ISO/IEC TR 24748-3:2011

TECHNICAL ISO/IEC
REPORT TR
24748-3
First edition
2011-09-01


Systems and software engineering — Life
cycle management —
Part 3:
Guide to the application of ISO/IEC 12207
(Software life cycle processes)
Ingénierie des systèmes et du logiciel — Gestion du cycle de vie —
Partie 3: Guide pour l'application de l'ISO/CEI 12207 (Processus du
cycle de vie du logiciel)




Reference number
ISO/IEC TR 24748-3:2011(E)
©
ISO/IEC 2011

---------------------- Page: 1 ----------------------
ISO/IEC TR 24748-3:2011(E)

COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2011
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2011 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TR 24748-3:2011(E)
Contents Page
Foreword . v
Introduction . vi
1  Scope . 1
2  Terms and definitions . 1
3  Overview of ISO/IEC 12207:2008 . 1
3.1  General . 1
3.2  Structure of ISO/IEC 12207:2008 . 2
3.3  Context of ISO/IEC 12207:2008 . 2
3.4  Comparison to previous versions of ISO/IEC 12207 . 4
4  Application Concepts . 5
4.1  Overview . 5
4.2  Software concepts . 5
4.2.1  System and software concepts . 5
4.3  Life cycle concepts . 7
4.4  Process concepts . 7
4.4.1  General . 7
4.4.2  Process principles . 9
4.4.3  Process categories of ISO/IEC 12207:2008 . 10
4.4.4  Recursive/iterative application of processes . 15
4.5  Organizational concepts . 17
4.5.1  General . 17
4.5.2  Responsibility . 18
4.5.3  Organizational relationships . 18
4.5.4  Project organizational structure . 19
4.6  Project concepts . 19
4.6.1  General . 19
4.6.2  Project relationships . 20
4.6.3  Enabling system relationships . 21
4.6.4  Hierarchy of projects . 22
4.7  Adaptation concepts . 23
4.7.1  General . 23
4.7.2  Adaptation . 24
4.7.3  Life cycle adaptation . 24
4.7.4  Adaptation for domains, disciplines and specialties . 24
4.7.5  Tailoring . 25
5  Applying ISO/IEC 12207:2008 . 25
5.1  Overview . 25
5.2  Application strategy . 25
5.2.1  Overview . 25
5.2.2  Planning the application . 27
5.2.3  Conduct pilot project(s) . 27
5.2.4  Formalize the approach . 28
5.2.5  Institutionalize the approach . 28
5.3  Application in organizations . 28
5.3.1  Overview . 28
5.3.2  Considerations and techniques . 29
5.3.3  Application opportunities . 29
5.3.4  Management commitment . 30
5.3.5  Uses of ISO/IEC 12207:2008 within an organization . 30
© ISO/IEC 2011 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC TR 24748-3:2011(E)
5.4  Application on projects .31
5.4.1  Overview .31
5.4.2  Application of Agreement Processes on a project .32
5.4.3  Application of Technical Processes to a project .35
5.4.4  Application of Software Implementation Processes to a project .45
5.4.5  Application of processes in a life cycle model .48
Annex A (informative) Notes for the application of ISO/IEC 12207:2008 processes .59
A.1  General .59
A.2  Agreement Processes (Clause 6.1) .59
A.3  Organizational Project-Enabling Processes (Clause 6.2) .69
A.4  Project Processes (Clause 6.3) .71
A.5  Technical Processes (Clause 6.4) .81
A.6  Software Implementation Processes (Clause 7.1) .97
A.7  Software Support Processes (Clause 7.2) . 104
A.8  Software Reuse Processes (Clause 7.3) . 108
Annex B (informative) Use of reusable software products . 109
B.1  Scope . 109
B.2  Evaluating reusable software products . 109
Bibliography . 110

iv © ISO/IEC 2011 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC TR 24748-3:2011(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
In exceptional circumstances, when the joint technical committee has collected data of a different kind from
that which is normally published as an International Standard (“state of the art”, for example), it may decide to
publish a Technical Report. A Technical Report is entirely informative in nature and shall be subject to review
every five years in the same manner as an International Standard.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC TR 24748-3 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
This first edition of ISO/IEC TR 24748-3 cancels and replaces ISO/IEC TR 15271:1998, which has been
technically revised.
ISO/IEC TR 24748 consists of the following parts, under the general title Systems and software
engineering — Life cycle management:
 Part 1: Guide for life cycle management
 Part 2: Guide to the application of ISO/IEC 15288 (System life cycle processes)
 Part 3: Guide to the application of ISO/IEC 12207 (Software life cycle processes)
© ISO/IEC 2011 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC TR 24748-3:2011(E)
Introduction
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) currently have two International Standards that focus on life cycle processes:
 ISO/IEC 15288:2008, Systems and software engineering — System life cycle processes, and
 ISO/IEC 12207:2008, Systems and software engineering — Software life cycle processes.
In addition, ISO and IEC have a multi-part International Standard that promotes the adoption of an integrated
process approach when establishing, implementing, operating, monitoring, reviewing, maintaining and
improving a Service Management System (SMS), to deliver services which meet business needs and
customer requirements:
 ISO/IEC 20000, Information technology — Service management.
This service management standard may be used in conjunction with ISO/IEC 15288 and ISO/IEC 12207 for
the delivery of system services and software services.
The purpose of this part of ISO/IEC TR 24748 is to provide guidance on the application of the software life
cycle processes standard, ISO/IEC 12207:2008. Taken together, the parts of ISO/IEC TR 24748 are intended
to facilitate the joint usage of the process content of the two high-level life cycle process standards, which in
turn may be used together with related standards such as the one for service management, and various other
lower-level process standards. In this way, ISO/IEC TR 24748 provides unified and consolidated guidance on
the life cycle management of systems and software. Its purpose is to help ensure consistency in system
concepts and life cycle concepts, models, stages, processes, process application, key points of view,
adaptation and use in various domains as the two standards (and others) are used in combination. It should
help a project design a life cycle model for managing progress on a project.
Whereas ISO/IEC TR 24748-1 addresses in generic terms the purpose stated above of guidance for the life
cycle management of systems and software, this part of ISO/IEC TR 24748 focuses in on and expands the
coverage of those aspects most relevant to software. This part of ISO/IEC TR 24748 will also, in conjunction
with ISO/IEC TR 24748-1, aid in identifying and planning the use of the life cycle processes described in
ISO/IEC 12207:2008. The proper use of these processes will contribute to a project being completed
successfully, meeting its objectives and requirements for each stage and for the overall project.
This part of ISO/IEC TR 24748 elaborates on factors that should be considered when applying
ISO/IEC 12207:2008 and does this in the context of the various ways in which ISO/IEC 12207:2008 can be
applied. The guidance is not intended to provide the rationale for the requirements of ISO/IEC 12207:2008.
Before reading this part of ISO/IEC TR 24748, readers have to understand the relation between system and
software, the concept of "system of interest", and the structure of a system. These concepts are described in
ISO/IEC TR 24748-1.

vi © ISO/IEC 2011 – All rights reserved

---------------------- Page: 6 ----------------------
TECHNICAL REPORT ISO/IEC TR 24748-3:2011(E)

Systems and software engineering — Life cycle management —
Part 3:
Guide to the application of ISO/IEC 12207 (Software life cycle
processes)
1 Scope
This part of ISO/IEC TR 24748 is a guide for the application of ISO/IEC 12207:2008. It addresses system, life
cycle, process, organizational, project, and adaptation concepts, principally through reference to
ISO/IEC TR 24748-1 and ISO/IEC 12207:2008. It gives guidance on applying ISO/IEC 12207:2008 from the
aspects of strategy, planning, application in organizations, and application on projects.
This part of ISO/IEC TR 24748 is intentionally aligned with both ISO/IEC TR 24748-1 and
ISO/IEC TR 24748-2 (Guide to the application of ISO/IEC 15288) in its terminology, structure and content.
2 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 12207:2008,
ISO/IEC 15288:2008 and ISO/IEC TR 24748-1:2010, apply.
3 Overview of ISO/IEC 12207:2008
3.1 General
ISO/IEC 12207:2008, Systems and software engineering — Software life cycle processes, establishes a
common framework for software life cycle processes, with well-defined terminology, that can be referenced by
the software industry. It applies to the acquisition of systems and software products and services, to the
supply, implementation, operation, maintenance, and disposal of software products and the software portion
of a system, whether performed internally or externally to an organization. Those aspects of system definition
needed to provide the context for software products and services are included. Software includes the software
portion of firmware.
ISO/IEC 12207:2008 may be used stand alone or jointly with other International Standards, such as
ISO/IEC 15288:2008, and supplies a process reference model that supports process capability assessment in
accordance with ISO/IEC 15504-2, Information technology — Process assessment — Part 2: Performing an
assessment.
The purpose of ISO/IEC 12207:2008 is to provide a defined set of processes to facilitate communication
among acquirers, suppliers and other stakeholders in the life cycle of a software product. ISO/IEC 12207:2008
is written for acquirers of systems and software products and services and for suppliers, implementers,
operators, maintainers, managers, quality assurance managers, and users of software products.
© ISO/IEC 2011 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO/IEC TR 24748-3:2011(E)
3.2 Structure of ISO/IEC 12207:2008
ISO/IEC 12207:2008 contains requirements in four clauses.
 Clause 6, which defines the requirements for the system life cycle processes,
 Clause 7, which defines the requirements for specific software life cycle processes,
 Clauses of Annex A, which provides requirements for tailoring of ISO/IEC 12207:2008, and
 Clauses of Annex B, which provides a Process Reference Model (PRM) which may be used for
assessment purposes.
Five informative annexes support the use of ISO/IEC 12207:2008 or its harmonization with
ISO/IEC 15288:2008:
 Annex C expands on the history and rationale for the changes to achieve harmonization, and provides
high-level traceability among the International Standards which were used as the inputs to the revision of
ISO/IEC 12207:2008.
 Annex D describes the alignment of the processes of ISO/IEC 15288:2008 and ISO/IEC 12207:2008.
 Annex E provides an example of a process view for Usability, intended to illustrate how a project might
assemble processes, activities and tasks of ISO/IEC 12207:2008 to provide focused attention to the
achievement of product characteristics that have been selected as being of special interest.
 Annex F contains some example process descriptions relating to business goals and contracting that may
be considered useful to some readers of ISO/IEC 12207:2008.
 Annex G provides support for IEEE users and describes relationships of ISO/IEC 12207:2008 to IEEE
standards.
Readers of ISO/IEC 12207:2008 are advised to consult clause 5 of that International Standard to gain
understanding of the key concepts used.
3.3 Context of ISO/IEC 12207:2008
ISO/IEC 12207:2008 has a focus on the processes that are used by or for software-centred projects that exist
in a defined relationship with the organization, other projects and enabling systems. A project is assigned
responsibility that encompasses one or more life cycle stages of the software system-of-interest.
ISO/IEC 12207:2008 is applicable to organizations and projects whether they act as the acquirer or the
supplier of a software system and whether the system is comprised of products, services, or a combination of
both.
The context of ISO/IEC 12207:2008 is illustrated in Figure 1.
2 © ISO/IEC 2011 – All rights reserved

---------------------- Page: 8 ----------------------
Have span of
interest
ISO/IEC TR 24748-3:2011(E)
Project span of
control
System-of-
Organizations
Organizations
interest
Organizations
Enabling
system
Create and monitor
projects
Projects
Projects
Projects
Software
Apply processes to perform
required work on or with
Life cycle stages
(s , s , …, s ) software within life cycle
1 2 n
stages

Figure 1 — Context of ISO/IEC 12207:2008
A single project may involve multiple organizations working together as partners. Such a project should use
ISO/IEC 12207:2008 to establish common terminology, as well as information flows and interfaces among the
organizations to enhance communication.
When an organization applies ISO/IEC 12207:2008 to a particular software system, then that system becomes
the system-of-interest. The system-of-interest has a life cycle that consists of multiple stages through which
the system passes during its lifetime, denoted s , s , …, s .
1 2 n
EXAMPLE An example of typical stages is:
 s : concept,
1
 s : development,
2
 s : operation, and
3
 s : maintenance.
4
NOTE 1 Stages are described in clause 5.1.12 of ISO/IEC 12207:2008 and in clauses 3.2, 4 and 5 of
ISO/IEC TR 24748-1.
A number of enabling systems are deployed throughout the software life cycle to provide the system-of-
interest with support as needed. Each life cycle stage can require one or more enabling systems. Enabling
systems that cooperate with the software during its operation and maintenance stages can be needed, as well.
It is important to note that an enabling system has its own life cycle and that when ISO/IEC 12207:2008 (or
ISO/IEC 15288:2008, if applicable) is applied to it, it then becomes a system-of-interest.
NOTE 2 The role and use of enabling systems are described in clause 4.6.3 of this Technical Report.
NOTE 3 For related material on enabling systems, see also clause 5.1.4 of ISO/IEC 15288:2008 and clause 3.1.5 of
ISO/IEC TR 24748-1.
© ISO/IEC 2011 – All rights reserved 3

Have system
focus

---------------------- Page: 9 ----------------------
ISO/IEC TR 24748-3:2011(E)
ISO/IEC 12207:2008 is applicable at any level of the structure associated with a software system. As the
software is decomposed recursively into its elements, the processes of ISO/IEC 12207:2008 may be used for
each element in the software structure. Each system element has a life cycle of its own and its own set of
enabling systems.
NOTE 4 For related material on system structure, see clause 5.1.3 of ISO/IEC 15288:2008 and clause 3.1.4 of
ISO/IEC TR 24748-1.
NOTE 5 A view from a project hierarchy perspective is given in clause 4.6.4 of this Technical Report.
In order to perform needed operations and transformations upon software systems during their life cycles, the
organization creates and monitors projects. Projects have defined scope, resources (including time) and focus.
The scope can involve managing all of the stages of the life cycle, a subset of the stages, one or more defined
processes or one or more process activities. The time scale can be of varying duration, for example one hour
or tens of years. The focus of the project is related to the software and its elements in some form of system
structure or stage partitioning.
NOTE 6 Related project concepts are described in clause 4.6 of this Technical Report.
NOTE 7 System life cycle concepts are described in clause 3.2 of ISO/IEC TR 24748-1.
Organizations focus on software that is created in projects within the organization or in conjunction with other
organizations. Projects have a span of interest that includes the software and its related enabling systems.
Some enabling systems are under direct control of the project. The software and those enabling systems
make up the project span of control.
NOTE 8 The span of interest is described in clause 4.6.3 of this Technical Report.
The work performed in projects is on or with the software within one or more life cycle stages. The scope of
ISO/IEC 12207:2008 includes the definition of an appropriate life cycle for software, the selection of processes
to be applied throughout the life cycle and the application of these processes to fulfil agreements and achieve
customer satisfaction.
ISO/IEC 12207:2008 can be applied to all types of software product-focused or service-focused systems and
system elements consisting of software.
The use of ISO/IEC 12207:2008 may be adapted to accommodate the varying project requirements in treating
software life cycles.
NOTE 9 This may be performed by adapting the life cycle as described in clauses 6 and 7 of ISO/IEC TR 24748-1 and
tailoring described in Annex A of ISO/IEC 12207:2008.
3.4 Comparison to previous versions of ISO/IEC 12207
ISO/IEC 12207 was published on 1 August 1995 and was the first International Standard to provide a
comprehensive set of life cycle processes, activities and tasks for software that is part of a larger system, and
for standalone software products and services. That International Standard was followed in November 2002
by ISO/IEC 15288 which addressed system life cycle processes. The ubiquity of the software meant that the
software and its design processes should not be considered separately from those systems, but be
considered as an integral part of the system and system design processes. The ISO/IEC 12207 Amendments
in 2002 and 2004 added process purpose and outcomes to the International Standard and established a
Process Reference Model in accordance with the requirements of ISO/IEC 15504-2.
ISO/IEC 12207:2008 integrates ISO/IEC 12207:1995 with its two Amendments and provides better process
definition to support consistency and improved usability.
NOTE 1 Clause 9.1 of ISO/IEC TR 24748-1 gives extensive detailed comparison between the versions of
ISO/IEC 12207, as well as comparisons between ISO/IEC 15288:2008 and ISO/IEC 12207:2008.
NOTE 2 Figure 18 in ISO/IEC TR 24748-1 shows the process structure changes of the 2008 update.
4 © ISO/IEC 2011 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/IEC TR 24748-3:2011(E)
NOTE 3 Figure 20 in ISO/IEC TR 24748-1 provides information regarding the source of the provisions in the aligned
process clause set of ISO/IEC 12207:2008.
NOTE 4 Figure 21 in ISO/IEC TR 24748-1 provides a mapping between ISO/IEC 12207:1995 and ISO/IEC 12207:2008
process clause sets.
NOTE 5 Figure 22 in ISO/IEC TR 24748-1 gives the inverse mapping between ISO/IEC 12207:2008 and
ISO/IEC 12207:1995.
4 Application Concepts
4.1 Overview
This Technical Report provides guidelines for life cycle management in the field of software systems. This
clause highlights and explains essential concepts on which this Technical Report is based, and introduces key
concepts useful in reading and applying ISO/IEC 12207:2008.
NOTE ISO/IEC TR 24748-1 provides more information on concepts related to life cycle management in general.
4.2 Software concepts
4.2.1 System and software concepts
The application of ISO/IEC 12207:2008 presupposes an understanding of system concepts. A system is a
combination of interacting elements organized to achieve one or more stated purposes. For the purposes of
this Technical Report, systems are considered man-made and utilized to provide services in defined
environments for the benefit of users and other stakeholders. These systems may be configured with one or
more of the following: hardware, software, services, humans, processes (e.g. review process), procedures
(e.g. operator instructions), facilities and naturally occurring entities (e.g. water, organisms, minerals). A
system may
...