ISO/IEC 29110: Systems and Software Life Cycle Profiles and Guidelines for Very Small Entities (VSEs) International Standards (IS) and Technical Reports (TR) are targeted at Very Small Entities (VSEs). A Very Small Entity (VSE) is an enterprise, an organization, a department or a project having up to 25 people. The ISO/IEC 29110 is a series of international standards and guides entitled "Systems and Software Engineering — Lifecycle Profiles for Very Small Entities (VSEs)". The standards and technical reports were developed by working group 24 (WG24) of sub-committee 7 (SC7) of Joint Technical Committee 1 (JTC1) of the International Organization for Standardization and the International Electrotechnical Commission.
Industries around the world have agreed that there are certain ways of working that produce predictable results. Companies that agree to use these agreed methods and then to have their compliance measured are called ISO certificated. Some ISO-certificated organizations require that their vendors also be ISO certificated. The general standard for software development, ISO/IEC/IEEE 12207, is appropriate for medium and large software development efforts. Similarly, the general standard for system development, ISO/IEC/IEEE 15288, is appropriate for medium and large system development efforts. Systems, in the context of ISO/IEC 29110, are typically composed of hardware and software components. Things work differently in a small organisations; ISO 29110 reflects that.
|ISO/IEC TR 29110-1:2016 - Overview|
|Systems and software engineering -- Lifecycle profiles for Very Small Entities (VSEs)|
|First published||September 2011|
|Latest version||June 2016|
|Committee||ISO/IEC JTC 1/SC 7 Software and systems engineering|
|Related standards||ISO/IEC/IEEE 12207, ISO/IEC/IEEE 15288, ISO/IEC/IEEE 15289|
|Domain||Systems and Software Engineering|
Industry recognizes that VSEs make valuable products and services. VSEs also develop and maintain systems and software used in larger systems, so there is a need to recognize VSEs as suppliers of high quality systems and software.
According to the Organisation for Economic Co-operation and Development (OECD) SME and Entrepreneurship Outlook report (2005), Small and Medium Enterprises (SMEs) constitute the dominant form of business organisation in all countries worldwide, accounting for 95% to 99% of the business population depending on country. The challenge facing OECD governments is to provide a business environment that supports the competitiveness of this large heterogeneous business population and that promotes a vibrant entrepreneurial culture.
Studies and surveys conclude that the majority of International Standards do not address the needs of VSEs. Conformance with these standards is difficult, if not impossible, giving VSEs no way, or very limited ways, to be recognized as entities that produce quality software. Therefore, VSEs are often cut off from some economic activities.
It has been found that VSEs find it difficult to relate international standards to their business needs and to justify their application to their business practices. Most VSEs can neither afford the resources, in terms of number of employees, budget and time, nor see a net benefit in establishing software life cycle processes. To rectify some of these difficulties, a set of standards and technical reports has been developed according to a set of VSE characteristics.
The documents are based on subsets of appropriate standards elements, referred to as VSE profiles. The purpose of a VSE profile is to define a subset of international Standards relevant to the VSE context, for example, processes elements of ISO/IEC/IEEE 12207 for the software engineering ISO/IEC 29110, ISO/IEC/IEEE 15288 for the systems engineering ISO/IEC 29110, and products of ISO/IEC/IEEE 15289.
ISO/IEC 29110 series, targeted by audience, have been developed to improve product and/or service quality, and process performance, as shown in the table below. ISO/IEC 29110 is not intended to preclude the use of different life cycles such as: waterfall, iterative, incremental, evolutionary or agile.
|ISO/IEC 29110||Title||Target audience|
|Part 1||Overview||VSEs and their customers, assessors, standards producers, tool vendors, and methodology vendors.|
|Part 2||Framework for profile preparation||Profile producers, tool vendors and methodology vendors. Not intended for VSEs|
|Part 3||Certification and Assessment guidance||VSEs and their customers, assessors, accreditation bodies|
|Part 4||Profile specifications||VSEs, customers, standards producers, tool vendors and methodology vendors.|
|Part 5||Management, engineering and service delivery guidelines||VSEs and their customers|
If a new profile is needed, ISO/IEC 29110-4 and ISO/IEC 29110-5 can be developed without impacting existing documents and they become ISO/IEC 29110-4-m and ISO/IEC 29110-5-m-n respectively through the ISO/IEC process.
The core characteristic of the entities targeted by ISO/IEC 29110 is size, however there are other aspects and characteristics of VSEs that may affect profile preparation or selection, such as: Business Models (commercial, contracting, in-house development, etc.); Situational factors (such as criticality, uncertainty environment, etc.); and Risk Levels. Creating one profile for each possible combination of values of the various dimensions introduced above would result in an unmanageable set of profiles. Accordingly, VSE's profiles are grouped in such a way as to be applicable to more than one category. Profile Groups are a collection of profiles which are related either by composition of processes (i.e. activities, tasks), or by capability level, or both.
The Generic Profile Group has been defined as applicable to a vast majority of VSEs that do not develop critical systems and/or software and have typical situational factors. The Generic Profile Group is a collection of four profiles (Entry, Basic, Intermediate, Advanced), providing a progressive approach to satisfying a vast majority of VSEs. The four-stage roadmap provides a progressive approach to satisfying a vast majority of VSEs. VSEs targeted by the Entry Profile are VSEs working on small projects (e.g. at most six person-months effort) and start-ups. The Basic Profile targets VSEs developing a single application by a single work team. The Intermediate Profile is targeted at VSEs developing more than one project in parallel with more than one work team. The Advanced Profile is target to VSEs that want to sustain and grow as an independent competitive system and/or software development business.
The Software Engineering Generic Profile Group is mainly based on the ISO/IEC/IEEE 12207 Software Life Cycle Processes standard. The ISO working group mandated to develop ISO/IEC 29110 used the Mexican software process model MoProSoft to help the development of ISO/IEC 29110.
A process is composed of a set of activities, and an activity is composed of a set of tasks. The figure below illustrates the 2 processes and the activities of the software engineering Basic profile. The 2 processes are described at the task level in the ISO/IEC 29110 Software engineering Management and Engineering Guide of the Basic profile.
The software engineering Entry profile has the same 2 processes and activities. But the number of tasks and the number of documents is lower than the Basic profile. The table below lists the number of tasks for each process of the software generic profile group. A conditional process is a process that can be mandatory under some specific conditions, can be optional under specified conditions, and can be out of scope or not applicable under specified conditions.
The table below lists the number of work products and roles for each process of the software generic profile group.
The Systems Engineering Generic Profile Group is mainly based on the ISO/IEC/IEEE 15288 System Life Cycle Processes standard. The figure below illustrates the systems engineering Basic profile. Systems, in the context of ISO/IEC 29110, are typically composed of hardware and software components.
ISO/IEC 29110 series is a set of five different Parts. Part 1, ISO/IEC TR 29110-1, defines the business terms common to the VSE Profile Set of Documents. It introduces processes, lifecycle and standardization concepts, and the ISO/IEC 29110 series. It also introduces the characteristics and requirements of a VSE, and clarifies the rationale for VSE-specific profiles, documents, standards and guides. introduces the concepts for software engineering standardized profiles for VSEs, and defines the terms common to the VSE Profile Set of Documents. It establishes the logic behind the definition and application of standardized profiles. It specifies the elements common to all standardized profiles (structure, conformance, assessment) and introduces the taxonomy (catalogue) of ISO/IEC 29110 profiles.
Part 3, ISO/IEC TR 29110-3-1, defines the process assessment guidelines and compliance requirements needed to meet the purpose of the defined VSE Profiles. ISO/IEC TR 29110-3-1 also contains information that can be useful to developers of assessment methods and assessment tools. ISO/IEC TR 29110-3-1 is addressed to people who have direct relation with the assessment process, e.g. the assessor and the sponsor of the assessment, who need guidance on ensuring that the requirements for performing an assessment have been met.
Part 4, ISO/IEC 29110-4-1, provides the specification for all the profiles of the Generic Profile Group. The Generic Profile Group is applicable to VSEs that do not develop critical software products. The profiles are based on subsets of appropriate standards elements. VSE Profiles apply and are targeted at authors/providers of guides and authors/providers of tools and other support material.
Part 5, ISO/IEC 29110-5-m-n, provides systems engineering or software engineering project management and engineering guides and service delivery guidelines for the VSE Profile described in ISO/IEC 29110-4-m.
The figure below illustrates the components of the ISO/IEC 29110 series. The boxes in light blue are documents in development.
A Deployment Package (DP) is a set of artifacts developed to facilitate the implementation of a set of practices, of the selected framework, in a Very Small Entity (VSE). The Deployment Packages, described below, have been developed to help implement the processes of the Generic Profile Group. The Generic profile group is applicable to VSEs that do not develop critical systems or software. The Generic profile group is composed of 4 profiles: Entry, Basic, Intermediate and Advanced. The Generic profile group does not imply any specific application domain.
The content of a typical deployment package is listed in table 2. The mapping to standards and models is given as information to show that a Deployment Package has explicit links to Part 5 and to selected ISO standards, such as ISO/IEC/IEEE 15288, ISO/IEC/IEEE 12207, or models such as the CMMI developed by the Software Engineering Institute. By implementing a deployment package, a VSE can see its concrete step to achieve or demonstrate coverage to ISO/IEC 29110 Part 5. Deployment Packages are designed such that a VSE can implement its content, without having to implement the complete framework at the same time.
|1. Technical Description|
|Purpose of this document|
|Why this Topic is important?|
|3. Relationships with ISO/IEC 29110|
|4. Overview of Processes, Activities, Tasks, Roles and Products|
|5. Description of Processes, Activities, Tasks, Steps, Roles and Products|
|10. References to other Standards and Models (e.g. ISO 9001, ISO/IEC 12207, CMMI®)|
|12. Evaluation Form|
The systems engineering or software engineering Basic Profile describes development of a single application by a single project team with no special risk or situational factors. The set of DPs for the software Basic Profile is illustrated in figure 2.
A set of DPs to support the Systems Engineering Basic profile is under development in collaboration with members of INCOSE as illustrated in the figure below.
Deployment packages as well as other support material, such as a plug-in, are available at no cost on Internet (see below).
An implementation in an IT start-up VSE by a team of two developers. Their web application allows users to collaborate, share and plan their trips simply and accessible to all. The use of the Basic profile of ISO 29110 has guided the start-up to develop an application of high quality while using proven practices of ISO 29110. The total effort of this project was nearly 1000 hours. The IT start-up has recorded the effort, in person-hours, spent on tasks of the project. Only 12.6% of total effort has been spent on rework (i.e. 125 hours/990.5 hours). This indicates that the use of appropriate standards can guide all the phases of the development of a product such that the wasted effort (i.e. rework) is about the same as a more mature organization.
An implementation in a large Canadian utility provider. The IT division of a large Canadian utility provider has 1950 employees that support more than 2,100 software applications. The organization had already implemented 12 level 2 and 3 process areas of the CMMI-DEV. Traditional lifecycles were used for the development of this division.
A small department within the IT division, the Mobility and Georeferenced Solutions department, is composed of 6 developers and 3 analysts, an architect and a manager. Typical projects of the department are requests from internal customers to improve a few applications. The small department was required to develop applications more quickly, and with very different technologies. Increasingly, the department had to develop proof of concepts. The problem was that the deliverables requested by the current methodology for typical projects of the IT division were too numerous, the level of documentation required was not suitable for small projects and small teams.
A project was launched within the small department to tailor ISO 29110 to their needs and adapt it to a Scrum approach. A pilot project, involving the creation of a web application for property management, has been conducted. This application greatly facilitated geographic data consultation. The total effort of this project was 1,511 hours. The table below shows, for each major task, the effort to execute the task, the effort required to review a document, such as the software specification document, in order to detect errors and, the effort required to correct the errors (i.e. the rework).
|Title of task||Prevention (hours)||Execution (hours)||Evaluation (hours)||Correction (hours)|
|Web site deployment||1||7||-||-|
About 8.5% of the effort was invested in prevention tasks while only 9.6% was spent in rework tasks. The ISO 29110 process improvement project allowed the small department to shine within the IT division, as it became a model for future small IT projects.
Implementation in a large financial institution. The IT division of a large Canadian financial institution has over 3,000 employees developing new applications and maintaining over 1250 applications. The Cash Management IT department, of 6 developers, is responsible for the development and maintenance of software tools used by traders. Each year, the department is faced with an increase in the numbers of requests to add, correct or modify features related to supported applications.
Before the implementation of the ISO 29110-agile process, customers had the following complaints:
In response to these problems, processes were evaluated by comparing the activities of the actual maintenance process to those of the Basic profile. Some shortcomings were found in the actual project management process and in the software implementation process.
The new project management process has been adapted to the context of the division, by injecting a few tasks of the SCRUM methodology. The new agile process, using the Basic profile of the ISO 29110, has been tested on three pilot projects. Recently, a team of 5-person team was added to the department to carry out all non-urgent maintenance projects using the ISO 29110 agile process.
Implementations in Thailand.
The table below shows the number of ISO29110-Basic profile certified Thai organizations.
|Type of Organization||2012||2013||2014||2015||2016||2018||Total|
The systems engineering Basic profile has been used in a few systems engineering organizations. As an example, in the south of France, 6 organizations implemented the Basic profile in the development of their products.
In Canada, a young company involved in the design and development of communication systems for public transport. The company has been successfully audited by a third-party audit composed of 2 auditors in 2016.
Over 19 countries are known to be teaching ISO/IEC 29110 at the undergraduate and graduate levels. The figure below shows the countries that are teaching ISO/IEC 29110.
As an example, in the state of Zacatecas of Mexico, 4 universities have implemented the Basic profile of the ISO/IEC 29110 in their Software Development Center (SDC). A SDC provides an environment in which students apply their knowledge in a software development project. The SDCs where audited against the Basic profile of ISO/IEC 29110 by auditors of NYCE (Normalización y Certificación Electrónica), the Mexican Certification Body, the 4 SDCs achieved the certification in 2017.
In Thailand, over 10 universities are teaching ISO/IEC 29110.
For Software Engineering:
For Systems Engineering:
For Service Delivery:
For Systems Engineering:
An anti-pattern is a common response to a recurring problem that is usually ineffective and risks being highly counterproductive. The term, coined in 1995 by Andrew Koenig, was inspired by a book, Design Patterns, which highlights a number of design patterns in software development that its authors considered to be highly reliable and effective.
The term was popularized three years later by the book AntiPatterns, which extended its use beyond the field of software design to refer informally to any commonly reinvented but bad solution to a problem. Examples include analysis paralysis, cargo cult programming, death march, groupthink and vendor lock-in.Capability Immaturity Model
Capability Immaturity Model (CIMM) in software engineering is a parody acronym, a semi-serious effort to provide a contrast to the Capability Maturity Model (CMM). The Capability Maturity Model is a five point scale of capability in an organization, ranging from random processes at level 1 to fully defined, managed and optimized processes at level 5. The ability of an organization to carry out its mission on time and within budget is claimed to improve as the CMM level increases.
The "Capability Im-Maturity Model" asserts that organizations can and do occupy levels below CMM level 1. An original article by Capt. Tom Schorsch USAF as part of a graduate project at the Air Force Institute of Technology provides the definitions for CIMM. He cites Prof. Anthony Finkelstein's ACM paper as an inspiration. The article describes situations that arise in dysfunctional organizations. Such situations are reportedly common in organizations of all kinds undertaking software development, i.e. they are really characterizations of the management of specific projects, since they can occur even in organizations with positive CMM levels.
Kik Piney, citing the original authors, later adapted the model to a somewhat satirical version that attracted a number of followers who felt that it was quite true to their experience.Standard CMMI Appraisal Method for Process Improvement
The Standard CMMI Appraisal Method for Process Improvement (SCAMPI) is the official Software Engineering Institute (SEI) method to provide benchmark-quality ratings relative to Capability Maturity Model Integration (CMMI) models. SCAMPI appraisals are used to identify strengths and weaknesses of current processes, reveal development/acquisition risks, and determine capability and maturity level ratings. They are mostly used either as part of a process improvement program or for rating prospective suppliers. The method defines the appraisal process as consisting of preparation; on-site activities; preliminary observations, findings, and ratings; final reporting; and follow-on activities.
ISO standards by standard number