1、BSI Standards Publication Systems and software engineering Lifecycle profiles for Very Small Entities (VSEs) Part 3-1: Assessment guide PD ISO/IEC TR 29110-3-1:2015National foreword This Published Document is the UK implementation of ISO/IEC TR 29110-3- 1:2015. The UK participation in its preparatio
2、n was entrusted to Technical Committee IST/15, Software and systems engineering. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its c
3、orrect application. The British Standards Institution 2015. Published by BSI Standards Limited 2015 ISBN 978 0 580 84340 2 ICS 35.080 Compliance with a British Standard cannot confer immunity from legal obligations. This Published Document was published under the authority of the Standards Policy an
4、d Strategy Committee on 31 October 2015. Amendments/corrigenda issued since publication Date Text affected PUBLISHED DOCUMENT PD ISO/IEC TR 29110-3-1:2015Systems and software engineering Lifecycle profiles for Very Small Entities (VSEs) Part 3-1: Assessment guide Ingnierie des systmes et du logiciel
5、 Profils de cycle de vie pour trs petits organismes (TPO) Partie 3-1: Guide dvaluation TECHNICAL REPORT ISO/IEC TR 29110-3-1 First edition 2015-10-15 Reference number ISO/IEC TR 29110-3-1:2015(E) ISO/IEC 2015 PD ISO/IEC TR 29110-3-1:2015 ii ISO/IEC 2015 All rights reserved COPYRIGHT PROTECTED DOCUME
6、NT ISO/IEC 2015, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior writt
7、en permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC TR
8、 29110-3-1:2015(E) PD ISO/IEC TR 29110-3-1:2015 ISO/IEC TR 29110-3-1:2015(E)Foreword iv Introduction v 1 Scope . 1 1.1 Fields of application . 1 1.2 Target audience 1 2 Normative references 1 3 Terms and definitions . 1 4 Conventions and abbreviated terms 2 4.1 Naming, diagramming, and definition co
9、nventions 2 4.2 Abbreviated terms . 2 5 Process assessment framework . 2 6 VSE process assessment 3 6.1 Performing an assessment 3 6.1.1 Introduction . 3 6.1.2 Assessment inputs 4 6.1.3 Roles and responsibilities 4 6.1.4 The assessment process 4 6.2 Use of the assessment results 6 6.3 Achievement of
10、 a VSE Profile 6 6.4 Application of Process Assessment Models . 7 Annex A (informative) Measurement framework and Process Assessment Model 8 Bibliography .43 ISO/IEC 2015 All rights reserved iii Contents Page PD ISO/IEC TR 29110-3-1:2015 ISO/IEC TR 29110-3-1:2015(E) Foreword ISO (the International O
11、rganization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the
12、 respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of inf
13、ormation technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the diff
14、erent types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC
15、shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this docume
16、nt is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade
17、(TBT) see the following URL: Foreword - Supplementary information The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee SC 7, Software and systems engineering. This first edition of ISO/IEC TR 29110-3-1 cancels and replaces ISO/IEC TR 29110-3:2011, which
18、has been technically revised. The full list of parts of ISO/IEC 29110 is available here.iv ISO/IEC 2015 All rights reserved PD ISO/IEC TR 29110-3-1:2015 ISO/IEC TR 29110-3-1:2015(E) Introduction Very Small Entities (VSEs) around the world are creating valuable products and services. For the purpose
19、of this International Standard, a Very Small Entity (VSE) is an enterprise, an organization, a department, or a project having up to 25 people. Since many VSEs develop and/or maintain system and software components used in systems, either as independent products or incorporated in larger systems, a
20、recognition of VSEs as suppliers of high quality products is required. According to the Organization for Economic Co-operation and Development (OECD) SME and Entrepreneurship Outlook report (2005), “Small and Medium Enterprises (SMEs) constitute the dominant form of business organization in all coun
21、tries world-wide, accounting for over 95 % and up to 99 % of the business population depending on country”. The challenge facing governments and economies is to provide a business environment that supports the competitiveness of this large heterogeneous business population and that promotes a vibran
22、t entrepreneurial culture. From studies and surveys conducted, it is clear that the majority of International Standards do not address the needs of VSEs. Implementation of and conformance with these standards is difficult, if not impossible. Consequently, VSEs have no, or very limited, ways to be re
23、cognized as entities that produce quality systems/system elements including software in their domain. Therefore, VSEs are excluded from some economic activities. It has been found that VSEs find it difficult to relate International Standards to their business needs and to justify the effort required
24、 to apply standards to their business practices. Most VSEs can neither afford the resources, in terms of number of employees, expertise, budget, and time, nor do they see a net benefit in establishing over-complex systems or software lifecycle processes. To address some of these difficulties, a set
25、of guides has been developed based on a set of VSE characteristics. The guides are based on subsets of appropriate standards processes, activities, tasks, and outcomes, referred to as profiles. The purpose of a profile is to define a subset of International Standards relevant to the VSEs context; fo
26、r example, processes, activities, tasks, and outcomes of ISO/IEC/IEEE 12207 for software; and processes, activities, tasks, and outcomes of ISO/IEC/IEEE 15288 for systems; and information products (documentation) of ISO/IEC/IEEE 15289 for software and systems. VSEs can achieve recognition through im
27、plementing a profile and by being audited against ISO/IEC 29110 specifications. The ISO/IEC 29110 series of standards and technical reports can be applied at any phase of system or software development within a lifecycle. This series of standards and technical reports is intended to be used by VSEs
28、that do not have experience or expertise in adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 standards to the needs of a specific project. VSEs that have expertise in adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 are encouraged to use those standards instead of ISO/IEC 29110
29、. ISO/IEC 29110 is intended to be used with any lifecycle such as: waterfall, iterative, incremental, evolutionary, or agile. The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software and/or service quality, and process performance. See Table 1. ISO/IEC 2015 Al
30、l rights reserved v PD ISO/IEC TR 29110-3-1:2015 ISO/IEC TR 29110-3-1:2015(E) Table 1 ISO/IEC 29110 target audience ISO/IEC 29110 Title Target audience Part 1 Overview VSEs and their customers, assessors, standards producers, tool vendors, and methodology vendors Part 2 Framework Profile producers,
31、tool vendors, and methodology vendors Not intended for VSEs Part 3 Assessment guide VSEs and their customers, assessors, accreditation bodies Part 4 Profile specifications VSEs, customers, standards produc- ers, tool vendors, and methodology vendors Part 5 Management and engi- neering guide VSEs and
32、 their customers If a new profile is needed, ISO/IEC 29110-4 and ISO/IEC TR 29110-5 can be developed with minimal impact to existing documents. ISO/IEC TR 29110-1 defines the terms common to the ISO/IEC 29110 series. It introduces processes, lifecycle and standardization concepts, the taxonomy (cata
33、logue) of ISO/IEC 29110 profiles, and the ISO/IEC 29110 series. It also introduces the characteristics and needs of a VSE, and clarifies the rationale for specific profiles, documents, standards, and guides. ISO/IEC 29110-2 introduces the concepts for systems and software engineering profiles for VS
34、Es. It establishes the logic behind the definition and application of profiles. For standardized profiles, it specifies the elements common to all profiles (structure, requirements, conformance, assessment). For domain-specific profiles (profiles that are not standardized and developed outside of th
35、e ISO process), it provides general guidance adapted from the definition of standardized profiles. ISO/IEC TR 29110-3 defines certification schemes, assessment guidelines, and compliance requirements for process capability assessment (ISO/IEC 33xxx), conformity assessments (ISO/IEC 17xxx), and self-
36、assessments for process improvements. ISO/IEC TR 29110-3 also contains information that can be useful to developers of certification and assessment methods and developers of certification and assessment tools. ISO/IEC TR 29110-3 is addressed to people who have direct involvement with the assessment
37、process, e.g. the auditor, certification, and accreditation bodies, and the sponsor of the audit, who need guidance on ensuring that the requirements for performing an audit have been met. ISO/IEC 29110-4-m provides the specification for all profiles in one profile group that are based on subsets of
38、 appropriate standards elements. ISO/IEC TR 29110-5-m-n provides a management and engineering guide for each profile in one profile group. The future ISO/IEC TR 29110-6-x provides management and engineering guides not tied to a specific profile. Figure 1 describes the International Standards (IS) an
39、d Technical Reports (TR) of ISO/IEC 29110 and positions the parts within the framework of reference. Overview, assessment guide, management, and engineering guide are available from ISO as freely available Technical Reports (TR). The Framework document, profile specifications, and certification sche
40、mes are published as International Standards (IS).vi ISO/IEC 2015 All rights reserved PD ISO/IEC TR 29110-3-1:2015 ISO/IEC TR 29110-3-1:2015(E) Figure 1 ISO/IEC 29110 Series ISO/IEC 2015 All rights reserved vii PD ISO/IEC TR 29110-3-1:2015 Systems and software engineering Lifecycle profiles for Very
41、 Small Entities (VSEs) Part 3-1: Assessment guide 1 Scope 1.1 Fields of application This part of ISO/IEC 29110 defines the process assessment guidelines needed to meet the purpose of defined Very Small Entity (VSE) profiles. It is applicable to all VSE profiles and is compatible with ISO/IEC 33002.
42、The possible uses of this part of ISO/IEC 29110 are as follows. a) Assessment to evaluate the process capabilities. This is when an organization wants an assessment execution in order to obtain a process profile of the implemented processes. b) Suppliers capability assessment. This is when a custome
43、r asks for a third party to conduct an assessment in order to obtain a process profile of the implemented process by the system or software development and maintenance supplier. The customer chooses the processes to be assessed depending on the services to be contracted. 1.2 Target audience The targ
44、et audience of this part of ISO/IEC 29110 is primarily those who perform process assessments of VSEs. This part of ISO/IEC 29110 also contains information that can be useful to developers of assessment methods and assessment tools. This part of ISO/IEC 29110 is addressed to people who have a direct
45、relation with the assessment process based on the VSE profiles, e.g. the assessors and the sponsor of the assessment, who need guidance on ensuring that the requirements for performing an assessment have been met. It is intended that ISO/IEC TR 29110-1 and ISO/IEC 29110-2 be read first when initiall
46、y exploring VSE profile documents. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the refer
47、enced document (including any amendments) applies. ISO/IEC TR 29110-1, Software engineering Lifecycle profiles for Very Small Entities (VSEs) Part 1: Overview ISO/IEC 33001:2015, Information technology Process assessment Concepts and terminology 3 Terms and definitions For the purposes of this docum
48、ent, the terms and definitions given in ISO/IEC TR 29110-1, ISO/IEC 33001 and the following apply. TECHNICAL REPORT ISO/IEC TR 29110-3-1:2015(E) ISO/IEC 2015 All rights reserved 1 PD ISO/IEC TR 29110-3-1:2015 ISO/IEC TR 29110-3-1:2015(E) 3.1 process quality ability of a process to satisfy stated and
49、 implied stakeholder needs when used in a specified context SOURCE: ISO/IEC 33001:2015, 3.4.8 3.2 process quality level representation of the achieved level of a process quality characteristic derived from the process attribute ratings for an assessed process SOURCE: ISO/IEC 33001:2015, 3.4.9, modified 3.3 organizational profile set of process profiles defined in the ISO/IEC 29110- series Note 1 to entry: The profiles will conform to the organizational maturity levels that will correspond to the basic, intermediate,
