ISO/IEC 29110-4-2:2021
(Main)Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 4-2: Software engineering: Profile specifications: Organizational management profile group
Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 4-2: Software engineering: Profile specifications: Organizational management profile group
This document provides a profile specification for the organizational management profile. The organizational management profile applies to VSEs involved in systems engineering and/or software engineering development. This document provides links to the subset of ISO/IEC/IEEE 12207 and ISO 9001 organizational, resources, processes and project portfolio process elements from the organizational perspective.
Titre manque — Partie 4-2: Titre manque
General Information
Buy Standard
Standards Content (Sample)
INTERNATIONAL ISO/IEC
STANDARD 29110-4-2
First edition
2021-03
Systems and software engineering —
Lifecycle profiles for Very Small
Entities (VSEs) —
Part 4-2:
Software engineering: Profile
specifications: Organizational
management profile group
Reference number
ISO/IEC 29110-4-2:2021(E)
©
ISO/IEC 2021
---------------------- Page: 1 ----------------------
ISO/IEC 29110-4-2:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2021 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 29110-4-2:2021(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Abbreviated terms . 2
4 Conformance . 2
4.1 Conformance situations . 2
4.2 Process conformance . 3
5 Naming, diagramming and definition conventions . 3
6 Minimal conditions for organizational management profile use . 3
7 Organizational management profile specifications . 3
7.1 General . 3
7.2 Organizational management process requirements . 3
7.3 Resource management process requirements . 4
7.4 Process management process requirements . 4
7.5 Project portfolio management process requirements . 4
Annex A (informative) Organizational management profile base document references .6
Annex B (informative) Organizational management profile PRM .12
Bibliography .16
© ISO/IEC 2021 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 29110-4-2:2021(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives or www .iec .ch/ members
_experts/ refdocs).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html. In the IEC, see www .iec .ch/ understanding -standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
A list of all parts in the ISO/IEC 29110 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html and www .iec .ch/ national
-committees.
iv © ISO/IEC 2021 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 29110-4-2:2021(E)
Introduction
Very Small Entities (VSEs) around the world are contributing to valuable products and services. For
the purpose of the ISO/IEC 29110 series, a Very Small Entity (VSE) is an enterprise, an organisation,
a department or a project having up to 25 people. Since many VSEs develop and/or maintain system
elements and software components used in systems, or sold to be used by others, a recognition of VSEs
as suppliers of high-quality products is required.
According to the Organization for Economic Co-operation and Development (OECD) SME and
Entrepreneurship Outlook 2019 report, ‘Small and medium-sized enterprises (SMEs) and
entrepreneurship are essential drivers of economic and social well-being. Representing 99 % of all
businesses, generating about 60 % of employment and totalling between 50 % and 60 % of value added
in the OECD area’. The challenge facing OECD governments is to provide a business environment that
supports the competitiveness of this large heterogeneous business population and that promotes a
vibrant entrepreneurial culture.
From studies and surveys conducted, it is clear that the majority of International Standards do not
address the needs of VSEs. Implementation of and conformance with these standards is difficult, if not
impossible. Subsequently VSEs have no, or very limited, ways to be recognized as entities that produce
quality systems/system elements including software in their domain. Therefore, VSEs are often cut off
from some economic activities.
It has been found that VSEs find it difficult to relate International Standards to their business needs
and to justify the application of standards to their business practices. Most VSEs can neither afford the
resources, in terms of number of employees, expertise, budget and time, nor do they see a net benefit
in establishing systems or software lifecycle processes. To rectify some of these difficulties, a set of
guides has been developed according to a set of VSE characteristics. The guides are based on subsets of
appropriate standards processes, activities, tasks, and outcomes, referred to as Profiles. The purpose
of a profile is to define a subset of International Standards relevant to the VSEs’ context; for example,
processes, activities, tasks, and outcomes of ISO/IEC/IEEE 12207 for software; and processes, activities,
tasks, and outcomes of ISO/IEC/IEEE 15288 for systems; and information products (documentation) of
ISO/IEC/IEEE 15289 for software and systems.
VSEs can achieve recognition through implementing a profile and by being audited against
ISO/IEC 29110 specifications.
The ISO/IEC 29110 series can be applied at any phase of system or software development within a
lifecycle. This series is intended to be used by VSEs that do not have experience or expertise in adapting/
tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 standards to the needs of a specific project. VSEs
that have expertise in adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 are encouraged
to use those standards instead of ISO/IEC 29110.
The ISO/IEC 29110 series is intended to be used with any lifecycles such as: waterfall, iterative,
incremental, evolutionary or agile. The lifecycle processes described in the ISO/IEC 29110 series are
not intended to preclude or discourage their use by larger organisations than VSEs.
The lifecycle processes defined in the ISO/IEC 29110 series can be used by VSEs when using, as well as
when creating and supplying, a system or software. They can be applied at any level in a system’s or
software’s structure and at any stage in the lifecycle.
Systems, in the context of the ISO/IEC 29110 series, are typically composed of hardware and software
components.
The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software
and/or service quality, and process performance. See Table 1.
© ISO/IEC 2021 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC 29110-4-2:2021(E)
Table 1 — ISO/IEC 29110 target audience
ISO/IEC 29110 Title Target audience
ISO/IEC TR 29110-1 Overview VSEs and their customers, assessors,
standards producers, tool vendors
and methodology vendors.
ISO/IEC 29110-2 Framework for profile Profile producers, tool vendors and
preparation methodology vendors.
Not intended for VSEs.
ISO/IEC 29110-3 Certification and assessment VSEs and their customers, assessors,
guidance accreditation bodies.
ISO/IEC 29110-4 Profile specifications VSEs, customers, standards produc-
ers, tool vendors and methodology
vendors.
ISO/IEC TR 29110-5 Management, engineering and VSEs and their customers.
service delivery guidelines
ISO/IEC 29110-6 Specific profile specifications VSEs, customers, standards produc-
ers, tool vendors and methodology
vendors.
ISO/IEC TR 29110-7 Specific profile guidelines VSEs and their customers.
If a new profile is needed, ISO/IEC 29110-4 or ISO/IEC 29110-6 and/or ISO/IEC TR 29110-7
ISO/IEC TR 29110-5 can be developed with minimal impact on existing documents.
ISO/IEC TR 29110-1 defines the terms common to the ISO/IEC 29110 series. It introduces processes,
lifecycle and standardization concepts, the taxonomy (catalogue) of ISO/IEC 29110 profiles and
the ISO/IEC 29110 series. It also introduces the characteristics and needs of a VSE, and clarifies the
rationale for specific profiles, documents, standards and guides.
ISO/IEC 29110-2 introduces the concepts for systems and software engineering profiles for VSEs. It
establishes the logic behind the definition and application of profiles. For standardized profiles, it
specifies the elements common to all profiles (structure, requirements, conformance, assessment). For
domain-specific profiles (profiles that are not standardized and developed outside of the ISO process),
it provides general guidance adapted from the definition of standardized profiles.
ISO/IEC 29110-3 defines certification schemes, assessment guidelines and compliance requirements
for process capability assessment, conformity assessments, and self-assessments for process
improvements. ISO/IEC 29110-3 also contains information that can be useful to developers of
certification and assessment methods and developers of certification and assessment tools.
ISO/IEC 29110-3 is addressed to people who have direct involvement with the assessment process, e.g.
the auditor, certification and accreditation bodies and the sponsor of the audit, who need guidance on
ensuring that the requirements for performing an audit have been met.
ISO/IEC 29110-4-m provides the specification for all profiles in one profile group that are based on
subsets of appropriate standards elements.
ISO/IEC TR 29110-5-m-n provides a management and engineering guide for each profile in one
profile group.
ISO/IEC 29110-6-m provides the specification for specific profiles that are based on subsets of
appropriate standards elements.
ISO/IEC TR 29110-7-x provides a guide for each profile in the specific profile group.
This document provides the specifications for the organizational management profile of the
management profile group. It is based on subsets of appropriate standards elements.
Figure 1 describes the ISO/IEC 29110 International Standards (IS) and Technical Reports (TR) and
positions the parts within the framework of reference. Overview, assessment guide, management and
vi © ISO/IEC 2021 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/IEC 29110-4-2:2021(E)
engineering guide are available from ISO as freely available Technical Reports (TR). The Framework
document, profile specifications and certification schemes are published as International Standards (IS).
Figure 1 — ISO/IEC 29110 series
© ISO/IEC 2021 – All rights reserved vii
---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO/IEC 29110-4-2:2021(E)
Systems and software engineering — Lifecycle profiles for
Very Small Entities (VSEs) —
Part 4-2:
Software engineering: Profile specifications:
Organizational management profile group
1 Scope
This document provides a profile specification for the organizational management profile. The
organizational management profile applies to VSEs involved in systems engineering and/or software
engineering development.
This document provides links to the subset of ISO/IEC/IEEE 12207 and ISO 9001 organizational,
resources, processes and project portfolio process elements from the organizational perspective.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 29110-2-1, Software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 2-1:
Framework and taxonomy
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 29110-2-1 apply.
ISO and IEC maintain terminological databases for use in standardisation at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1.1
organizational management
task and responsibilities to direct and control an organisation
Note 1 to entry: See ISO/IEC TR 29110-1.
3.1.2
organizational management profile
profile targeted at VSEs to provide them with additional organizational management (3.1.1) guidance
and selected requirements
[SOURCE: ISO/IEC TR 29110-1:2016, 3.35, modified — "and selected requirements" has been added.]
© ISO/IEC 2021 – All rights reserved 1
---------------------- Page: 8 ----------------------
ISO/IEC 29110-4-2:2021(E)
3.1.3
project portfolio management
centralised management of one or more portfolios of projects to achieve strategic objectives
Note 1 to entry: This definition is adapted from Reference [14].
3.1.4
resource management
identification, estimation, allocation, and monitoring of the means used to develop a product or perform
a service
[SOURCE: ISO/IEC/IEEE 24765:2017, 3.3467]
3.1.5
small and medium-sized enterprise
enterprise with less than 250 persons employed
Note 1 to entry: This definition is adapted from Reference [7].
3.2 Abbreviated terms
MF measurement framework
OM organizational management
PPM project portfolio management
PSM process management
RM resource management
SME small and medium-sized enterprise
VSE Very Small Entity
4 Conformance
4.1 Conformance situations
This document can be implemented by organisations or projects implementing and using the processes
and products required by this document. Therefore, organisations can claim conformance to this
document.
There are two types of conformance situations:
— process conformance: conformance to the requirements in the process part of the profile
specification;
— product conformance: conformance to the requirements in the product part of the profile
specification.
Conformance may be interpreted differently for various situations. The relevant situation shall be
identified in the claim of conformance.
Conformance can be attested by a third party. It can be mandated as part of procurement and
contractual processes.
2 © ISO/IEC 2021 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC 29110-4-2:2021(E)
4.2 Process conformance
A VSE can claim conformance to the process part of the profile if it meets all the mandatory profile
process requirements as identified in its specification (Clause 7), and the associated properties and
requirements as described in the base standards when applicable.
NOTE Requirements of this document are mandatory and use the word "shall".
5 Naming, diagramming and definition conventions
Conventions for naming, diagramming, describing and defining profiles are defined in ISO/IEC 29110-2-1.
6 Minimal conditions for organizational management profile use
To use the organizational management profile, it is assumed that the VSE already fulfils the following
conditions:
a) There is a group of up to 25 people call itself a VSE.
b) There is or will be at least one productive process deployed in the VSE.
c) There is or will be a project management process deployed in the VSE.
7 Organizational management profile specifications
7.1 General
This clause contains the specification of the standardised profile requirements. It contains the
specification for the following profile elements:
— organizational management process (7.2);
— resource management process (7.3);
— process management process (7.4);
— project portfolio management process (7.5).
These requirements are the result of organizational management, resource management, process
management and project portfolio management purpose achievement.
Annex A specifies the applicable requirements from source standards ISO/IEC/IEEE 12207 and
ISO 9001.
Annex B gives additional information on the process reference model for the organizational profile.
7.2 Organizational management process requirements
As a result of successful implementation of the organizational management process:
a) mission, vision, values and required functional areas shall be defined, communicated and
maintained;
b) functional areas and processes responsibility and authority shall be assigned;
c) a strategic plan, budget and measurable objectives shall be defined, communicated, maintained
and monitored;
© ISO/IEC 2021 – All rights reserved 3
---------------------- Page: 10 ----------------------
ISO/IEC 29110-4-2:2021(E)
d) a customer strategy focusing on enhancing customer satisfaction shall be defined, communicated,
maintained and monitored;
e) required resources needed for the VSE's operation shall be identified and made available;
f) required processes and their objectives shall be identified, communicated and monitored;
g) a risk management plan shall be defined, communicated, reviewed, maintained and monitored.
7.3 Resource management process requirements
As a result of successful implementation of the resource management process:
a) policies and mechanisms for resources procurement shall be defined, communicated, enhanced
and monitored;
b) the necessary competence of the VSE's personnel shall be determined; skills of personnel shall be
developed, maintained or enhanced;
c) requested and necessary human resources shall be provided to processes and to projects;
d) requested, stable, necessary and reliable infrastructure elements shall be provided or acquired to
operate the processes and the projects;
e) the infrastructure shall be maintained and controlled;
f) conflicts in multi-project resource demands shall be resolved considering the capabilities of, and
constraints on, existing internal resources or resources to be obtained from external providers;
g) an organizational repository strategy shall be defined, communicated, enhanced and monitored.
7.4 Process management process requirements
As a result of successful implementation of the process management process:
a) process definition, training, deployment, performance, evaluation and improvement activities shall
be planned, communicated and monitored;
b) processes objectives, resources, information and documentation shall be identified, recorded,
reviewed and made available;
c) responsibilities and authorities for performing the process shall be defined, assigned and
communicated to assure the delivery of their intended outputs;
d) the required processes data shall be collected, stored, analysed, and the results shall be interpreted
and informed;
e) adherence of processes and activities to the applicable standards, procedures and requirements
shall be evaluated, and the results documented;
f) process data and evaluation results shall be used to support decisions and provide an objective
basis for process improvement.
7.5 Project portfolio management process requirements
As a result of successful implementation of the project portfolio management process:
a) policies and mechanisms for project portfolio management and customer relationship shall be
defined, communicated, enhanced and monitored;
b) an agreement shall be established between the VSE and the customer for developing, maintaining,
operating, packaging, delivering, and installing a product and/or a service;
4 © ISO/IEC 2021 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/IEC 29110-4-2:2021(E)
c) project management accountability and authorities for a particular project shall be defined;
d) management and technical review meetings with the customer shall be held; the status of customer
satisfaction shall be monitored; and the review results shall be made known to all affected parties;
e) risks, problems and action items resulting from reviews shall be identified, recorded and tracked
to closure.
© ISO/IEC 2021 – All rights reserved 5
---------------------- Page: 12 ----------------------
ISO/IEC 29110-4-2:2021(E)
Annex A
(informative)
Organizational management profile base document references
A.1 General
This annex establishes the reference between the profile requirements of this document and the related
requirements in the normative source standards, in Tables A.1, A.2, A.3 and A.4. The explanation of the
column names and contents is stated in ISO/IEC 29110-2-1:2015, Clauses 6 and 7.
Although explicit reference is not made in the body of this document to activities, tasks and work
products, more information can be found in ISO/IEC TR 29110-5-2-1.
A.2 Profile requirements definition and composition references
A.2.1 OM process – Organizational management
Table A.1 — OM process - Profile requirements mapping to base standards
Base
Profile re-
Profile requirement Source doc. ID standard Base standard requirement
quirement ID
ID
As stated in ISO/IEC/IEEE
12207:2017, 6.4.1.1 NOTE 1, the or-
ganization’s strategy … is generally
mission, vision, values
outside the scope of ISO/IEC/IEEE
and required func-
12207.
a) tional areas shall be
It is included here because in a VSE
defined, communicat-
the same people are likely to be in-
ed and maintained;
volved in both organizational strat-
egy and in technical management of
systems and software engineering.
b) Responsibility, accountability, and
ISO/IEC/ authority within life cycle policies,
6.2.1.2
IEEE 12207:2017 processes, models, and procedures
functional areas and
are defined.
processes responsibil-
The organization shall
b)
ity and authority shall
h) engaging, directing and support-
be assigned;
ISO 9001: 2015 5.1.1
ing persons to contribute to the
effectiveness of the quality manage-
ment system;
As stated in ISO/IEC/IEEE
12207:2017, 6.4.1.1 NOTE 1, the or-
ganization’s strategy … is generally
a strategic plan,
outside the scope of ISO/IEC/IEEE
budget and measur-
12207.
able objectives shall ISO/IEC/IEEE
c)
be defined, communi- 12207:2017
It is included here because in a VSE
cated, maintained and
the same people are likely to be in-
monitored;
volved in both organizational strat-
egy and in technical management of
systems and software engineering.
6 © ISO/IEC 2021 – All rights reserved
---------------------- Page: 13 ----------------------
ISO/IEC 29110-4-2:2021(E)
Table A.1 (continued)
Base
Profile re-
Profile requirement Source doc. ID standard Base standard requirement
quirement ID
ID
ISO/IEC/ b) Quality evaluation criteria and
6.2.5.2
IEEE 12207:2017 methods are established.
a) NOTE 2: The policies, objectives,
and procedures are based on the
a customer strategy
ISO/IEC/IEEE
6.2.5.3 business strategy for customer
focuses on enhancing
12207:2017
satisfaction and risk management
customer satisfac-
d)
considerations.
tion shall be defined,
communicated, main-
The organization shall
tained and monitored;
a) customer and applicable statutory
ISO 9001: 2015 5.1.2
and regulatory requirements are
determined, understood and con-
sistently met.
required resources
a) The requirements for infrastruc-
needed for the VSE
ture are defined.
ISO/IEC/IEEE
e) operation shall be 6.2.2.2
12207:2017
b) The infrastructure elements are
identified and made
identified and specified.
available;
a) Organizational policies and
ISO/IEC/ procedures for the management and
6.2.1.2
IEEE 12207:2017 deployment of life cycle models and
required processes
processes are established.
and their objectives
The organization shall
f) shall be identified,
communicated and
f) communicating the importance of
monitored;
ISO 9001: 2015 5.1.1
effective quality management and of
conforming to the quality manage-
ment system requirements.
The organization shall
b) the risks and opportunities that
can affect conformity of products
a VSE risk manage-
and services and the ability to
ISO 9001: 2015 5.1.2
ment plan shall be de-
enhance customer satisfaction are
g) fined, communicated,
determined and addressed;
reviewed, maintained
c) the focus on enhancing customer
and monitored.
satisfaction is maintained.
ISO/IEC/
6.3.4.3 a) Plan risk management.
IEEE 12207:2017
A.2.2 RM process – Resource management
Table A.2 — RM process - Profile requirements mapping to base standards
Base
Profile re-
Profile requirement Source doc. ID standard Base standard requirement
quirement ID
ID
policies and mecha-
nisms for resources
procurement shall be ISO/IEC/ a) Define a strategy for how the
a) 6.1.1.3
defined, communi- IEEE 12207:2017 acquisition will be conducted.
cated, enhanced and
monitored;
© ISO/IEC 2021 – All rights reserved 7
---------------------- Page: 14 ----------------------
ISO/IEC 29110-4-2:2021(E)
Table A.2 (continued)
Base
Profile re-
Profile requirement Source doc. ID standard Base standard requirement
quirement ID
ID
a) Skills required by projects are
identified.
ISO/IEC/
6.2.4.2
the necessary com- IEEE 12207:2017
c) Skills of personnel are developed,
petence of the VSE
maintained or enhanced.
personnel shall be
b
...
INTERNATIONAL ISO/IEC
STANDARD 29110-4-2
First edition
Systems and software engineering —
Lifecycle profiles for Very Small
Entities (VSEs) —
Part 4-2:
Software engineering: Profile
specifications: Organizational
management profile group
PROOF/ÉPREUVE
Reference number
ISO/IEC 29110-4-2:2021(E)
©
ISO/IEC 2021
---------------------- Page: 1 ----------------------
ISO/IEC 29110-4-2:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 29110-4-2:2021(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Abbreviated terms . 2
4 Conformance . 2
4.1 Conformance situations . 2
4.2 Process conformance . 3
5 Naming, diagramming and definition conventions . 3
6 Minimal conditions for organizational management profile use . 3
7 Organizational management profile specifications . 3
7.1 General . 3
7.2 Organizational management process requirements . 3
7.3 Resource management process requirements . 4
7.4 Process management process requirements . 4
7.5 Project portfolio management process requirements . 4
Annex A (informative) Organizational management profile base document references .6
Annex B (informative) Organizational management profile PRM .12
Bibliography .16
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE iii
---------------------- Page: 3 ----------------------
ISO/IEC 29110-4-2:2021(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
A list of all parts in the ISO/IEC 29110 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 29110-4-2:2021(E)
Introduction
Very Small Entities (VSEs) around the world are contributing to valuable products and services. For
the purpose of the ISO/IEC 29110 series, a Very Small Entity (VSE) is an enterprise, an organisation,
a department or a project having up to 25 people. Since many VSEs develop and/or maintain system
elements and software components used in systems, or sold to be used by others, a recognition of VSEs
as suppliers of high-quality products is required.
According to the Organization for Economic Co-operation and Development (OECD) SME and
Entrepreneurship Outlook 2019 report, ‘Small and medium-sized enterprises (SMEs) and
entrepreneurship are essential drivers of economic and social well-being. Representing 99 % of all
businesses, generating about 60 % of employment and totalling between 50 % and 60 % of value added
in the OECD area’. The challenge facing OECD governments is to provide a business environment that
supports the competitiveness of this large heterogeneous business population and that promotes a
vibrant entrepreneurial culture.
From studies and surveys conducted, it is clear that the majority of International Standards do not
address the needs of VSEs. Implementation of and conformance with these standards is difficult, if not
impossible. Subsequently VSEs have no, or very limited, ways to be recognized as entities that produce
quality systems/system elements including software in their domain. Therefore, VSEs are often cut off
from some economic activities.
It has been found that VSEs find it difficult to relate International Standards to their business needs
and to justify the application of standards to their business practices. Most VSEs can neither afford the
resources, in terms of number of employees, expertise, budget and time, nor do they see a net benefit
in establishing systems or software lifecycle processes. To rectify some of these difficulties, a set of
guides has been developed according to a set of VSE characteristics. The guides are based on subsets of
appropriate standards processes, activities, tasks, and outcomes, referred to as Profiles. The purpose
of a profile is to define a subset of International Standards relevant to the VSEs’ context; for example,
processes, activities, tasks, and outcomes of ISO/IEC/IEEE 12207 for software; and processes, activities,
tasks, and outcomes of ISO/IEC/IEEE 15288 for systems; and information products (documentation) of
ISO/IEC/IEEE 15289 for software and systems.
VSEs can achieve recognition through implementing a profile and by being audited against
ISO/IEC 29110 specifications.
The ISO/IEC 29110 series can be applied at any phase of system or software development within a
lifecycle. This series is intended to be used by VSEs that do not have experience or expertise in adapting/
tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 standards to the needs of a specific project. VSEs
that have expertise in adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 are encouraged
to use those standards instead of ISO/IEC 29110.
The ISO/IEC 29110 series is intended to be used with any lifecycles such as: waterfall, iterative,
incremental, evolutionary or agile. The lifecycle processes described in the ISO/IEC 29110 series are
not intended to preclude or discourage their use by larger organisations than VSEs.
The lifecycle processes defined in the ISO/IEC 29110 series can be used by VSEs when using, as well as
when creating and supplying, a system or software. They can be applied at any level in a system’s or
software’s structure and at any stage in the lifecycle.
Systems, in the context of the ISO/IEC 29110 series, are typically composed of hardware and software
components.
The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software
and/or service quality, and process performance. See Table 1.
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE v
---------------------- Page: 5 ----------------------
ISO/IEC 29110-4-2:2021(E)
Table 1 — ISO/IEC 29110 target audience
ISO/IEC 29110 Title Target audience
ISO/IEC TR 29110- Overview VSEs and their customers, assessors,
1 standards producers, tool vendors
and methodology vendors.
ISO/IEC 29110-2 Framework for profile Profile producers, tool vendors and
preparation methodology vendors.
Not intended for VSEs.
ISO/IEC 29110-3 Certification and assessment VSEs and their customers, assessors,
guidance accreditation bodies.
ISO/IEC 29110-4 Profile specifications VSEs, customers, standards produc-
ers, tool vendors and methodology
vendors.
ISO/ Management, engineering and VSEs and their customers.
IEC TR 29110-5 service delivery guidelines
ISO/IEC 29110-6 Specific profile specifications VSEs, customers, standards produc-
ers, tool vendors and methodology
vendors.
ISO/IEC TR 29110- Specific profile guidelines VSEs and their customers.
7
If a new profile is needed, ISO/IEC 29110-4 or ISO/IEC 29110-6 and/or ISO/IEC TR 29110-7
ISO/IEC TR 29110-5 can be developed with minimal impact on existing documents.
ISO/IEC TR 29110-1 defines the terms common to the ISO/IEC 29110 series. It introduces processes,
lifecycle and standardization concepts, the taxonomy (catalogue) of ISO/IEC 29110 profiles and
the ISO/IEC 29110 series. It also introduces the characteristics and needs of a VSE, and clarifies the
rationale for specific profiles, documents, standards and guides.
ISO/IEC 29110-2 introduces the concepts for systems and software engineering profiles for VSEs. It
establishes the logic behind the definition and application of profiles. For standardized profiles, it
specifies the elements common to all profiles (structure, requirements, conformance, assessment). For
domain-specific profiles (profiles that are not standardized and developed outside of the ISO process),
it provides general guidance adapted from the definition of standardized profiles.
ISO/IEC 29110-3 defines certification schemes, assessment guidelines and compliance requirements
for process capability assessment, conformity assessments, and self-assessments for process
improvements. ISO/IEC 29110-3 also contains information that can be useful to developers of
certification and assessment methods and developers of certification and assessment tools.
ISO/IEC 29110-3 is addressed to people who have direct involvement with the assessment process, e.g.
the auditor, certification and accreditation bodies and the sponsor of the audit, who need guidance on
ensuring that the requirements for performing an audit have been met.
ISO/IEC 29110-4-m provides the specification for all profiles in one profile group that are based on
subsets of appropriate standards elements.
ISO/IEC TR 29110-5-m-n provides a management and engineering guide for each profile in one
profile group.
ISO/IEC 29110-6-m provides the specification for specific profiles that are based on subsets of
appropriate standards elements.
ISO/IEC TR 29110-7-x provides a guide for each profile in the specific profile group.
This document provides the specifications for the organizational management profile of the
management profile group. It is based on subsets of appropriate standards elements.
vi PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/IEC 29110-4-2:2021(E)
Figure 1 describes the ISO/IEC 29110 International Standards (IS) and Technical Reports (TR) and
positions the parts within the framework of reference. Overview, assessment guide, management and
engineering guide are available from ISO as freely available Technical Reports (TR). The Framework
document, profile specifications and certification schemes are published as International Standards (IS).
Figure 1 — ISO/IEC 29110 series
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE vii
---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO/IEC 29110-4-2:2021(E)
Systems and software engineering — Lifecycle profiles for
Very Small Entities (VSEs) —
Part 4-2:
Software engineering: Profile specifications:
Organizational management profile group
1 Scope
This document provides a profile specification for the organizational management profile. The
organizational management profile applies to VSEs involved in systems engineering and/or software
engineering development.
This document provides links to the subset of ISO/IEC/IEEE 12207 and ISO 9001 organizational,
resources, processes and project portfolio process elements from the organizational perspective.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 29110-2-1, Software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 2-1:
Framework and taxonomy
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 29110-2-1 apply.
ISO and IEC maintain terminological databases for use in standardisation at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1.1
organizational management
task and responsibilities to direct and control an organisation
Note 1 to entry: See ISO/IEC TR 29110-1.
3.1.2
organizational management profile
profile targeted at VSEs to provide them with additional organizational management (3.1.1) guidance
and selected requirements
[SOURCE: ISO/IEC TR 29110-1:2016, 3.35, modified — "and selected requirements" has been added.]
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE 1
---------------------- Page: 8 ----------------------
ISO/IEC 29110-4-2:2021(E)
3.1.3
project portfolio management
centralised management of one or more portfolios of projects to achieve strategic objectives
Note 1 to entry: This definition is adapted from Reference [14].
3.1.4
resource management
identification, estimation, allocation, and monitoring of the means used to develop a product or perform
a service
[SOURCE: ISO/IEC/IEEE 24765:2017, 3.3467]
3.1.5
small and medium-sized enterprise
enterprise with less than 250 persons employed
Note 1 to entry: This definition is adapted from Reference [7].
3.2 Abbreviated terms
MF measurement framework
OM organizational management
PPM project portfolio management
PSM process management
RM resource management
SME small and medium-sized enterprise
VSE Very Small Entity
4 Conformance
4.1 Conformance situations
This document can be implemented by organisations or projects implementing and using the processes
and products required by this document. Therefore, organisations can claim conformance to this
document.
There are two types of conformance situations:
— process conformance: conformance to the requirements in the process part of the profile
specification;
— product conformance: conformance to the requirements in the product part of the profile
specification.
Conformance may be interpreted differently for various situations. The relevant situation shall be
identified in the claim of conformance.
Conformance can be attested by a third party. It can be mandated as part of procurement and
contractual processes.
2 PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC 29110-4-2:2021(E)
4.2 Process conformance
A VSE can claim conformance to the process part of the profile if it meets all the mandatory profile
process requirements as identified in its specification (Clause 7), and the associated properties and
requirements as described in the base standards when applicable.
NOTE Requirements of this document are mandatory and use the word "shall".
5 Naming, diagramming and definition conventions
Conventions for naming, diagramming, describing and defining profiles are defined in ISO/IEC 29110-2-1.
6 Minimal conditions for organizational management profile use
To use the organizational management profile, it is assumed that the VSE already fulfils the following
conditions:
a) There is a group of up to 25 people call itself a VSE.
b) There is or will be at least one productive process deployed in the VSE.
c) There is or will be a project management process deployed in the VSE.
7 Organizational management profile specifications
7.1 General
This clause contains the specification of the standardised profile requirements. It contains the
specification for the following profile elements:
— organizational management process (7.2);
— resource management process (7.3);
— process management process (7.4);
— project portfolio management process (7.5).
These requirements are the result of organizational management, resource management, process
management and project portfolio management purpose achievement.
Annex A specifies the applicable requirements from source standards ISO/IEC/IEEE 12207 and
ISO 9001.
Annex B gives additional information on the process reference model for the organizational profile.
7.2 Organizational management process requirements
As a result of successful implementation of the organizational management process:
a) mission, vision, values and required functional areas shall be defined, communicated and
maintained;
b) functional areas and processes responsibility and authority shall be assigned;
c) a strategic plan, budget and measurable objectives shall be defined, communicated, maintained
and monitored;
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE 3
---------------------- Page: 10 ----------------------
ISO/IEC 29110-4-2:2021(E)
d) a customer strategy focusing on enhancing customer satisfaction shall be defined, communicated,
maintained and monitored;
e) required resources needed for the VSE's operation shall be identified and made available;
f) required processes and their objectives shall be identified, communicated and monitored;
g) a risk management plan shall be defined, communicated, reviewed, maintained and monitored.
7.3 Resource management process requirements
As a result of successful implementation of the resource management process:
a) policies and mechanisms for resources procurement shall be defined, communicated, enhanced
and monitored;
b) the necessary competence of the VSE's personnel shall be determined; skills of personnel shall be
developed, maintained or enhanced;
c) requested and necessary human resources shall be provided to processes and to projects;
d) requested, stable, necessary and reliable infrastructure elements shall be provided or acquired to
operate the processes and the projects;
e) the infrastructure shall be maintained and controlled;
f) conflicts in multi-project resource demands shall be resolved considering the capabilities of, and
constraints on, existing internal resources or resources to be obtained from external providers;
g) an organizational repository strategy shall be defined, communicated, enhanced and monitored.
7.4 Process management process requirements
As a result of successful implementation of the process management process:
a) process definition, training, deployment, performance, evaluation and improvement activities shall
be planned, communicated and monitored;
b) processes objectives, resources, information and documentation shall be identified, recorded,
reviewed and made available;
c) responsibilities and authorities for performing the process shall be defined, assigned and
communicated to assure the delivery of their intended outputs;
d) the required processes data shall be collected, stored, analysed, and the results shall be interpreted
and informed;
e) adherence of processes and activities to the applicable standards, procedures and requirements
shall be evaluated, and the results documented;
f) process data and evaluation results shall be used to support decisions and provide an objective
basis for process improvement.
7.5 Project portfolio management process requirements
As a result of successful implementation of the project portfolio management process:
a) policies and mechanisms for project portfolio management and customer relationship shall be
defined, communicated, enhanced and monitored;
b) an agreement shall be established between the VSE and the customer for developing, maintaining,
operating, packaging, delivering, and installing a product and/or a service;
4 PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/IEC 29110-4-2:2021(E)
c) project management accountability and authorities for a particular project shall be defined;
d) management and technical review meetings with the customer shall be held; the status of customer
satisfaction shall be monitored; and the review results shall be made known to all affected parties;
e) risks, problems and action items resulting from reviews shall be identified, recorded and tracked
to closure.
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE 5
---------------------- Page: 12 ----------------------
ISO/IEC 29110-4-2:2021(E)
Annex A
(informative)
Organizational management profile base document references
A.1 General
This annex establishes the reference between the profile requirements of this document and the related
requirements in the normative source standards, in Tables A.1, A.2, A.3 and A.4. The explanation of the
column names and contents is stated in ISO/IEC 29110-2-1:2015, Clauses 6 and 7.
Although explicit reference is not made in the body of this document to activities, tasks and work
products, more information can be found in ISO/IEC TR 29110-5-2-1.
A.2 Profile requirements definition and composition references
A.2.1 OM process – Organizational management
Table A.1 — OM process - Profile requirements mapping to base standards
Base
Profile re-
Profile requirement Source doc. ID standard Base standard requirement
quirement ID
ID
As stated in ISO/IEC/IEEE
12207:2017, 6.4.1.1 NOTE 1, the or-
ganization’s strategy … is generally
mission, vision, values
outside the scope of ISO/IEC/IEEE
and required func-
12207.
a) tional areas shall be
It is included here because in a VSE
defined, communicat-
the same people are likely to be in-
ed and maintained;
volved in both organizational strat-
egy and in technical management of
systems and software engineering.
b) Responsibility, accountability, and
ISO/IEC/ authority within life cycle policies,
6.2.1.2
IEEE 12207:2017 processes, models, and procedures
functional areas and
are defined
processes responsibil-
The organization shall
b)
ity and authority shall
h) engaging, directing and support-
be assigned;
ISO 9001: 2015 5.1.1
ing persons to contribute to the
effectiveness of the quality manage-
ment system;
As stated in ISO/IEC/IEEE
12207:2017, 6.4.1.1 NOTE 1, the or-
ganization’s strategy … is generally
a strategic plan,
outside the scope of ISO/IEC/IEEE
budget and measur-
12207.
able objectives shall ISO/IEC/IEEE
c)
be defined, communi- 12207:2017
It is included here because in a VSE
cated, maintained and
the same people are likely to be in-
monitored;
volved in both organizational strat-
egy and in technical management of
systems and software engineering.
6 PROOF/ÉPREUVE © ISO/IEC 2021 – All rights reserved
---------------------- Page: 13 ----------------------
ISO/IEC 29110-4-2:2021(E)
Table A.1 (continued)
Base
Profile re-
Profile requirement Source doc. ID standard Base standard requirement
quirement ID
ID
ISO/IEC/ b) Quality evaluation criteria and
6.2.5.2
IEEE 12207:2017 methods are established.
a) NOTE 2: The policies, objectives,
and procedures are based on the
a customer strategy
ISO/IEC/IEEE
6.2.5.3 business strategy for customer
focuses on enhancing
12207:2017
satisfaction and risk management
customer satisfac-
d)
considerations.
tion shall be defined,
communicated, main-
The organization shall
tained and monitored;
a) customer and applicable statutory
ISO 9001: 2015 5.1.2
and regulatory requirements are
determined, understood and con-
sistently met;
required resources
a) The requirements for infrastruc-
needed for the VSE
ture are defined
ISO/IEC/IEEE
e) operation shall be 6.2.2.2
12207:2017
b) The infrastructure elements are
identified and made
identified and specified.
available;
a) Organizational policies and
ISO/IEC/ procedures for the management and
6.2.1.2
IEEE 12207:2017 deployment of life cycle models and
required processes
processes are established.
and their objectives
The organization shall
f) shall be identified,
communicated and
f) communicating the importance of
monitored;
ISO 9001: 2015 5.1.1
effective quality management and of
conforming to the quality manage-
ment system requirements;
The organization shall
b) the risks and opportunities that
can affect conformity of products
a VSE risk manage-
and services and the ability to
ISO 9001: 2015 5.1.2
ment plan shall be de-
enhance customer satisfaction are
g) fined, communicated,
determined and addressed;
reviewed, maintained
c) the focus on enhancing customer
and monitored.
satisfaction is maintained;
ISO/IEC/
6.3.4.3 a) Plan risk management
IEEE 12207:2017
A.2.2 RM process – Resource management
Table A.2 — RM process - Profile requirements mapping to base standards
Base
Profile re-
Profile requirement Source doc. ID standard Base standard requirement
quirement ID
ID
policies and mecha-
nisms for resources
procurement shall be ISO/IEC/ a) Define a strategy for how the
a) 6.1.1.3
defined, communi- IEEE 12207:2017 acquisition will be conducted.
cated, enhanced and
monitored;
© ISO/IEC 2021 – All rights reserved PROOF/ÉPREUVE 7
---------------------- Page: 14 ----------------------
ISO/IEC 29110-4-2:2021(E)
Table A.2 (continued)
Base
Profile re-
Profile requirement Source doc. ID standard Base standard requirement
quirement ID
ID
a) Skills required by projects are
identified.
ISO/IEC/
6.2.4.2
the necessary com- IEEE 12207:2017
c) Skills of personnel are developed,
petence of the VSE
maintained or enha
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.