usage
Property of users Axes based on the attributes of the user such as role and proficiency
Stakeholder of
Aspect of interaction Axes based on characteristics of interaction with the user
target system
Quality in use Axes based on the level of quality in use characteristic for the stake-
characteristics holder’s role
6 © ISO/IEC 2015 – All rights reserved

The third layer or lower layers can be used for stakeholders of categorization to define classification
axes for their own purpose. Table 3 lists typical examples of classification axes on the third layer, which
are widely known or used, and equivalence classes on the axes without definitions.
There are two types of concrete axis: discrete and non-discrete, which is differentiated by its domain of
equivalence classes. Discrete means that there are no continuous values but subsets in its domain, each
of which is defined by a mapping rule. For example, “Hardware/execution environment” is a discrete
axis, which has two equivalence classes: “Embedded” and “Non-embedded”. On the other hand, non-
discrete means that there is a kind of continuous values in its domain to define the equivalence classes.
For example, “Function size” is a non-discrete axis, which has continuous domain, on which “Very
small/Small/Medium/Large/Very large” are defined as its intervals. Table 3 shows the type of each
concrete classification axis.
Table 3 — Examples of classification axes on the third layer and equivalence classes
Classification axis
Examples of equivalence classes
First layer Second layer Third layer [definition] D/N
for classification axis
Layer structure of program
Architecture/ Static struc- [Axes based on allow-to-use rela- Driver/OS/Middleware/Applica-
D
Structure ture tionship between module groups or tion layer
layers]
Tier
Dynamic DB/Business Logic/User interface
[Axes based on call relationship D
structure tier
between executable components]
Hardware/Execution environment
Deployment [Axes based on the execution Embedded/Non-embedded
D
structure environment to which the target (Enterprise, etc)
software is deployed]
System hierarchy Human-computer system/Infor-
[Axes based on system boundary mation system/Computer system/
on the system hierarchy compos- D Software/ Software component
ing machines, network and human (
...