Software Process Improvement Laboratory

ISO/IEC 20000-2 provides guidance on the application of service management systems (SMS) based on ISO/IEC 20000-1. This standard does not add any requirements to those stated in ISO/IEC 20000-1 and does not state explicitly how evidence can be provided to an assessor or auditor. The intent of this document is to enable organizations and individuals to interpret ISO/IEC 20000-1 more accurately, and therefore use it more effectively.ISO/IEC 20000-2 provides examples and suggestions to enable organizations to interpret and apply ISO/IEC 20000-1, including references to other parts of ISO/IEC 20000 and other relevant standards. ISO/IEC 20000-2 excludes the specification of, or specific...

ISO/IEC 25041 provides requirements, recommendations and guidelines for system and software product quality evaluation, for the application of ISO/IEC 25040 SQuaRE - Evaluation process. Intended audiences of this international standard include developers, acquirers and independent evaluators of the system and software product. This International Standard was developed as a part of ISO/IEC 250nn SQuaRE series of standards. It is a short version of ISO/IEC 14598-3, -4, and -5 and replaces them. This proposed standard is not limited to any specific application area, and can be used for quality evaluation of any type of system and software product.

ISO/IEC 90006 provides guidelines for the application of ISO 9001 to service management. Additionally, it provides guidelines for the alignment and integration of the two management systems in organizations where IT services are being delivered to internal or external customers.It maps the relationship between ISO 9001 and ISO/IEC 20000-1. It highlights those areas where there is the greatest link between the two management systems, and where there are differences or gaps between the two.ISO/IEC 90006 does not add to or otherwise change the requirements of ISO 9001 or ISO/IEC 20000-1.

The objective of ISO/IEC 30120 is to provide guidance on IT Audit which assures efficient, effective and acceptable use of IT based on the requirements as specified in ISO/IEC 38500. Specific guidance includes management of audit programmes, conduct of audit, as well as the competence and evaluation of auditors.This guideline should be used in conjunction with the guidance contained in ISO 19011 (Guidelines for auditing management systems). Text in this guideline follow the structure of ISO 19011. Within the structure, new guidance items are added and original items are modified in order to reflect the specific conditions applicable to IT...

The measure of success for any investment in the use of information technology (IT), whether for new initiatives or on-going operations, is the benefit that it brings to the organization making the investment. Benefits from investment in IT are typically not derived directly from the actual IT acquired or supported. Rather, realised benefits are a result of changes in business activities enabled by the use of the technology to meet a specific organizational need or requirement. This requires that the organization has strategies and support arrangements for IT which maximize the value from such investments while managing the risks associated...

The purpose of ISO/IEC 29119-4 is to define software testing techniques that can be used by any organization when performing any form of software testing. This standard describes the most common test techniques (also known as test case design techniques, or test methods).

ISO/IEC 29119-1 facilitates the use of the other parts of the ISO/IEC 29119 series by introducing the vocabulary on which the standard is built and providing examples of its application in software testing practice. Part 1 is informative providing definitions, context and guidance for the other parts.

ISO/IEC 33020 describes the measurement frameworks that may be used in the assessment of process capability and organizational maturity. The capability to perform a process to a specific level of performance depends on well established principles.

ISO/IEC 33004 defines the requirements for process models. The requirements defined ISO/IEC 33004 establish a structure which:a) specifies the relationship between Process Reference Models (PRM) and other process models.b) specifies the relationship between Process Reference Models (PRM) and prescriptive models of process performance, as constituted by (for example) the activities and tasks defined in ISO/IEC 12207 and ISO/IEC 15288.

Measurement is defined as “the process of linking abstract concepts (constructs) to empirical measures”. Most constructs in process are neither directly measurable nor observable, but can be estimated only by using empirical measures. Measurement frameworks provide scales for evaluating specified characteristics (attributes) (for example, capability) of the entities (processes).

ISO/IEC 33002 defines the minimum set of requirements for performing an assessment that will ensure assessment results are objective, impartial, consistent, repeatable and representative of the assessed processes. Results of conformant process assessments may be compared when the scope of the assessments are considered to be similar. Guidance on this matter is going to be provided in future in ISO/IEC 33010.

ISO/IEC 33001 provides a general introduction to the concepts of process assessment and a glossary for assessment related terms.It describes how the parts of the suite fit together, and provides guidance for their selection and use. It explains the requirements contained within the suite of standards for Process Assessment, and their applicability to performing assessments.

ISO/IEC 15504-8 provides an example of an IT Service Management Process Assessment Model (PAM) for use in performing a conformant assessment in accordance with the requirements of ISO/IEC 15504-2. It enables implemented processes of ISO/IEC 20000-1 to be assessed according to the requirements of ISO/IEC 15504-2.

ISO/IEC 15289 specifies the purpose and content of all identified systems and software life cycle and service management information items. The information item contents are defined according to generic document types, as presented in Clause 7, and the specific purpose of the document (Clause 10).

ISO/IEC 15288 establishes a common framework for describing the life cycle of systems created by humans. It defines a set of processes and associated terminology. These processes can be applied at any level in the hierarchy of a system’s structure. Selected sets of these processes can be applied throughout the life cycle for managing and performing the stages of a system's life cycle. This is accomplished through the involvement of all interested parties, with the ultimate goal of achieving customer satisfaction.

ISO/IEC 12207 was first published on 1 August 1995 and was the first International Standard to provide a comprehensive set of life cycle processes, activities and tasks for software that is part of a larger system, and for stand alone software products and services. That International Standard was followed in November 2002 by ISO/IEC 15288 which addressed system life cycle processes. The ubiquity of the software meant that the software and its design processes should not be considered separately from those systems, but be considered as an integral part of the system and system design processes.

ISO/IEC 19770-1 is for organizations that want to implement recognised good practices associated with Software Asset Management (SAM). The standard evolved from ISO/IEC 19770-1:2006 Software asset management processes which was a comprehensive standard designed to align to all of service management as specified in ISO/IEC 20000. However, market feedback was that organizations wanted something which could be accomplished in multiple increments and to that increment most suited to the needs of the organization.

ISO/IEC 15026 Part 4 gives guidance and recommendations for conducting selected processes, activities and tasks for systems and software products requiring assurance claims for properties selected for special attention, called critical properties. The standard specifies a property-independent list of processes, activities and tasks to achieve the claim and show the achievement of the claim. The standard establishes the processes, activities, tasks, guidance and recommendations in the context of a defined life cycle model and set of life cycle processes for system and/or software life cycle management.

This South African publication of the second edition of ISO/IEC 20000-1 (SANS 20000-1:2011) standard was approved by National Committee SABS SC 71C, Information technology - Systems and software engineering, in accordance with procedures of the SABS Standards Division, in compliance with annex 3 of the WTO/TBT agreement. The document was officially approved and published on 15 December 2011. This document enhances the ISO edition of the International Standard by adding informative annexes A, B and C.

ISO/IEC 20000-1 specifies requirements for a service management system (SMS). There are no requirements in ISO/IEC 20000-1 that relate to organizational structure, size and type of organization. Operating the processes in a particular system or service environment will result in unique skill, tool and information requirements, even though the process attributes are unchanged.

ISO/IEC 29119-3 specifies software test documentation templates and content that can be used by any organization, project or smaller testing activity. The test documentation in this International Standard describes the output of the processes specified in ISO/IEC 29119-2. ISO/IEC 29119-3 is applicable to the testing in all software development lifecycle models. This document is intended for, but not limited to, testers, test managers, developers, project managers, particularly those responsible for governing, managing and implementing software testing.

The purpose of ISO/IEC 29119-2 is to define a generic process model for software testing that can be used by any organization when performing any form of software testing. It comprises test process descriptions that define the software testing processes at the organizational level, test management level and dynamic test levels. Supporting informative diagrams describing the processes are also provided. It supports dynamic testing, functional and non-functional testing, manual and automated testing, and scripted and unscripted testing. The processes defined in this standard can be used in conjunction with any software development lifecycle model. Each process is defined using the...

ISO/IEC 15026-3 specifies the concept of integrity levels with corresponding integrity level requirements that are required to be met in order to show the achievement of the integrity level. It places requirements on and recommends methods for defining and using integrity levels and their integrity level requirements. It covers systems, software products, and their elements as well as relevant external dependences. This part of ISO/IEC 15026 is applicable to systems and software and is intended for use by: a) Definers of integrity levels such as industry and professional organizations, standards organizations, and government agencies. b) Users of integrity levels such...

The purpose of ISO/IEC 15026-2 is to ensure the existence of types of assurance case content and restrictions on assurance case structure thereby improving consistency and comparability among instances of assurance cases and facilitating stakeholder communications, engineering decisions, and other uses of assurance cases. Existing standards addressing different application areas and topics related to assurance cases might use differing terminology and concepts when addressing common themes. This International Standard is based on experience drawn from these many specialized standards and guidelines. It is applicable to any property of a system or product.

Within software and systems assurance and closely related areas, many specialties and subspecialties share concepts but have differing vocabularies and perspectives. ISO/IEC 15026 Part 1 provides a unifying set of underlying concepts allowing the creation of understandable perspectives and unambiguous usage of terminology across these varying fields. Thus, it provides a basis for elaboration, discussion, and recording agreement and rationale regarding concepts and the vocabulary used uniformly across all parts of ISO/IEC 15026 as well as providing background information and discussion of rationales and issues.