ISO/IEC 29110-4-1:2018

INTERNATIONAL ISO/IEC
STANDARD 29110-4-1
Second edition
2018-04
Systems and software engineering —
Lifecycle profiles for Very Small
Entities (VSEs) —
Part 4-1:
Software engineering - Profile
specifications: Generic profile group
Ingénierie des systèmes et du logiciel — Profils de cycle de vie pour
très petits organismes (TPO) —
Partie 4-1: Ingénierie du logiciel - Spécification de profil: Groupe de
profil générique
Reference number
©
ISO/IEC 2018
© ISO/IEC 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2018 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Abbreviated terms . 2
4 Conformance . 2
4.1 Conformance situations . 2
4.2 Conformance to this document . 2
5 Naming, diagramming and definition conventions . 2
6 Profile specification and its conformance with base standards . 2
6.1 Minimal conditions for Basic profile use . 2
7 Basic profile specifications . 3
7.1 Introduction . 3
7.2 Project Management process specification . 3
7.2.1 Project Management purpose . 3
7.2.2 Project Management requirements . 3
7.3 Software implementation process specification . 4
7.3.1 Software implementation purpose . 4
7.3.2 Software implementation requirements . 4
Annex A (normative) Basic profile base document references . 5
Annex B (informative) VSE Basic profile PRM .14
Bibliography .18
© ISO/IEC 2018 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the WTO
principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary
information
This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
This second edition cancels and replaces the first edition (ISO/IEC 29110-4-1:2011), which has been
technically revised. The main changes compared to the previous edition are as follows:
— the title of Clause 6 was changed from “Description of Basic VSE profiles” to “Profile Specification
and its conformance with base Standards;
— Clause 8 was replaced by Annex A “Basic profile base document references”;
— Basic profile specifications (Clause 7) have been changed to requirements;
— mapping tables to “task requirements” of ISO/IEC 12207 have been included; and
— informative Annex B “Base profile Process Reference Model” was added.
A list of all parts in the ISO/IEC 29110 series is available on the ISO and IEC websites.
iv © ISO/IEC 2018 – All rights reserved

Introduction
Very Small Entities (VSEs) around the world are creating valuable products and services. For the
purpose of ISO/IEC 29110, a VSE is an enterprise, an organization, a department or a project having
up to 25 people. Since many VSEs develop and/or maintain system and software components used in
systems, either as independent products or incorporated in larger systems, a recognition of VSEs as
suppliers of high quality products is required.
According to the Organization for Economic Co-operation and Development (OECD) SME and
Entrepreneurship Outlook report (2005) ‘Small and Medium Enterprises (SMEs) constitute the
dominant form of business organization in all countries world-wide, accounting for over 95 % and
up to 99 % of the business population depending on country’. The challenge facing governments
and economies is to provide a business environment that supports the competitiveness of this large
heterogeneous business population and that promotes a vibrant entrepreneurial culture.
From studies and surveys conducted, it is clear that the majority of International Standards do not
address the needs of VSEs. Implementation of and conformance with these standards is difficult, if
not impossible. Consequently, VSEs have no, or very limited, means to be recognized as entities that
produce quality systems/system elements including software in their domain. Therefore, VSEs are
excluded from some economic activities.
It has been found that VSEs find it difficult to relate International Standards to their business needs
and to justify the effort required to apply standards to their business practices. Most VSEs can neither
afford the resources, in terms of number of employees, expertise, budget and time, nor do they see a net
benefit in establishing over-complex systems or software life cycle processes. To address some of these
difficulties, a set of guidelines have been developed based on a set of VSE characteristics. The guidelines
are based on subsets of appropriate standards processes, activities, tasks, and outcomes, referred to
as profiles. The purpose of a profile is to define a subset of International Standards relevant to the VSE
context; for example, processes, activities, tasks, and outcomes of ISO/IEC/IEEE 12207 for software;
and processes, activities, tasks, and outcomes of ISO/IEC/IEEE 15288 for systems; and information
products (documentation) of ISO/IEC/IEEE 15289 for software and systems.
VSEs can achieve recognition through implementing a profile and by being audited against ISO/
IEC 29110 standards.
The ISO/IEC 29110 series of International Standards and Technical Reports can be applied at any
phase of system or software development within a life cycle. This series of International Standards and
Technical Reports is intended to be used by VSEs that do not have experience or expertise in adapting/
tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 standards to the needs of a specific project. VSEs
that have expertise in adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 are encouraged
to use those International Standards instead of the ISO/IEC 29110 series.
ISO/IEC 29110 is intended to be used with any lifecycle such as: waterfall, iterative, incremental,
evolutionary or agile.
Systems, in the context of ISO/IEC 29110, are typically composed of hardware and software components.
The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software
and/or service quality, and process performance. See Table 1.
© ISO/IEC 2018 – All rights reserved v

Table 1 — ISO/IEC 29110 target audience
ISO/IEC 29110 Title Target audience
Part 1 Overview VSEs and their customers, assessors,
standards producers, tool vendors and
methodology vendors.
Part 2 Framework for profile preparation Profile producers, tool vendors and
methodology vendors.
Not intended for VSEs.
Part 3 Certification and Assessment VSEs and their customers, assessors,
guidance accreditation bodies.
Part 4 Profile specifications VSEs, customers, standards producers, tool
vendors and methodology vendors.
Part 5 Management, engineering and VSEs and their customers.
service delivery guidelines
If a new profile is needed, ISO/IEC 29110-4 and ISO/IEC TR 29110-5 can be developed with minimal
impact to existing documents.
ISO/IEC TR 29110-1 defines the terms common to the set of the ISO/IEC 29110 series. It introduces
processes, lifecycle and standardization concepts, the taxonomy (catalogue) of ISO/IEC 29110 profiles
and the ISO/IEC 29110 series. It also introduces the characteristics and needs of a VSE, and clarifies the
rationale for specific profiles, documents, standards and guidelines.
ISO/IEC 29110-2-1 introduces the concepts for systems and software engineering profiles for VSEs.
It establishes the logic behind the definition and application of profiles. For standardized profiles, it
specifies the elements common to all profiles (structure, requirements, conformance, assessment). For
domain-specific profiles (profiles that are not standardized and developed outside of the ISO process),
it provides general guidance adapted from the definition of standardized profiles.
ISO/IEC 29110-3 defines certification schemes, assessment guidelines and compliance requirements
for process capability assessment, conformity assessments, and self-assessments for process
improvements. ISO/IEC 29110-3 also contains information that can be useful to developers of
certification and assessment methods and developers of certification and assessment tools. ISO/
IEC 29110-3 is addressed to people who have direct involvement with the assessment process, e.g.
the auditor, certification and accreditation bodies and the sponsor of the audit, who need guidance on
ensuring that the requirements for performing an audit have been met.
ISO/IEC 29110-4-m provides the specification for all profiles in one profile group (a profile group may
contain a single profile or multiple profiles). A profile is specified in terms of requirements imported
from appropriate base standards.
ISO/IEC/TR 29110-5-m-n provides management, engineering and service delivery guidelines for the
profiles in a profile group.
This document provides the specification for the Basic profile in the profile group of Software
Engineering. It is based on subsets of appropriate standards elements.
Figure 1 describes the ISO/IEC 29110 series of International Standards (IS) and Technical Reports
(TR) and positions the parts within the framework of reference. Overview, assessment guidelines,
management and engineering guidelines are available from ISO as freely available Technical Reports
(TR). The Framework document, profile specifications and certification schemes are published as
International Standards (IS).
vi © ISO/IEC 2018 – All rights reserved

Figure 1 — ISO/IEC 29110 Series
© ISO/IEC 2018 – All rights reserved vii

INTERNATIONAL STANDARD ISO/IEC 29110-4-1:2018(E)
Systems and software engineering — Lifecycle profiles for
Very Small Entities (VSEs) —
Part 4-1:
Software engineering - Profile specifications: Generic
profile group
1 Scope
The ISO/IEC 29110 series is applicable to Very Small Entities (VSEs). VSEs are enterprises, organizations,
departments or projects having up to 25 people. The lifecycle processes described in the ISO/IEC 29110
series are not intended to preclude or discourage their use by larger organizations than VSEs.
The lifecycle processes defined in the ISO/IEC 29110 series can be used by VSEs when using, as well as
when creating and supplying, a software system. They can be applied at any level in a software system’s
structure and at any stage in the lifecycle. The processes described in the ISO/IEC 29110 series are not
intended to preclude or discourage the use of additional processes that VSEs find useful. This document
is not intended to preclude the use of different life cycles such as: waterfall, iterative, incremental,
evolutionary or agile.
This document provides a profile specification for the Basic profile. The Basic profile applies to VSEs
involved in software development. It selects ISO/IEC/IEEE 12207 project management and software
implementation process elements from the single project perspective.
This document provides the normative and informative links to the subset of ISO/IEC/IEEE 12207.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 29110-2-1, Software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 2-1:
Framework and taxonomy
ISO/IEEE 12207:2008, Systems and software engineering — Software life cycle processes
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 29110-2-1 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http: //www .electropedia .org/
— ISO Online browsing platform: available at https: //www .iso .org/obp
© ISO/IEC 2018 – All rights reserved 1

3.2 Abbreviated terms
PAM Process Assessment Model
PM Project Management
PRM Process Reference Model
SI Software Implementation
VSE Very Small Entity
4 Conformance
4.1 Conformance situations
This document can be implemented by organizations or projects implementing and using the processes
required by this document. Therefore, organizations can claim conformance to this document.
This document does not contain any requirements applicable to products that facilitate its
implementation and its use within organizations. Therefore, conformance cannot be claimed by
developers of products.
NOTE Examples of such products are methods, courses, teaching aids, tools, and forms.
This document can be attested by a third party. It can be mandated as part of procurement and
contractual processes.
4.2 Conformance to this document
A VSE that claims conformance to the profile specified in this document shall identify the Software
Engineering Basic Profile as the profile it has implemented.
It can claim conformance to the process part of the profile if it meets all the mandatory profile process
requirements as identified in its specification Clause 7, and the associated properties and requirements
as described in the base standards when applicable.
NOTE Requirements of this document are mandatory and use the word "shall".
5 Naming, diagramming and definition conventions
Conventions for naming, diagramming, describing and defining VSE Profiles are defined in ISO/
IEC 29110-2-1.
6 Profile specification and its conformance with base standards
6.1 Minimal conditions for Basic profile use
To use the Basic profile, it is assumed that the VSE already fulfils the following conditions:
a) There is a project contract or agreement with scope.
b) The cost, technical and schedule feasibility was performed before the project start.
c) The project working team, including project manager, is assigned and trained.
d) Goods, services and infrastructure are available.
2 © ISO/IEC 2018 – All rights reserved

7 Basic profile specifications
7.1 Introduction
This clause contains the specification of the standardized profile requirements. It contains the
specification for the following profile elements:
— in 7.2, Project Management process; and
— in 7.3, Software Implementation process.
The requirements are expressed in the form of process descriptions following ISO/IEC 29110-2-1 and
ISO/IEC 33004 requirements.
NOTE The process outcomes are not declared in present tense so they can be used for different conformity
assessment schemas, e.g. auditing purposes or process capability and organizational maturity.
These requirements are the result of Project Management and Software Implementation purpose
achievement.
Annex A specifies the references between the standardized profile elements and the source standards.
Annex B gives additional information on the Process Reference Model for the VSE Basic Profile.
7.2 Project Management process specification
7.2.1 Project Management purpose
The purpose of the Project Management process is to establish and carry out in a systematic way the
tasks of the software implementation project, which allows complying with the project’s scope, in the
expected quality, time and costs.
7.2.2 Project Management requirements
As a result of successful implementation of the Project Management process:
a) The scope of the work for the project, including deliverables, shall be defined.
b) Tasks and resources associated with scope of the work shall be defined.
c) The cost, technical and schedule feasibility shall be performed.
d) Schedule, effort, cost and duration of work shall be estimated. Other metrics should be estimated,
if needed.
e) Allocation of human resources shall be planned.
f) Execution plan of the project shall be developed according to the scope of work, planned human
resources and tasks defined.
g) The execution plan shall be agreed by the Customer.
h) Risks shall be identified and monitored during the execution of the project.
i) A software version control strategy shall be developed and implemented, including back-up and
restoring definition.
j) Relevant items of software configuration shall be identified and controlled, including their storage,
baseline, handling, and modifications.
k) Progress of the project against the planning shall be monitored and reported.
l) Actions to adjust and correct execution plan deviations shall be taken.
© ISO/IEC 2018 – All rights reserved 3

m) Work team and customer review activities shall be held to assure that the work has been done
complies with the software requirements and execution plan.
n) Agreements resulting from revision activities shall be registered and tracked.
o) Project closure shall be performed after Customer acceptance.
7.3 Software implementation process specification
7.3.1 Software implementation purpose
The purpose of the software implementation process is the systematic performance of the analysis,
design, construction, integration and test activities for new or modified software products according to
the specified requirements and execution plan.
7.3.2 Software implementation requirements
As a result of successful implementation of the basic software implementation process:
a) The execution plan and software requirements shall be reviewed and understood by the work team.
b) Software requirements shall be defined.
c) Software requirements shall be analysed for correctness and testability.
d) Software requirements shall be agreed by the Customer or project sponsor.
e) Software requirements’ baseline shall be established and communicated to affected parties.
f) Changes to the software requirements shall be evaluated for cost, schedule and technical impact.
g) Software architectural and detailed design shall be developed and a baseline shall be established
and communicated to affected parties.
h) Software architectural and detailed design shall have been prepared to describe the software
components and their relevant internal and external interfaces.
i) Consistency and traceability between software requirements, software architectural and software
detailed design shall be established.
j) Software components defined by the detailed design shall be produced.
k) Releases of items shall be controlled and made available to relevant stakeholders.
l) Unit test shall be performed to verify the consistency with software requirements and detailed
design.
m) Consistency and traceability shall be established between software components and requirements
and design.
n) User documentation shall be developed.
o) Software shall be produced by integrating software components.
p) Software shall be tested and verified, the results shall be recorded and communicated to work team.
q) Defects identified in reviews, tests and verifications shall be corrected.
r) Software configuration shall be integrated and stored in the project repository. A final baseline
shall be established and communicated to work team and the customer.
s) Product shall be completed and released for use after validation by the customer or project sponsor.
4 © ISO/IEC 2018 – All rights reserved

Annex A
(normative)
Basic profile base document references
A.1 Introduction
This annex establishes the reference between the standardized profile elements and the source
standards, in Tables A.1 and A.2. The explanation of the column names and contents is stated in ISO/
IEC 29110-2-1:2015, Clauses 6 and 7.
Some profile elements are not included in the tables. Although explicit reference is not made in the
body of this document to activities, tasks and work products, more information can be found in ISO/
IEC TR 29110-5-1-2.
A.2 Profile requirements definition and composition references
A.2.1 PM Process — Project Management
Table A.1 — PM Process — Profile requirements mapping to base standards
Profile Base
requirement Profile requirement Source doc. ID standard Base standard name
ID ID
The scope of the work
b)  Scope statement.
for the project, includ-
a) ISO/IEC 12207:2008 6.1.1.3.1.10
ing deliverables, shall
d)  List of software products.
be defined.
c)  Adequate resources needed to
Tasks and resources execute the tasks.
associated with scope
b) ISO/IEC 12207:2008 6.3.1.3.2.1 d)  Allocation of tasks.
of the work shall be
defined. i)  Provision of environment and
infrastructure.
Once the project requirements are
established, the manager shall es-
tablish the feasibility of the project
by checking that the resources (per-
The cost, technical and
sonnel, materials, technology, and
c) schedule feasibility ISO/IEC 12207:2008 6.3.1.3.1.2
environment) required to execute
shall be performed.
and manage the project are availa-
ble, adequate, and appropriate and
that the timescales to completion
are achievable.
a)  Schedules for the timely comple-
tion of tasks.
Schedule, effort, cost
b)  Estimation of effort.
and duration of work
shall be estimated.
d) ISO/IEC 12207:2008 6.3.1.3.2.1 c)  Adequate resources needed to
Other metrics should
execute the tasks.
be estimated, if need-
ed. d)  Allocation of tasks.
e)  Assignment of responsibilities.
© ISO/IEC 2018 – All rights reserved 5

Table A.1 (continued)
Profile Base
requirement Profile requirement Source doc. ID standard Base standard name
ID ID
c)  Adequate resources needed to
execute the tasks.
Allocation of human
e) resources shall be ISO/IEC 12207:2008 6.3.1.3.2.1
d)  Allocation of tasks.
planned.
e)  Assignment of responsibilities.
a)  Schedule
...