ISO/IEC 29110-1-2:2024

International
Standard
ISO/IEC 29110-1-2
First edition
Systems and software
2024-05
engineering — Lifecycle profiles for
Very Small Entities (VSEs) —
Part 1-2:
Vocabulary
Ingénierie des systèmes et du logiciel — Profils de cycle de vie
pour très petits organismes (TPO) —
Partie 1-2: Vocabulaire
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3  Terms and definitions . 1
Bibliography . 17
Index . 19

© ISO/IEC 2024 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
This first edition of ISO/IEC 29110-1-2, together with ISO/IEC 29110-1-1, cancels and partially replaces
ISO/IEC TR 29110-1:2016, which has been technically revised.
The main changes are as follows:
— terms have been added after the publication of new documents in the ISO/IEC 29110 series since the
publication of ISO/IEC TR 29110-1:2016.
A list of all parts in the ISO/IEC 29110 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2024 – All rights reserved
iv
Introduction
For the purpose of the ISO/IEC 29110 series, a very small entity (VSE) is an enterprise, organization (e.g.
government agency, non-profit organization), department or project having up to 25 people. Since many VSEs
develop and/or maintain system and software components used in systems, either as independent products
or incorporated in larger systems, a recognition of VSEs as suppliers of high-quality products is required.
VSEs around the world are creating valuable products and services. According to the World Bank, small
and medium-sized enterprises (SMEs) account for about 90 % of enterprises worldwide. According to the
Organisation for Economic Co-operation and Development (OECD), SMEs represent 99 % of all businesses
and generate about 60 % of employment. Almost one person out of three is employed in a micro firm with less
than 10 employees. The European Union reports that micro firms, with fewer than 10 persons, account for
93,5 % of all enterprises and small firms, with 10 to 49 employees, account for 5,5 % of all enterprises. The
challenge facing OECD governments is to provide a business environment that supports the competitiveness
of this large heterogeneous business population and that promotes a vibrant entrepreneurial culture.
From studies and surveys conducted, it is clear that the majority of International Standards do not address
the needs of VSEs. Implementation of and conformity with these standards is difficult, if not impossible.
Consequently, VSEs have no, or very limited, ways to be recognized as entities that produce quality systems/
system elements including software in their domain. Therefore, VSEs are excluded from some economic
activities.
It has been found that VSEs find it difficult to relate International Standards to their business needs and
to justify the effort required to apply standards to their business practices. Most VSEs can neither afford
the resources, in terms of number of employees, expertise, budget and time, nor do they see a net benefit in
establishing over-complex systems or software life cycle processes. To address some of these difficulties,
a set of guidelines has been developed based on a set of VSE characteristics. The guidelines are based on
subsets of appropriate standards processes, activities, tasks, and outcomes, referred to as profiles. The
purpose of a profile is to define a subset of international standards relevant to the VSEs' context; for example,
processes, activities, tasks, and outcomes of ISO/IEC/IEEE 12207 for software; and processes, activities,
tasks, and outcomes of ISO/IEC/IEEE 15288 for systems; and information products (documentation) of
ISO/IEC/IEEE 15289 for software and systems.
VSEs can achieve recognition through implementing a profile and by being audited against the specifications
of the ISO/IEC 29110 series.
The ISO/IEC 29110 series can be applied at any phase of system or software development within a life
cycle. The ISO/IEC 29110 series is intended to be used by VSEs that do not have experience or expertise in
adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 standards to the needs of a specific project.
VSEs that have expertise in adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 are encouraged
to use those standards instead of the ISO/IEC 29110 series.
The ISO/IEC 29110 series is intended to be used with any life cycle such as: waterfall, iterative, incremental,
evolutionary or agile.
Systems, in the context of the ISO/IEC 29110 series, are typically composed of hardware and software
components.
The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software and/
or service quality, and process performance. Figure 1 describes the ISO/IEC 29110 series and positions the
parts within the framework of reference.

© ISO/IEC 2024 – All rights reserved
v
Figure 1 — The ISO/IEC 29110 series
ISO/IEC 29110-1-1 introduces processes, life cycle and standardization concepts, the taxonomy (catalogue) of
ISO/IEC 29110 profiles and the ISO/IEC 29110 series. ISO/IEC 29110-1-1 also introduces the characteristics
and needs of a VSE, and clarifies the rationale for specific profiles, documents, standards and guidelines.
ISO/IEC 29110-1-2 defines the terms common to the ISO/IEC 29110 series. ISO/IEC 29110-1-1 and
ISO/IEC 29110-1-2 are targeted at VSEs and their customers, assessors, standards producers, tool vendors
and methodology vendors.
ISO/IEC 29110-2 introduces the concepts for systems and software engineering profiles for VSEs. It
establishes the logic behind the definition and application of profiles. For standardized profiles, it specifies
the elements common to all profiles (structure, requirements, conformance, and assessment). For domain-
specific profiles (profiles that are not standardized and developed outside of the ISO process), it provides
general guidance adapted from the definition of standardized profiles. ISO/IEC 29110-2 is targeted at profile
producers, tool vendors and methodology vendors.
ISO/IEC 29110-3 defines certification schemes, assessment guidelines and compliance requirements for
process capability assessment, conformity assessments, and self-assessments for process improvements.
ISO/IEC 29110-3 also contains information that can be useful to developers of certification and assessment
methods and developers of certification and assessment tools. ISO/IEC 29110-3 is addressed to people who
have direct involvement with the assessment process, e.g. the auditor, certification and accreditation bodies
and the sponsor of the audit, who need guidance on ensuring that the requirements for performing an audit
have been met. ISO/IEC 29110-3 is targeted at VSEs and their customers, assessors, accreditation bodies.

© ISO/IEC 2024 – All rights reserved
vi
ISO/IEC 29110-4 provides the specifications for all generic profiles of the generic profile group that are based
on subsets of appropriate standards elements. ISO/IEC 29110-4 is targeted at VSEs, customers, standards
producers, tool vendors and methodology vendors.
ISO/IEC 29110-5 provides a management, engineering and service delivery guidelines for profiles of the
generic profile group. ISO/IEC 29110-5 is targeted at VSEs and their customers.
ISO/IEC 29110-6 provides the specifications for specific profiles that are based on subsets of appropriate
standards elements. ISO/IEC 29110-6 is targeted at VSEs, customers, standards producers, tool vendors and
methodology vendors.
ISO/IEC 29110-7 provides a guide for each profile of the specific profile group. ISO/IEC 29110-7 is targeted at
VSEs and their customers.
If a new profile is needed, ISO/IEC 29110-4 or ISO/IEC 29110-6 and/or ISO/IEC 29110-7, ISO/IEC 29110-5
can be developed with minimal impact to existing documents.
This document is targeted both at the general audience wishing to understand the ISO/IEC 29110 series, and
more specifically, at users of the ISO/IEC 29110 series. It should be read first when initially exploring VSE
profile documents. While there is no specific prerequisite to read this document, it is helpful to the user in
understanding the terms used in the other parts.

© ISO/IEC 2024 – All rights reserved
vii
International Standard ISO/IEC 29110-1-2:2024(en)
Systems and software engineering — Lifecycle profiles for
Very Small Entities (VSEs) —
Part 1-2:
Vocabulary
1 Scope
This document defines the terms common to the ISO/IEC 29110 series.
This document is applicable to very small entities (VSEs), and their customers, assessors, standards
producers, tool vendors and methodology vendors.
2 Normative references
There are no normative references in this document.
3  Terms and definitions
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
activity
set of cohesive tasks (3.110) of a process (3.60)
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.3]
3.2
acquirer
stakeholder (3.101) that acquires or procures a product or service (3.85) from a supplier (3.105)
Note 1 to entry: Other terms commonly used for an acquirer are buyer, customer (3.33), owner, purchaser or internal/
organizational sponsor.
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.1]
3.3
Advanced profile
profile (3.70) targeted at VSEs (3.124) which want to sustain and grow as a competitive system (3.107) and/
or software (3.93) development organization
3.4
agile development
development approach based on iterative development, frequent inspection and adaptation, and incremental
deliveries in which requirements and solutions evolve through collaboration in cross-functional teams and
through continuous stakeholder (3.101) feedback
[SOURCE: ISO/IEC/IEEE 26515:2018, 3.1, modified — Note 1 to entry has been removed.]

© ISO/IEC 2024 – All rights reserved
3.5
agile environment
organizational culture, infrastructure, and methodologies that support agile development (3.4)
[SOURCE: ISO/IEC/IEEE 26515:2018, 3.2]
3.6
agile team
organization (3.54) or team using agile development (3.4) methods and approaches
Note 1 to entry: Typically with roles such as team lead, project manager, user (3.119) or user representative, software
(3.93) and information developers, and testers.
[SOURCE: ISO/IEC/IEEE 26515:2018, 3.3]
3.7
agreement
mutual acknowledgement of terms and conditions under which a working relationship is conducted
EXAMPLE Contract, memorandum of agreement.
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.5]
3.8
assessment indicator
sources of objective evidence used to support the assessors’ (3.9) judgment in rating process (3.60) attributes
EXAMPLE Work products (3.127), practice, or resource (3.78).
[SOURCE: ISO/IEC 33001:2015, 3.3.1, modified — Note 1 to entry has been replaced by EXAMPLE.]
3.9
assessor
individual who participates in the rating of process (3.60) attributes
[SOURCE: ISO/IEC 33001:2015, 3.2.11]
3.10
audit
independent examination of a work product (3.127) or set of work products to assess compliance with
specifications, standards, contractual agreements, or other criteria
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.10]
3.11
auditee
organization (3.54) being audited
[SOURCE: ISO 19011:2018, 3.13]
3.12
auditor
person who conducts an audit (3.10)
[SOURCE: ISO 19011:2018, 3.15]
3.13
audit team
one or more auditors (3.12) conducting an audit (3.10), supported if needed by technical experts
Note 1 to entry: One auditor of the audit team is appointed as the audit team leader.
Note 2 to entry: The audit team may include auditors-in-training.

© ISO/IEC 2024 – All rights reserved
[SOURCE: ISO 19011:2018, 3.14, modified — In the definition, "persons" has been replaced by "auditors"; in
note 2 to entry, "can" has been replaced by "may".]
3.14
autonomy-based improvement
self-motivated and self-determined professional process improvement (3.65) with an understanding of the
work (process) objectives, latest technology, and outcomes from product use
3.15
backlog
collection of agile features (3.42) or stories of both functional and nonfunctional requirements that are
typically sorted in an order based on value priority
[SOURCE: ISO/IEC/IEEE 26515:2018, 3.4]
3.16
baseline
formally approved version of a configuration item (3.29), regardless of media, formally designated and fixed
at a specific time during the configuration item's life cycle (3.51)
[SOURCE: ISO/IEC/IEEE 12207:2017, 3.1.11]
3.17
base standard
approved International Standard or ITU-T Recommendation
[SOURCE: ISO/IEC TR 10000-1:1998, 3.1.1]
3.18
Basic profile
profile (3.70) targeted at VSEs (3.124) developing a single product by a single work team
3.19
build
operational version of a system (3.107) or component that incorporates a specified subset of the capabilities
that the final product will provide
[SOURCE: IEEE 828:2012, 2.1, IEEE dictionary]
3.20
burndown chart
graph that represents the work remaining to do on a project (3.72)
[SOURCE: ISO/IEC/IEEE 26511:2018, 3.1.6]
3.21
business critical product
product that is essential to the operation of a business or organization (3.54), whose sustained failure would
result in significant business impacts e.g., loss of revenue or loss of reputation
3.22
certification
third-party attestation related to an object of conformity assessment (3.30), with the exception of
accreditation
[SOURCE: ISO/IEC 17000:2020, 7.6]
3.23
certification body
third-party conformity assessment (3.30) body operating certification schemes (3.24)
[SOURCE: ISO/IEC 17065:2012, 3.12, modified — Note 1 to entry has been removed.]

© ISO/IEC 2024 – All rights reserved
3.24
certification scheme
certification (3.22) system (3.107) related to specified products, to which the same specified requirements,
specific rules and procedures (3.59) apply
Note 1 to entry: A “certification system” is a "conformity assessment system", which is defined in ISO/IEC 17000:2020, 4.8.
Note 2 to entry: The rules, procedures and management (3.52) for implementing product, process (3.60) and service
(3.85) are stipulated by the certification scheme.
[SOURCE: ISO/IEC 17065:2012, 3.9, modified — Note 1 to entry has been removed; the other two notes to
entry have been renumbered.]
3.25
certification scheme owner
person or organization (3.54) responsible for developing and maintaining a specific certification scheme (3.24)
Note 1 to entry: The certification scheme owner can be the certification body (3.23) itself, a governmental authority, a
trade association, a group of certification bodies or others.
[SOURCE: ISO/IEC 17065:2012, 3.11, modified — The term has been changed from "scheme owner" to
"certification scheme owner".]
3.26
change
modification of an existing application comprising additions, alterations and deletions
[SOURCE: ISO/IEC 20968:2002, Clause 10, modified — In the definition, "changes" has been replaced by
"alterations".]
3.27
client
organization (3.54) or person responsible to a certification body (3.23) for ensuring that
certification (3.22) requirements, including product requirements, are fulfilled
[SOURCE: ISO/IEC 17065:2012, 3.1, modified — The domain "certification" has been added.]
3.28
conditional task
task (3.110) that can be mandatory under some specified condition(s), can be optional under other specified
conditions, and can be out of scope or not applicable under other specified conditions
Note 1 to entry: These shall be observed if the specified condition(s) apply.
3.29
configuration item
CI
item or aggregation of hardware, software (3.93), or both, that is designated for configuration management
(3.52) and treats as a single entity (3.39) in the configuration management process (3.60)
Note 1 to entry: Configuration items can vary widely in complexity, size and type, ranging from an entire system
(3.107) including all hardware, software and documentation, to a single module or a minor hardware component.
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.11, modified — The abbreviated term "CI" and note 1 to entry have
been added.]
3.30
conformity assessment
demonstration that specified requirements are fulfilled
Note 1 to entry: The process (3.60) of conformity assessment as described in the functional approach in
ISO/IEC 17000:2020, Annex A can have a negative outcome, i.e. demonstrating that the specified requirements are not
fulfilled.
© ISO/IEC 2024 – All rights reserved
Note 2 to entry: Conformity assessment includes activities defined elsewhere in this document, such as but not limited
to testing, inspection, validation, verification, certification, and accreditation.
Note 3 to entry: Conformity assessment is explained in ISO/IEC 17000:2020, Annex A as a series of functions. Activities
contributing to any of these functions can be described as conformity assessment activities.
Note 4 to entry: This document does not include a definition of “conformity”. “Conformity” does not feature in the
definition of “conformity assessment”. Nor does this document address the concept of compliance.
[SOURCE: ISO/IEC 17000:2020, 4.1]
3.31
continuous deployment
automated process (3.60) of deploying changes to production by verifying intended features (3.42) and
validations (3.121) to reduce risk
[SOURCE: ISO/IEC/IEEE 32675:2022, 3.1]
3.32
continuous integration
technique that continually merges artefacts, including source code updates from all developers on a team,
into a shared mainline to build and test the developed system (3.107)
[SOURCE: ISO/IEC/IEEE 32675:2022, 3.1]
3.33
customer
person or organization (3.54) that could or does receive a product or a service (3.85) that is intended for or
required by this person or organization
EXAMPLE Consumer, client, end-user, retailer, receiver or product or service from an internal process (3.60),
beneficiary and purchaser.
Note 1 to entry: A customer can be internal or external to the organization.
[SOURCE: ISO 9000:2015, 3.2.4]
3.34
definition of done
regarded by the agile team (3.6) as complete and ready to use
[SOURCE: ISO/IEC/IEEE 26515: 2018]
3.35
deployment package
DP
set of artefacts developed to facilitate the implementation of a set of practices, of the selected framework, in
a very small entity (3.124)
3.36
document
information and the medium on which it is contained
EXAMPLE Record (3.74), specification, procedure (3.59) document, drawing, report (3.76), standard.
Note 1 to entry: The medium can be paper, magnetic, electronic or optical computer disc, photograph or master
sample, or combination thereof.
Note 2 to entry: A set of documents, for example specifications and records, is frequently called “documentation”.
Note 3 to entry: Some requirements (e.g. the requirement to be readable) relate to all types of documents. However,
there can be different requirements for specifications (e.g. the requirement to be revision controlled) and for records
(e.g. the requirement to be retrievable).

© ISO/IEC 2024 – All rights reserved
[SOURCE: ISO 9000:2015, 3.8.5]
3.37
effectiveness
extent to which planned activities are realized and planned results achieved
[SOURCE: ISO 9000:2015, 3.7.11, modified — Note 1 to entry has been removed.]
3.38
efficiency
relationship between the result achieved and the resources (3.78) used
[SOURCE: ISO 9000:2015, 3.7.10]
3.39
entity
individual, group, or organizational function that can be tasked with a given responsibility
[SOURCE: IEEE 7002:2022, 3.1, IEEE dictionary]
3.40
Entry profile
profile (3.70) targeted at start-up VSEs (3.124) (i.e. VSEs who started their operation fewer than three years
ago) and/or at VSEs working on a single small project (3.72) (e.g. project size of less than 6 person-months)
3.41
external service provider
person or organization (3.54) providing services (3.85) commercially to external customers (3.33)
3.42
feature
functional or non-functional distinguishing characteristic of a system (3.107)
Note 1 to entry: A feature is usually an enhancement to an existing system.
[SOURCE: ISO/IEC/IEEE 26515: 2018, 3.7, modified — The original note 1 to entry has been replaced by a
new one.]
3.43
generic profile group
profile group (3.71) applicable to VSEs (very small entities) (3.124) that do not develop critical systems (3.107)
or software products (3.96)
3.44
governance
human-based system (3.107) comprising directing, overseeing and accountability
[SOURCE: ISO/IEC 38500:2024, 3.3]
3.45
incident
anomalous or unexpected event, set of events, condition, or situation at any time during the life cycle (3.51)
of a project (3.72), product, service (3.85), or system (3.107)
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.17, modified — Note 1 to entry has been removed.]
3.46
increment
tested, deliverable version of a software product (3.96) that provides new or modified capabilities ®
[SOURCE: Software Extension to the PMBOK Guide Fifth Edition]

© ISO/IEC 2024 – All rights reserved
3.47
information security policy
document (3.36) that states, in writing, how an organization (3.54) plans to protect its physical and
information technology assets
[SOURCE: ISO/TS 21547:2010, 3.2.25]
3.48
Intermediate profile
profile (3.70) targeted at VSEs (3.124) involved in the development of more than one project (3.72) in parallel
with more than one work team
3.49
internal service provider
person or organization (3.54) providing services (3.85) internal to the VSE (3.124)
3.50
iteration
short time frame in which a set of software (3.93) features (3.42) is developed, leading to a working product
that can be demonstrated to stakeholders (3.101)
Note 1 to entry: Different agile methodologies use different terms for an iteration.
Note 2 to entry: Some agile methodologies are not based on iterations.
[SOURCE: ISO/IEC/IEEE 26515:2018, 3.10]
3.51
life cycle
evolution of a system (3.107), product, service (3.85), project (3.72) or other human-made entity (3.39) from
conception through retirement
[SOURCE: ISO/IEC/IEEE 15288:2023, 3.21]
3.52
management
coordinated activities to direct and control an organization (3.54)
Note 1 to entry: Management can include establishing policies and objectives, and processes (3.60) to achieve these
objectives.
Note 2 to entry: The word “management” sometimes refers to people, i.e. a person or group of people with authority
and responsibility for the conduct and control of an organization. When “management” is used in this sense, it should
always be used with some form of qualifier to
...