Sample Pages

BACK to

MS WORD

PDF

ISO/IEC 15288 and ISO/IEC 12207 
Checklists for Software Processes 
in compliance with 
ISO/IEC 15288 and ISO/IEC 12207 


Available in MS WORD format or PDF format

ISO/IEC 15288:2008 Checklist ISO/IEC 12207:2008 Checklist


Overview of ISO/IEC 15288:2008 Standard
This revised International Standard is an initial step in the SC7 harmonization strategy to achieve a fully integrated suite of system and software life cycle processes and guidance for their application. This revision aligns with the revision to ISO/IEC 12207 within the context of system life cycle processes and applies SC7 guidelines for process definition to support consistency, to improve usability and to align structure, terms, and corresponding organizational and project processes. The processes in this International Standard form a comprehensive set from which an organization can construct system life cycle models appropriate to its products and services. An organization, depending on its purpose, can select and apply an appropriate subset to fulfill that purpose. 


ISO/IEC 15288:2008 establishes a common framework for describing the life cycle of systems created by humans. It defines a set of processes and associated terminology. These processes can be applied at any level in the hierarchy of a system's structure. Selected sets of these processes can be applied throughout the life cycle for managing and performing the stages of a system's life cycle. This is accomplished through the involvement of all interested parties, with the ultimate goal of achieving customer satisfaction. This standard also provides processes that support the definition, control and improvement of the life cycle processes used within an organization or a project. Organizations and projects can use these life cycle processes when acquiring and supplying systems. IS)/IEC 15288 concerns those systems that are man-made and may be configured with one or more of the following: hardware, software, data, humans, processes (e.g., processes for providing service to users), procedures (e.g., operator instructions), facilities, materials and naturally occurring entities. When a system element is software, the software life cycle processes documented in ISO/IEC 12207:2008 may be used to implement that system element.

 ISO/IEC 15288:2008 and ISO/IEC 12207:2008 are harmonized for concurrent use on a single project or in a single organization.
   

Checklist Introduction
The process of defining what is necessary for compliance with a system engineering process standard such as “ISO/IEC 15288:2008 System Life Cycle Processes” is often confusing and laborious because the directions contained in the standards are unclear or ambiguous. This checklist was produced to aid in determining what is actually “required” by the document in the way of physical evidence of compliance.  This checklist is constructed around a classification scheme of physical evidence comprised of policies, procedures, plans, records, documents, audits, and reviews.  There must be an accompanying record of some type when an audit or review has been accomplished.  This record would define the findings of the review or audit and any corrective action to be taken.  For the sake of brevity this checklist does not call out a separate record for each review or audit.  All procedures should be reviewed but the checklist does not call out a review for each procedure, unless the standard calls out the procedure review.  In this checklist “manuals, reports, scripts and specifications” are included in the document category.  When the subject standard references another standard for physical evidence, the checklist does not call out the requirements of the referenced standard unless it is a normative reference or the words appear “for further reference”. 

 The authors have carefully reviewed the document “ISO/IEC Standard 15288:2008 System Life Cycle Processes” and Amendment 1 and defined the physical evidence required based upon this classification scheme.  The authors have conducted a second review of the complete list to ensure that the documents’ producers did not leave out a physical piece of evidence that a “reasonable person” would expect to find.  It could certainly be argued that if the document did not call it out then it is not required; however if the standard was used by an enterprise to improve its process, then it would make sense to recognize missing documents.  Therefore, there are documents specified in this checklist that are implied by the standard, though not specifically called out in the document, and they are designated by an asterisk (*) throughout this checklist.  If a document is called out more than one time, only the first reference is stipulated.  

There are occasional situations in which a procedure or document is not necessarily separate and could be contained within another document.  For example, the System Detail Specification Document could be a subset of System Architecture Design Specification Document.  The authors have called out these individual items separately to ensure that the organization does not overlook any facet of physical evidence.  If the organization does not require a separate document, and an item can be a subset of another document or record, then this fact should be denoted in the detail section of the checklist for that item.  This should be done in the form of a statement reflecting that the information for this document may be found in section XX of Document XYZ.  If the organizational requirements do not call for this physical evidence for a particular project, this should also be denoted with a statement reflecting that this physical evidence is not required and why.  The reasons for the evidence not being required should be clearly presented in this statement.  Further details on this step are provided in the Detail Steps section of the introduction.  The size of these documents could vary from paragraphs to volumes depending upon the size and complexity of the system project or business requirements.      
  

General Principles of the ISO/IEC Standard 15288:2008 
System Life Cycle Processes
Checklist

This checklist was prepared by analyzing each clause of this draft document for the key words that signify a:

Policy  
 -  Procedure  
-   Plan  
-   Records  
-   Document ( Including Manuals, Reports, Scripts and
    Specifications)  
Audit  
Review

This checklist specifies evidence that is system unique.  After reviewing the completed document, the second review was conducted from a common sense “reasonable man” approach.  If a document or other piece of evidence appeared to be required, but was not called out in the document, then it is added with an asterisk (*) after its notation in the checklist.  The information was transferred into checklist tables, based on the type of product or evidence.


Using the Checklist
When a company is planning to use ISO/IEC Standard 15288:2008 System Life Cycle Processes as their main system process standard, the company should review the evidence checklist.  If the company’s present process does not address an ISO/IEC 15288:2008 System Life Cycle Processes product, then this question should be asked: Is the evidence product required for the type of system the business is producing?  If in the view of the company the evidence is not required, the rationale should be documented and inserted in the checklist and quality manual.  This rationale should pass “the reasonable person rule.”  If the evidence is required, plans should be prepared to address the missing item(s).


Detail Steps

An enterprise should compare the proposed output of their system project or organization against the checklist.  In doing this, they will find one of five conditions that exist for each item listed in the checklist.  The following five conditions and the actions required by these conditions are listed in the table.  

Condition

Action Required

1.      The title of the documented evidence specified by the checklist (document, plan, etc) agrees with the title of the evidence being planned by the enterprise.

Record in checklist that the enterprise is compliant.

2.      The title of the documented evidence specified by the checklist (document, etc) disagrees with the title of the evidence planned by the enterprise but the content is the same. 

Record in the checklist the evidence title the enterprise uses and record that the enterprise is compliant, and the evidence is the same although the title is different.

3.      The title of the documented evidence specified by the checklist (document, etc) is combined with another piece of evidence.

Record in the checklist the title of the evidence (document, etc) in which this information is contained.

4.      The title of the documented evidence specified by the checklist (document, etc) is not planned by the enterprise because it is not required.

Record in the checklist that the evidence is not required and the rationale for this decision.

5.      The title of the documented evidence called out by the checklist (document, etc) is not planned by the enterprise and should be planned by it.

Record in the checklist when this evidence will be planned and reference a plan for accomplishing the task.


Overview of ISO/IEC 12207:2008 System and software engineering --- Software life cycle processes standard
ISO/IEC 12207:2008 establishes a common framework for software life cycle processes, with well-defined terminology, that can be referenced by the software industry. It contains processes, activities, and tasks that are to be applied during the acquisition of a software product or service and during the supply, development, operation, maintenance and disposal of software products. Software includes the software portion of firmware.

ISO/IEC 12207:2008 applies to the acquisition of systems and software products and services, to the supply, development, operation, maintenance, and disposal of software products and the software portion of a system, whether performed internally or externally to an organization. Those aspects of system definition needed to provide the context for software products and services are included.

ISO/IEC 12207:2008 also provides a process that can be employed for defining, controlling, and improving software life cycle processes.

The processes, activities and tasks of ISO/IEC 12207:2008 - either alone or in conjunction with ISO/IEC 15288 - may also be applied during the acquisition of a system that contains software


Introduction to the checklist
The process of defining what is necessary for compliance with a software engineering process standard such as “ISO/IEC Standard 12207 Software Life Cycle Processes” is often confusing and laborious because the directions contained in the standards are unclear or ambiguous.  To aid in determining what is actually “required” by the document in the way of physical evidence of compliance, the experts at SEPT have produced this checklist.  This checklist is constructed around a classification scheme of physical evidence comprised of policies, procedures, plans, records, documents, audits, and reviews.  There must be an accompanying record of some type when an audit or review has been accomplished.  This record would define the findings of the review or audit and any corrective action to be taken.  For the sake of brevity this checklist does not call out a separate record for each review or audit.  All procedures should be reviewed but the checklist does not call out a review for each procedure, unless the standard calls out the procedure review.  In this checklist “manuals, reports, scripts and specifications” are included in the document category.  When the subject standard references another standard for physical evidence, the checklist does not call out the requirements of the referenced standard.   
   

SEPT has carefully reviewed the document “ISO/IEC Standard 12207:2008 Software Life Cycle Processes” and identify the physical evidence required based upon this classification scheme.  SEPT has conducted a second review of the complete list to ensure that the documents’ producers did not leave out a physical piece of evidence that a “reasonable person” would expect to find.  It could certainly be argued that if the document did not call it out then it is not required; however if the standard was used by an enterprise to improve its process, then it would make sense to recognize missing documents.  Therefore, there are documents specified in this checklist that are implied by the standard, though not specifically called out in the document, and they are designated by an asterisk (*) throughout this checklist.  If a document is called out more than one time, only the first reference is stipulated.  
   
There are occasional situations in which a procedure or document is not necessarily separate and could be contained within another document.  For example, the Software Detail Specification Document could be a subset of Software Design Specification.  SEPT has called out these individual items separately to ensure that the organization does not overlook any facet of physical evidence.  If the organization does not require a separate document, and an item can be a subset of another document or record, then this fact should be denoted in the detail section of the
checklist for that item.  This should be done in the form of a statement reflecting that the information for this document may be found in section XX of Document XYZ.  If the organizational requirements do not call for this physical evidence for a particular project, this should also be denoted with a statement reflecting that this physical evidence is not required and why.  The reasons for the evidence not being required should be clearly presented in this statement.  Further details on this step are provided in the Detail Steps section of the introduction.  The size of these documents could vary from paragraphs to volumes depending upon the size and complexity of the software project or business requirements.


"General Principles of the standard ISO/IEC 12207:2008 - Software Life Cycle Processes" Checklist  

This checklist was prepared by analyzing each clause of this draft document for the key words that signify a:

  • Policy
  • Procedure
  • Plan
  • Records
  • Document ( Including Manuals, Reports, Scripts and Specifications)
  • Audit 
  • Review

 This checklist specifies evidence that is software or system unique.  After reviewing the completed document, the second review was conducted from a common sense “reasonable man” approach.  If a document or other piece of evidence appeared to be required, but was not called out in the document, then it is added with an asterisk (*) after its notation in the checklist.  The information was transferred into checklist tables, based on the type of product or evidence.  

Using the Checklist  
When a company is planning to use “ISO/IEC Standard 12207:2008 Software Life Cycle Processes” as their main software process standard, the company should review the evidence checklist.  If the company’s present process does not address an “ISO/IEC 12207:2008 Software Life Cycle Processes product, then this question should be asked: “Is the evidence product required for the type of software the business is producing?  If in the view of the company the evidence is not required, the rationale should be documented and inserted in the checklist and quality manual.  This rationale should pass “the reasonable person rule.”  If the evidence is required, plans should be prepared to address the missing item(s).  

Detail Steps
 
An enterprise should compare the proposed output of their software project or organization against the checklist.  In doing this, they will find one of five conditions that exist for each item listed in the checklist.  The following five conditions and the actions required by these conditions are listed in the table below.  

Condition
Action Required
1. The title of the documented evidence specified by the checklist (document, plan, etc) agrees with the title of the evidence being planned by the enterprise.  Record in checklist that the enterprise is compliant.
2. The title of the documented evidence specified by the checklist (document, etc) disagrees with the title of the evidence planned by the enterprise but the content is the same.  Record in the checklist the evidence title the enterprise uses and record that the enterprise is compliant, and the evidence is the same although the title is different. 
3. The title of the documented evidence specified by the checklist (document, etc) is combined with another piece of evidence.  Record in the checklist the title of the evidence (document, etc) in which this information is contained.
4. The title of the documented evidence specified by the checklist (document, etc) is not planned by the enterprise because it is not required. Record in the checklist that the evidence is not required and the rationale for this decision.
5. The title of the documented evidence called out by the checklist (document, etc) is not planned by the enterprise and should be planned by it. Record in the checklist when this evidence will be planned and reference a plan for accomplishing the task. 

Components of the Checklist ISO/IEC 15288:2008

 Section 1.  Introduction  
Section 2.  Composites of all required and suggested “ISO/IEC 15288:2008 System Life Cycle Processes” evidence products
Sections 3-7.  Individual checklists for each evidence type

 

ISO/IEC 15288:2008 Clause Number and Name

Policies and Procedures

Plans

Records

 

Documents

Audits and Reviews

3.0 Normative references

 ISO/IEC 12207:2008 Requirements for Policies and Procedures  
ISO/IEC 12207:2008 Requirements for Plans

ISO/IEC 12207:2008 Requirements for Records  

SO/IEC 12207:2008 Requirements for Documents
 ISO/IEC 12207:2008 Requirements for Audits
ISO/IEC 12207:2008 Requirements for Reviews  

6.0 System Life Cycle Process

 

 

 

 

 

6.1 Agreement Processes

 

 

 

 

 

6.1.1 Acquisition Process  

Accept the Product or Service Document Procedure*  
   
Acquisition Plan Procedure*  
   

Acquisition Policy
  
Acquisition Procedure  
   
Acquisition Strategy Document Procedure*  
   
Customer - Supplier Agreement Procedure*     
Customer-Supplier Agreement Document Procedure*  
     

Acquisition Plan*  
    

 Organization Business Plan*
      
 Payment Plan  
   
Supplier Performance Plan  
   
Supplier Selection Plan*  

Acquisition Records*  
  
 Open Item Reports with Description of Problem Record  
  
 Payment Records  
  
Performance, Cost and Schedule Problem Report Records*  
   
 Potential Supplier Loss Contract Notice Record  
   
 Supplier Performance Records*  
   
Supplier Selection Justification Records  
   

 

Accept the Product or Service Document  
  
 Acquisition Strategy Document  
  
Customer / Supplier Agreement Document  
   
Organization Mission, Vision and Business Goals Document*  
   
Requirements (All) Documents 
   
Technical Data and Intellectual Property Rights Document  
 

Accept the Product or Service Document Review*  
   
Acquisition Plan Review  
   
Acquisition Strategy Document Review*  
   
Customer / Supplier Agreement Document Review*  
   
Organization Business Plan Review*  
   
Organization Mission, Vision and Business Goals Document Review*  
   
 Payment Plan Review*  
   

6.1.1 Acquisition Process (Cont. 1)  


  Organization Business Plan Procedure*  
   
Organization Mission, Vision and Business Goals Document Procedure*  
   
Payment Plan Procedure*  
   
 Requirements Documents (All) Procedure*  
   
Supplier Selection Plan Procedure*  
   

 

 

Requirements Documents (All) Review*  
   
Supplier Performance Plan Review*  
   
Supplier Performance Review  
   
 Supplier Selection Plan Review*  
   
Technical Data and Intellectual Property Rights Document Review*  
   

6.1.1 Acquisition Process (Cont. 2)

Supplier Selection Procedure*  
   
Technical Data and Intellectual Property Rights Document Procedure*  
   

      

      

        

         

6.1.2 Supply Process  
  

 

 Customer Interface Procedure*  
  
 Customer/Supplied Products Procedure*  
   
Joint Customer-Supplier Audits and Review Plan Procedure
   
Joint Customer-Supplier Audits and Review Procedure*  
   
Modification and Change Procedure*  
   
 Product or Service Delivery Document Procedure*  
   

 Joint Customer - Supplier Audits and Review Plan*  
   
 Product or Service Delivery Plan*  
   
Project Plans  
   
 Responsibility Transfer Plan*  
   

Acknowledge Payment or Other Consideration Record  
   
Customer-Supplier Agreement Change Records*  
   
 Customer-Supplied Products Records*  
   
 Product or Service "Buy Off" Records  
   
 Responsibility Transfer Records  
   

Product or Service Delivery Document*  
   
Responsibility Transfer Document*  
   
 Solicitation Response Document  
   
Supplier Strategy Document*  
   
Supplier-Customer Agreement Document
   

Joint Customer - Supplier Audits*  
   
Joint Customer - Supplier Audits and Review Plan Review*  
   
 Joint Customer - Supplier Review*  
   
 Product or Service Request Document Review*  
   
Product or Service Delivery Document Review*  
   
Product or Service Delivery Plan Review*  
   

6.1.2 Supply Process
 (Cont. 1)  





 Product or Service Delivery Plan Procedure*
   
  
Product or Service Request Procedure
   
   
Project Plans Procedure*  
      
Responsibility Transfer Document Procedure*  
      
Responsibility Transfer Plan Procedure*  
     
Responsibility Transfer Procedure*  
   
   
Solicitation Response Document Procedure*  
   

 

 

 

  Project Plans Review  
   
 Responsibility Transfer Document Review*  
   
 Responsibility Transfer Plan Review*  
  
Solicitation Response Document Review*  
   
Supplier Strategy Document Review*  
   
Supplier-Customer Agreement Document Review*  
    

6.1.2 Supply Process 
(Cont. 2)

 Supplier Strategy Document Procedure*  
   
Supplier Technical Data and Intellectual Property Rights Policy  
   
 Supplier/ Customer Agreement Document Procedure*  
   
Supply Policy
   

 

 

 

 

6.2 Organizational Project –Enabling Processes

 

 

 

 

 

6.2.1 Life Cycle Model Management Process  


     


Business Criteria that Control Life Cycle Progression Document Procedure*  
   
Criteria for Entering and Exiting Each Life Cycle Stage Document Procedure*  
  
Life Cycle Review Improvement Plan Procedure  
   
Life Cycle Tailoring Procedure  
   
Process Improvement Procedure  
   

     

Life Cycle Review Improvement Plan  
  
System Life Cycle Development Plan  
  
System Life Cycle Transition Phase Plan*  
   
System Methods, Tools, and Techniques Plan  
   

Life Cycle Review Improvement Opportunities Record  
  
Process Improvement Records  
  
System Life Cycle Transition Phase Records*  
   

Business Criteria that Control Life Cycle Progression Document*  
   
Criteria for Entering and Exiting Each Life Cycle Stage Document*  
Roles, Responsibilities and Authority for Managing the Life Cycle Document*  
   
System Life Cycle "Processes Used" Document  
   
System Methods, Tools, and Techniques Document*  
   

Business Criteria that Control Life Cycle Progression Document Review  
   
Criteria for Entering and Exiting Each Life Cycle Stage Document Review*  
   
 Life Cycle Review  
   
 Life Cycle Review Improvement Plan Review*  
   
Roles, Responsibilities and Authority for Managing the Life Cycle Document Review*  
   

 

6.2.1 Life Cycle Model Management Process 
(Cont. 1)  




Roles, Responsibilities and Authority for Managing the Life Cycle Document Procedure*  
   
Supply Procedure  
   
System Item Identification Procedure*  
   
 System Life Cycle "Processes Used" Document Procedure* 
   
  System Life Cycle "Processes Used" Policy  
   
System Life Cycle Development Plan Procedure*  
   

 

 

 

System Life Cycle "Processes Used" Document Review*  
  
System Life Cycle Development Plan Review  
   
System Life Cycle Model Review  
   
System Life Cycle Transition Phase Plan Review*  
   
 System Methods, Tools, and Techniques Document Review*  
   
System Methods, Tools, and Techniques Plan Review*  
   

6.2.1 Life Cycle Model Management Process 
(Cont. 2)  


System Life Cycle Management Policy  
   
System Life Cycle Management Procedure  
   
System Life Cycle Transition Phase Plan Procedure*  
   
System Methods, Tools, and Techniques Document Procedure*  
   
System Methods, Tools, and Techniques Document Procedure*  
   
System Methods, Tools, and Techniques Plan Procedure*  
   

 

 

 

 

   
  
Components of the Checklist ISO/IEC 12207:2008
  • Section 1.  Introduction
  • Section 2.  Composites of all required and suggested “ISO/IEC 12207:2008 System Life Cycle Processes” evidence products.
  • Sections 3-8.  Individual checklists for each evidence type.
ISO/IEC 12207:2008 Clause Number and Name  
   
Policies And Procedures  

Plans  

Records    

Documents  

Audits And Reviews  

6.0 System Life Cycle Processes                
6.1 Agreement Processes  
   
         
6.1.1 Acquisition Process  
     
Acceptance Document Procedure *  
   
Acceptance
 Plan Procedure*  
   
Acceptance Procedure*  
   
Acquisition Requirements Document Procedure*  
  
Acquisition Strategy Document Procedure*  
   
  Audit Plan Procedure*     
Concept or Acquisition Need Document Procedure*  
   
Acceptance Plan*  
   
Acquisition Plan*  
  
Audit Plan*  
   
Off the Shelf Software (OTS) Support Plan*  
   
 Supplier Selection Plan*  
   

 

Acquirer Payment Records*  
   
Acquisition Advertisement Records  
   
 Acquisition Records*  
   
Contract Change Records*  
   
Off the Shelf Software (OTS) Receipt Records*  
   
Supplier Selection Notification Records*  
  

 

Acceptance Document*  
   
 Acquisition Requirements Document  
   
Acquisition Strategy Document  
   
Concept or Acquisition Need Document  
   
Contract Milestone Document  
   
Contract or Agreement Document
   
Off the Shelf Software (OTS) Document*  

 

Acceptance Document Review*  
   
Acquisition Plan Review*  
  
Acquisition Requirements Document Review*  
   
Acquisition Strategy Document Review*  
   
Audit Plan Review*  
   
Concept or Acquisition Need Document Review*  
   

 

6.1.1 Acquisition Process (Cont. 1)  
   
Contract Milestone Document Procedure*  
   
Contract or Agreement Document Procedure*  
   
Contract Preparation Procedure*  
   
 Off the Shelf Software (OTS) Document's Procedure *  
   
Off the Shelf Software (OTS) Support Plan Procedure*  
   
Off the Shelf Software (OTS) Upgrade Procedure *  
   

 

   
Purchasing Requirements Document*  
  
Purchasing Specification Document*  
   

 

  Contract Change Review*  
   
Contract Milestone Document Review*  
   
Contract Milestone Review  
   
Contract or Agreement Document Review*  
   
Milestone Reviews and Audits  
   
Off the Shelf Software (OTS) Document Review*  
   
Off the Shelf Software (OTS) Support Plan Review*  
  
6.1.1 Acquisition Process (Cont. 2)  
   
 Purchasing Requirements Document Procedure*  
  
 Purchasing Specification Document Procedure*  
  
Review Plan Procedure*  
  
 Supplier Selection Plan Procedure*  
   
Supplier Selection Procedure*  
   
     
Purchasing Requirements Document Review*  
   
Purchasing Specification Document Review*  
   
 Supplier Selection Plan Review*