1、 National Standard of CanadaCAN/CSA-ISO/IEC 14598-4:02(ISO/IEC 14598-4:1999)International Standard ISO/IEC 14598-4:1999 (first edition, 1999-10-01), has been adopted withoutmodification (IDT) as CSA Standard CAN/CSA-ISO/IEC 14598-4:02, which has been approved as a NationalStandard of Canada by the S
2、tandards Council of Canada.ISBN 1-55324-679-9 March 2002Software engineering Productevaluation Part 4:Process for acquirersIngnirie du logiciel valuation du produit Partie 4: Procd pour les acqureursReference numberISO/IEC 14598-4:1999(E) ISO/EIC 1999The Canadian Standards Association (CSA), The Sta
3、ndards Council of Canada is theunder whose auspices this National Standard has been coordinating body of the National Standards system, produced, was chartered in 1919 and accredited by a federation of independent, autonomousthe Standards Council of Canada to the National organizations working towar
4、ds the furtherStandards system in 1973. It is a not-for-profit, development and improvement of voluntarynonstatutory, voluntary membership association standardization in the national interest.engaged in standards development and certification The principal objects of the Council are to foster activi
5、ties. and promote voluntary standardization as a means CSA standards reflect a national consensus of of advancing the national economy, benefiting theproducers and users including manufacturers, health, safety, and welfare of the public, assisting consumers, retailers, unions and professional and pr
6、otecting the consumer, facilitating domestic organizations, and governmental agencies. The and international trade, and furthering internationalstandards are used widely by industry and commerce cooperation in the field of standards.and often adopted by municipal, provincial, and A National Standard
7、 of Canada is a standard whichfederal governments in their regulations, particularly in has been approved by the Standards Council ofthe fields of health, safety, building and construction, Canada and one which reflects a reasonableand the environment. agreement among the views of a number of capabl
8、eIndividuals, companies, and associations across individuals whose collective interests provide to theCanada indicate their support for CSAs standards greatest practicable extent a balance ofdevelopment by volunteering their time and skills to representation of producers, users, consumers, andCSA Co
9、mmittee work and supporting the Associations others with relevant interests, as may be appropriateobjectives through sustaining memberships. The more to the subject in hand. It normally is a standardthan 7000 committee volunteers and the 2000 which is capable of making a significant and timelysustai
10、ning memberships together form CSAs total contribution to the national interest.membership from which its Directors are chosen. Approval of a standard as a National Standard ofSustaining memberships represent a major source of Canada indicates that a standard conforms to theincome for CSAs standards
11、 development activities. criteria and procedures established by the StandardsThe Association offers certification and testing Council of Canada. Approval does not refer to theservices in support of and as an extension to its technical content of the standard; this remains thestandards development ac
12、tivities. To ensure the continuing responsibility of the accreditedintegrity of its certification process, the Association standards-development organization.regularly and continually audits and inspects products Those who have a need to apply standards arethat bear the CSA Mark. encouraged to use N
13、ational Standards of CanadaIn addition to its head office and laboratory complex whenever practicable. These standards are subject in Toronto, CSA has regional branch offices in major to periodic review; therefore, users are cautioned centres across Canada and inspection and testing to obtain the la
14、test edition from the organizationagencies in eight countries. Since 1919, the preparing the standard.Association has developed the necessary expertise to The responsibility for approving National Standards meet its corporate mission: CSA is an independent of Canada rests with theservice organizatio
15、n whose mission is to provide an Standards Council of Canadaopen and effective forum for activities facilitating the 270 Albert Street, Suite 200exchange of goods and services through the use of Ottawa, Ontario, K1P 6N7standards, certification and related services to meet Canadanational and internat
16、ional needs.For further information on CSA services, write toCanadian Standards Association178 Rexdale BoulevardToronto, Ontario, M9W 1R3CanadaAlthough the intended primary application of this Standard is stated in its Scope, it is importantto note that it remains the responsibility of the users to
17、judge its suitability for their particular purpose.Registered trade-mark of Canadian Standards AssociationCAN/CSA-ISO/IEC 14598-4:02 Part 4: Process for acquirersSoftware engineering Product evaluation March 2002 Canadian Standards Association CSA/1CAN/CSA-ISO/IEC 14598-4:02Software engineering Prod
18、uctevaluation Part 4: Process foracquirersCSA PrefaceStandards development within the Information Technology sector is harmonized with internationalstandards development. Through the CSA Technical Committee on Information Technology (TCIT),Canadians serve as the Canadian Advisory Committee (CAC) on
19、ISO/IEC Joint Technical Committee 1 onInformation Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO memberbody for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of theInternational Telecommunication Union (ITU), Canada participates in
20、the International Telegraph andTelephone Consultative Committee (ITU-T).This International Standard was reviewed by the CSA TCIT under the jurisdiction of the StrategicSteering Committee on Information Technology and deemed acceptable for use in Canada. (Acommittee membership list is available on re
21、quest from the CSA Project Manager.) From time to time,ISO/IEC may publish addenda, corrigenda, etc. The CSA TCIT will review these documents for approvaland publication. For a listing, refer to the CSA Information Products catalogue or CSA Info Update orcontact a CSA Sales representative. This Stan
22、dard has been formally approved, without modification, bythese Committees and has been approved as a National Standard of Canada by the Standards Council ofCanada.March 2002 Canadian Standards Association 2002All rights reserved. No part of this publication may be reproduced in any form whatsoever w
23、ithout the prior permission ofthe publisher. ISO/IEC material is reprinted with permission. Where the words “this International Standard” appear in thetext, they should be interpreted as “this National Standard of Canada”. Inquiries regarding this National Standard of Canada should be addressed to C
24、anadian Standards Association 178 Rexdale Boulevard, Toronto, Ontario, Canada M9W 1R31-800-463-6727 416-747-4044www.csa.caReference numberISO/IEC 14598-4:1999(E)ISO/IEC 1999INTERNATIONALSTANDARDISO/IEC14598-4First edition1999-10-01Software engineering Productevaluation Part 4:Process for acquirersIn
25、gnirie du logiciel valuation du produit Partie 4: Procd pour les acqureursISO/IEC 14598-4:1999(E)PDF disclaimerThis PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall notbe edited unless the typefaces which are embedded a
26、re licensed to and installed on the computer performing the editing. In downloading thisfile, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in thisarea.Adobe is a trademark of Adobe Systems Incorporated.Details o
27、f the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameterswere optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely eventthat a problem relating
28、 to it is found, please inform the Central Secretariat at the address given below. ISO/IEC 1999All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronicor mechanical, including photocopying and microfilm, withou
29、t permission in writing from either ISO at the address below or ISOs member bodyin the country of the requester.ISO copyright officeCase postale 56 Gb7 CH-1211 Geneva 20Tel. + 41 22 749 01 11Fax + 41 22 734 10 79E-mail copyrightiso.chWeb www.iso.chii ISO/IEC 1999 All rights reservedISO/IEC 14598-4:1
30、999(E) ISO/IEC 1999 All rights reserved iiiContents1 Scope12 Conformance13 Normative references24 Terms and definitions .25 Software product evaluation - General considerations.25.1 Correlation between evaluation and acquisition processes.25.2 Inputs to the evaluation process35.2.1 System requiremen
31、ts.35.2.2 Integrity level requirements45.2.3 Software requirements specification.45.2.4 Evaluations performed by others.55.3 Tailoring56 Evaluation during acquisition of “off-the-shelf” software products66.1 Step 1 - Establish evaluation requirements.76.1.1 Establish the purpose and scope of the eva
32、luation.76.1.2 Specify evaluation requirements .86.2 Step 2 - Specify the evaluation96.2.1 Select metrics.96.2.2 Select the evaluation methods.106.2.3 Evaluations performed by others.116.3 Step 3 - Design the evaluation.116.4 Step 4 - Execute the evaluation136.4.1 Execute the evaluation methods136.4
33、.2 Analyze the evaluation results.136.4.3 Draw conclusions147 Evaluation during acquisition of custom software and modifications to existing software.147.1 Step 1 - Establish evaluation requirements.15ISO/IEC 14598-4:1999(E)iv ISO/IEC 1999 All rights reserved7.2 Step 2 - Specify the evaluation157.3
34、Step 3 - Design the evaluation.157.4 Step 4 - Execute the evaluation.15Annex A (informative) Definitions from other standards16Annex B (informative) Tables.21Annex C (informative) Figures .25Annex D (informative) Evaluation methods27Annex E (informative) Example of staged evaluation process.32Biblio
35、graphy34ISO/IEC 14598-4:1999(E) ISO/IEC 1999 All rights reserved vForewordISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)form the specialized system for worldwide standardization. National bodies that are members of ISO or IECparticipa
36、te in the development of International Standards through technical committees established by therespective organization to deal with particular fields of technical activity. ISO and IEC technical committeescollaborate in fields of mutual interest. Other international organizations, governmental and
37、non-governmental, inliaison with ISO and IEC, also take part in the work.International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3.In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.Draft Inte
38、rnational Standards adopted by the joint technical committee are circulated to national bodies for voting.Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote.Attention is drawn to the possibility that some of the elements of this part of
39、ISO/IEC 14598 may be the subject ofpatent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.International Standard ISO/IEC 14598-4 was prepared by Joint Technical Committee ISO/IEC JTC 1, Informationtechnology, Subcommittee SC 7, Software engineering.ISO
40、/IEC 14598 consists of the following parts under the general title Software engineering Product evaluation:Gbe Part 1: General overviewGbe Part 2: Planning and managementGbe Part 3: Process for developersGbe Part 4: Process for acquirersGbe Part 5: Process for evaluatorsGbe Part 6: Documentation of
41、evaluation modulesAnnexes A to E of this part of ISO/IEC 14598 are for information only.ISO/IEC 14598-4:1999(E)vi ISO/IEC 1999 All rights reservedIntroductionSoftware has become increasingly pervasive. The demand for added software functionality and faultless softwareproducts has grown as more proce
42、sses are automated to take advantage of the power of the computer. Todaysmodern systems are so complex, that they are unable to perform their functions without software. The use ofcommercially available “off-the-shelf” software products is accelerating as the variety of available products growsand t
43、he rapid evolution of software engineering technology reduces reliance on custom-coded software. Theobject-oriented development approach, which is based on the development of an application system through theextension of existing libraries of self-contained units, has also reduced requirements for c
44、ustom-coded software.This has led to intense focus on concomitant software product quality or self-contained software unit quality.Development of custom software is prone to rework as a result of failure to meet user requirements. The use ofcustom software may also require a larger than anticipated
45、effort with respect to deployment, implementation,training, and maintenance support activities. Acquisition of commercial “off-the-shelf” software products, or, reuseof in-house existing software products, is also not without risk. Problems can be encountered because the “off-the-shelf” software pro
46、ducts may require customizing; testing and analysis requirements may be large; productmaintenance and support is doubtful when the product becomes obsolete or revised; it may be difficult to integratesoftware products into larger systems; and the quality of the product may not be consistent with the
47、 required qualityof the target system.Commercial “off-the-shelf” software products are extremely varied. They can be:Gbe a) used as stand-alone products (i.e., payroll, accounting software, consumer software or shrink-wrappedsoftware i.e., word-processing software, spreadsheets);Gbe b) integrated as
48、 components into a larger system which consists of other software and hardwarecomponents (i.e., operating system, relational data base management system, graphical users interfaceGUI);Gbe c) embedded in hardware (i.e., communication data link, programmable array logic PAL);Gbe d) embedded as part of
49、 a configurable software/hardware system that can be used for the development of aspecific application (i.e., distributed control system);Gbe e) CASE tools used to support the software development and maintenance process (i.e., compilers,configuration management tools).Errors in stand-alone software products can impact productivity, cause financial loss, or cause unnecessary rework.Software components can be difficult to integrate, affect the reliability of the overall system, or be incompatible withsystem obje
