ISO/IEC TS 33064:2025

Technical
Specification
ISO/IEC TS 33064
First edition
Information technology — Process
2025-10
assessment — Process assessment
model for safety processes
Technologies de l'information — Évaluation des processus —
Modèle d'évaluation des processus pour les processus de sécurité
Reference number
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 The process assessment model . 2
4.1 General .2
4.2 Structure of the process assessment model .3
4.2.1 General .3
4.2.2 Process dimension .3
4.2.3 Quality dimension .4
4.3 Assessment indicators .4
5 The process dimension . 5
5.1 General .5
5.2 Safety processes (SAF) .5
6 The quality dimension . 9
Annex A (informative) Process outputs .11
Annex B (informative) Life cycle guidance .15
Bibliography .21

© ISO/IEC 2025 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
This document cancels and replaces ISO/IEC TS 15504-10:2011, which has been technically revised.
The main changes are as follows:
— all processes, outcomes, base practices and related process outputs and their descriptions are revised;
— this process assessment model includes a process quality attribute of process performance and can be
used with other models of process quality, for instance capability as described in ISO/IEC 33020.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2025 – All rights reserved
iv
Introduction
The documents on process assessment developed by JTC 1/SC 7 (ISO/IEC 33001 to ISO/IEC 33099) define
the requirements and resources needed for process assessment. The overall architecture and content of
these documents is described in ISO/IEC 33001. Several documents on process assessment developed by
JTC 1/SC 7 are intended to replace and extend parts of the ISO/IEC 15504 series.
The published documents on process assessment by JTC 1/SC 7 for systems and software life cycle processes
do not provide a sufficient basis for performing a process quality assessment with respect to the development
of complex safety-related systems.
Developing safety-related systems requires specialized processes, techniques, skills, and experience.
Additional processes are needed in the area of safety management, safety engineering and external resource
qualification. This document presents three process descriptions: safety management, safety engineering
and external resource qualification processes.
A process assessment model is related to one or more process reference models. The extended safety process
reference model is included in this document as descriptions of process purposes and outcomes.
A process assessment model incorporates a process measurement framework conforming to the
requirements of ISO/IEC 33003 and is expressed as a process quality characteristic with a defined set of
process attributes.
A process assessment model includes a set of assessment indicators. Process performance indicators
address the process purpose and outcomes of each process in the process assessment model. Process
quality indicators demonstrate the achievement of the process attributes in the process measurement
framework. These indicators may also provide a reference source of practices when implementing a process
improvement program.
The assessment indicators are used as a basis for collecting objective evidence to support an assessor’s
judgement in assigning ratings of the performance and quality of an implemented process. The set of
indicators defined in this document are not intended to be an all-inclusive set and applicable in its entirety.
Subsets appropriate to the context and scope of the assessment should be selected and potentially augmented
with additional indicators.
A process assessment is conducted according to a documented assessment process. A documented
assessment process identifies the rating method to be used in rating process attributes and identifies or
defines the aggregation method to be used in determining ratings.
ISO/IEC 33020 provides a process measurement framework for the assessment of process capability
which may be incorporated as a process measurement framework in this document. ISO/IEC 33020:2019,
Annex B includes a set of process quality indicators for each process attribute in the process measurement
framework.
© ISO/IEC 2025 – All rights reserved
v
Technical Specification ISO/IEC TS 33064:2025(en)
Information technology — Process assessment — Process
assessment model for safety processes
1 Scope
This document defines a process assessment model for safety processes, conforming to the requirements
of ISO/IEC 33004, for use in performing a process assessment in accordance with the requirements of
ISO/IEC 33002.
This document supports the use of the process assessment models for system and software life cycle
processes (ISO/IEC TS 33060 and ISO/IEC TS 33061) when applied to assessment of processes in the
development of (functional or non-functional) safety related systems in order to make consistent judgment
regarding either process quality or improvement priorities, or both.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 33001, Information technology — Process assessment — Concepts and terminology
ISO/IEC 33003:2015, Information technology — Process assessment — Requirements for process measurement
frameworks
ISO/IEC 33004:2015, Information technology — Process assessment — Requirements for process reference,
process assessment and maturity models
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 33001 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
external resource
resource not developed under project control
Note 1 to entry: External resources include tools, libraries, commercial off-the-shelf (COTS), re-use components.
3.2
hazard
potential source of harm
[SOURCE: ISO/IEC Guide 51:2014, 3.2]

© ISO/IEC 2025 – All rights reserved
3.3
safety criteria
limits of acceptable risk associated with a hazard (3.2)
Note 1 to entry: These limits may be defined as imposed safety targets or developed from analysis or development policy.
3.4
safety demonstration
body of evidence and rationale that shows an item is justified as being safe within allowed limits on risk
Note 1 to entry: For example, this can include that an item was designed and integrated correctly to approved standards
by competent people in accordance with approved procedures with sufficient mitigation and tested sufficiently.
Note 2 to entry: For more information about safety case and assurance case in general, see the ISO/IEC/IEEE 15026 series.
3.5
safety integrity requirement
likelihood of a safety-related system satisfactorily performing the required safety functions under stated
conditions
3.6
safety life cycle
project or product life cycle in which safety processes are performed
3.7
safety requirement
requirement that is needed to ensure the safety of the product
3.8
safety-related incident
incident having an impact on safety
4 The process assessment model
4.1 General
This document provides a basis for a process assessment model (PAM) that is two-dimensional. In one
dimension, the process dimension, the processes are defined together with the set of assessment indicators
of process performance. In the other dimension, the quality dimension, for each process attribute in the
process measurement framework, a set of process quality indicators is defined for the selected process
quality characteristic.
This document supports the use of the process assessment models for system and software life cycle
processes (ISO/IEC TS 33060 and ISO/IEC TS 33061), which provide detailed information about the process
assessment models. The processes and process elements in this document extend the scope of the process
reference models used in ISO/IEC TS 33060 and ISO/IEC TS 33061.
NOTE The aim of this document is not to provide a way to verify the conformity with one or more domain-specific
safety standard, nor to extend the documents on process assessment developed by JTC 1/SC 7 in order to use them
as safety standards against which to verify conformity. The aim of this document is to provide the assessors with
necessary means and information for measuring the quality of processes and defining possible process improvement
actions also when the software or system under development is safety-related.
Users of this document may reproduce the detailed descriptions contained in the assessment model as part
of any tool or other material to support the performance of process assessments, so that it can be used for its
intended purpose.
© ISO/IEC 2025 – All rights reserved
4.2 Structure of the process assessment model
4.2.1 General
This subclause describes the structure of the process assessment model and its key components.
The process dimension comprises the set of processes defined with process purpose and process outcomes
together with a set of assessment indicators of process performance. The process reference model (PRM)
consists of the process purposes and associated outcomes defined in this document. The purpose and
outcomes are a statement of the goals of the performance of each process.
Processes included in a process reference model shall be in accordance with ISO/IEC 33004:2015, 5.4.
The processes in this document meet the ISO/IEC 33004 requirements for process descriptions, process
purposes and outcomes.
The quality dimension comprising a set of process attributes for a selected process quality characteristic is
incorporated as a process measurement framework together with a set of process quality indicators.
NOTE ISO/IEC 33020 provides a process measurement framework for the assessment of process capability which
can be incorporated into this document. ISO/IEC 33020 also includes a set of process quality indicators for each
process attribute in the process measurement framework.
4.2.2 Process dimension
Each process has a process identifier (ID) consisting of the process group abbreviated name and the
sequential number of the process in that group. Each process is described by its name, purpose, outcomes,
base practices, and process outputs.
Each process is described in terms of a purpose statement. These statements contain the unique functional
objectives of the process when performed in a particular environment. A list of specific process outcomes is
associated with each of the process purpose statements, as a list of expected positive results of the process
performance.
This process assessment model includes three processes, which are classified into a process group named
safety (abbreviated as SAF). The processes and their IDs are as follows:
— safety management (SAF.1);
— safety engineering (SAF.2);
— external resource qualification (SAF.3).
The relationship between the processes is illustrated in Figure 1.

© ISO/IEC 2025 – All rights reserved
Figure 1 — Relationship between the processes
The process group and processes are described in Clause 5.
4.2.3 Quality dimension
For the quality dimension, the minimum requirement is that the process shall be performed, i.e. the
implemented process shall achieve its process purpose and the expected outcomes shall be observable.
Process attributes are features of a process that can be evaluated on a scale of achievement, providing a
measure of the quality of the process and are applicable to all processes.
4.3 Assessment indicators
A process assessment model is based on the principle that the quality of a process can be assessed by
demonstrating the achievement of process attributes on the basis of evidences related to assessment
indicators.
There are two types of assessment indicators: process performance indicators and process quality
indicators. Process performance indicators address the process purpose and outcomes of each process in
the process dimension. Process quality indicators demonstrate the achievement of the process attributes in
the quality dimension.
The process performance indicators are:
— base practice (BP);
— process output (PO).
The performance of base practices (BPs) provides an indication of the extent of achievement of the
process purpose and process outcomes. The base practices correspond to ISO/IEC/IEEE 15288 and
ISO/IEC/IEEE 12207 activities and tasks. Process outputs (POs) are either used or produced (or both), when
performing the process. Information items that are the key outputs of the process, are primarily used as
performance indicators.
Annex A provides the list of process outputs associated with the processes in Clause 5. The process outputs
are identified by categories. The process outputs are indicated by the process IDs.

© ISO/IEC 2025 – All rights reserved
Process quality indicators depend on the process quality characteristic of interest. The minimum
requirement is that at least one of the process attributes shall comprise the achievement of the defined
process purpose and process outcomes for the process; this is termed the process performance attribute
(see ISO/IEC 33003:2015, 4.2.1). Other process quality attributes can be defined as needed.
The process performance and process quality indicators represent types of objective evidence that can be
found in an instantiation of a process and therefore can be used to judge achievement of quality.
5 The process dimension
5.1 General
The process dimension comprises the set of processes defined with process purpose and process outcomes
together with a set of assessment indicators of process performance.
Each individual process has a process identifier (ID) consisting of the process group abbreviated name
and the sequential number of the process in that group and is described in terms of process name, process
purpose, and process outcomes.
In addition, the process dimension of the process assessment model provides information in the form of a set of:
a) base practices for the process providing a definition of the tasks and activities needed to accomplish
the process purpose and fulfil the process outcomes; each base practice is associated to one or more
process outcomes;
b) process outputs that are related to one or more process outcomes;
The process purposes, process outcomes, base practices and process outputs associated with the processes
are included in this clause. The base practices and process outputs constitute the set of indicators of process
performance.
A documented assessment process and assessor judgment is needed to ensure that process context
(application domain, business purpose, development methodology, size of the organization, etc.) is
considered when using this information.
5.2 Safety processes (SAF)
Developing safety-related systems requires specialised processes, techniques, skills and experience.
Additional processes are needed in the area of safety management, safety engineering and external resource
qualification. The three process descriptions form a process group for safety (SAF).
These processes are independent of any specific safety standards that define safety principles, methods,
techniques, and work products. However, elements of relevant safety standards can be mapped to the
safety processes and the safety processes are intended to be extendable to include specific safety standards
requirements.
The performance of one or more of the processes in this document is not intended to cover the requirements
of any other safety standard. The achievement of a certain process quality level in one or more of those
processes does not imply the compliance with any other domain specific safety standard.
The processes are defined in Tables 1 to 3.

© ISO/IEC 2025 – All rights reserved
Table 1 — SAF.1 Safety management process
Process ID SAF.1
Process name Safety management process
Process purpose The purpose of the safety management process is to identify, establish, and control the ac-
tivities and resources necessary to ensure that products, services and life cycle processes
meet safety objectives.
Process outcomes As a result of the successful implementation of the safety management process:
a) Safety principles and safety criteria are established.
b) The scope of the safety activities is defined.
c) Safety activities are planned.
d) Safety organization structure (responsibilities, roles, reporting channels, interfaces with
other projects or organizational units, tools and facilities) is established.
e) Safety life cycle activities are monitored.
f) Agreement on safety policy and requirements for supplied products or services is achieved.
Base practicesSAF.1.BP1: Define safety objectives and criteria. [Outcome: a]
The limits of acceptable risk associated with a hazard are defined externally as imposed
safety targets or developed from analysis or development policy.
Safety targets and/or acceptable levels of risk are determined.
SAF.1.BP2: Define safety life cycle. [Outcome: b]
The safety life cycle is defined, which is appropriate to the context, complexity, safety cri-
teria and targets.
Assure functional safety throughout the product life cycle. For this reason, the safety man-
agement includes and reflects all phases of the product life cycle.
SAF.1.BP3: Perform safety planning. [Outcome: c, d]
Tasks and resources necessary to complete the safety management and engineering activities
are identified, their dependencies are determined, their implementation planned, and the
resource needs sized and estimated.
SAF.1.BP4: Define safety activities integration. [Outcome: c, d]
Safety activities integration with product development, project life cycle and support pro-
cess is determined.
Examples of integration between development life cycle and safety activities can be found
in the IEC 61508 series and the ISO 26262 series.
Safety activities integration is supported by traceability of safety requirements during the
development life cycle.
© ISO/IEC 2025 – All rights reserved
TTabablele 1 1 ((ccoonnttiinnueuedd))
SAF.1.BP5: Define skills requirements and allocate responsibility. [Outcome: c, d]
Skills needs for carrying out planned safety activities are identified, and responsibilities,
authorities, and independence of involved roles are defined and allocated accordingly.
SAF.1.BP6: Monitor and control the implementation of the safety activities. [Out-
come: e]
Monitor the implementation of the safety activities according to the plan and act to cor-
rect deviations. Deviations and safety-related incidents are reported, analysed, managed
to closure, and further prevented.
SAF.1.BP7: Define and agree on safety policy and safety requirements with suppliers.
[Outcome: f]
Methods and techniques to monitor supplier’s safety activities are agreed with the customer.
Define an agreement on how the supplier assures safety of the supplied product.
SAF.1.BP8: Implement an escalation mechanism. [Outcome: e]
Develop and maintain the escalation mechanism that ensures that safety issues may be
escalated to appropriate levels of management to resolve them.
Process outputs Safety policy [Outcome: a, b]
Safety plan [Outcome: b, c, d]
System/software development plan[Outcome: b, c, d]
Work breakdown structure [Outcome: b, c]
Project status report [Outcome: e]
Safety log [Outcome: e, f]
Verification record [Outcome: e]
Configuration management change request [Outcome: e]
Acquisition record [Outcome: e]
Qualification requirements on external resources [Outcome: f]
Safety life cycle model [Outcome: b, c]
Safety criteria [Outcome: a]
Safety demonstration [Outcome: c]
Table 2 — SAF.2 Safety engineering process
Process ID SAF.2
Process name Safety engineering process
Process purpose The purpose of the safety engineering process is to ensure that safety is adequately addressed
throughout all stages of the engineering processes.
Process outcomes As a result of the successful implementation of the safety engineering process:
a) Hazards related to the product are identified and analysed.
b) Safety demonstration for the product life cycle is established and maintained.
c) Safety requirements are defined.
d) Safety principles are applied to development processes.
e) Impacts on safety of change requests are analysed.
f) Product is validated against safety requirements.
g) Independent safety evaluations for process and product are performed.
Base practices SAF.2.BP1: Identify hazard sources and hazards. [Outcome: a]
Hazard sources and hazards of relevant operational conditions and for foreseeable misuse
are identified and recorded.
SAF.2.BP2: Analyse hazards and risks. [Outcome: a]
For each hazard, analyse likelihood and severity of impact, and evaluate the risk of the
hazard.
SAF.2.BP3: Establish and maintain hazard log. [Outcome: a]
Status of hazards is maintained throughout the whole product life cycle.

© ISO/IEC 2025 – All rights reserved
TTabablele 2 2 ((ccoonnttiinnueuedd))
SAF.2.BP4: Establish and maintain safety demonstration. [Outcome: b]
Safety demonstration is created and maintained during the life cycle of the product. Process
and product documentation is collected for safety demonstration evidence.
A safety case is a way to collect and present information for safety demonstration.
SAF.2.BP5: Establish and maintain safety requirements. [Outcome: c]
Establish and maintain throughout the life cycle safety requirements based on the results
of hazard and risk analysis and any other applicable sources.
Applicable sources can be: legislative requirements, standards, regulations, company poli-
cies, customer requirements, customer and end user feedback, verification results, quality
assurance findings, validation results, safety validation results, production experiences,
commissioning and decommissioning experiences, maintenance and repair experiences,
and product field studies.
SAF.2.BP6: Derive safety integrity levels. [Outcome: c]
Safety integrity levels for each safety requirement based on the risk evaluation of their
hazards are derived when needed.
The appropriateness of a technique for determining safety integrity levels depend on legal
and safety regulatory requirements, accepted good practices, specific hazards, consequences
and risks and the availability of data upon which the hazard and risk analysis is to be based.
SAF.2.BP7: Allocate safety requirements and safety integrity levels. [Outcome: c]
Safety requirements and safety integrity requirements are allocated to architecture,
subsystems and components.
SAF.2.BP8: Apply safety principles to achieve safety requirements. [Outcome: d]
Principles and methods relevant for achieving the required safety requirements are ap-
plied during the product life cycle.
Principles and methods may include for example avoidance of common cause failures by
designing diversity, or use of formal methods, defensive programming or perspective-based
inspections.
SAF.2.BP9: Perform safety impact analysis on changes. [Outcome: e]
Analyse the impact of the change requests on hazards and risks.
Traceability between a change request and the affected safety work products is established.
SAF.2.BP10: Perform safety validations on product. [Outcome: f]
Safety validations should be based on the outcomes of hazard analysis and risk analysis and
performed against safety targets.
SAF.2.BP11: Perform independent assessments. [Outcome: g]
Assessments of product and processes are performed in pre-set points during the product
life cycle according to the required level of independence.
The evaluations may include verification or validation of any work product.
The required level of independence may vary from an independent person to independent
organization.
Process outputs Hazard analysis report [Outcome: a, e]
Risk register [Outcome: a, e]
Safety requirements [Outcome: c, e]
Safety integrity requirements [Outcome: c]
Traceability mapping [Outcome: e]
Test execution log [Outcome: b, f]
System analysis report [Outcome: g]
Safety demonstration [Outcome: b, d, e, g]
Safety validation results [Outcome: b, d, f]
Hazard log [Outcome: b]
© ISO/IEC 2025 – All rights reserved
Table 3 — SAF.3 External resource qualification process
Process ID SAF.3
Process nameExternal resource qualification process
Process purpose The purpose of the external resource qualification process is to assess and monitor the
suitability of external resources when developing a safety-related software or system.
Process outcomes As a result of the successful implementation of the external resource qualification process:
a) External resource qualification strategy for external resources is developed.
b) External resource qualification plan is developed and executed.
c) External resource qualification is monitored, and the results are recorded.
Base practicesSAF.3.BP1: Develop a qualification strategy for external resources. [Outcome: a]
Develop a qualification strategy that considers the quality requirements of the external
resources (reflecting the safety requirements determined for the safety-related software
or system).
The qualification strategy includes criteria for selecting qualification methods.
SAF.3.BP2: Plan the qualification of external resources. [Outcome: b]
Plan the qualification activities for the external resources.
Select the appropriate qualification method for each external resource.
External resources selection is not in the scope of this process.
Qualification methods may include:
— Increased confidence from use
— Evaluation of the development process
— Demonstration that the development was based on a safety standard
— Validation of the tool
— Development in compliance with safety standard
— Certification
SAF.3.BP3: Qualify the external resources. [Outcome: b]
Execute qualification according to the qualification methods chosen.
SAF.3.BP4: Record the external resource qualification results. [Outcome: c]
Record the results of the qualification and disseminate the results to interested parties.
The qualification documentation includes:
— Unique identification and version number of the external resources
— Configuration of external resources
— Qualification method used
— Result of qualification
SAF.3.BP5: Maintain and update the external resource qualification results. [Outcome: c]
Maintain and update the qualification results and documentation throughout the usage of
the external resources.
Process outputs External resource qualification strategy [Outcome: a]
External resource qualification plan [Outcome: b]
External resource qualification results [Outcome: c]
External resource qualification documentation [Outcome: c]
Safety demonstration [Outcome: c]
6 The quality dimension
A process assessment model shall incorporate a process measurement framework conforming to the
requirements of ISO/IEC 33003 and is expressed as a process quality characteristic with a defined set of
process attributes. At minimum, a process measurement framework includes a process quality attribute
of process performance, which is needed to demonstrate that the process achieves its expected process
outcomes. Other process quality attributes may be added over the process performance attribute.
NOTE 1 ISO/IEC 33020 provides a process measurement framework for the assessment of process capability which
can be incorporated into this document. ISO/IEC 33020 also includes a set of process quality indicators for each
process attribute in the process measurement framework.

© ISO/IEC 2025 – All rights reserved
The assessment indicators are used as a basis for collecting objective evidence to support an assessor’s
judgement in assigning ratings of the performance and quality of an implemented process. The set of
indicators defined in this document are not intended to be an all-inclusive set and applicable in its entirety.
Subsets appropriate to the context and scope of the assessment should be selected, and potentially
augmented with additional indicators.
A process assessment is conducted according to a documented assessment process. A documented
assessment process identifies the rating method to be used in rating process attributes and identifies or
defines the aggregation method to be used in determining ratings.
NOTE 2 ISO/IEC 33020 includes a process attribute rating scale, process attribute rating method, and aggregation
method which can provide a suitable basis for use for incorporating into any documented assessment process.

© ISO/IEC 2025 – All rights reserved
Annex A
(informative)
Process outputs
A.1 Process output descriptions
The process outputs associated with the processes in Clause 5 are described in Table A.1. The descriptions
are exemplary. The process outputs are identified by categories which are defined in A.2. The corresponding
processes of the process outputs are indicated by the process IDs.
NOTE For further guidance, ISO/IEC/IEEE 15289 addresses the content for life cycle process information items
(documentation).
Table A.1 — Process output descriptions
Process output Process output description Category Output of
Acquisition record Permanent, readable form of data, information, or knowledge record SAF.1
related to acquisition. [INCOSE SE Handbook 2015]
Configuration Identifies a problem, maintenance need, or desired improve- request SAF.1
management change ment and requests modifications. The requested change may
request affect a contract, configuration item, system, service, hardware,
software, interface, asset, or documentation.
[Adapted from ISO/IEC/IEEE 15289]
External resource Identifies external resource qualification methods and proce- record SAF.3
qualification docu- dures. Defines objectives of external resource qualification.
mentation Identifies items under qualification. Provides the proof of the
validity of the performed qualification methods and proce-
dures.
External resource Identifies what needs to be qualified. Defines qualification plan SAF.3
qualification plan specific methods, techniques and tools to use for external
resource qualification. Allocates responsibilities for external
resource qualification. Defines the time scheduling for exter-
nal resource qualification. Identifies and monitors technical
constraints and risks.
External resource Identifies the items under qualification. Provides possible ex- record SAF.3
qualification results ternal resource qualification validity against safety integrity
levels. Provides the conditions and terms of external resource
qualification validity.
External resource Identifies external resource qualification methods, tech- plan SAF.3
qualification strategy niques and tools; external resources under qualification; and
what needs are to be satisfied. Provides the degree of inde-
pendence for qualification. Establishes the options and ap-
proaches for satisfying the needs; and the evaluation criteria
against which the strategic options are evaluated. Identifies
constraints/risks of any strategic option.
Hazard analysis Identifies the hazards analysed. Records the results of the report SAF.2
report analysis: assumptions made; context-related elements consid-
ered in the analysis; constraints; classification/evaluation of
the effects of hazards.
Hazard log Identifies what hazards were identified. Describes hazards. record SAF.2

© ISO/IEC 2025 – All rights reserved
TTabablele A A.11 ((ccoonnttiinnueuedd))
Process output Process output description Category Output of
Project status report Provides results of monitoring the execution of the defined plan report SAF.1
or processes for internal or external distribution. It includes a
summary of decisions, monitoring results, action items, process
or performance data, and recorded process improvements.
It assesses the degree of adherence to the plans. It provides
information about projected cost, performance, and schedule
risks; any changes to previously approved plans and the related
impact to the project or organization; corrective actions; risk
treatment actions; and problem tracking and problem analysis.
[Adapted from ISO/IEC/IEEE 15289]
Qualification require- Identifies the external resources under qualification. Iden- specification SAF.1
ments on external tifies the quality (reliability, availability, maintainability, .)
resources requirements for each external resource under qualification.
Identifies applicable sources of qualification requirements
definition. Defines measurable qualification requirements on
the external resources under qualification.
Risk register A repository that supports the availability for use and commu- registry SAF.2
nication of all relevant risk information in a timely, complete,
valid, and, if required, confidential manner. [Adapted from
INCOSE SE Handbook 2015]
Safety criteria Defines the expectations for safety: establishes the limits of specification SAF.1
acceptable risk associated with a hazard; establishes safety
targets.
Safety demonstration Provides documentation or references to: hazard and risk Record SAF.1, SAF.2,
analysis results; review minutes; test records; implemen- SAF.3
tation design; validation test results; safety audit reports;
project safety planning and management; safety log; qualifi-
cation results.
Safety integrity re- Identifies safety-related functional requirements. Provides specification SAF.2
quirements an evaluation of the probability that the safety-related func-
tional requirements are satisfactorily performed under the
defined conditions.
Safety life cycle model Provides high level description of activities to be performed description SAF.1
for safety and the sequencing of the safety life cycle phases.
Identifies dependences among safety life cycle phases; re-
quired inputs and outputs at each safety life cycle phase; the
key decision points (milestones) in the model; and the safety
control points in the model.
Safety log Registers the safety assessment evidences and results over record SAF.1
the product life cycle. Identifies what evidences have been
used; time and place of the assessment; and responsible and
involved persons for the safety assessment.
Safety plan Provides project-related safety objectives and goals. De- plan SAF.1
scribes activities and tasks required to ensure safety/comply
with safety requirements. Supports the integration of safety
engineering with other processes. References to related work
products and any regulatory requirements and standards.
Provides methods for and scheduling of activities for assess-
ing/verifying compliance to safety requirements. Identifies
safety criteria. Describes safety monitoring and control ac-
tivities. Provides target timeframe to achieve safety require-
ments. Indicates methods to achieve safety requirements and
goals. Provides definition of the structure of the safety case.
Defines project-related roles and responsibility allocation for
safety.
© ISO/IEC 2025 – All rights reserved
TTabablele A A.11 ((ccoonnttiinnueuedd))
Process output Process output description Category Output of
Safety policy Defines safety rules and general safety goals at organization policy SAF.1, SAF.2
level. Defines organizational structure and roles and respon-
sibilities for safety. Supports the establishment and review
of safety goals. Contains commitment to comply with safety
requirements and rules. Supports the establishment and
maintenance of safety culture.
Safety requirements Identifies the system and its context of use; the interrela- specification SAF.2
tionships between system elements; the interrelationships
between system elements and software; functional require-
ments for safety; design requirements for safety; and applica-
ble sources of requirements for safety.
Safety validation Provides the safety validation check-list. Identifies passed record SAF.2
results items of safety validation; failed items of safety validation;
pending items of safety validation; and problems identified
during safety validation. Provides recommendations of ac-
tions; the conclusions of safety validation; and the signature
of safety validation.
System analysis An account prepared for interested parties in order to commu- report SAF.2
re
...