ISO/IEC/IEEE 24748-3:2020

INTERNATIONAL ISO/IEC/
STANDARD IEEE
24748-3
First edition
2020-10
Systems and software engineering —
Life cycle management —
Part 3:
Guidelines for the application of ISO/
IEC/IEEE 12207 (software life cycle
processes)
Ingénierie des systèmes et du logiciel — Gestion du cycle de vie —
Partie 3: Lignes directrices pour l'application de l'ISO/IEC/IEEE
12207 (processus du cycle de vie du logiciel)
Reference number
ISO/IEC/IEEE 24748-3:2020(E)
©
ISO/IEC 2020
©
IEEE 2020

---------------------- Page: 1 ----------------------
ISO/IEC/IEEE 24748-3:2020(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020
© IEEE 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO or IEEE at the
respective address below or ISO’s member body in the country of the requester.
ISO copyright office Institute of Electrical and Electronics Engineers, Inc
CP 401 • Ch. de Blandonnet 8 3 Park Avenue, New York
CH-1214 Vernier, Geneva NY 10016-5997, USA
Phone: +41 22 749 01 11
Email: copyright@iso.org Email: stds.ipr@ieee.org
Website: www.iso.org Website: www.ieee.org
Published in Switzerland
© ISO/IEC 2020 – All rights reserved
ii © IEEE 2020 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC/IEEE 24748-3:2020(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 2
3 Terms, definitions, and abbreviated terms . 2
3.1 Terms and definitions . 2
3.2 Abbreviated terms . 2
4 Concepts for software and software systems . 3
4.1 General . 3
4.2 Software system concepts . 3
4.3 Organizational concepts . 4
4.4 Project concepts . 6
5 Process and life cycle concepts . 8
5.1 Process concepts . 8
5.2 Life cycle concepts .10
5.2.1 Life cycle stages.10
5.2.2 Interrelationships of software processes and stages .11
5.2.3 Life cycle process models for software systems .12
5.3 Process groups .16
6 Software life cycle processes .17
6.1 Agreement processes .17
6.1.1 Acquisition process .17
6.1.2 Supply process .20
6.2 Organizational project-enabling processes .21
6.2.1 Life cycle model management process .21
6.2.2 Infrastructure Management process .22
6.2.3 Portfolio Management process .24
6.2.4 Human Resource Management process .24
6.2.5 Quality Management process .25
6.2.6 Knowledge Management process.26
6.3 Technical Management processes .27
6.3.1 Project Planning process.27
6.3.2 Project assessment and control process .28
6.3.3 Decision Management process .31
6.3.4 Risk Management process .32
6.3.5 Configuration Management process .34
6.3.6 Information Management process .35
6.3.7 Measurement process .36
6.3.8 Quality Assurance process .38
6.4 Technical processes .39
6.4.1 Business or Mission Analysis process .39
6.4.2 Stakeholder Needs and Requirements Definition process .40
6.4.3 System/Software requirements definition process .41
6.4.4 Architecture Definition process .43
6.4.5 Design Definition process .47
6.4.6 System Analysis process .49
6.4.7 Implementation process .50
6.4.8 Integration process .52
6.4.9 Verification process .53
6.4.10 Transition process .55
6.4.11 Validation process . . .57
6.4.12 Operation process .58
© ISO/IEC 2020 – All rights reserved
© IEEE 2020 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC/IEEE 24748-3:2020(E)

6.4.13 Maintenance process .59
6.4.14 Disposal process .61
Annex A (informative) Tailoring process .62
Bibliography .64
IEEE notices and abstract .67
© ISO/IEC 2020 – All rights reserved
iv © IEEE 2020 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC/IEEE 24748-3:2020(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating
Committees of the IEEE Standards Association (IEEE-SA) Standards Board. The IEEE develops its
standards through a consensus development process, approved by the American National Standards
Institute, which brings together volunteers representing varied viewpoints and interests to achieve the
final product. Volunteers are not necessarily members of the Institute and serve without compensation.
While the IEEE administers the process and establishes rules to promote fairness in the consensus
development process, the IEEE does not independently evaluate, test, or verify the accuracy of any of
the information contained in its standards.
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO's adherence to the World Trade Organization (WTO)
principles in the Technical Barriers to Trade (TBT) see www .iso .org/ iso/ foreword .html.
This document was prepared by ISO/IEC JTC 1, Information technology, SC 7, Systems and software
engineering, in cooperation with the Systems and Software Engineering Standards Committee of the
IEEE Computer Society, under the Partner Standards Development Organization cooperation agreement
between ISO and IEEE.
This document cancels and replaces ISO/IEC TR 24748-3:2011, which has been technically revised.
The main changes compared to ISO/IEC TR 24748-3:2011 are as follows:
— revised presentation of concepts, consistent with ISO/IEC/IEEE 12207:2017;
— completely updated presentation of guidance for each life cycle process, including aspects of
purpose; outcomes and outputs; activities, tasks, and approaches;
— identified closely related processes;
— identified related international standards for each process, which offer more detailed requirements
and guidance.
A list of all parts in the ISO/IEC/IEEE 24748 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO/IEC 2020 – All rights reserved
© IEEE 2020 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC/IEEE 24748-3:2020(E)

Introduction
The purpose of this document is to provide guidance on the application of the software life cycle
processes standard, ISO/IEC/IEEE 12207:2017. Taken together, the parts of the ISO/IEC/IEEE 24748
series are intended to facilitate the joint usage of the process content of the two high-level life
cycle process standards (ISO/IEC/IEEE 12207:2017 and ISO/IEC/IEEE 15288:2015), which in turn
may be used together with various more specialized lower-level process standards. In this way,
ISO/IEC/IEEE 24748 (all parts) provides unified and consolidated guidance on the life cycle management
of systems and software engineering. Its purpose is to help ensure consistency in system concepts and
life cycle concepts, models, stages, processes, process application, key points of view, adaptation and
use in various domains as the two standards (and others) are used in combination. It should help an
organization to design, develop, and sustain software systems using a life cycle model.
ISO/IEC/IEEE 24748-1 provides guidance for the concepts of life cycle management applicable to
both systems and software engineering. It covers fundamental concepts such as system-of-interest,
stages, processes, projects, and organizations. This document focuses on and expands the coverage
of those aspects and processes most relevant to software systems. A companion guidance document,
ISO/IEC/IEEE 24748-2, provides similar guidance for the application of ISO/IEC/IEEE 15288:2015.
In conjunction with ISO/IEC/IEEE 24748-1, this document aids in identifying and planning the use of the
life cycle processes described in ISO/IEC/IEEE 12207:2017. Since in many respects the Organizational
Project Enabling processes and the Technical Management processes are quite similar for software
systems to those used for any type of system, this document concentrates on specific guidance
for the Technical processes and how they can be effectively used during the software life cycle.
ISO/IEC/IEEE 24748-5 focuses on the Technical Management processes, especially Project Planning
and Project Assessment and Control, as applied to software projects. The proper use of these processes
can contribute to a project being completed successfully, meeting its objectives and requirements for
each stage and for the overall project.
This document elaborates on factors, 'best-practice' or typical approaches and methods that should be
considered when applying ISO/IEC/IEEE 12207:2017. It does this in the context of the various ways in
which ISO/IEC/IEEE 12207:2017 can be applied. It is intended to be useful in a variety of software life
cycle situations, including the use of agile methods, which are the most widely used on all types and
sizes of projects.
© ISO/IEC 2020 – All rights reserved
vi © IEEE 2020 – All rights reserved

---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO/IEC/IEEE 24748-3:2020(E)
Systems and software engineering — Life cycle
management —
Part 3:
Guidelines for the application of ISO/IEC/IEEE 12207
(software life cycle processes)
1 Scope
This document is a guideline for the application of ISO/IEC/IEEE 12207:2017. This document establishes
guidance to implement a common framework for software life cycle processes, with well-defined
terminology, that can be referenced by the software industry. This document provides guidance on
defining, controlling, and improving software life cycle processes within an organization or a project.
This document recommends methods and approaches suitable for a variety of life cycle models. The
guidance emphasizes the importance of establishing a strategy, planning, and the involvement of
stakeholders, with the ultimate goal of achieving customer satisfaction.
This document applies to the acquisition, supply, design and development, transition, operation,
maintenance, and disposal (whether performed internally or externally to an organization) of software
systems, products, and services (including software as a service (SaaS)), and the software portion of
any system. Software includes the software portion of firmware. The guidance on processes, activities,
and tasks in this document can also be applied during the acquisition of a system that contains software.
The guidance in this document can also be used as a basis for selecting, establishing, and improving
organizational environments, e.g., methods, procedures, techniques, tools, and trained personnel.
In the context of this document, there is a continuum of human-made systems from those that use little
or no software to those in which software is the primary interest. It is rare to encounter a complex
system without software, and all software systems require physical system components (hardware)
to operate, either as part of the software system-of-interest (SoI) or as an enabling system or
infrastructure. Thus, the choice of whether to apply this document for guidance to the software life
cycle processes, or ISO/IEC/IEEE 24748-2, depends on the SoI. At a high level, both documents have the
same life cycle process framework, but differ in guidance for activities and tasks to perform software
engineering or systems engineering, respectively.
The processes and process groups in this document are identical in their purpose and outcomes with
those in ISO/IEC/IEEE 12207:2017 and in ISO/IEC/IEEE 15288:2015, with one exception: the System/
Software Requirements Definition process of ISO/IEC/IEEE 12207:2017 and this document has a
different name from the System Requirements Definition process of ISO/IEC/IEEE 15288:2015.
Use of the guidance in this document is appropriate regardless of software system size or complexity or
organizational size. The process outcomes from the ISO/IEC/IEEE 12207:2017 life cycle processes are
meant to be generic and applicable to the engineering of any software system in any size organization.
This document does not prescribe nor detail a specific software life cycle model, development
methodology, method, modelling approach, or technique and method. The variety of ways for
implementing software (e.g., development of new code, integration of existing open source components
and commercial products, or modifications to existing software, including transition to new platforms)
make it impossible to detail specific procedures.
This document does not establish a management system or provide guidance on the use of any
management system standard. However, it is intended to be compatible with the quality management
system specified by ISO 9001, the service management system specified by ISO/IEC 20000-1, the
© ISO/IEC 2020 – All rights reserved
© IEEE 2020 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO/IEC/IEEE 24748-3:2020(E)

IT asset management system specified by ISO/IEC 19770 (all parts), and the information security
management system specified by ISO/IEC 27000.
Clause 6 provides guidance on aspects of purposes, outcomes, activities, and tasks in
ISO/IEC/IEEE 12207:2017. However, this document does not repeat the detailed requirements and
recommendations for purposes, outcomes, activities, and tasks for each life cycle process found in
ISO/IEC/IEEE 12207:2017. Clause 6 also provides references to specialized standards that provide more
detailed requirements and guidance for the various processes and information products (information
items). This document does not detail information items (process inputs and outputs) in terms of name,
format, explicit content and recording media.
NOTE ISO/IEC/IEEE 15289 addresses the content for life cycle process information items (documentation).
2 Normative references
There are no normative references in this document.
3 Terms, definitions, and abbreviated terms
3.1 Terms and definitions
No terms and definitions are listed in this document.
ISO, IEC, and IEEE maintain terminological databases for use in standardization at the following
addresses:
— ISO Online browsing platform: available at https:// www .iso .org/
— IEC Electropedia: available at http:// www .electropedia .org/
— IEEE Standards Dictionary Online: available at: http:// dictionary .ieee .org
NOTE For additional terms and definitions in the field of systems and software engineering, see
ISO/IEC/IEEE 24765, which is published periodically as a “snapshot” of the SEVOCAB (Systems and software
Engineering Vocabulary) database and is publicly accessible at www .computer .org/ sevocab.
3.2 Abbreviated terms
API application program interface
CM configuration management
COTS commercial-off-the-shelf
FCA functional configuration audit
IDEF Integration DEFinition
MOE measure of effectiveness
MOP measure of performance
NDI non-developmental item
PCA physical configuration audit
PII personally identifiable information
PRM process reference model
© ISO/IEC 2020 – All rights reserved
2 © IEEE 2020 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/IEC/IEEE 24748-3:2020(E)

QA quality assurance
QM quality management
SaaS software as a service
SME subject matter expert
SoI system-of-interest
SoS system of systems
TPM technical performance measure
V&V validation and verification
VSE very small entity
WBS work breakdown structure
4 Concepts for software and software systems
4.1 General
This clause is included to help explain essential concepts as applicable to software and software
systems. While understanding concepts does not give the ability to immediately apply them without
further thought and work, it is the foundation for their practical use in different project, organizational
and life cycle environments.
4.2 Software system concepts
The application of ISO/IEC/IEEE 12207:2017 presupposes an understanding of system concepts. A
system is a combination of interacting elements organized to achieve one or more stated purposes.
Software is the subsystems or elements of a system consisting of computer programs, related
procedures, associated documentation, and data pertaining to the operation of the subsystem or
element. Software occurs in most systems, even if it is not the predominant element of interest as it is in
a software system.
For the purposes of this document, software systems are considered as created by humans and utilized
to provide services in defined environments for the benefit of users and other stakeholders. These
systems may be configured with one or more of the following: hardware, software, services, humans,
processes (e.g. review process), procedures (e.g. operator instructions), facilities, and naturally
occurring entities (e.g. water, organisms, minerals). A system may be considered as a product or as
the services it provides. A system element is a member of a set of elements that constitutes a system. A
system element is a discrete part of a system that can be implemented to fulfil specified requirements.
NOTE 1 Additional discussion regarding systems, systems of systems, and system structure, is provided in
ISO/IEC/IEEE 24748-1. ISO/IEC/IEEE 24748-2 provides more information on concepts related to system life cycle
management.
System concepts are directly applicable to software systems. An underlying principle of
ISO/IEC/IEEE 12207:2017 is that software engineering applies similar processes to systems engineering,
but that software is the leading method for system requirements realization. Consequently, processes
are aligned and adapted for methods and approaches relevant for software.
NOTE 2 As applicable to all systems and projects, guidance to concepts is found in ISO/IEC/IEEE 24748-1.
ISO/IEC/IEEE 24748-2 includes guidance more specifically applicable to systems where hardware or other non-
software elements are the primary concern.
© ISO/IEC 2020 – All rights reserved
© IEEE 2020 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO/IEC/IEEE 24748-3:2020(E)

Typically, the system engineering approach to develop a system design is described as a hierarchical,
top-down process of systematic decomposition of the system into its subsystems and elements
(components). This top-down approach has been traditionally applied to the architecture of software
systems as well, from the top-level system-of-interest down through the lowest system element level of
the software system structure, such as a line of code. However, the malleable, easily refactored nature
of software leads to a different way of considering the software structure. The common practice of
producing a minimum of new code and integrating a software system from available components
(open source modules, application program interfaces (APIs), software services, support software such
as a database management system and a web browser) leads to a more holistic view of its structure.
Software systems include a number of components for processing information that can be directly or
indirectly related to the software functions and requirements. In compartmentalized software, often
none of the sub-systems or components can be considered "top-level" in a hierarchy. Traceability of a
high-level stakeholder requirement to each specific subsystem can be difficult.
Characteristic properties at the boundary of a SoI arise from the interactions between subordinate
systems. Whatever the boundaries chosen to define the software system, the concepts and models in
this document are generic and permit a practitioner to correlate or adapt individual instances of life
cycles to its software concepts and principles.
Enabling systems are required for each life cycle process and are typically integrated as an
infrastructure for concurrent performance of multiple development, test, and operational processes.
Enabling systems are deployed throughout the software life cycle to provide the SoI with support as
needed. Each life cycle sta
...