iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC TS 33072:2016

(Main)

Information technology — Process assessment — Process capability assessment model for information security management

Information technology — Process assessment — Process capability assessment model for information security management

ISO/IEC TS 33072:2016: - defines a process assessment model (PAM) that meets the requirements of ISO/IEC 33004 and that supports the performance of an assessment of process capability by providing indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC TS 33052 and the process attributes as defined in ISO/IEC 33020; - provides guidance, by example, on the definition, selection and use of assessment indicators.

Technologies de l'information — Évaluation des procédés — Modèle d'évaluation de la capacité des procédés pour le management de la sécurité de l'information

General Information

Status
Published
Publication Date
06-Jul-2016
ICS
35.080 - Software
Technical Committee
ISO/IEC JTC 1/SC 7 - Software and systems engineering
Drafting Committee
ISO/IEC JTC 1/SC 7/WG 10 - Process assessment
Current Stage
9093 - International Standard confirmed
Start Date
10-May-2024
Completion Date
19-Apr-2025
Ref Project
ISO/IEC TS 33072:2016 - Information technology -- Process assessment -- Process capability assessment model for information security managementISO/IEC TS 33072:2016 - Information technology -- Process assessment -- Process capability assessment model for information security management
PreviousNext
Technical specification
ISO/IEC TS 33072:2016 - Information technology -- Process assessment -- Process capability assessment model for information security management
English language
183 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC TS 33072:2016 - Information technology — Process assessment — Process capability assessment model for information security management Released:9/6/2016ISO/IEC TS 33072:2016 - Information technology — Process assessment — Process capability assessment model for information security management Released:9/6/2016
PreviousNext
Technical specification
ISO/IEC TS 33072:2016 - Information technology — Process assessment — Process capability assessment model for information security management Released:9/6/2016
English language
187 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC TS 33072:2016 - Information technology -- Process assessment -- Process capability assessment model for information security managementISO/IEC TS 33072:2016 - Information technology -- Process assessment -- Process capability assessment model for information security management
PreviousNext
Technical specification
ISO/IEC TS 33072:2016 - Information technology -- Process assessment -- Process capability assessment model for information security management
English language
183 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


TECHNICAL ISO/IEC TS
SPECIFICATION 33072
First edition
2016-06-01
Information technology — Process
assessment — Process capability
assessment model for information
security management
Technologies de l’information — Évaluation des procédés — Modèle
d’évaluation de la capacité des procédés pour le management de la
sécurité de l’information
PROOF/ÉPREUVE
Reference number
©
ISO/IEC 2016
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

Contents Page
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Overview of the Process Assessment Model . 2
4.1 Introduction to Overview . 2
4.2 Structure of the Process Assessment Model . 3
4.2.1 Processes . 3
4.2.2 Process dimension . 4
4.2.3 Capability dimension . 4
4.3 Assessment Indicators . 6
4.3.1 Process Capability Indicators . 7
4.3.2 Process Performance Indicators . 8
4.4 Measuring process capability . 9
5 The process dimension and process performance indicators (Level 1) . 10
5.1 General . 10
5.2 ORG.1 Asset management . 11
5.3 TEC.01 Capacity management . 12
5.4 TEC.02 Change management . 13
5.5 COM.01 Communication management . 13
5.6 TEC.03 Configuration management . 14
5.7 COM.02 Documentation management . 15
5.8 ORG.2 Equipment management . 17
5.9 ORG.3 Human resource employment management . 18
5.10 COM.03 Human resource management . 19
5.11 COM.04 Improvement . 20
5.12 TEC.04 Incident management . 21
5.13 ORG.4 Infrastructure and work environment . 21
5.14 COM.05 Internal audit . 22
5.15 TOP.1 Leadership . 23
5.16 COM.06 Management review . 24
5.17 COM.07 Non-conformity management . 25
5.18 COM.09 Operational implementation and control . 26
5.19 COM.08 Operational planning . 27
5.20 COM.10 Performance evaluation . 29
5.21 TEC.05 Product/service release . 30
5.22 TEC.08 Product/Service/System requirements . 31
5.23 COM.11 Risk and opportunity management . 32
5.24 TEC.06 Service availability management . 33
5.25 TEC.07 Service continuity management . 34
5.26 ORG.5 Supplier management . 34
5.27 TEC.09 Technical data preservation and recovery . 35
6 Process capability indicators . 36
6.1 Introduction . 36
6.2 Process capability levels and process attributes . 36
6.2.1 Process capability Level 0: Incomplete process . 36
6.2.2 Process capability Level 1: Performed process . 36
6.2.3 Process capability Level 2: Managed process . 37
© ISO/IEC 2016 — All rights reserved iii

6.2.4 Process capability Level 3: Established process .42
6.2.5 Process capability Level 4: Predictable process .46
6.2.6 Process capability Level 5: Innovating process .51
6.3 Related processes for process attributes .55
Annex A (informative) Conformity of the process assessment model .57
A.1 Introduction .57
A.2 Requirements for process assessment models .57
A.2.1 Introduction .57
A.2.2 Process assessment model scope .57
A.2.3 Requirements for process assessment models .58
A.2.4 Assessment indicators .58
A.2.5 Mapping process assessment models to process reference models .59
A.2.6 Expression of assessment results .61
Annex B (informative) Input and output characteristics .62
B.1 General .62
B.2 Generic input and outputs .63
B.3 Specific inputs and outputs .67
Annex C (informative) Association between base practices and ISO/IEC 27001 requirements . 100
C.1 Associations of base practices with requirements . 101
C.2 Associations of requirements with base practices . 139
C.3 Base practices that have no associated requirements . 183
Bibliography . 187

iv © ISO/IEC 2016 — All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of
document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on the ISO
list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 7, Software and
systems engineering.
© ISO/IEC 2016 — All rights reserved v

Introduction
This Technical Specification provides an Information Security Management Process Assessment Model
(PAM) for use in performing a conformant assessment of process capability in accordance with the
requirements of ISO/IEC 33002. It is structured in accordance with the requirements of ISO/IEC 33004 to
reflect processes that enable implementation of ISO/IEC 27001. The scale for assessing the extent of
achievement of process capability is based on ISO/IEC 33020.
An integral part of conducting an assessment is to use a PAM that is constructed for that purpose. A PAM is
related to a Process Reference Model (PRM) and is conformant with ISO/IEC 33004. ISO/IEC 33002 identifies
the minimum requirements for performing an assessment in order to ensure consistency and repeatability of
the ratings. ISO/IEC 33002 addresses the assessment of process and the application of process assessment
for improvement and capability determination. Results of conformant process assessments can be compared
when the scopes of the assessments are considered to be similar. The requirements for process assessment
defined in ISO/IEC 33002 form a structur
...


TECHNICAL ISO/IEC TS
SPECIFICATION 33072
First edition
2016-07-15
Corrected version
2016-09-01
Information technology — Process
assessment — Process capability
assessment model for information
security management
Technologies de l’information — Évaluation des procédés — Modèle
d’évaluation de la capacité des procédés pour le management de la
sécurité de l’information
Reference number
©
ISO/IEC 2016
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

Contents Page
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Overview of the Process Assessment Model . 2
4.1 Introduction to Overview . 2
4.2 Structure of the Process Assessment Model . 3
4.2.1 Processes . 3
4.2.2 Process dimension . 4
4.2.3 Capability dimension . 4
4.3 Assessment Indicators . 6
4.3.1 Process Capability Indicators . 7
4.3.2 Process Performance Indicators . 8
4.4 Measuring process capability . 9
5 The process dimension and process performance indicators (Level 1) . 10
5.1 General . 10
5.2 ORG.1 Asset management . 11
5.3 TEC.01 Capacity management . 12
5.4 TEC.02 Change management . 13
5.5 COM.01 Communication management . 13
5.6 TEC.03 Configuration management . 14
5.7 COM.02 Documentation management . 15
5.8 ORG.2 Equipment management . 17
5.9 ORG.3 Human resource employment management . 18
5.10 COM.03 Human resource management . 19
5.11 COM.04 Improvement . 20
5.12 TEC.04 Incident management . 21
5.13 ORG.4 Infrastructure and work environment . 21
5.14 COM.05 Internal audit . 22
5.15 TOP.1 Leadership . 23
5.16 COM.06 Management review . 24
5.17 COM.07 Non-conformity management . 25
5.18 COM.09 Operational implementation and control . 26
5.19 COM.08 Operational planning . 27
5.20 COM.10 Performance evaluation . 29
5.21 TEC.05 Product/service release . 30
5.22 TEC.08 Product/Service/System requirements . 31
5.23 COM.11 Risk and opportunity management . 32
5.24 TEC.06 Service availability management . 33
5.25 TEC.07 Service continuity management . 34
5.26 ORG.5 Supplier management . 34
5.27 TEC.09 Technical data preservation and recovery . 35
6 Process capability indicators . 36
6.1 Introduction . 36
6.2 Process capability levels and process attributes . 36
6.2.1 Process capability Level 0: Incomplete process . 36
6.2.2 Process capability Level 1: Performed process . 36
6.2.3 Process capability Level 2: Managed process . 37
© ISO/IEC 2016 — All rights reserved iii

6.2.4 Process capability Level 3: Established process . 42
6.2.5 Process capability Level 4: Predictable process . 46
6.2.6 Process capability Level 5: Innovating process . 51
6.3 Related processes for process attributes . 55
Annex A (informative) Conformity of the process assessment model . 57
A.1 Introduction . 57
A.2 Requirements for process assessment models . 57
A.2.1 Introduction . 57
A.2.2 Process assessment model scope . 57
A.2.3 Requirements for process assessment models . 58
A.2.4 Assessment indicators . 58
A.2.5 Mapping process assessment models to process reference models. 59
A.2.6 Expression of assessment results. 61
Annex B (informative) Input and output characteristics . 62
B.1 General . 62
B.2 Generic input and outputs . 63
B.3 Specific inputs and outputs . 67
Annex C (informative) Association between base practices and ISO/IEC 27001 requirements . 97
C.1 Associations of base practices with requirements . 98
C.2 Associations of requirements with base practices . 136
C.3 Base practices that have no associated requirements. 180
Bibliography . 183
iv © ISO/IEC 2016 — All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of
document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on the ISO
list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 7, Software and
systems engineering.
This corrected version of ISO/IEC 33072 incorporates the text that was not visible in Annex B, Table B.3,
references 08-39 and 08-40, in the column entitled: "Characteristics".
© ISO/IEC 2016 — All rights reserved v

Introduction
This Technical Specification provides an Information Security Management Process Assessment Model
(PAM) for use in performing a conformant assessment of process capability in accordance with the
requirements of ISO/IEC 33002. It is structured in accordance with the requirements of ISO/IEC 33004 to
reflect processes that enable implementation of ISO/IEC 27001. The scale for assessing the extent of
achievement of process capability is based on ISO/IEC 33020.
An integral part of conducting an assessment is to use a PAM that is constructed for that purpose. A PAM is
related to a Process Reference Model (PRM) and is conformant with ISO/IEC 33004. ISO/IEC 33002 identifies
the minimum requirements for performing an assessment in order to ensure consistency and repeatability of
the ratings. ISO/IEC 33002 addresses the assessment of process and the application of process assessment
for improvement and capability determination. Results of conforma
...


TECHNICAL ISO/IEC TS
SPECIFICATION 33072
First edition
2016-07-15
Corrected version
2016-09-01
Information technology — Process
assessment — Process capability
assessment model for information
security management
Technologies de l’information — Évaluation des procédés — Modèle
d’évaluation de la capacité des procédés pour le management de la
sécurité de l’information
Reference number
©
ISO/IEC 2016
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

Contents Page
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Overview of the Process Assessment Model . 2
4.1 Introduction to Overview . 2
4.2 Structure of the Process Assessment Model . 3
4.2.1 Processes . 3
4.2.2 Process dimension . 4
4.2.3 Capability dimension . 4
4.3 Assessment Indicators . 6
4.3.1 Process Capability Indicators . 7
4.3.2 Process Performance Indicators . 8
4.4 Measuring process capability . 9
5 The process dimension and process performance indicators (Level 1) . 10
5.1 General . 10
5.2 ORG.1 Asset management . 11
5.3 TEC.01 Capacity management . 12
5.4 TEC.02 Change management . 13
5.5 COM.01 Communication management . 13
5.6 TEC.03 Configuration management . 14
5.7 COM.02 Documentation management . 15
5.8 ORG.2 Equipment management . 17
5.9 ORG.3 Human resource employment management . 18
5.10 COM.03 Human resource management . 19
5.11 COM.04 Improvement . 20
5.12 TEC.04 Incident management . 21
5.13 ORG.4 Infrastructure and work environment . 21
5.14 COM.05 Internal audit . 22
5.15 TOP.1 Leadership . 23
5.16 COM.06 Management review . 24
5.17 COM.07 Non-conformity management . 25
5.18 COM.09 Operational implementation and control . 26
5.19 COM.08 Operational planning . 27
5.20 COM.10 Performance evaluation . 29
5.21 TEC.05 Product/service release . 30
5.22 TEC.08 Product/Service/System requirements . 31
5.23 COM.11 Risk and opportunity management . 32
5.24 TEC.06 Service availability management . 33
5.25 TEC.07 Service continuity management . 34
5.26 ORG.5 Supplier management . 34
5.27 TEC.09 Technical data preservation and recovery . 35
6 Process capability indicators . 36
6.1 Introduction . 36
6.2 Process capability levels and process attributes . 36
6.2.1 Process capability Level 0: Incomplete process . 36
6.2.2 Process capability Level 1: Performed process . 36
6.2.3 Process capability Level 2: Managed process . 37
© ISO/IEC 2016 — All rights reserved iii

6.2.4 Process capability Level 3: Established process . 42
6.2.5 Process capability Level 4: Predictable process . 46
6.2.6 Process capability Level 5: Innovating process . 51
6.3 Related processes for process attributes . 55
Annex A (informative) Conformity of the process assessment model . 57
A.1 Introduction . 57
A.2 Requirements for process assessment models . 57
A.2.1 Introduction . 57
A.2.2 Process assessment model scope . 57
A.2.3 Requirements for process assessment models . 58
A.2.4 Assessment indicators . 58
A.2.5 Mapping process assessment models to process reference models. 59
A.2.6 Expression of assessment results. 61
Annex B (informative) Input and output characteristics . 62
B.1 General . 62
B.2 Generic input and outputs . 63
B.3 Specific inputs and outputs . 67
Annex C (informative) Association between base practices and ISO/IEC 27001 requirements . 97
C.1 Associations of base practices with requirements . 98
C.2 Associations of requirements with base practices . 136
C.3 Base practices that have no associated requirements. 180
Bibliography . 183
iv © ISO/IEC 2016 — All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of
document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on the ISO
list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 7, Software and
systems engineering.
This corrected version of ISO/IEC 33072 incorporates the text that was not visible in Annex B, Table B.3,
references 08-39 and 08-40, in the column entitled: "Characteristics".
© ISO/IEC 2016 — All rights reserved v

Introduction
This Technical Specification provides an Information Security Management Process Assessment Model
(PAM) for use in performing a conformant assessment of process capability in accordance with the
requirements of ISO/IEC 33002. It is structured in accordance with the requirements of ISO/IEC 33004 to
reflect processes that enable implementation of ISO/IEC 27001. The scale for assessing the extent of
achievement of process capability is based on ISO/IEC 33020.
An integral part of conducting an assessment is to use a PAM that is constructed for that purpose. A PAM is
related to a Process Reference Model (PRM) and is conformant with ISO/IEC 33004. ISO/IEC 33002 identifies
the minimum requirements for performing an assessment in order to ensure consistency and repeatability of
the ratings. ISO/IEC 33002 addresses the assessment of process and the application of process assessment
for improvement and capability determination. Results of conforma
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 29110-3-2:2018/Amd 1:2025(Amendment)
Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 3-2: Conformity certification scheme — Amendment 1: Removal of requirement for 3-year recertification
  • Standard
    1 page
    English language
    sale 15% off
  • Draft
    1 page
    English language
    sale 15% off
  • Draft
    1 page
    English language
    sale 15% off
ISO
ISO/IEC TS 19770-10:2025(Main)
Information technology — IT asset management — Part 10: Guidance for implementing ITAM

This document covers the following information technology asset management (ITAM) system processes: a) management system processes for the overall system of IT asset management (not described in ISO/IEC 19770-1 in detail), which are specified in this document for comprehensive coverage and consistency of explanations; these include: — understanding the external context and shareholder needs (7.1, 7.2 and 10.2); — leadership, policy and organization (10.3); — establishing and maintaining the management system (10.4); — planning and risk management (10.5); — support (including resources, competence, awareness, and communication – 10.6); — executing functional and life cycle processes (10.7); — performance evaluation and improvement (10.8); b) functional management processes for IT assets (not described in ISO/IEC 19770-1 in detail), which are cross-cutting processes that integrate with life-cycle processes for IT assets and which are shared with most IT management system standards, though sometimes slightly differently grouped; these include: — change management (11.2; also required by ISO/IEC 19770-1); — data management; — license management; — security management; — relationship and contract management; — financial management; — service level management; — other risk management; c) life cycle management processes for IT assets as specified in ISO/IEC 19770-1, which are grouped and named slightly differently by different methodologies; these include: — specification; — development; — acquisition; — release; — deployment; — operation; — retirement. This document is applicable to all ITAM implementations. This document can be applied to all types of IT assets and by all types and sizes of organizations.

  • Technical specification
    144 pages
    English language
    sale 15% off
ISO
ISO/IEC 20582:2025(Main)
Software and systems engineering — Capabilities of build and deployment tools

This document defines the requirements for capabilities of build and deployment tools to support and automate building, packaging, and deploying work. This document is intended for use in evaluating and selecting build and deployment tools according to the procedures defined in ISO/IEC 20741. This document is applicable to different development methodologies and approaches (e.g. Waterfall, Agile, or DevOps).

  • Standard
    32 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 33060:2025(Main)
Information technology — Process assessment — Process assessment model for system life cycle processes

This document defines a process assessment model for system life cycle processes, conformant with the requirements of ISO/IEC 33004, for use in performing a conformant assessment in accordance with the requirements of ISO/IEC 33002.

  • Technical specification
    65 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 33062:2025(Main)
Information technology — Process assessment — Process assessment model for quantitative processes to support higher levels of process capability in ISO/IEC 33020

This document defines a process assessment model for quantitative processes, conforming to the requirements of ISO/IEC 33004, for use in performing a process assessment in accordance with the requirements of ISO/IEC 33002.

  • Technical specification
    18 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-5-6-4:2025(Main)
Systems and software engineering — Life cycle profiles for very small entities (VSEs) — Part 5-6-4: Systems engineering guidelines for the generic Advanced profile

This document describes processes targeted at VSEs that want to sustain and grow as an independent competitive system development organization. This document provides management and engineering guidelines for the systems engineering Advanced profile of the generic profile group. This document is applicable to VSEs that do not develop critical systems and have little or no experience with systems engineering (SE) process planning and implementation using the ISO/IEC/IEEE 15288. This document is also applicable to VSEs which are familiar with the management and engineering guidelines of the systems engineering Intermediate profile (ISO/IEC TR 29110 5-6-3) for their system development projects and are involved in the development of more than one project in parallel with more than one work team.

  • Standard
    83 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-5-1-1:2025(Main)
Systems and software engineering — Life cycle profiles for very small entities (VSEs) — Part 5-1-1: Software engineering guidelines for the generic Entry profile

This document provides the management and engineering guidelines to the software Entry profile specified in ISO/IEC 29110-4-1 through project management and software implementation processes. This document applies to VSEs that do not develop safety-critical software. This document applies for software development projects, which can fulfil an external or internal agreement. This document applies to start-up VSEs (e.g. VSEs that started their operation less than three years ago) and/or VSEs working on small projects (e.g. projects with a size of less than six person-months).

  • Standard
    36 pages
    English language
    sale 15% off
ISO
ISO/IEC 29110-5-1-2:2025(Main)
Systems and software engineering — Life cycle profiles for very small entities (VSEs) — Part 5-1-2: Software engineering guidelines for the generic Basic profile

This document provides management and engineering guidelines to the software Basic profile specified in ISO/IEC 29110-4-1 through project management and software implementation processes. This document applies to VSEs that do not develop safety-critical software. This document applies for software development projects, which can fulfil an external or internal agreement. This document is applicable to VSEs developing a single product by a single work team.

  • Standard
    93 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 32430:2025(Main)
Software engineering — Software non-functional size measurement

This document defines a method for measuring the non-functional size of the software. It complements ISO/IEC 20926:2009, which defines a method for measuring the functional size of the software. This document also describes the complementarity of functional and non-functional sizes, so that deriving the sizes from the functional and the non-functional requirements does not result in duplication in the distinct functional and non-functional sizes. In general, there are many types of non-functional requirements. Moreover, non-functional requirements and their classification evolve over time as the technology advances. This document does not intend to define the type of NFR for a given context. Users can choose ISO 25010 or any other standard for the definition of NFR. It is assumed that users size the NFR based on the definitions they use. This document covers a subset of non-functional requirements. It is expected that, with time, the state of the art can improve and that potential future versions of this document can define an extended coverage. The ultimate goal is a version that, together with ISO/IEC 20926:2009, covers every aspect that can be required of any prospective piece of software, including aspects such as process and project directives that are hard or impossible to trace to the software's algorithm or data. The combination of functional and non-functional sizes would then correspond to the total size necessary to bring the software into existence. Estimating the cost, effort and duration of the implementation of the NFR is outside the scope of this document.

  • Standard
    71 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 29119-5:2024(Main)
Software and systems engineering — Software testing — Part 5: Keyword-driven testing

This document defines an efficient and consistent solution for keyword-driven testing by: — giving an introduction to keyword-driven testing; — providing a reference approach to implement keyword-driven testing; — defining requirements on frameworks for keyword-driven testing to enable testers to share their work items, such as test cases, test data, keywords, or complete test specifications; — defining requirements for tools that support keyword-driven testing; these requirements are applicable to any tool that supports the keyword-driven approach (e.g. test automation, test design and test management tools); — defining interfaces and a common data exchange format to ensure that tools from different vendors can exchange their data (e.g. test cases, test data and test results); — defining levels of hierarchical keywords, and advising use of hierarchical keywords; this includes describing specific types of keywords (e.g. keywords for navigation or for checking a value) and when to use "flat" structured keywords; — providing an initial list of example generic technical (low-level) keywords, such as "inputData" or "checkValue"; these keywords can be used to specify test cases on a technical level and can be combined to create business-level keywords as required. This document is applicable to all those who want to create keyword-driven test specifications, create corresponding frameworks, or build test automation based on keywords.

  • Standard
    55 pages
    English language
    sale 15% off