Programutveckling och systemdokumentation

Kommittébeteckning: SIS/TK 303 (IT-system och IT-tjänster)
Källa: ISO
Svarsdatum: den 4 feb 2018
Se merSe mindre

1.1 Fields of application

ISO/IEC 29110 is applicable to Very Small Entities (VSEs). A VSE is an enterprise, an organisation, a department or a project having up to 25 people.

The purpose of ISO/IEC 29110-4-3 is to provide a set of auditable requirements based on multiple standards (i.e., ISO/IEC/IEEE 15288, ISO/IEC/IEEE 15289, ISO 9000, ISO 9001, ISO 31000, ISO/IEC 38500, ISO/IEC

10004, ISO 10007, ISO/IEC 20000, ISO/IEC 27035) that supports the delivery of services by a VSE. Services can be delivered to internal or external customers. This document is not a Management System Standard (MSS), nor does it provide guidance on fulfilling the requirements of a MSS.

This document does not promote uniformity in approach across all organisations, as specific objectives and initiatives are tailored to suit an individual organisation’s needs.

1.2 Target audience

This part of ISO/IEC 29110 is targeted at:

— Assessors and accrediting agencies to support the conformity needs of the VSE; 

— VSEs that want to claim conformity to this profile for service delivery;

— Customers who want assurance about a VSE’s abilities to meet their requirements, and

— Tool/methodology vendors for future development of commercial tools or methodologies to support VSEs

 using this document.

1.3 Conformance

ISO/IEC 29110-4-3 can be adopted by organisations implementing and using the processes required by this part of ISO/IEC 29110. Therefore, organisations can claim conformance to this profile.

It can be attested by a third party. It can be mandated as part of procurement and contractual processes.

A VSE that claims conformance to a profile specified in ISO/IEC 29110-4-3 shall use all the mandatory profile requirements as identified in its specification clause.

The following variations to the service delivery profile are specified in this document:

a) Governance: Clause 5.1 and 6.1

b) Operational: Clause 5.2 - 5.4 and 6.2 – 6.4

c) Full: Governance and Operational


Conformance is achieved by demonstrating that mandatory requirements have been satisfied using the content of conformant work products as evidence.

NOTE In this document, for simplicity of reference, each work product is described as if it were published as a separate document. However, work products will be considered as conforming if they meet stated requirements, are available for reference, divided into separate documents or volumes, or combined with other work products into one document.

Kommittébeteckning: SIS/TK 303 (IT-system och IT-tjänster)
Källa: ISO
Svarsdatum: den 17 mar 2018
Se merSe mindre

ISO/IEC 24773-1 is part one of the ISO/IEC 24773 multipart standard. It contains terms and concepts used or referenced by the other parts of ISO/IEC 24773. It contains the requirements, which are common to all other parts of this multi-part standard, for certifications (schemes and bodies) in the domain of software and systems engineering.

Kommittébeteckning: SIS/TK 303 (IT-system och IT-tjänster)
Källa: ISO
Svarsdatum: den 19 mar 2018
Se merSe mindre

This document specifies the means to organize and record architecture evaluations. Architecture evaluations are used to:

— validate that architectures address the concerns of stakeholders,

— assess the quality of architectures with respect to their intended purpose,

— assess the value of architectures to their stakeholders,

— determine whether architecture entities address their intended purpose,

— provide knowledge and information about architecture entities,

— identify risks and opportunities associated with architectures, and

— support decision making where architectures are involved.

NOTE This document addresses the evaluation of an architecture and not an evaluation of the architecture description’s suitability. Matters concerning the evaluation of the architecture description fall within the scope of the architecture conceptualization and architecture elaboration processes as defined in the ISO/IEC/IEEE 42020 standard. However, it is sometimes the case that the architecture description is evaluated concurrently with the evaluation of the architecture itself.

This document covers various kinds of architecture situations, e.g. enterprise, systems, software, products, services, hardware, data, facilities, systems of systems, family of systems, product lines, and encompasses a variety of elements such as, for example, the people, organizations, techniques and processes involved in those architecture situations. It also spans the variety of applications that utilize digital technology such as mobile, cloud, big data, robotics, web, desktop, embedded systems, and so on.

The generic AE framework specified in this document can be used in support of the Architecture Evaluation process defined in ISO/IEC/IEEE 42020. Specific frameworks can be derived from this generic framework, which can provide a mapping to the system life cycle processes in ISO/IEC/IEEE 15288 or to the software life cycle processes in ISO/IEC/IEEE 12207.

Kommittébeteckning: SIS/TK 318 (Informationssäkerhet)
Källa: ISO
Svarsdatum: den 27 mar 2018
Se merSe mindre

This document provides a description of privacy-enhancing data de-identification techniques, to be used to describe and design de-identification measures in accordance with the privacy principles in ISO/IEC 29100.

In particular, this document specifies terminology, a classification of de-identification techniques according to their characteristics, and their applicability for reducing the risk of re-identification.

This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are PII controllers or PII processors acting on a controller's behalf, implementing data de-identification processes for privacy enhancing purposes.