1、raising standards worldwide NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BSI Standards Publication BS ISO/IEC 15026-4:2012 Systems and software engineering Systems and software assurance Part 4: Assurance in the life cycleBS ISO/IEC 15026-4:2012 BRITISH STANDARD National fo
2、reword This British Standard is the UK implementation of ISO/IEC 15026-4:2012. The UK participation in its preparation was entrusted to T e c h n i c a l C o m m i t t e e I S T / 1 5 , S o f t w a r e a n d s y s t e m s e n g i n e e r i n g . A list of organizations represented on this committee
3、can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2012. Published by BSI Standards Limited 2012. ISBN 978 0 580 75874 4 ICS 35.080
4、Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 November 2012. Amendments issued since publication Date T e x t a f f e c t e dBS ISO/IEC 15026-4:2012Referen
5、ce number ISO/IEC 15026-4:2012(E) ISO/IEC 2012INTERNATIONAL STANDARD ISO/IEC 15026-4 First edition 2012-10-01Systems and software engineering Systems and software assurance Part 4: Assurance in the life cycle Ingnierie du logiciel et des systmes Assurance du logiciel et des systmes Partie 4: Assuran
6、ce du cycle de vie BS ISO/IEC 15026-4:2012 ISO/IEC 15026-4:2012(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2012 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and mi
7、crofilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO
8、/IEC 2012 All rights reservedBS ISO/IEC 15026-4:2012 ISO/IEC 15026-4:2012(E) ISO/IEC 2012 All rights reserved iiiContents Page Foreword . v Introduction vi 1 Scope 1 2 Conformance . 1 3 Normative references 1 4 Terms and definitions . 2 5 Key concepts for and use of this part of ISO/IEC 15026 . 2 5.
9、1 Life cycle approach . 2 5.2 Assurance claims 2 5.3 Using this part of ISO/IEC 15026 3 5.3.1 Use for an agreement 3 5.3.2 Use for regulation 3 5.3.3 Use for development . 3 6 Process view purposes and required outcomes . 3 6.1 Systems assurance process view . 3 6.1.1 Purpose 4 6.1.2 Required outcom
10、es . 4 6.2 Software assurance process view . 4 6.2.1 Purpose 4 6.2.2 Required outcomes . 4 7 Assurance guidance and recommendations for selected processes . 4 7.1 Introduction 4 7.2 Acquisition process 5 7.2.1 Relevant activities and tasks . 5 7.2.2 Assurance guidance and recommendations 5 7.3 Suppl
11、y process 6 7.3.1 Relevant activities and tasks . 6 7.3.2 Assurance guidance and recommendations 6 7.4 Project planning process . 7 7.4.1 Relevant activities and tasks . 7 7.4.2 Assurance guidance and recommendations 7 7.5 Decision Management process 8 7.5.1 Relevant activities and tasks . 9 7.5.2 A
12、ssurance guidance and recommendations 9 7.6 Risk Management process . 9 7.6.1 Relevant activities and tasks . 10 7.6.2 Assurance guidance and recommendations 11 7.7 Configuration management process . 11 7.7.1 Relevant activities and tasks . 11 7.7.2 Assurance guidance and recommendations 12 7.8 Info
13、rmation Management process . 13 7.8.1 Relevant activities and tasks . 13 7.8.2 Assurance guidance and recommendations 13 7.9 Stakeholder Requirements Definition process 14 7.9.1 Relevant activities and tasks . 15 7.9.2 Assurance guidance and recommendations 15 7.10 Requirements Analysis process 17 7
14、.10.1 Relevant activities and tasks . 18 7.10.2 Assurance guidance and recommendations 19 BS ISO/IEC 15026-4:2012 ISO/IEC 15026-4:2012(E) iv ISO/IEC 2012 All rights reserved7.11 Verification process 19 7.11.1 Relevant activities and tasks 20 7.11.2 Assurance guidance and recommendations 20 7.12 Oper
15、ation process .20 7.12.1 Relevant Activities and Tasks 21 7.12.2 Assurance guidance and recommendations 21 7.13 Maintenance process 21 7.13.1 Relevant activities and tasks 21 7.13.2 Assurance guidance and recommendations 22 Bibliography 23 BS ISO/IEC 15026-4:2012 ISO/IEC 15026-4:2012(E) ISO/IEC 2012
16、 All rights reserved vForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International St
17、andards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO a
18、nd IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committe
19、e is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the p
20、ossibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/IEC 15026-4 was prepared by Joint Technical Committee ISO/TC JTC 1, Information technology, Subcommittee SC 7, Software and
21、systems engineering. ISO/IEC 15026 consists of the following parts, under the general title Systems and software engineering Systems and software assurance: Part 1: Concepts and vocabulary Technical Report Part 2: Assurance case Part 3: System integrity levels Part 4: Assurance in the life cycle BS
22、ISO/IEC 15026-4:2012 ISO/IEC 15026-4:2012(E) vi ISO/IEC 2012 All rights reservedIntroduction In its entirety, ISO/IEC 15026 consists of multiple parts: a) ISO/IEC TR 15026-1, System and software engineering Systems and software assurance Part 1: Concepts and vocabulary NOTE ISO/IEC TR 15026-1 is int
23、ended to be replaced by an International Standard. b) ISO/IEC 15026-2, System and software engineering Systems and software assurance Part 2: Assurance case c) ISO/IEC 15026-3, System and software engineering Systems and software assurance Part 3: System integrity levels d) ISO/IEC 15026-4, System a
24、nd software engineering Systems and software assurance Part 4: Assurance in the life cycle Many specialized standards and guidelines address specific application areas and topics related to assurance and use different concepts and terminology when addressing common themes. ISO/IEC TR 15026-1 provide
25、s terminology and concepts used in all parts of ISO/IEC 15026. ISO/IEC 15026-2 provides minimum requirements for the structure and contents of assurance cases that treat claims regarding properties of a system or software product selected for special treatment. The results of performing the life cyc
26、le activities and tasks referenced in this part of ISO/IEC 15026 can be recorded in the form of the assurance case described in ISO/IEC 15026-2. ISO/IEC 15026-3 addresses the assignment of integrity levels for selected elements of a system. Where ISO/IEC 15026-2 is applicable, it can bring useful st
27、ructure, aid, and direction to defining claims and showing their achievement through the use of integrity levels and accompanying integrity level requirements. ISO/IEC 15026-2, ISO/IEC 15026-3 and ISO/IEC 15026-4 all use the concepts and vocabulary defined in ISO/IEC TR 15026-1; however, any part ca
28、n be applied independently of the others and the use of one does not require the use of any others. BS ISO/IEC 15026-4:2012 INTERNATIONAL STANDARD ISO/IEC 15026-4:2012(E) ISO/IEC 2012 All rights reserved 1Systems and software engineering Systems and software assurance Part 4: Assurance in the life c
29、ycle 1 Scope This part of ISO/IEC 15026 gives guidance and recommendations for conducting selected processes, activities and tasks for systems and software products requiring assurance claims for properties selected for special attention, called critical properties. This part of ISO/IEC 15026 specif
30、ies a property-independent list of processes, activities and tasks to achieve the claim and show the achievement of the claim. This part of ISO/IEC 15026 establishes the processes, activities, tasks, guidance and recommendations in the context of a defined life cycle model and set of life cycle proc
31、esses for system and/or software life cycle management. NOTE The stakeholders determine which of the system or software properties are selected for special attention and require assurance claims. This part of ISO/IEC 15026 uses the term “critical” to distinguish those properties from other requireme
32、nts. 2 Conformance Conformance may be claimed to this part of ISO/IEC 15026 with respect to the systems assurance process view and/or the software assurance process view. Thus, conformance to this part of ISO/IEC 15026 can be achieved in either or both of the following ways: a) Demonstrating that th
33、e required outcomes of the systems assurance process view (6.1.2) have been achieved, in addition to conforming to the Agreement, Project, and Technical processes of ISO/IEC 15288. b) Demonstrating that the required outcomes of the software assurance process view (6.2.2) have been achieved, in addit
34、ion to conforming to the Agreement, Project, Technical, and Software Specific processes of ISO/IEC 12207:2008. A claim of conformance is relevant only to specific claims regarding designated systems or software. Conformance to ISO/IEC 15026 Part 2 can assist in achieving the outcomes required by the
35、 two process views in this part of ISO/IEC 15026. NOTE Parties to an agreement may choose to incorporate selected portions of this part of the International Standard into the terms of the agreement. However, compliance with the agreement does not justify a claim of conformance to this part of the In
36、ternational Standard. A claim of conformance can only be justified as explained above. 3 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of
37、 the referenced documents (including any amendments) applies. ISO/IEC TR 15026-1, Systems and software engineering Systems and software assurance Part 1: Concepts and vocabulary BS ISO/IEC 15026-4:2012 ISO/IEC 15026-4:2012(E) 2 ISO/IEC 2012 All rights reservedThis part requires activities and tasks
38、in the context of complete sets of life cycle processes that comprise life cycle models for projects. The two sets of life cycle processes are provided in: ISO/IEC 15288:2008, Systems and software engineering System life cycle processes ISO/IEC 12207:2008, Systems and software engineering Software l
39、ife cycle processes The assurance guidance and recommendations referenced in this part of ISO/IEC 15026 are to be understood in terms of their being in the context of the processes, activities and tasks of ISO/IEC 15288 and ISO/IEC 12207. 4 Terms and definitions For the purposes of this document, th
40、e terms and definitions given in ISO/IEC TR 15026-1, ISO/IEC 15288:2008, and ISO/IEC 12207:2008 apply. 5 Key concepts for and use of this part of ISO/IEC 15026 5.1 Life cycle approach It is presumed that the user of this International Standard is using a defined life cycle model and set of life cycl
41、e processes for system and/or software life cycle management. Across the life cycle, the systems and software process views in Clause 6 use the guidance and recommendations in Clause 7 for the performance of specific processes, activities, and tasks in order to achieve and show the achievement of as
42、surance claims. Since all processes of ISO/IEC 15288 and ISO/IEC 12207 are applied iteratively and recursively in the life cycle, the guidance and recommendations for assurance are also applied iteratively and recursively. In that way, the achievement of assurance can be checked during each iteratio
43、n or recursion. NOTE See ISO/IEC TR 24748-1 for more information about life cycle models and the iteration and recursion of processes. 5.2 Assurance claims When system or software product requirements call for assurance of one or more critical properties of the system or software product, the overal
44、l claims for assurance regarding these properties values are referred to in ISO/IEC 15026 as assurance claims. Commonly, such critical properties are in areas where substantial risk or consequences are involved such as reliability and maintainability, safety, security, or human factors. NOTE The mat
45、erial in this clause is adopted from ISO/IEC 15026-2. Achieving assurance claims normally includes all the considerations involved in achieving stringent requirements. A requirement is defined in ISO/IEC 29148 as “statement which translates or expresses a need and its associated constraints and cond
46、itions” and a claim is defined in ISO/IEC TR 15026-1 as “statement of something to be true including associated conditions and limitations.” This part of ISO/IEC 15026 considers requirements to be statements of values for variables and claims to be statements of requirements to be true. While assura
47、nce claims can be derived from a number of sources, they are normally motivated by potential real-world adverse consequences related to the intended uses of the system and justified as deriving from system or software requirements. Each assurance claim is fully and unambiguously specified including:
48、 a) “Assurance claims” that is, the top-level claims, including 1) Values for the variables of the critical property required for its achievement. 2) Limitations on allowable uncertainties regarding this achievement. 3) Conditions and/or durations of applicability under which it applies. BS ISO/IEC
49、15026-4:2012 ISO/IEC 15026-4:2012(E) ISO/IEC 2012 All rights reserved 34) The set of versions or instances of the system or software product covered by the claims. c) “Justification for assurance claims” that is, the justification for selecting and specifying these particular assurance claims. d) “Body of information showing achievement of assurance claims” or more succinctly as the “information showing or assuring the achievement of assurance claims”. This last item includes the evidence, the
