• No results found

ISO/IEC 12207: Information Technology – Software Life Cycle Processes

In document CSQA_CBOK_V6-2 (Page 182-187)

Model Overview

ISO/IEC 12207, which was published in 1995, is the international standard that covers the software life cycle from concept through retirement. It contains a framework for managing, controlling, and improving the software life cycle activities. The standard describes the major processes of the software life cycle, how these processes interface with each other, and the high- level relations that

3-30 Version 6.2 govern their interactions. It has subsequently been amended twice; Amendment 1 defines a Software Engineering Process Reference Model for use with ISO/IEC 15504 Process Assessment.

For each process, the standard also describes the activities and tasks involved, defining specific responsibilities and identifying outputs of activities and tasks. Since it is a high-level standard, it does not detail how to perform the activities and tasks. The standard does not assume a specific life cycle model, nor does it specify names, format, or content of documentation. As a result, organizations applying ISO/IEC 12207 should use other standards and procedures to specify these types of details.

The 17 processes covered in this standard are grouped into three categories, as follows:

Primary Processes • Acquisition Process • Supply Process • Development Process • Operation Process • Maintenance Process Supporting Processes • Documentation Process

• Configuration Management Process • Quality Assurance Process

• Verification Process • Validation Process • Joint Review Process • Audit Process

• Problem Resolution Process

Organization Processes

• Management Process • Infrastructure Process • Improvement Process • Training Process

Quality Baselines

Version 6.2 3-31

These 17 processes are further broken down into activities. Following is the list of activities for the Development Process (listed under the Primary Processes), which illustrates the types of activities included for a process:

1. System requirements analysis

2. System architectural design

3. Software requirements analysis (ends with successful reviews followed by a baseline for the software requirements)

4. Software architectural design

5. Software detailed design

6. Software coding and testing

7. Software integration

8. Software qualification testing (ends with successful audits and a baseline for software design and code)

9. System integration

10. System qualification testing (ends with successful audits and a baseline for the design and code of each software configuration item)

11. Software installation

12. Software acceptance test

Activities consist of tasks that are bundled together. Sample tasks include product evaluation, joint review, software configuration management, user documentation, and test. To use activity 7 as an example, tasks for software integration would include user documentation, product evaluation, and joint reviews.

ISO/IEC 12207 defines two categories of reviews: joint technical reviews, and joint management reviews. It states that the joint review process is “a process for evaluating the status and products of an activity of a project as appropriate. Joint reviews are at both the project management and technical levels and are held throughout the life of the contract.”

As the standard is a comprehensive set of processes, organizations can select an appropriate subset that applies to their purpose. It is also expected that an organization will tailor a process to the scope, size, complexity, and criticality of the software product and of the organization by deleting inapplicable activities. Compliance to ISO/IEC 12207 is defined as the performance of those processes, activities, and tasks selected by tailoring.

3-32 Version 6.2

Target Audience

The target audience for ISO/IEC 12207 is:

• Organizations acquiring a system that contains software or a stand-alone software product

• Organizations that supply software products

• Organizations involved in software operation or software maintenance

The standard is especially applicable for acquisitions, as it recognizes the distinct roles of acquirer and supplier. Its intended use is for the two parties of an agreement or contract that defines the development, maintenance, or operation of software. It does not apply to the purchase of commercial off-the-shelf software products. It is also intended for use with trained, experienced developers, managers, and acquirers of software.

Views of Software Development

Given the target audience, ISO/IEC 12207 includes several different points of view regarding software development:

• Acquirers and suppliers see a contract view, which includes the acquisition and supply processes and begins with a contractual relationship to supply software. Depending on the contract, the supply process may use the development process to create new software, the operation process to provide software operation services, or the maintenance process to repair or improve the software.

• Operators see an operating view, which includes the operations process. The operations process may use the maintenance process.

• Developers and maintainers see the engineering view, which includes the maintenance and development processes. The maintenance process may also use the development process. • The employer of supporting processes sees the supporting view, which includes the eight

supporting processes.

• Managers see the corporate view, which includes the four organizational processes. During execution of the primary processes, supporting processes are used. For example, reviews, QA, verification, validation, and audits occur during the development process. In addition, documentation is produced, and problem resolution is periodically needed. Organizational processes, the third category, occur in parallel. The organizational processes provide management of the process, and the infrastructure for employee development and training, and improvement of the software development process.

Quality Baselines

Version 6.2 3-33

Relationship to Other Standards ISO/IEC System and Software Standards

The following Standards and Technical Reports will be useful:

• ISO/IEC TR 15271:1998 Information technology – Guide for ISO/IEC 12207 (Software Life Cycle Processes)

The next standard and its guide extend the domain of processes discussed to system life cycles:

• ISO/IEC 15288:2002 Systems engineering – System life cycle processes

• ISO/IEC TR 19760:2003 Systems engineering – A guide for the application of ISO/ IEC 15288 (System life cycle processes)

The next group shows just some of the many standards related to the individual processes of ISO/ IEC 12207:

• ISO/IEC 15910:1999 Information technology – Software user documentation pro- cess

• ISO/IEC 15939:2002 Software engineering – Software measurement process • ISO/IEC 16085:2004 Information technology – Software life cycle processes --

Risk management

• ISO/IEC TR 16326:1999 Software engineering – Guide for the application of ISO/ IEC 12207 to project management

IEEE/EIA 12207

This standard is the United States implementation of the international standard, ISO/IEC 12207. Since ISO/IEC 12207 was intended to be adapted for specific types of applications, IEEE and EIA worked with the United States Department of Defense, and others, to develop software life cycle standards for use in the United States that should:

• Represent the best commercial practice

• Be suitable for application to the complex requirements of defense acquisition • Be compatible with those of the emerging global marketplace for software

IEEE/EIA 12207 was released as the strategic standard to address the three needs. It also focuses on compliance at the organizational level rather than at an individual project level. This standard was released as a three-volume set that includes:

• IEEE/EIA 12207.0

3-34 Version 6.2 • IEEE/EIA 12207.1

Guidance on the documentation contents, with recommendations for the contents of each type of document and recommendations that expand on the data objectives of Part 0.

• IEEE/EIA 12207.2

A guidebook with additions, alternatives, and implementation approaches to many of the activities and tasks listed in ISO/IEC 12207, plus recommendations for implementing IEEE/EIA 12207 processes in the context of U.S. best practices.

In document CSQA_CBOK_V6-2 (Page 182-187)