ISO/IEC TR 29110-5-1-3:2017

TECHNICAL ISO/IEC TR
REPORT 29110-5-1-3
First edition
2017-02
Systems and software engineering —
Lifecycle profiles for Very Small
Entities (VSEs) —
Part 5-1-3:
Software engineering — Management
and engineering guide: Generic profile
group — Intermediate profile
Ingénierie des systèmes et du logiciel — Profils de cycle de vie pour
très petits organismes (TPO) —
Partie 5-1-3: Ingénierie du logiciel — Guide d’ingénierie et de gestion:
Groupe de profils génériques — Profil intermédiaire
Reference number
©
ISO/IEC 2017
© ISO/IEC 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2017 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Conventions and abbreviated terms . 3
4.1 Naming, diagramming and definition conventions . 3
4.2 Notation used to document new processes, additions and modifications to the
Basic profile processes . 4
4.3 Abbreviated terms . 5
5 Overview . 5
6 Business Management (BM) process . 6
6.1 BM purpose . 6
6.2 BM objectives . 6
6.3 BM input work products . 7
6.4 BM output work products . 7
6.5 BM internal work products . 7
6.6 BM roles involved . 8
6.7 BM process description . 8
6.7.1 BM diagram . 8
6.7.2 BM activities . 9
6.7.3 BM incorporation to the Organizational Repository .14
7 Project Management (PM) process .15
7.1 PM purpose .15
7.2 PM objectives .15
7.3 PM input work products .15
7.4 PM output work products .16
7.5 PM internal work products .16
7.6 PM roles involved .16
7.7 PM process description .17
7.7.1 PM diagram . .17
7.7.2 PM activities .17
7.7.3 PM incorporation to Project Repository .23
8 Software Implementation (SI) process .23
8.1 SI purpose .23
8.2 SI objectives .24
8.3 SI input work products .24
8.4 SI output work products .24
8.5 SI internal work products .25
8.6 SI roles involved .25
8.7 SI diagram .25
8.7.1 General.25
8.7.2 SI activities .26
8.7.3 SI incorporation to the Project Repository .35
9 Acquisition Management process (AM) .36
9.1 AM purpose .36
9.2 AM objective .36
9.3 AM input work products .36
9.4 AM output work products .36
9.5 AM internal work products .36
9.6 AM roles involved .36
© ISO/IEC 2017 – All rights reserved iii

9.7 AM diagrams .37
9.7.1 General.37
9.7.2 AM activities .37
9.7.3 AM incorporation to the Project Repository .39
10 Roles .39
11 Work product description .41
12 Software tools requirements .58
12.1 General .58
12.2 Business Management process .59
12.3 Project Management process .59
12.4 Software Implementation process .59
12.5 Acquisition Management process (conditional process) .59
Annex A (informative) Software engineering deployment packages .60
Annex B (informative) Mapping between the objectives of ISO/IEC TR 29110-5-1-3 and ISO/
IEC/IEEE 12207 and ISO 9001 .62
Bibliography .78
iv © ISO/IEC 2017 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www . i so .org/ iso/ foreword .html.
The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee
SC 7, Software and systems engineering.
A list of all the parts in the ISO/IEC 29110 series can be found on the ISO website.
© ISO/IEC 2017 – All rights reserved v

Introduction
Very Small Entities (VSEs) around the world are creating valuable products and services. For the
purpose of the ISO/IEC 29110 series, a Very Small Entity (VSE) is an enterprise, an organization, a
department or a project having up to 25 people. Since many VSEs develop and/or maintain system
and software components used in systems, either as independent products or incorporated in larger
systems, recognition of VSEs as suppliers of high quality products is required.
According to the Organization for Economic Co-operation and Development (OECD) SME and
Entrepreneurship Outlook report (2005), Small and Medium Enterprises (SMEs) constitute the
dominant form of business organization in all countries world-wide, accounting for over 95 % and
up to 99 % of the business population depending on country. The challenge facing governments
and economies is to provide a business environment that supports the competitiveness of this large
heterogeneous business population and that promotes a vibrant entrepreneurial culture.
From studies and surveys conducted, it is clear that the majority of International Standards do not
address the needs of VSEs. Implementation of and conformance with these standards is difficult, if not
impossible. Consequently, VSEs have no, or very limited, ways to be recognized as entities that produce
quality systems/system elements, including software in their domain. Therefore, VSEs are excluded
from some economic activities.
It has been found that VSEs find it difficult to relate International Standards to their business needs
and to justify the effort required to apply standards to their business practices. Most VSEs can neither
afford the resources, in terms of number of employees, expertise, budget and time, nor do they see a
net benefit in establishing over-complex systems or software life cycle processes. To address some of
these difficulties, a set of guides has been developed based on a set of VSE characteristics. The guides
are based on subsets of appropriate standards processes, activities, tasks, and outcomes, referred to as
profiles. The purpose of a profile is to define a subset of International Standards relevant to the VSEs’
context; for example, processes, activities, tasks, and outcomes of ISO/IEC/IEEE 12207 for software;
processes, activities, tasks, and outcomes of ISO/IEC/IEEE 15288 for systems; information products
(documentation) of ISO/IEC/IEEE 15289 for software and systems.
VSEs can achieve recognition through implementing a profile and by being audited against
ISO/IEC 29110 specifications.
The ISO/IEC 29110 series of standards and technical reports can be applied at any phase of system or
software development within a life cycle. This series of standards and technical reports is intended to
be used by VSEs that do not have experience or expertise in adapting/tailoring ISO/IEC/IEEE 12207
or ISO/IEC/IEEE 15288 standards to the needs of a specific project. VSEs that have expertise in
adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 are encouraged to use those standards
instead of ISO/IEC 29110.
The ISO/IEC 29110 series is intended to be used with any lifecycle such as waterfall, iterative,
incremental, evolutionary or agile.
Systems, in the context of the ISO/IEC 29110 series, are typically composed of hardware and software
components.
The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software
and/or service quality, and process performance. See Table 1.
vi © ISO/IEC 2017 – All rights reserved

Table 1 — ISO/IEC 29110 target audience
ISO/IEC 29110 Title Target audience
ISO/IEC 29110–1 Overview VSEs and their customers, assessors,
standards producers, tool vendors and
methodology vendors.
ISO/IEC 29110–2 Framework for profile prepa- Profile producers, tool vendors and
ration methodology vendors.
Not intended for VSEs.
ISO/IEC 29110–3 Certification and assessment VSEs and their customers, assessors,
guidance accreditation bodies.
ISO/IEC 29110–4 Profile specifications VSEs, customers, standards producers,
tool vendors and methodology vendors.
ISO/IEC TR 29110–5 Management, engineering and VSEs and their customers.
service delivery guides
ISO/IEC 29110–6 Management and engineering VSEs and their customers.
guides not tied to a specific
profile
If a new profile is needed, ISO/IEC 29110-4 and ISO/IEC TR 29110-5 can be developed with minimal
impact to existing documents.
ISO/IEC 29110-1 defines the terms common to the ISO/IEC 29110 series. It introduces processes,
lifecycle and standardization concepts, the taxonomy (catalogue) of ISO/IEC 29110 profiles and
the ISO/IEC 29110 series. It also introduces the characteristics and needs of a VSE, and clarifies the
rationale for specific profiles, documents, standards and guides.
ISO/IEC 29110-2-1 introduces the concepts for systems and software engineering profiles for VSEs.
It establishes the logic behind the definition and application of profiles. For standardized profiles, it
specifies the elements common to all profiles (structure, requirements, conformance, assessment). For
domain-specific profiles (profiles that are not standardized and developed outside of the ISO process),
it provides general guidance adapted from the definition of standardized profiles.
ISO/IEC 29110-3 defines certification schemes, assessment guidelines and compliance requirements
for process capability assessment, conformity assessments, and self-assessments for process
improvements. ISO/IEC 29110-3 also contains information that can be useful to developers of
certification and assessment methods and developers of certification and assessment tools.
ISO/IEC 29110-3 is addressed to people who have direct involvement with the assessment process, e.g.
the auditor, certification and accreditation bodies and the sponsor of the audit, who need guidance on
ensuring that the requirements for performing an audit have been met.
ISO/IEC 29110-4–m provides the specification for all profiles in one profile group that are based on
subsets of appropriate standards elements.
ISO/IEC TR 29110-5–m provides management, engineering and service delivery guides for the profiles
in a profile group.
The future ISO/IEC TR 29110-6-x provides management and engineering guides not tied to a specific
profile.
This document provides a management and engineering guide for the software intermediate profile
of the generic profile group. This guide describes the management of more than one project in parallel
with more than one work team.
Figure 1 describes the ISO/IEC 29110 International Standards (IS) and Technical Reports (TR) and
positions the parts within the framework of reference. Overview, assessment guide, management and
engineering guide are available from ISO as freely available. Technical Reports (TR). The Framework
document, profile specifications and certification schemes are published as International Standards (IS).
© ISO/IEC 2017 – All rights reserved vii

Figure 1 — ISO/IEC 29110 series
viii © ISO/IEC 2017 – All rights reserved

TECHNICAL REPORT ISO/IEC TR 29110-5-1-3:2017(E)
Systems and software engineering — Lifecycle profiles for
Very Small Entities (VSEs) —
Part 5-1-3:
Software engineering — Management and engineering
guide: Generic profile group — Intermediate profile
1 Scope
This document provides management and engineering guide to the intermediate profile described
in terms of business management, project management, software implementation and acquisition
processes.
This document is applicable to Very Small Entities (VSEs). VSEs are enterprises, organizations, departments
or projects having up to 25 people. The life cycle processes described in the ISO/IEC 29110 series are not
intended to preclude or discourage their use by organizations bigger than VSEs.
ISO/IEC 29110–4-1 identifies the requirements applicable to the tasks and work products described in
this document.
This document has been developed using the management and engineering guide of the Basic profile
and by modifying and adding elements (e.g. process, task, work product, role) for VSEs involved in the
development of more than one project in parallel with more than one work team.
This document applies for VSEs developing non-critical software.
Using this document, VSEs can obtain the following benefits:
— the management and monitoring of more than one project in parallel with more than one work team;
— reuse existing software components (e.g. code and document) in new projects;
— continuously measure projects and improve processes.
Once the software, developed by a VSE, has been accepted by their customers, the VSE that wants to
1)
provide after delivery services can refer to ISO/IEC TR 29110-5-3.
This document is targeted to VSEs which are familiar with ISO/IEC TR 29110-5-1-2 for their software
development projects and are involved in the development of more than one project in parallel with
more than one work team.
This document is intended to be used with any lifecycles, processes, techniques and methods that
enhance the VSEs customer satisfaction and productivity.
2 Normative references
There are no normative references in this document.
1) To be published.
© ISO/IEC 2017 – All rights reserved 1

3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 29110-2-1 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http:// www .electropedia .org/
— ISO Online browsing platform: available at http:// www .iso .org/ obp
3.1
agreement
mutual acknowledgement of terms and conditions under which a working relationship is conducted
EXAMPLE Contract, memorandum of agreement.
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.4]
3.2
acquirer
stakeholder that acquires or procures a product or service from a supplier
Note 1 to entry: Other terms commonly used for an acquirer are buyer, customer, owner, purchaser or
internal/organizational sponsor.
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.1]
3.3
conditional process
process that may be mandatory under some specified conditions, may be optional under other specified
conditions, and may be out of scope or not applicable under other specified conditions
Note 1 to entry: These are to be observed if the specified conditions apply.
3.4
enabling system
system that supports a system-of-interest during its life cycle stages but does not necessarily contribute
directly to its function during operation
EXAMPLE A configuration management system used to control software elements during software
development.
Note 1 to entry: Each enabling system has a life cycle of its own. This document is applicable to each enabling
system when, in its own right, it is treated as a system-of-interest.
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.18]
3.5
security and intellectual property scheme
established and operated management system in the entity to ensure the security and intellectual
property of its information items
3.6
system-of-interest
system whose life cycle is under consideration in the context of this document
[SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.48]
2 © ISO/IEC 2017 – All rights reserved

4 Conventions and abbreviated terms
4.1 Naming, diagramming and definition conventions
The following process structure description and notation are used to describe the processes.
— Name: process identifier, followed by its abbreviation in parentheses “( )”.
— Purpose: general goals and results expected of the effective implementation of the process. The
implementation of the process should provide tangible benefits to the stakeholders. The purpose is
identified by the abbreviation of the process name.
— Objectives: specific goals to ensure the accomplishment of the process purpose. The objectives
are identified by the abbreviation of the process name, followed by the letter “O” and a consecutive
number; for example, RM.O1, PM.O2, etc. Each objective is followed by the square box which
includes a list of the chosen processes for the Intermediate profile mainly from ISO/IEC/IEEE 12207
and its outcomes related to the objective. References to standards listed in Annex B such as
ISO/IEC/IEEE 15288, ISO/IEC/IEEE 12207 and ISO 9001 are informative and do not imply partial
conformance to the standards.
— Input Work products: work products required to perform the process and its corresponding
source, which can be another process or an external entity to the project, such as the Customer.
Identified by the abbreviation of the process name and showed as two column table of work product
names and sources.
— Output Work products: work products generated by the process and its corresponding destination,
which can be another process or an external entity to the project, such as Customer or Organizational
Management. Identified by the abbreviation of the process name and showed as two column table of
work product names and destinations.
— Internal Work products: work products generated and consumed by the process itself. An internal
Work product is not reviewed or approved by the Customer. Identified by the abbreviation of the
process name and showed as one column table of the work product names.
All work products’ names are printed in italics and initiate with capital letters. Some work products
have one or more statuses attached to the work product name surrounded by square brackets
“[ ]” and separated by “,”. The work product status may change during the process execution. See
Clause 11 for the alphabetical list of the work products, its descriptions, possible statuses and the
source of the work product. The source can be another process or an external entity to the project,
such as the Customer.
— Roles involved: names and abbreviation of the functions to be performed by project team members.
Several roles may be played by a single person and one role may be assumed by several persons.
Roles are assigned to project participants based on the characteristics of the project. The role list is
identified by the abbreviation of the process name and showed as two-column table. See Clause 10
for the alphabetical list of the roles, its abbreviations and required competencies description.
— Diagram: graphical representation of the processes. The large round-edged rectangles indicate
process or activities and the smaller square-edged rectangles indicate the work products. The
directional or bidirectional thick arrows indicate the major flow of information between processes
or activities. The thin directional or bidirectional arrows indicate the input or output work products.
The notation used in the diagrams does not imply the use of any specific process lifecycle.
— Activity: a set of cohesive tasks. Task is a requirement, recommendation, or permissible action,
intended to contribute to the achievement of one or more objectives of a process. A process activity
is the first level of process workflow decomposition and the second one is a task. Activities are
identified by process name abbreviation followed by consecutive number and the activity name.
— Activity Description: each activity description is identified by the activity name and the list of
related objectives surrounded by parentheses “( )”. For example, PM.1 Project Planning (PM.01,
© ISO/IEC 2017 – All rights reserved 3

PM.05, PM.06, PM.07) means that the activity PM.1 Project Planning contributes to the achievement
of the listed objectives: PM.01, PM.05, PM.06 and PM.07. The activity description begins with the
task summary and is followed by the task descriptions table. The task description does not impose
any technique or method to perform it. The selection of the techniques or methods is left to the VSE
or project team.
Tasks description table contain four columns corresponding to:
— Role: the abbreviation of roles involved in the task execution.
— Task: description of the task to be performed. Each task is identified by activity ID and
consecutive number, for example PM.01.01, PM.01.02, and so on.
— Input Work products: work products needed to execute the task.
— Output Work products: work products created or modified by the execution of the task.
— Incorporation to Organizational Repository: list of work products to be saved in Organizational
Repository.
NOTE Tables used in process description are for presentation purpose only.
4.2 Notation used to document new processes, additions and modifications to the Basic
profile processes
The Intermediate profile is the third profile of a four-profile roadmap (i.e. Entry, Basic, Intermediate
and Advanced). The Intermediate profile has been designed to build upon the processes of the Basic
profiles such that, when moving from the Basic profile to the Intermediate profile, a VSE has to add to
its existing Basic profile processes the new processes (e.g. objectives, activities, tasks, roles and work
products) described in this document.
Since, in the Intermediate profile, there are additions and modifications to the Basic profile processes,
this document has been written such that it will be easy for a VSE to identify these additions and
modifications. The Project Management (PM) and Software Implementation (SI) processes, of the Basic
profile, have been complemented with additional objectives, tasks and work products in a context where
a VSE is conducting more than one project in parallel with more than one work team. The following
notation is used to highlight the addition/deletion/modification to the Basic profile:
— added text:
— is underlined;
— except for the processes of the Intermediate profile;
— deleted/modified text is strike out as follow: the text is stroked out;
— since, in the Basic profile, the abbreviation for the Project Management (PM) process was the same
for Project Manager, in the Intermediate profile, the abbreviation for Project Manager has been
changed from PM to PJM.
The Intermediate profile has two new processes that are not in the Basic profile: the Business
Management (BM) process and a conditional process, the Acquisition Management (AM) process. The
execution of the AM process is required only if a product/service needs to be obtained from an external
Supplier by a VSE. To facilitate the identification of additional abbreviations, roles and work products of
the BM and AM processes of the Intermediate profile, these items are underlined. To facilitate reading,
the BM and AM processes have not been underlined.
The Intermediate profile terminology has been aligned with ISO/IEC/IEEE 12207 and ISO/IEC/
IEEE 15289. The following terms of old standards have been replaced with the new terms:
— “Agreement” and “Contract” have been replaced with “Agreement”;
4 © ISO/IEC 2017 – All rights reserved

— work products are identified with a unique code WP.XX where XX is a sequential number in Clause 11.
These codes have not been used in the descriptions of activities and tasks in order to facilitate
readability.
4.3 Abbreviated terms
AM Acquisition Management
BM Business Management
OLR Organizational Lessons Learned Record
OR Organizational Repository
PJM Project Manager
PLR Project Lessons Learned Record
PO Purchase Order
RFP Request for Proposal
RR Resource Request
SUP Supplier
VSE Very Small Entity
5 Overview
The Intermediate Profile Management and Engineering Guide applies to a Very Small Entity (VSE)
(enterprise, organization, department or project having up to 25 people) which are familiar with or
have implemented ISO/IEC TR 29110-5-1-2 for their software development projects.
This document provides Organizational Management, Project Management, Software
Implementation and Acquisition processes which integrate practices mainly based on the selection
of ISO/IEC/IEEE 12207 and ISO/IEC/IEEE 15289 standards elements. Annex A provides information
about Deployment Packages that facilitate the implementation of these processes.
This document is intended to be used by VSEs to establish processes to implement any development
approach or methodology including for example, agile, evolutionary, incremental, test driven
development, etc. based on a VSE or project needs.
Using this document, VSEs can obtain the following benefits:
— the management and monitoring of more than one project in parallel with more than one work team;
— reuse existing software components (e.g. code and document) in new projects;
— continuously measure projects and improve processes.
To use this document, a VSE needs to be familiar with or have implemented ISO/IEC TR 29110-5-1-2 for
their software development projects.
The purpose of the Business Management (BM) process is to identify opportunities, evaluate all in-
place Agreements or requests from customers for fit with organizational goals and resources, obtain
and provide the VSE with the necessary resources to perform all projects, monitor and evaluate all
projects, conduct lessons learned to improve the VSE and protect its intellectual property and the
security of its assets and information items. The purpose of the Project Management (PM) process is
to establish and carry out in a systematic way the Tasks of the software implementation process, which
© ISO/IEC 2017 – All rights reserved 5

allows complying with the project’s Objectives in the expected quality, time and costs. The purpose
of the Software Implementation (SI) process is the systematic performance of the analysis, design,
construction, integration and test activities for new or modified software work products according
to the specified requirements. The purpose of the Acquisition Management (AM) process is to obtain
products and/or services required by the VSE. The execution of the AM process is only required if a
product/service needs to be obtained from a supplier by the VSE, i.e. a conditional process.
The processes are interrelated (see Figure 2). The arrow connecting the AM process to the other
processes is dashed to indicate that this process is conditional.
Figure 2 — Intermediate profile processes
6 Business Management (BM) process
6.1 BM purpose
The purpose of the Business Management process is to identify opportunities, evaluate all in-place
Agreements or requests from customers for fit with organizational objectives and resources, obtain and
provide the VSE with the necessary resources to perform all projects, monitor and evaluate all projects,
conduct lessons learned to improve the VSE and protect its intellectual property and the security of its
assets and information items.
This document is intended to be used by a VSE to establish processes to implement any development
approach or methodology including, for example, agile, evolutionary, incremental, test driven
development, etc. based on the VSE or project needs.
6.2 BM objectives
— BM.O1. Initiate and sustain necessary, sufficient and suitable projects in order to meet the objectives
of the VSE.
— BM.O2. Provide to the customer the work product that meets the agreed requirements.
— BM.O3. Provide the VSE with necessary human resources and to maintain their competencies,
consistent with business needs.
6 © ISO/IEC 2017 – All rights reserved

— BM.O4. Provide an enabling infrastructure and services to all projects to support the VSE and the
project objectives throughout the life cycle.
— BM.O5. Collect and analyse measures of all projects and to improve or maintain the management
and engineering processes of the VSE.
— BM.O6. Protect the intellectual property and the security of the assets and information items of
the VSE.
— BM.O7. Establish an Organizational Repository, integrate and store the projects’ relevant
documentation. The Organizational Repository has to protect the security of its assets and
information items. BM input work products.
6.3 BM input work products
Table 2 provides a list of input work products.
Table 2 — BM input work products
Name Source
Agreement Customer
Request for Proposal Customer
Customer
Change Request
Project Manager
Resource Request Project Manager
Purchase Order Project Manager
Human Resource Record Project Manager
6.4 BM output work products
Table 3 provides a list of output work products.
Table 3 — BM output work products
Name Destination
Contract Business Management
Project Plan Business Management
Proposal Customer
Software Configuration Customer
6.5 BM internal work products
Table 4 provides a list of internal work products.
Table 4 — BM internal work products
Name
Business Objectives
Project Opportunities
Security and Intellectual Property Protection Plan
Resource Request
Organizational Lessons Learned Record
Process Improvement Record
© ISO/IEC 2017 – All rights reserved 7

6.6 BM roles involved
Table 5 provides a list of roles involved in the BM process.
Table 5 — BM roles involved
Role Abbreviation
Business Management BM
Project Manager PJM
Customer CUS
6.7 BM process description
6.7.1 BM diagram
Figure 3 shows the flow of information between the Business Management Process activities including
the most relevant work products and their relationships.
8 © ISO/IEC 2017 – All rights reserved

Figure 3 — Business Management Process diagram
6.7.2 BM activities
The Business Management Process has the following activities:
— BM.01.Select Project Opportunities and Submit Proposals;
— BM.02. Evaluate Responses to Proposals and Sign Agreements;
— BM.03. Incorporate Security and Intellectual Property Requirements;
— BM.04. Initiate Projects and Allocate Resources;
© ISO/IEC 2017 – All rights reserved 9

— BM.05. Conduct Periodic Project Assessment and Control Projects;
— BM.06. Close Projects and Conduct Lessons Learned Reviews.
6.7.2.1 BM.01 Select Project Opportunities and Submit Proposals (BM.O1)
The Select Project Opportunities and Submit Proposals activity describes the tasks and information
items needed to document project opportunities and proposals sent to potential customers. BM.01 task
list is given in Table 6.
The activity provides
— project opportunities, and
— proposals submitted to potential customers.
Table 6 — BM.01 task list
Input Output
Role Task list
Work products Work products
BM BM.01.01 Document Project Opportunities. Statements of Work (from Project Opportunities
past projects) [initiated]
PJMs Agreements (e.g. contracts) and Statement of Work
from past projects could be used to document the Agreements (from past
Project Opportunities. projects)
BM BM.01.02 Select Project Opportunities Project Opportunities Project Opportunities
[updated] [approved]
PJMs
BM BM.01.03 Prepare and approve Proposals Project Opportunities Proposal [approved]
[approved]
PJMs Proposals could be developed using the Proposal
template in the Work product description section of Proposal template
this document.
BM BM.01.04 Submit Proposals to potential Customers Proposal [approved] Proposal [submitted]
PJMs
6.7.2.2 BM.02. Evaluate Responses to Proposals and Sign Agreements (BM.O1)
The Evaluate Responses to Proposals and Sign Agreements activity involves the evaluation of the
responses to proposals received from customers, the negotiation and signature of agreements with
customers. Once an agreeme
...