ISO 29110 Software Quality Model For Software SMEs

ISO/IEC 29110
Quality Model
Presented by: Moutasm Tamimi
Software Quality
2017

ISO International Organization for Standardization
IEC International Electrotechnical Commission
ITTF Information Technology Task Force
CS Central Secretariat
UN United Nations
ITU-T International Telecommunications Union
TC Technical Committee
SC Sub Committee
JTC Joint Technical Committee
WG Working Group
ISO IEC
JTC 1TC176
SC6 SC27
Telecommunications IT Security
Techniques
TC56 SC65A
UN/ITU-T
CS/ITTF
SC37
Biometrics
WGs
SC7
Systems & Software
Engineering
Quality Management Information Technology Dependability Functional Safety
ISO/IEC outline Structure

Subcommittees (SC) of ISO/IEC JCT1
Technical Directions JTC1 Subcommittees and Working Groups
Application Technologies SC 36 - Learning Technology
Cultural and Linguistic Adaptability
& User Interfaces
SC 02 - Coded Character Sets
SC 22/WG 20 – Internationalization
SC 35 - User Interfaces
Data Capture land Identification
Systems
SC 17 - Cards and Personal Identification
SC 31 - Automatic Identification and Data Capture Techniques
Data Management Services SC 32 - Data Management and Interchange
Document Description Languages SC 34 - Document Description and Processing Languages
Information Interchange Media
SC 11 - Flexible Magnetic Media for Digital Data Interchange
SC 23 - Optical Disk Cartridges for Information Interchange
Multimedia and Representation
SC 24 - Computer Graphics and Image Processing
SC 29 - Coding of Audio, Picture, Multimedia, Hypermedia Information
Networking and Interconnects
SC 06 - Telecommunications and Information Exchange Between Systems
SC 25 - Interconnection of Information Technology Equipment
Office Equipment SC 28 - Office Equipment
Programming Languages &
Software Interfaces
SC 22 - Programming Languages, their Environments & Systems Software
Interfaces
Security SC 27 - IT Security Techniques
Software Engineering SC 07 - Software and System Engineering
Biometrics SC 37 - Biometrics

ISO/IEC JTC 1 SC7
■ ISO/IEC JTC 1 SC7
– International Organization for Standardization/ International Electrotechnical
Commission Joint Technical Committee 1 Sub-Committee 7
■ ISO/IEC JTC 1 SC7 Terms of Reference
– “Standardization of processes, methods and supporting technologies for the
engineering and management of software and systems throughout their life
cycles”

SC7
Secrétariat
Standards
Management Group
SWG 5
Systems & Software
Documentation
WG2
IT Governance
WG1A
Process
Assessment
WG10
Vocabulary
WG22
IT Service
Management
WG25
WG26
Software Testing
Tools and
Environment
WG4
Techniques for
Specifying IT Systems
WG19
Systems Quality
Management
WG23
Life Cycle
Management
WG7
Software Product
Measurement and
Evaluation
WG6
Architecture
WG42
CIF Usability
JWG ISO/TC 54
SLC Profiles and
Guidelines for VSEs
WG24
SWG 1
Business Planning
Group
WG20
Software Engineering
Body of Knowledge
WG21
Software
Asset Management
SC7 Structure

Working Group 24
■ ISO/IEC JTC1/SC7 WG 24, Life Cycle Processes for Very Small Entities
■ ISO 29110
■ The goal of Working Group 24, to:
– “develop profiles, guides, and examples to assist very small enterprises to become
more competitive”
■ WG24 is planning to develop several products to give small entities a better
opportunity to develop high-quality products on time and to make a profit in
the process.
■ Creating an overview, framework, profile, and taxonomy, leading to a
standard that will enable development of guides for engineering,
management, and assessment

Project
Management
Computer
Sciences and
Engineering Dependability
Engineering
(IEC TC 56)
Safety
(IEC TC65),
Security, other
mission-critical
Industrial
Engineering
Quality
Management
(ISO TC 176)
APPLICATION
DOMAINS
(many TCs)
SOFTWARE and SYSTEMS
ENGINEERING
Domains covered by SC7

JTC 1 SC7 Standards Collection

Problem Statment
■ A large majority of enterprises worldwide are very small entities (VSEs). In
Europe, for instance, as illustrated in table 1, over 92% of enterprises, called
micro-enterprises, have up to 9 employees and another 6.5% have between
10 and 49 employees. Micro enterprises account for 70% to 90% of
enterprises in Organisation for Economic Co-operation and Development
(OECD 2005) countries and about 57% in USA.

VSE characteristics
■ VSE characteristics VSEs are subject to a number of characteristics, needs and
desirable competencies that affect the contents, the nature and the extent of their
activities.
■ The Profiles address a subset of VSEs which are described through the following
characteristics, needs, and desirable competencies, classified in four categories:
1. Finance and Resources
2. Customer Interface
3. Internal Business Processes
4. Learning and Growth.

THE ISO/IEC 29110 STANDARD FOR
VSEs
■ The working group (WG24) of the ISO/IEC JTC1 SC7 mandated to develop
the new set of standards for VSEs, used the concept of ISO standardized
profiles (SP) from
■ ISO/IEC/IEEE 12207 to develop the new standards for VSEs developing
software. From a practical point of view, a profile is a kind of matrix, which
identifies precisely the elements that are taken from existing standards from
those that are not.
■ Systems and Software Life Cycle Profiles and Guidelines for Very Small
Entities (VSEs) International Standards (IS) and Technical Reports (TR) are
targeted at Very Small Entities (VSEs).
■ A Very Small Entity (VSE) is an enterprise, an organization, a department or a
project having up to 25 people. The ISO/IEC 29110 is a series of
international standards entitled "Systems and Software Engineering —
Lifecycle Profiles for Very Small Entities (VSEs)"

Purpose of the ISO/IEC 29110 model
■ Develop a set of profiles for VSEs not involved in critical software
development,
■ Select the ISO/IEC/IEEE 12207 process subsets applicable to VSEs having
up to 25 people,
■ Select the description of the products, to be produced by a project, using
ISO/IEC/IEEE 15289 standard
■ Develop guidelines, checklists, templates, examples to support the subsets
selected.

The model support four Profiles groups
■ Profile Groups are a collection of profiles.
■ The Generic Profile Group has been defined as applicable to VSEs that do
not develop critical software.
■ This Profile Group is a collection of four profiles (Entry, Basic, Intermediate,
Advanced) providing a roadmap to satisfying a vast majority of VSEs
worldwide.

Profiles groups in detail
 VSEs targeted by the Entry Profile are VSEs working on small projects (e.g. at most six person-
months effort) and for start-up VSEs.
 The Basic Profile describes software development practices of a single application by a single
project team of a VSE.
 The Intermediate Profile is targeted at VSEs developing multiple projects with more than one
project team.
 The Advanced Profile is target to VSEs which want to sustain and grow as a competitive software
development business.

ISO/IEC 29110 Set of Documents

2017-07-11 16
Set of Documents Targeted by Audience
• General Documents (applicable to all Profiles)
• Part 1- Overview (Technical Report)
• Introduces the major concepts required to understand and use the suite of documents
• Part 2- Framework and Profile Taxonomy (Standard)
• Specifies the elements common to all profiles (structure, conformance, assessment) and
introduces the taxonomy (catalogue) of 29110 profiles.
• Part 3 -Assessment Guide (Technical Report)
• Describes the process to follow to perform an assessment to determinate the process capabilities
and the organizational process maturity
• Documents for the first Profile (specific to one Profile)
• Part 4-1-x -Specifications (Standard)
• Provides the composition of a profile, provide normative links to the normative subset of
standards
• Part 5-1-x Management and Engineering Guide (Technical Report)
• Provide guidance on its implementation and use of a profile
– Deployment Packages (DP)

Positioning of ISO/IEC 29110 (adapted
from Kroll and Kruchten 2003)

Processes and activities of the ISO/IEC
29110 Basic profile (adapted from Laporte
2014b).

Basic Profile Guide Processes
PM process uses the customer’s statement of work to elaborate the project plan. The PM project
assessment and control tasks compare the project progress against the project plan and actions
are taken to eliminate deviations or incorporate changes to the project plan. The PM project
closure activity delivers the software configuration, produced by SI, and gets the customer’s
acceptance to formalize the end of the project. A project repository is established to save the
work products and to control its versions during the project.
2017-07-11
The execution of the SI process is
driven by the project plan. SI
process starts with an initiation
activity of the project plan review.
Project plan will guide the execution
of the software requirements
analysis, software architectural and
detailed design, software
construction, software integration
and test, and product delivery
activities
The text is extracted from ISO/IEC 29110

Terms and definitions
■ Process
– a set of interrelated or interacting activities which transforms
inputs into outputs [ISO 9000:2005]
■ Activity
– a set of cohesive tasks of a process [ISO 12207:2008]
■ Task
– requirement, recommendation, or permissible action, intended to
contribute to the achievement of one or more outcomes of a
process [ISO/IEC 12207:2008]
The text is extracted from ISO/IEC 29110

■ Verification
– confirmation, through the provision of objective evidence, that specified
requirements have been fulfilled [ISO 9000:2005]
– NOTE Verification in a life cycle context is a set of activities that compares a
product of the life cycle against the required characteristics for that product. This
may include, but is not limited to, specified requirements, design description and
the system itself.
■ Validation
– confirmation, through the provision of objective evidence, that the requirements
for a specific intended use or application have been fulfilled [ISO 9000:2005]
– NOTE Validation in a life cycle context is the set of activities ensuring and gaining
confidence that a system is able to accomplish its intended use, goals and
objectives.

■ Requirements analysis
– The process of studying user needs to arrive at a definition of system, hardware,
or software requirements. [ISO/IEC 24765]
■ Requirements document
– a document containing any combination of recommendations, requirements or
regulations to be met by a software package. [ISO/IEC 24765]
■ Requirements phase
– the period of time in the software life cycle during which the requirements for a
software product are defined and documented. [ISO/IEC 24765]
2017-07-11 The text is extracted from ISO/IEC 29110

■ Software Requirements Specifications
– The SRS is a specification for a particular software product, program, or set of
programs that performs certain functions in a specific environment. The SRS
may be written by one or more representatives of the supplier, one or more
representatives of the customer, or by both. [IEEE830-98]
– The SRS document contains both functional and non functional requirements.
– The SRS can be materialized in a word document but it can also be managed in
a database or in a Excel file.

■ Requirement
1. A statement that identifies what a product or process must accomplish to produce
required behaviour and/or results. IEEE 1220-2005 IEEE Standard for the
Application and Management of the Systems Engineering Process. 3.1.16.
2. A system or software requirement that specifies a function that a
system/software system or system/software component must be capable of
performing. ISO/IEC 24765, Systems and Software Engineering Vocabulary.
3. A requirement that specifies a function that a system or system component must
be able to perform. [ISO/IEC24765]

■ Non Functional Requirement
– a software requirement that describes not what the software will do but how the
software will do it. ISO/IEC 24765, Systems and Software Engineering Vocabulary.
Syn. design constraints, non-functional requirement. See also: functional
requirement.
– NOTE for example, software performance requirements, software external
interface requirements, software design constraints, and software quality
attributes. Non functional requirements are sometimes difficult to test, so they are
usually evaluated subjectively. [ISO/IEC24765]
■ Baseline
– a specification or product that has been formally reviewed and agreed upon, that
thereafter serves as the basis for further development, and that can be changed
only through formal change control procedures. [ISO/IEC 12207]

■ Prototype
1. An experimental model, either functional or non functional, of the system or part
of the system. IEEE 1233, 1998 Edition (R2002) IEEE Guide for Developing System
Requirements Specifications. 3.12.
2. A preliminary type, form, or instance of a system that serves as a model for later
stages or for the final, complete version of the system. ISO/IEC 24765, Systems
and Software Engineering Vocabulary.
3. A model or preliminary implementation of a piece of software suitable for the
evaluation of system design, performance or production potential, or for the better
understanding of the software requirements. ISO/IEC 15910:1999 Information
technology -- Software user documentation process. 4.41. [ISO/IEC24765]

■ Traceable
– having components whose origin can be determined. [ISO/IEC24765]
■ Traceability matrix
– a matrix that records the relationship between two or more products of the
development process. [ISO/IEC24765]
2017-07-11

Project Management (PM) Process
■ Purpose
– To establish and carry out in a systematic way the tasks of the software
implementation project, which allows complying with the project’s
objectives in the expected quality, time and costs.

The seven objectives of the PM process
of the Basic Profile

Practical Example:
Project Management Practices
ISO/IEC 29110 model

User management functionalities, with
their estimated level of effort and priority

Project manager uses the project management process of the basic
profile to manage the project and produce or review the documents
Allocation of documents in a two-people VSE
Allocation of roles in a two-people VSE
Note: the set of roles will be attributed amongst
all people of the VSE using the same project
management and software implementation
processes of the basic profile.
Statement of Work -To initiate the development of the
project plan (SOW)

Software Implementation (SI) Process
■ The purpose of the Software Implementation process is the systematic
performance of the analysis, design, construction, integration and tests activities
for new or modified software products according to the specific requirements
2017-07-11

Software Implementation (SI) Process – 7 Objectives
■ Objectives
1. SI.O1. Tasks of the activities are performed through the accomplishment of
the current Project Plan.
2. SI.O2. Software requirements are defined, analyzed for correctness and
testability, approved by the Customer, baselined and communicated.
3. SI.O3. Software architectural and detailed design is developed and baselined.
It describes the software items and internal and external interfaces of them.
Consistency and traceability to software requirements are established.
4. SI.O4. Software components defined by the design are produced. Unit test
are defined and performed to verify the consistency with requirements and
the design. Traceability to the requirements and design are established.

Count.
5. SI.O5. Software is produced performing integration of software components
and verified using Test Cases and Test Procedures. Results are recorded at the
Test Report. Defects are corrected and consistency and traceability to
Software Design are established.
6. SI.O6. A Software Configuration, that meets the Requirements Specification
as agreed to with the Customer, which includes user, operation and
maintenance documentations is integrated, baselined and stored at the
Project Repository. Needs for changes to the Software Configuration are
detected and related Change Requests are initiated.
7. SI.O7. Verification and Validation tasks of all required work products are
performed using the defined criteria to achieve consistency among output and
input products in each activity. Defects are identified, and corrected; records
are stored in the Verification/Validation Results.

Software implementation process

Software implementation process of
ISO/IEC 29110
■ Software Requirements Analysis
■ Software Architecture and Detailed Design
■ Software Construction
■ Software Integration and Testing

Software Requirements Analysis
■ As defined in ISO/IEC 29110, the software requirements analysis
activity analyzes the requirements agreed to by the customer, and
establishes the validated project requirements.
■ This activity provides (ISO 2011c):
– Review of the project plan by the work team to determine task
assignment
– Commitment to the project plan by the work team and project
manager
– Establishment of an implementation environment

Software Architecture and Detailed
Design
■ As defined in ISO/IEC 29110, the software architectural and
detailed design activity transforms the software requirements
into the software system architecture and detailed software
design.

This activity provides (ISO 2011c):
– Work team review of the project plan to determine task assignment
– Design of the software architecture, software components, and associated
interfaces
– Detailed design of the software components and interfaces
– Work team review of the requirement specifications
– Verification of the software design and correction of defects
– Verification of the test cases and test procedures for integration testing
– Traceability of the software requirements to the software design, test cases,
and test procedures
– Design of the products and documents under version control

Traceability practical example

Software Construction
■ As defined in ISO/IEC 29110, the software construction activity develops the
software code and data from the software design.
– Work team review of the software design to determine the software construction
sequence
– Coded software components and unit testing applied
– Traceability between the software components and the software design

Software integration and testing
■ As defined in ISO/IEC 29110, the software integration and testing activity ensures
that the integrated software components satisfy the software requirements.
– Understanding of test cases and procedures, as well as the integration
environment
– Integration of software components, correction of defects, and documentation
of results
– Traceability of requirements and design to the integrated software product
– Documentation and verification of the operational and software user
documentation
– Verification of the software baseline

Effort to prevent, execute, detect, and
correct errors by the two-member team

RECOMMENDATIONS FOR FUTURE
USERS OF ISO/IEC 29110
■ Select the Appropriate Profile (entry, basic, intermediate, advanced)
■ Select the Right ISO/IEC 29110 Standard Language (The management and
engineering guides are available in English, French, Portuguese, and Spanish)
■ Take Advantage of Open Source Software Tools(The authors believe that the use of
these tools, such as GanttProject, Bugzilla, and Subversion, would be of significant
value to VSEs in developing their products)
■ Use the Deployment Packages (implementing the important tasks according to the
time factor)
■ Adapt the ISO/IEC 29110 Standard to the Organization(ISO/IEC 29110 part 5 is a
management and engineering guide developed to facilitate the implementation of
ISO/IEC 29110 formally defined in Part 4 (that is, the profile specifications).

Deployment Packages (DPs)
■ A deployment package is a set of artifacts developed to facilitate the
implementation of a set of practices, of the selected framework, in a
VSE.
– A deployment package is not a complete process reference
model. Deployment packages are not intended to preclude or
discourage the use of additional guidelines that VSEs find useful.
■ By deploying and implementing a Deployment Package, a VSE can
see its concrete step to achieve or demonstrate coverage to Part 5 *.
■ Deployment Packages are designed such that a VSE can implement
its content, without having to implement the complete framework at
the same time.
■ Each DP is reviewed and edited by 2 persons
– Ana Vasquez (Mexico)
– Claude Y Laporte (Canada)
2017-07-11
*And coverage to other standards and Models

2017-07-11 54
Deployment Packages for the Basic Profile
Requirements
Analysis
Version
Control
Tests
Project
Management
Architecture
and
Detailed Design
Product
Delivery
Self-Assessment
Construction
Verification
and
Validation
Deployment Packages are free !

Deployment Packages to support the
Software Basic Profile characteristics
■ Project artefacts are shared in one place;
■ Project documentation is managed;
■ A project progress dashboard can be generated;
■ Integrated with model-based solutions.

Table of Content of a Project
Management deployment package

Common VSE barriers to software
process improvement

Common opportunities that software
process improvement offers VSEs

Speaker Information
 Moutasm tamimi
Independent consultant , IT Researcher , CEO at ITG7
Instructor of: Project Development.
DBMS.
.NET applications.
Digital marketing.
Email: tamimi@itg7.com
LinkedIn: click here.

ISO 29110 Software Quality Model For Software SMEs

ISO 29110 Software Quality Model For Software SMEs

More Related Content

What's hot (20)

Similar to ISO 29110 Software Quality Model For Software SMEs (20)

More from Moutasm Tamimi (17)

Recently uploaded (20)

ISO 29110 Software Quality Model For Software SMEs