ISO/IEC 29110-2-1:2015

INTERNATIONAL ISO/IEC
STANDARD 29110-2-1
First edition
2015-11-01
Software Engineering — Lifecycle
profiles for Very Small Entities
(VSEs) —
Part 2-1:
Framework and taxonomy
Ingénierie du logiciel — Profil de cycle de vie pour très petits
organismes (TPO) —
Partie 2-1: Cadre général et taxinomie
Reference number
©
ISO/IEC 2015
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
1.1 Fields of application . 1
1.2 Target audience . 1
2 Conformance to standardized profiles . 1
2.1 Overview . 1
2.2 General principles . 1
2.2.1 Tailoring and exclusions . 1
2.2.2 Extensions . 2
2.2.3 Conformance to base standards . 2
2.3 Conformance requirements for standardized profiles . 3
2.3.1 Conformance situations . 3
2.3.2 Conformance to a standardized profile . 3
2.3.3 Limited conformance to the base standards included in the standardized profile 3
3 Normative references . 4
4 Terms and definitions . 4
5 Conventions and abbreviated terms .13
5.1 Naming, diagramming, and definition conventions .13
5.2 Abbreviated terms .13
6 Software and Systems engineering profiles for VSEs .13
6.1 Basic concepts .13
6.2 Purpose of standardized profiles .14
6.3 Preparation of profiles .14
6.3.1 Selection and preparation of base standards .14
6.3.2 Selection of profile elements .15
6.3.3 Refinement of the profile .15
7 Preparing profiles of Software and Systems Engineering standards.15
7.1 Rationale for profiles .15
7.2 Profiling lifecycle product standards .15
7.3 Profiling lifecycle process standards .16
7.4 Relating process and product standards in profiles .16
7.5 Graduated profiles in a profile group .20
7.6 Packaged profiles in a profile group .22
8 The VSE profile taxonomy principles .22
8.1 VSE classification dimensions .22
8.2 Decoupling VSE classification from profile preparation .22
8.3 Graduating a profile group.22
8.4 Packaging a profile group .23
9 Taxonomy of VSE profiles .23
9.1 Introduction .23
9.2 Profile Taxonomy .23
9.3 The Software Engineering Generic profile group .24
9.3.1 Introduction .24
9.3.2 The Entry profile .24
9.3.3 The Basic profile .24
9.3.4 The Intermediate profile .24
9.3.5 The Advanced profile .24
9.4 The Systems Engineering Generic profile group .25
9.4.1 Introduction .25
9.4.2 The Entry profile .25
© ISO/IEC 2015 – All rights reserved iii

9.4.3 The Basic profile .25
9.4.4 The Intermediate profile .25
9.4.5 The Advanced profile .25
9.5 The Organisational Management Profile Group .25
9.6 The Service Delivery Profile Group .25
10 Guidelines for the specification of VSE profiles .26
10.1 Rules for Profile Specifications .26
10.1.1 Rules from ISO/IEC TR 10000-1 .26
10.1.2 Rules specific to ISO/IEC 291110 VSE Profiles .26
10.2 Profile Specification Process .26
10.3 Profile Specifications .27
10.3.1 Specification content and style .27
10.3.2 Profile Specification Contents .28
10.3.3 Process Reference Models and Process Assessment Models .30
10.4 Exemplar Profile Specification Tables.30
Bibliography .32
iv © ISO/IEC 2015 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical
Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee
SC 7, Software and systems engineering.
This second edition cancels and replaces the first edition (ISO/IEC 29110-2:2011), which has been
technically revised.
The full list of parts of ISO/IEC 29110 is available here.
© ISO/IEC 2015 – All rights reserved v

Introduction
Very Small Entities (VSEs) around the world are creating valuable products and services. For the
purpose of this part of ISO/IEC 29110, a Very Small Entity (VSE) is an enterprise, an organization, a
department, or a project having up to 25 people. Since many VSEs develop and/or maintain system
and software components used in systems, either as independent products or incorporated in larger
systems, a recognition of VSEs as suppliers of high quality products is required.
According to the Organization for Economic Co-operation and Development (OECD) SME and
Entrepreneurship Outlook report (2005), “Small and Medium Enterprises (SMEs) constitute the
dominant form of business organization in all countries world-wide, accounting for over 95 % and
up to 99 % of the business population depending on country”. The challenge facing governments
and economies is to provide a business environment that supports the competitiveness of this large
heterogeneous business population and that promotes a vibrant entrepreneurial culture.
From studies and surveys conducted, it is clear that the majority of International Standards do not
address the needs of VSEs. Implementation of and conformance with these standards is difficult, if not
impossible. Consequently, VSEs have no, or very limited, ways to be recognized as entities that produce
quality systems/system elements including software in their domain. Therefore, VSEs are excluded
from some economic activities.
It has been found that VSEs find it difficult to relate International Standards to their business needs
and to justify the effort required to apply standards to their business practices. Most VSEs can neither
afford the resources, in terms of number of employees, expertise, budget, and time, nor do they see a
net benefit in establishing over-complex systems or software lifecycle processes. To address some of
these difficulties, a set of guides has been developed based on a set of VSE characteristics. The guides
are based on subsets of appropriate standards processes, activities, tasks, and outcomes, referred to as
Profiles. The purpose of a profile is to define a subset of International Standards relevant to the VSEs’
context; for example, processes, activities, tasks, and outcomes of ISO/IEC/IEEE 12207 for software;
and processes, activities, tasks, and outcomes of ISO/IEC/IEEE 15288 for systems; and information
products (documentation) of ISO/IEC/IEEE 15289 for software and systems.
VSEs can achieve recognition through implementing a profile and by being audited against
ISO/IEC 29110 specifications.
The ISO/IEC 29110 series of International Standards and Technical Reports can be applied at any
phase of system or software development within a lifecycle. This series of International Standards
and Technical Reports is intended to be used by VSEs that do not have experience or expertise in
adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 standards to the needs of a specific
project. VSEs that have expertise in adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 are
encouraged to use those standards instead of ISO/IEC 29110.
ISO/IEC 29110 is intended to be used with any lifecycle such as: waterfall, iterative, incremental,
evolutionary, or agile.
The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software
and/or service quality, and process performance (see Table 1).
vi © ISO/IEC 2015 – All rights reserved

Table 1 — ISO/IEC 29110 target audience
ISO/IEC 29110 Title Target audience
Part 1 Overview VSEs and their customers, assessors,
standards producers, tool vendors,
and methodology vendors.
Part 2 Framework Profile producers, tool vendors, and
methodology vendors.
Not intended for VSEs.
Part 3 Assessment guide VSEs and their customers, assessors,
accreditation bodies.
Part 4 Profile specifications VSEs, customers, standards produc-
ers, tool vendors, and methodology
vendors.
Part 5 Management and engi- VSEs and their customers.
neering guide
If a new profile is needed, ISO/IEC 29110-4 and ISO/IEC TR 29110-5 can be developed with minimal
impact to existing documents.
ISO/IEC TR 29110-1 defines the terms common to the ISO/IEC 29110 series. It introduces processes,
lifecycle, and standardization concepts, the taxonomy (catalogue) of ISO/IEC 29110 profiles, and
the ISO/IEC 29110 series. It also introduces the characteristics and needs of a VSE, and clarifies the
rationale for specific profiles, documents, standards, and guides.
ISO/IEC TR 29110-3 defines certification schemes, assessment guidelines, and compliance requirements
for process capability assessment (ISO/IEC 33xxx), conformity assessments (ISO/IEC 17xxx), and
self-assessments for process improvements. ISO/IEC TR 29110-3 also contains information that
can be useful to developers of certification and assessment methods and developers of certification
and assessment tools. ISO/IEC 29110-3 is addressed to people who have direct involvement with the
assessment process, e.g. the auditor, certification, and accreditation bodies and the sponsor of the audit,
who need guidance on ensuring that the requirements for performing an audit have been met.
ISO/IEC 29110-4-m provides the specification for all profiles in one profile group that are based on
subsets of appropriate standards elements.
ISO/IEC TR 29110-5-m-n provides a management and engineering guide for each profile in one
profile group.
ISO/IEC TR 29110-6-x provides management and engineering guides not tied to a specific profile.
This part of ISO/IEC 29110 introduces the concepts for systems and software engineering profiles
for VSEs. It establishes the logic behind the definition and application of profiles. For standardized
profiles, it specifies the elements common to all profiles (structure, requirements, conformance, and
assessment). For domain-specific profiles (profiles that are not standardized and developed outside of
the ISO process), it provides general guidance adapted from the definition of standardized profiles.
Figure 1 describes the International Standards (IS) and Technical Reports (TR) of ISO/IEC 29110 and
positions the parts within the framework of reference. Overview, assessment guide, management, and
engineering guide are available from ISO as freely available Technical Reports (TR). The Framework
document, profile specifications and certification schemes are published as International Standards (IS).
© ISO/IEC 2015 – All rights reserved vii

Figure 1 — ISO/IEC 29110 Series
viii © ISO/IEC 2015 – All rights reserved

INTERNATIONAL STANDARD ISO/IEC 29110-2-1:2015(E)
Software Engineering — Lifecycle profiles for Very Small
Entities (VSEs) —
Part 2-1:
Framework and taxonomy
1 Scope
1.1 Fields of application
ISO/IEC 29110 is applicable to Very Small Entities (VSEs). The lifecycle processes described in
ISO/IEC 29110 are not intended to preclude or discourage their use by organizations bigger than VSEs.
However, certain issues faced by large organizations might not be covered by ISO/IEC 29110.
The lifecycle processes defined in ISO/IEC 29110 can be used by VSEs when acquiring and using, as well
as when creating and supplying, a software, and systems. They can be applied at any level in a software
and systems structure and at any stage in the lifecycle. The processes described in ISO/IEC 29110 are
not intended to preclude or discourage the use of additional processes that VSEs find useful.
This part of ISO/IEC 29110 introduces the major concepts for software and systems engineering profiles
for VSEs, and defines the terms common to the set of documents associated with VSE profiles.
It establishes the logic behind the definition and application of profiles. It specifies the elements
common to all standardized profiles (structure, conformance, assessment).
This part of ISO/IEC 29110 is applicable to all profiles.
1.2 Target audience
This part of ISO/IEC 29110 is targeted at authors and reviewers of standardized profiles, authors of
other parts, and authors of other VSE profiles.
2 Conformance to standardized profiles
2.1 Overview
1)
Conformance is specified within each profile specification document, published as ISO/IEC 29110-4-6 for
systems engineering and ISO/IEC 29110-4-1 for software engineering. The general rules for conformance
to ISO/IEC 29110 profiles are in accordance with ISO/IEC TR 10000-1 and outlined in 2.2 and 2.3.
2.2 General principles
2.2.1 Tailoring and exclusions
ISO/IEC 29110 standardized profiles are pre-tailored packages of related software and systems
engineering standards, therefore
— tailoring of ISO/IEC 29110 profiles is not needed nor allowed (except in one case outlined in 2.3.2),
— partial compliance is not allowed (except in one case outlined in 2.2.3), and
1) To be published.
© ISO/IEC 2015 – All rights reserved 1

— there are no levels of conformance.
2.2.2 Extensions
It is acceptable for an implementation to incorporate elements beyond what is defined in the
specification of the profile.
If a profile allows extensions, each implementation shall fully support all required elements of the
profile specification exactly as specified, and the extensions shall be consistent with, and permit
conformance with, elements defined in the profile specification. The conformance clause of profiles that
allow extensions should include some additional, more specific, requirements, such as the following.
— Extensions shall not re-define semantics for existing elements.
— Extensions shall not cause standard-conforming implementations (i.e. processes that do not use the
extensions) to be performed incorrectly.
— Extensions shall follow the principles and guidelines of the specification they extend, i.e. the
specifications must be extended in a standard manner (see section below).
— For implementations and/or applications that contain extensions, extensions shall be clearly
described in supporting documentation and the extensions shall be marked as such within the
implementation/application.
— For implementations that contain extensions, there shall be a mode under which the
implementation can be directed to produce only conformant files (documents) or to operate in a
strictly conformant manner.
2.2.3 Conformance to base standards
The purpose of a standardized profile is to specify the use of sets of specifications to provide clearly
defined functionality. Hence, conformance to ISO/IEC 29110 standardized profile specifications
always implies conformance to the referenced base standards’ specifications, if it is referenced in
totality in the profile.
However, if only part of the base standard is referenced in the profile, the above statement is true
inasmuch as the base standard conformance clause allows for tailored and partial compliance.
The conformance requirements of an ISO/IEC 29110 standardized profile shall relate to the conformance
requirements in the base standards in the following ways.
a) Unconditional mandatory requirements in the base standards shall remain mandatory in the
ISO/IEC 29110 profile.
b) Unconditional options in base standards may remain optional or may be changed within the
profile to become:
1) mandatory;
2) conditional, giving rise to different statuses dependent upon some appropriate condition;
3) out of scope, if the option is not relevant to the scope of the profile; for example, functional
elements which are unused in the context of the profile;
4) prohibited, if the use of the option is to be regarded as non-conformant behaviour within the
context of the profile. This choice should only be used when really necessary, “out of scope” can
often be more appropriate.
c) If the conditions in the conditional requirements in the base standards can be fully evaluated in the
context of the profile, then these requirements become unconditional mandatory requirements or
2 © ISO/IEC 2015 – All rights reserved

unconditional options, or they become out of scope or prohibited. Otherwise, the conditions remain
conditional, with the appropriate, possibly partially, evaluated conditions.
2.3 Conformance requirements for standardized profiles
2.3.1 Conformance situations
Conformance can be interpreted differently for various situations. The relevant situation shall be
identified in the claim of conformance.
ISO/IEC 29110 profiles can be implemented by organizations or projects implementing and using the
processes and products prescribed by the profile.
NOTE The case where another ISO document, such as a Guide or Technical Report, complies with the profile
specification is not considered implementation conformance and subject to conformance clauses. For instance,
ISO/IEC TR 29110-5 guides comply with ISO/IEC 29110-4 profile specifications, and this is evidenced by a
normative reference to ISO/IEC 29110-4 in ISO/IEC TR 29110-5, not by a conformance clause.
2.3.2 Conformance to a standardized profile
A product that claims conformance to an ISO/IEC 29110 standardized profile shall implement all
the mandatory profile elements as identified in the profile specification ISO/IEC 29110-4-m, and
the associated properties and requirements as described in the base standards when applicable.
Conformance is achieved by demonstrating that the conforming product does not exclude, modify, or
contradict any of the mandatory profile elements.
An organization that claims conformance to an ISO/IEC 29110 profile shall identify which profile it is
claiming conformance to, and implement and use all the mandatory profile requirements as identified
in the profile specific clauses of the profile specification ISO/IEC 29110-4-m, and the associated
properties and requirements as described in the base standards when applicable. Conformance is
achieved by demonstrating that:
— mandatory requirements for the lifecycle processes have been satisfied using the required input
and output products as evidence;
— mandatory requirements for the lifecycle products (information items) and content (information
item content) have been satisfied using the content of conformant work products as evidence.
Unless otherwise noted in the standardized profile conformance clause, conformance to the profile
implies conformance to the base standards.
NOTE Information items are described as if it were published as a separate document. However,
information items and their content will be considered as conforming if they are unpublished but available in
a repository for reference, divided into separate documents or volumes, or combined with other information
items into one document.
If a profile contains conditional mandatory requirements, then these requirements shall be grouped
in a separately identifiable subclause, and the conformance clause in the profile specification
ISO/IEC 29110-4-m shall identify what condition need to be met, and the specific subclause where there
requirements are.
2.3.3 Limited conformance to the base standards included in the standardized profile
If an organization or a product cannot claim conformance to the profile, it can still claim conformance
to the elements of the base standard included in the profile under the following conditions.
a) The base standard is not totally included in the profile (if it is totally included, then the
implementation should claim conformance to the base standards).
b) The base standard’s conformance clause allows for partial conformance and/or tailored conformance.
© ISO/IEC 2015 – All rights reserved 3

In that case, the conformance clause shall refer only to the mandatory profile elements as identified
in the profile specification ISO/IEC 29110-4-m that refer to the base standards in question, and are
identified as mandatory (normative) in the base standards.
3 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC TR 10000-1:1998, Information technology — Framework and taxonomy of International
Standardized Profiles — Part 1: General principles and documentation framework
4 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
4.1
activity
set of cohesive tasks of a process
[SOURCE: ISO/IEC/IEEE 12207]
4.2
acquirer
stakeholder that acquires or procures a product or service from a supplier
Note 1 to entry: Other terms commonly used for an acquirer are buyer, customer, owner, or purchaser.
[SOURCE: ISO/IEC/IEEE 15288:2015]
4.3
advanced profile
profile targeted at VSEs which want to sustain and grow as an independent competitive system and/or
software development business
4.4
agreement
mutual acknowledgement of terms and conditions under which a working relationship is conducted
EXAMPLE Contract, memorandum of agreement.
[SOURCE: ISO/IEC/IEEE 12207]
4.5
assessment indicator
sources of objective evidence used to support the assessors’ judgment in rating process attributes
EXAMPLE Work products, practice, or resource.
[SOURCE: ISO/IEC 33001]
4.6
assessor
individual who participates in the rating of process attributes
[SOURCE: ISO/IEC 33001]
4 © ISO/IEC 2015 – All rights reserved

4.7
audit
systematic, independent, documented process for obtaining records, statements of fact, or other
relevant information and assessing them objectively to determine the extent to which specified
requirements are fulfilled
Note 1 to entry: While “audit” applies to management systems, “assessment” applies to conformity assessment
bodies as well as more generally
[SOURCE: ISO/IEC 17000]
4.8
auditee
organization being audited
[SOURCE: ISO 9000]
4.9
auditor
person who conducts an audit
[SOURCE: ISO 19011]
4.10
audit team
one or more auditors (4.9) conducting an audit (4.7), supported if needed by technical experts
Note 1 to entry: One auditor of the audit team is appointed as the audit team leader.
Note 2 to entry: The audit team may include auditors-in-training.
[SOURCE: ISO 9000]
4.11
autonomy-based improvement
motivated professional process improvement (4.40) with understanding work (process) objectives,
technology status quo, and outcomes from product use, not forced by anybody
4.12
baseline
specification or product that has been formally reviewed and agreed upon, that thereafter serves as the
basis for further development, and that can be changed only through formal change control procedures
[SOURCE: IEEE 828-2012]
4.13
base standard
approved International Standard or Telecommunication Standardization Sector of the International
Telecommunications Union (ITU-T) Recommendation
[SOURCE: ISO/IEC TR 10000-1]
4.14
basic profile
profile targeted at VSEs developing a single application by a single work team
4.15
certification
third-party attestation related to products, processes, systems, or persons
Note 1 to entry: Certification of a management system is sometimes also called registration.
© ISO/IEC 2015 – All rights reserved 5

Note 2 to entry: Certification is applicable to all objects of conformity assessment except for conformity
assessment bodies themselves, to which accreditation is applicable.
[SOURCE: ISO/IEC 17000]
4.16
certification body
third-party conformity assessment (4.21) body operating certification schemes
Note 1 to entry: A certification body can be non-governmental or governmental (with or without regulatory
authority).
[SOURCE: ISO/IEC 17065]
4.17
certification scheme
certification system related to specified products, to which the same specified requirements, specific
rules, and procedures apply
Note 1 to entry: Adapted from ISO/IEC 17000:2004, 2.8.
Note 2 to entry: For definition of “certification system”, refer to ISO/IEC 17000:2004, 2.7.
Note 3 to entry: The criteria for the rules, procedures, and management for implementing product, process, and
service.
[SOURCE: ISO/IEC 17065]
4.18
certification scheme owner
person or organization that is responsible for developing and maintaining a specific certification
scheme (4.17)
Note 1 to entry: The certification scheme owner can be the certification body (4.16) itself, a governmental
authority, trade association, group of certification bodies, or other.
[SOURCE: ISO/IEC 17065]
4.19
client (for certification)
organization that is responsible to a certification body (4.16) for ensuring certification requirements,
including product requirements are fulfilled
[SOURCE: ISO/IEC 17065]
4.20
competent assessor
assessor (4.6) who has demonstrated the competencies to conduct an assessment and to monitor and
verify the conformance of a process assessment (4.36)
[SOURCE: ISO/IEC 33000]
4.21
conformity assessment
demonstration that specified requirements relating to a product, process, system, person or body
are fulfilled
[SOURCE: ISO/IEC 17000:2004]
4.22
critical system
system having the potential for serious impact on the users or environment, due to factors including
safety, performance, and security
6 © ISO/IEC 2015 – All rights reserved

4.23
customer
organization or person that receives a product or service
Note 1 to entry: A customer can be internal or external to the organization.
[SOURCE: ISO 9000:2005, modified – added ‘service’]
4.24
deployment package
set of artefacts developed to facilitate the implementation of a set of practices, of the selected
framework, in a very small entity (4.71)
4.25
disposed system
system that has been transformed (i.e. state change) by applying the disposal process
Note 1 to entry: A systems approach considers the total system and the total lifecycle (4.32) of the system. This
includes all aspects of the system and the system throughout its life until the day users dispose of the system and
the external enterprises complete the handling of the disposed system products.
[SOURCE: ISO/IEC/IEEE 15288, modified]
4.26
entity
registered organization, group within a registered organization, or a project within an organization
4.27
entry profile
profile targeted at start-up VSEs (i.e. VSEs who started their operation less than 3 years) and/or at VSEs
working on small project (e.g. project size of less than 6 person-months)
4.28
generic profile group
profile group applicable to VSEs (very small entities) that do not develop critical systems (4.22) or
software products and have typical situational factors
4.29
guide
document published by ISO or IEC giving rules, orientation, advice, or recommendations relating to
international standardization
[SOURCE: ISO/IEC Directives, Part 2]
4.30
intermediate profile
profile targeted at VSEs involved in the development of more than one project in parallel with more
than one work team
4.31
international standard
standard that is adopted by an international standardizing/standards organization and made available
to the public
[SOURCE: ISO/IEC Directives, Part 2]
4.32
lifecycle
evolution of a system, product, service, project or other human-made entity from conception
through retirement
[SOURCE: ISO/IEC/IEEE 12207]
© ISO/IEC 2015 – All rights reserved 7

4.33
operator
entity (4.26) that performs the operations of a system
Note 1 to entry: The role of operator and the role of user can be vested, simultaneously, or sequentially, in the
same individual or organization.
Note 2 to entry: An individual operator combined with knowledge, skills, and procedures can be considered as an
element of the system.
Note 3 to entry: In the context of this specific definition, the term entity means an individual or an organization.
[SOURCE: ISO/IEC/IEEE 12207]
4.34
organization
person or a group of people and facilities with an arrangement of responsibilities, authorities, and
relationships
[SOURCE: ISO 9000:2005, modified]
4.35
process
set of interrelated or interacting activities which transforms inputs into outputs
EXAMPLE Welding engineering processes; heat treatment processes; manufacturing processes requiring
confirmation of process capability (e.g. operating or producing product within specified tolerances); food
production processes; plant growth processes.
[SOURCE: ISO 9000:2005]
4.36
process assessment
disciplined evaluation of an organizational unit’s processes against a process assessment model (4.37)
[SOURCE: ISO/IEC 33001]
4.37
process assessment model
model suitable for the purpose of assessing process capability (4.38), based on one or more process
reference models (4.43)
[SOURCE: ISO/IEC 33001]
4.38
process capability
characterization of the ability of a process to meet current or projected business goals
[SOURCE: ISO/IEC 33000]
4.39
process capability level
point on the six-point ordinal scale [of process capability (4.38)] that represents the capability of the
process; each level builds on the capability of the level below
[SOURCE: ISO/IEC 33000]
4.40
process improvement
actions taken to improve the quality of the organization’s processes aligned with the business needs
[SOURCE: ISO/IEC 33001]
8 © ISO/IEC 2015 – All rights reserved

4.41
process outcome
observable result of the successful achievement of the process purpose
Note 1 to entry: An outcome statement describes one of the following:
— Production of an artefact;
— A significant change in state;
— Meeting of specified constraints, e.g., requirements, goals, etc.
[SOURCE: ISO/IEC/IEEE 12207]
4.42
process profile
set of process attribute ratings for an assessed process
[SOURCE: ISO/IEC 33001]
4.43
process reference model
model comprising definitions of processes in a lifecycle (4.32) described in terms of process purpose
and outcomes, together with an architecture describing the relationships between the processes
[SOURCE: ISO/IEC 33001]
4.44
profile
set of one or more base standards and/or profiles, and where applicable, the identification of chosen
classes, conforming subsets, option, and parameters of those base standard, or standardized profiles
necessary to accomplish a particular function
[SOURCE: ISO/IEC TR 10000-1]
4.45
profile group
collection of profiles which are related either by composition of processes (i.e. activities, tasks), or by
requirements sharing or composition, or both
4.46
project
endeavour with defined start and finish dates undertaken to create a product or service in accordance
with specified resources and requirements
Note 1 to entry: project is sometimes viewed as a unique process comprising coordinated and controlled
activities and composed of activities from the Technical Management processes and Technical processes defined
in this part of ISO/IEC 29110.
[SOURCE: ISO/IEC/IEEE 12207]
4.47
record
set of related data items treated as a unit
EXAMPLE Document stating results achieved or providing evidence of activities performed.
[SOURCE: ISO/IEC/IEEE 15289, modified]
© ISO/IEC 2015 – All rights reserved 9

4.48
report
information item that describes the results of activities such as investigations, assessments, and tests
[SOURCE: ISO/IEC/IEEE 15289]
4.49
repository
collection of all system element or software related artefacts belonging to a system
Note 1 to entry: The location/format in which such a collection is stored
[SOURCE: ISO/IEC/IEEE 24765, modified]
4.50
resource
asset that is utilized or consumed during the execution of a process
Note 1 to entry: Includes diverse entities such as funding, personnel, facilities, capital equipment, tools, and
utilities such as power, water, fuel and communication infrastructures.
Note 2 to entry: Resources include those that are reusable, renewable, or consumable.
[SOURCE: ISO/IEC/IEEE 12207]
4.51
review
process or meeting during which a work product (4.73), or set of work products, is presented to project
personnel, managers, users, customers (4.23), or other interested parties for comment or approval
[SOURCE: ISO/IEC/IEEE 24765]
4.52
small and medium enterprise
SME
enterprises which employ fewer than 250 persons
[SOURCE: OECD 2005, modified]
4.53
software
computer programs, procedures, and possibly associated documentation and data pertaining to the
operation of a computer system
[SOURCE: IEEE 828]
4.54
software component
general term used to refer to a software sys
...