6/21/2008

Software Engineering
Standards
Introduction

1028
9126

730 12207

9000 CMM

15288
J-016 CMMI
1679

Outline
1. Definitions
2. Sources of Standards
3. Why Use Standards ?
4. ISO and Software Engineering Standards
5. IEEE Software Engineering Collection
Sources: IEEE Standards, Software Engineering, Volume Three: Product Standards,
Introduction to the1999 Edition, pages i to xxiii.
Horch, J., ‘Practical Guide to Software Quality management’, Artech House, 1996, chap 2.
Wells, J., ‘An Introduction to IEEE/EIA 12207’, US DoD, SEPO, 1999.
Moore, J., ‘Selecting Software Engineering Standards’, QAI Conference, 1998.
Moore, J., ‘The Road Map to Software Engineering: A Standards-Based Guide’, Wiley-IEEE
Computer Society Press, 2006.
Moore, J.,’An Integrated Collection of Software Engineering Standards’, IEEE Software, Nov 1999.
Gray, L., ‘Guidebook to IEEE/EIA 12207 Standard for Information Technology, Software Life
Cycle Processes’, Abelia Corporation, Fairfax, Virginia, 2000.
Coallier, F.; International Standardization in Software and Systems Engineering, Crosstalk,
February 2003, pp. 18-22.

6/21/2008 2

1
 6/21/2008

Exemple d’un système complexe

Système de transport aérien
Système de
transport
Système de Transport Aérien terrestre
Système de
Système de
gestion du trafic
réservation
aérien

Système Système
aéroportuaire de distribution
du kérosène

Système avionique
Système avion
Système de
Système de
gestion de la
Structure
vie à bord

Système
Systèmedede équipage
propulsion
propulsion
Système
Système de
Navigation Système
de Visualisation
navigation
system de visualisation
Système de
contrôle de vol

Système deréception
Système de réception Système de
GPS
GPS transport
terrestre
maritime

6/21/2008 3

Toward a Software Engineering Profession

• What does it take ?
1. Body of Knowledge (e.g. SWEBOK)
2. Standards
3. ‘Best practices’ (i.e. techniques proven to work)
4. Education
5. Code of Ethics
6. Certification mechanism
7. Licensing mechanism

Source: Steve McConnel, 1999

6/21/2008 4

2
 6/21/2008

Standard: Définition
• Mandatory requirements employed and
enforced to prescribe a disciplined uniform
approach to software development, that is,
mandatory conventions and practices are in
fact standards.

(ISO/IEC 24765, Systems and Software Engineering Vocabulary)

http://pascal.computer.org/sev_display/index.action

6/21/2008 5

Standard: Définition
• Formal mandatory requirements developed and used
to prescribe consistent approaches to development
(e.g., ISO/IEC standards, IEEE standards, and
organizational standards). (source: CMMI)
– Normative: “prescribing a norm or standard” (Webster)
– Informative: Tell users something useful about the standard
itself, or provide information that complements the
normative parts (source: Gray 2000)
Evaluation de
la conformité
Intrant

Extrant
6/21/2008 6
Processus

3
 6/21/2008

Normes et Standards
• Norme de jure
– Norme définie et adoptée par une organisation officielle
de normalisation, sur le plan national ou international.
• Norme de facto
– Norme qui n’a pas été définie ni entérinée par un
organisme officiel de normalisation mais qui s’est
imposée par la force des choses, parce qu’elle fait
consensus auprès des utilisateurs, d’un groupe
d’entreprises ou encore d’un consortium

Adapté de F Coallier

6/21/2008 7

Normes/Standards ouverts

• Sa définition est accessible à tous,

• Son utilisation n’est pas sujette à des redevances
de la part d’un propriétaire,
• Au moins une implémentation de référence existe,
• Il est possible de vérifier la conformité d’un
système/processus à ce standard

Adapté de F Coallier

6/21/2008 8

4
 6/21/2008

Software engineering: Definition

(1) The application of a systematic, disciplined,
quantifiable approach to the development, operation
and maintenance of software, that is, the application
of engineering to software.
-- IEEE Std 610.12

6/21/2008 9

Software engineering standards

• Approximately 315 software engineering standards,

guides, handbooks, and technical reports are
maintained by approximately 46 professional, sector,
national, and international standards organizations.
• In 1981, IEEE had one software engineering
standard. By year end 1997, the collection had grown
to 44.

Source: Moore 98
6/21/2008 10

5
 6/21/2008

Roles of Software Engineering

Standards
1. Specify techniques to develop software faster, cheaper, More
better, IEEE 982.1 (Measures for Reliable SW) exciting
2. Provide consensus validity for “best practices” that cannot
be scientifically validated, IEEE 1008 (Unit Testing)
3. Provide a systematic treatment of “ilities”, IEEE 730 (SW
Quality Assurance)
4. Provide uniformity in cases where agreement is more
important than small improvements, IEEE P1320.1
(IDEF0)
5. Provide a framework for communication between buyer
and seller, IEEE/EIA 12207 (SW Life Cycle Processes)
6. Give precise names to concepts that are fuzzy, complex,
detailed and multidimensional, IEEE 1028 (SW Reviews)
More
6/21/2008
Source: J Moore 98 effective
11

Software Engineering Standards - Scope

Process Technique/Tool Applicability
1. Acquisition 1. CASE tools 1. General
2. Requirements 2. Languages and 2. Defense
definition Notations 3. Financial
3. Design 3. Metrics 4. Medical
4. Code and Test 4. Privacy 5. Nuclear
5. Integration 5. Process 6. Process Control
6. Maintenance and Improvement 7. Scientific
Operations 6. Reliability 8. Shrink-wrap
7. CM 7. Safety 9. Transportation
8. Documentation 8. Security
9. Project Management 9. Software reuse
10. Quality Assurance 10. Vocabulary
11. V & V

Most software engineering standards are practice standards rather than

the more familiar product standards in other fields (e.g. chemistry).
6/21/2008 12
Source: Moore 98

6
 6/21/2008

Software Engineering Standards

Organizational Goals
1. Improve and evaluate software competence
2. Framework for two-party agreements
3. Evaluation of software products
4. Assurance of high integrity levels for software
products

Source: Moore 05
6/21/2008 13

Why Use Standards?

1. Establish uniform requirements and vocabulary for development and
documentation
2. Define a common framework for software life cycle processes
3. Clarify the roles and interfaces of participants
4. Clarify the types and contents of documentation
5. Identify the tasks, phases, baselines, reviews, and documents needed
6. Follow the lessons learned and proven (best) practices of the industry
7. Avoid the pitfalls and problems of the past
8. Save time and $ by not reinventing the wheel again (NRH vs. NIH).
9. Select a supplier or a developer (e.g. ISO 9000)
10. Impose requirements in a contract
11. Impose a trade barrier !
6/21/2008 (NRH= Not Re-Invented Here; NIH = Not Invented here) 14

7
 6/21/2008

Software Engineering Standards

in Courts (US)
• Courts generally view the application of standards as
important evidence that engineers performed their work
with appropriate diligence and responsibility.

• If sued for negligence or reckless conduct, an engineer can

cite the standards used when he or she conducted the work
to demonstrate that it was performed in accordance with
codified professional practices.

Moore, J.,’An Integrated Collection of Software Engineering Standards’, IEEE Software, Nov 1999.
6/21/2008 15

The Frameworks Quagmire

SCE People CMM DOD- DOD-
SDCE PSP
DOD- STD- STD-
SW-CMM STD- 2167A 2168
CBA IPI TSP 7935A Process Stds
Quality Stds
SCAMPI Maturity or
CMMI ISO/IEC
J-STD Capability
15504 MIL-STD-
016 Models
ISO FAA- 498
Appraisal
15939*
SA- iCMM# methods
CMM SSE- RTCA Guidelines
PSM CMM DO-178B
FAM** IEEE/EIA
Six IPD- 12207
CMM* SE-CMM
Sigma
Baldrige
EIA/IS SECAM ISO 9000 ISO/IEC
SAM
731 series 12207
IEEE Q9000
EIA/IS 1220 MIL-STD
632 499B* TL9000
ISO/IEC 15288*
EIA 632
Italic = obsolete
boxed = integrating
*not released **based on CBA IPI, SAM, and others supersedes Source: Sarah Sheard, SPC
# V2 also based on many others
based on
6/21/2008 See www.software.org/quagmire uses/references 16

8
 6/21/2008

Sources of Standards
1. Within an organization
– Documented from day-to-day activities
2. From consultants mandated to develop them
3. From manufacturers’ user groups (e.g. IBM)
4. From a group of companies working together (e.g. Telecom)
5. From professional groups (e.g. IEEE)
6. From government agencies (e.g. NASA, Transport)
7. From Standards Organizations (e.g. ISO)
8. From Countries (e.g. Conseil canadien des normes)

6/21/2008 17

Outline
1. Definitions
2. Sources of Standards
3. Why Use Standards ?
4. ISO and Software Engineering Standards
• Name of organization ISO comes from ‘ISOS’ a greek word
‘Equal’
5. IEEE Software Engineering Collection

6/21/2008 18

9
 6/21/2008

International Software Standards

Developers
ISO IEC ITU

TC176 JTC1 TC56 SC65A

Quality Information Technology Dependability Functional Safety

SC1 SC7 SC22

Terminology Software Language, OS
Engineering

WG7 Other WGs WG9 WG15

Life cycle processes Ada POSIX

Members of these committees are “national bodies,” i.e. countries,

represented by “national delegations.”

6/21/2008 19

International Organization
For Standardization
• ESTABLISHED: 1947
• OBJECT: Promote the development of standardization ... in the world
... to facilitating international exchange of goods and services
• MEMBERS: 148 countries
• Over 14,000 Standards
• TECHNICAL COMMITTEES (TCs): Carry out technical work
• TCs THAT MAY IMPACT SOFTWARE ENGINEERING:
- TC 10: Technical Drawings
- TC 20: Space and aircraft vehicles
- TC 46: Information and documentation
- TC 145: Graphical symbols
- TC 154: Documents and data elements in administration, commerce and industry
- TC 159: Ergonomics
- TC 176: Quality management and quality assurance
- TC 184: Industrial automation systems
6/21/2008 20

10
 6/21/2008

Joint Technical Committee 1

Information Technology
ISO IEC

JTC1
ESTABLISHED: 1987
OBJECT: TO CARRY ON STANDARDIZATION WORK IN INFORMATION TECHNOLOGY
SC1 - Vocabulary
SC2 - Character sets & information coding
SC6 - Telecommunications & information exchange between systems
SC7 - Software and System Engineering
SC11 - Flexible magnetic media for digital data interchange
SC14 - Representation of data elements
SC15 - Labeling and file structure
SC17 - Identification cards & related devices
SC18 - Document processing and related communication
SC21 - Information retrieval, transfer & management for OSI
SC22 - Programming languages, their environments & systems software interfaces
SC23 - Optical disk cartridges for information interchange
SC24 - Computer graphics and image processing
SC25 - Interconnection of information technology equipment
SC26 - Microprocessor systems
SC27 - IT security techniques
SC28 - Office equipment
SC29 - Coded representation of picture, audio and multimedia/hypermedia information
6/21/2008 21

SC7 - Terms of Reference

Standardization of processes, methods and

Standardization of processes, methods and
supporting technologies for the
supporting technologies for the
engineering and management of software
engineering and management of software
and systems throughout their life cycles.
and systems throughout their life cycles.

6/21/2008 22

11
 6/21/2008

ISO/IEC JTC 1/SC7

Industrial Quality
Project Engineering Management
Management (ISO TC 176)

SOFTWARE and SYSTEMS APPLICATION

DOMAINS
ENGINEERING
(many TCs)
Computer
Sciences and Safety
Engineering Dependability (IEC TC65),
Engineering Security, other
(IEC TC 56) mission-critical
6/21/2008 23

SC7 SWG 1
Prof F. Coallier BPG
SWG 5
Secretariat
Prof W Suryn Architecture
Management
WG 17
WG 19
ODP
ODP and Modeling
Enterprise Language Languages
WG2 WG 4
SYSTEM
SOFTWARE TOOLS AND
DOCUMENTATION ENVIRONMENT

WG6 , WG12 & WG13 WG 7

EVALUATIONS AND LIFE CYCLE
MEASUREMENTS PROCESSES
Prof J-M Desharnais
WG 9
WG 18
SYSTEM
Quality Management INTEGRITY
Prof W. Suryn WG 20 WG 21
WG 10 Certification of Software Asset Management
PROCESS ASSESSMENT
Engineers
Prof C Laporte WG24
Very Small Enterprises
6/21/2008 Prof C Laporte 24

12
 6/21/2008

Standards Produced
and Maintained by SC7
100
90
Standards Published
80 Standards Maintained
70

60
50
40
30

20
10
0
1987 1989 1991 1993 1995 1997 1999 2001 2003 2005 2007

SC7 Secretariat Report

Moscow, May 2007.
6/21/2008 25

Standards Collection Product

Systems Engineering Process Product packaging
15288 Implementation and 9127
Foundation Assessment
19760 Documentation
19759 12182 15289
Software
Software Body Vocabulary Engineering 15504
of Knowledge
Product Evaluation
Process
(SWEBOK) 12207 12119
Assessment
15271 Software Quality

90003 9126
14598
14756
Software
Functional size
3535 6592 15846 16085 19770 14764 16326 15939 measurement
14759 9294 15026 Asset Measurement
Configuration
Management
Software Project 14143
15910 Management
Risk & Integrity maintenance Management 19761
SC7’s
legacy 18019 20926
20968
Documentation
24570
Tools, Methods
5806 – 5807 – 6593 14102 10746, 13235 14568 15437
8631 – 8790 – 11411 14471 14750, 14752 15474 15909
15940 14753, 14769 15475 19501
SC7 Legacy Standards
18018 14771, 15414 15476 8807
Tools and 15935, 19500
CDIF Modeling
environment Specifications
6/21/2008 From SWG5 26

13
 6/21/2008

Relationships between
ISO/IEC software engineering standards

6/21/2008 SURYN, W., HAILEY V, COSTER, A., Huge potential user base for ISO/IEC 90003 27
the state of the art for improving quality in software engineering, ISO Focus, July-August 2004

Outline
1. Definitions
2. Sources of Standards
3. Why Use Standards ?
4. ISO and Software Engineering Standards
5. IEEE Software Engineering Collection
• http://standards.computer.org/sesc/
• Bibliothèque de l’ÉTS
• IExplore donne accès à toutes les normes IEEE

6/21/2008 28

14
 6/21/2008

IEEE Computer Society

Software Engineering Standards
Committee (SESC)
• Mission
1. Identify and understand user needs in the field of
software engineering
2. Develop an integrated family of standards that respond
effectively to user needs
3. Support implementation of these standards
4. Facilitate meaningful evaluation of resulting
implementations
– Using the IEEE processes to achieve consensus and
compatibility with other IEEE standards
– Harmonization with international standards
• e.g. ISO
6/21/2008 29

IEEE Computer Society

SESC Collection
• Purpose
1. Provide a vocabulary for communication between
participants in the software engineering process,
2. Provide objective criteria for understanding claims
regarding a product’s nature,
3. Provide methods for specifying product
characteristics, and
4. Assure that quality assurance practices were applied

Source: Tripp, L., ‘Benefits of Certification’, IEEE Computer, June 2002

6/21/2008 30

15
 6/21/2008

IEEE Computer Society

SESC Collection
• Currently numbers over 50
standards.
– Over 2400 pages
• Book provides a guide to the
collection.

6/21/2008 31

Software Engineering Standards:

Importance
1. They consolidate existing technology into a
firm basis for introducing newer technology
2. They increase professional discipline
3. They protect the business
4. They protect the buyer
5. They improve the product

Source: Moore 98
6/21/2008 32

16
 6/21/2008

IEEE Computer Society

SESC Collection
aids transforms
Process

interacts
Interects
with
with produces
Customer Project Product

uses

Applies to
Resource

6/21/2008 33

Framework of Collection
ISO and IEC
Terminology
Standards

Terminology Overall Guide

Customer Resource Process Product

Quality
Management
Principles or Policies

Element Standards
Software
Engineering Application Guides

System “Toolbox” of
Disciplines Technique Standards

6/21/2008 Source: Moore 98 34

17
 6/21/2008

SESC Collection
IEEE/EIA 12207 – Umbrella Standard
• IEEE/EIA12207, Software Life Cycle Processes, is an
umbrella for all of the customer and process standards in
the SESC collection.
• All of the relevant standards will be revised to improve
their fit with 12207
– Many of them will detail the processes of the 12207 framework.
• From the user’s viewpoint, IEEE/EIA 12207 will serve as
a single entry point to all the process standards of the IEEE
software engineering collection.
• As a baseline to articulate new processes.
– IEEE Std. 1517, Software Reuse Processes, adds three reuse
specific processes to those of 12207
– IEEE Std. 1540 standard adds a software risk management process.
6/21/2008 35

Outer Layer of SESC collection

610.12
Terminology IEEE glossary

Overall
[Moore97]
Guide

Principles

Element Customer Process Product Resource

Standards standards standards standards standards

Application
Guides and
Supplements

“Toolbox” of 1044 1044.1

Classification of Guide to
6/21/2008 Techniques anomalies 1044 36
Source: Moore 98

18
 6/21/2008

SESC Collection – Customer Stack

12207.0
Principles
Software life cycle processes

Two-Party Supplier
System Stakeholders
Agreement Selection

Element J-Std-016 1062 1220 1228

Acq / sup Software Systems eng SW safety
Standards agreement acquisition process plans

1233 1362
Guide--System Concept of
rqmts spec operations doc

Application 12207.1 and 2

Guides and
Guide to software life cycle data and processes
Supplements

Source: Moore 98
6/21/2008 37

SESC Collection – Process Stack

12207.0
Principles Software life cycle (SWLC) processes

General Primary Supporting Process

Processes Processes Processes Measurement

1220 J-Std-016 1045

Systems eng. Acq/sup
730 SW product-
process agreement SW QA plans ivity metrics

1362 830 1298

Concept of SW require- SW quality
operations doc ments spec mgmt system

1233 1008
Element
Guide--System SW unit
828
Standards rqmts spec testing SW CM plans

1058.1 829 1012

SW project SW test SW V & V
mgmt plans documentation plans

1074 1219 1028

Developing SW reviews
SW maint.
SWLC proc and audits

12207.1 730.1
Guide--SW life Guide--SW QA
cycle data planning

Application 12207.2 1042

Guides and Guide--SWLC Guide-
Supplements process SW CM

1074.1 1059
6/21/2008 Guide to 1074
Guide--SW 38
Source: Moore 98 V & V plans

19
 6/21/2008

SESC Collection –Product Stack

Principles

Charac- Product Product End Item

teristics Measurement Evaluation Specification

1061 1012 1362

Software quality SW V & V Concept of
metrics methodology plans operations doc

1233
730 Guide--System
SW QA plans reqmts spec
Element
Standards 982.1 1063
Measures for SW user
reliable SW documentation

1228
SW safety
plans

982.2 1059
Guide to Guide--SW
Application 982.1 V & V plans
Guides and
Supplements 730.1
Guide--SW QA
6/21/2008 Source: Moore 98 planning 39

SESC Collection – Resource Stack

Principles

Data Storage Reuse Tools &

Notation
& Interchange Libraries Environments

1175 P1320.x 1420.x 1209

Tool inter- Data model for Selection
IDEF
connection reuse lib interop of CASE tools

830 P1471 1348

SW rqmts Architectural Adoption of
specifications description CASE tools
Element
Standards 1016
SW design
descriptions

829
SW test
documentation

Application 1016.1 1430

Guides and Guide to Guide to
Supplements 1016 1420.x
6/21/2008 40
Source: Moore 98

20
 6/21/2008

SESC Standards for Project

Management
STANDARD TITLE VOLUME

IEEE std 1044-1993 IEEE Standard Volume Four : Resource

Classification for Software
Anomalies
IEEE std 1044.1-1995 IEEE Guide to
Classification for Software
Anomalies
IEEE std 1058-1998 IEEE Standard for Software
Project Management Plans
and Technique Standards
Volume Four : Resource
and
Volume Two : Process
Standards

IEEE std 1490-1998 IEEE Guide to the Project Volume Two : Process
management body of Standards
knowledge

6/21/2008 41

SESC Standards for Plans

STANDARD TITLE VOLUME

IEEE std 730-1998 IEEE Standard for Software Volume Two : Process
Quality Assurance Plans Standards

IEEE std 730.1-1995 IEEE Guide for Software Volume Two : Process
Quality Assurance Planning Standards

IEEE std 828-1998 IEEE Standard for Software Volume Two : Process
configuration Management Standards
Plans
IEEE std 1012-1998 IEEE Standard for Software Volume Two : Process
Verification and Validation Standards

IEEE std 1012a-1998 Supplement to IEEE Standard Volume Two : Process

for Software Verification and Standards
validation
IEEE std 1228-1998 IEEE Standard for Software Volume One : Customer and
Safety Plans Terminology Standards
6/21/2008 42

21

SESC Standards for
Documentation
STANDARD TITLE
IEEE std 829-1998 IEEE Standard for Software Test
Documentation
IEEE std 830-1998 IEEE Recommended Practice
for Software requirements
Specifications
IEEE std 1016-1998 IEEE Recommended Practice
for Software Design
Descriptions
IEEE std 1063-1987 IEEE Standard for Software
User Documentation
IEEE std 1233-1998 Edition IEEE Guide for Developing
System Requirements
Specifications
IEEE std 1362-1998 IEEE Guide for Information
Technology – System Definition
– Concept of Operations
Document
6/21/2008
SESC Standards for
Measurement
STANDARD TITLE
IEEE std 982.1-1998 IEEE Standard Dictionary of
Measures to Produce Reliable
Software
IEEE std 982.2-1998 IEEE Guide for the Use of
Standard Dictionary for
Measures to Produce Reliable
Software
IEEE std 1045-1992 IEEE Standard for Software
Productivity Metrics
IEEE std 1061-1998 IEEE Standard for a Software
Quality Metrics Methodology
6/21/2008
6/21/2008
VOLUME
Volume Four : Resource and
Technique standards
Volume Four : Resource and
Technique Standards
Volume Four : Resource and
Technique Standards
Volume Three : Product
Standards
Volume One : Customer and
terminology Standards
Volume One : Customer and
Terminology Standards
43
VOLUME
Volume Three : Product
standards
Volume Three : Product
Standards
Volume Two : Process
Standards
Volume Three : Product
Standards
44
22
 6/21/2008

Sites
• http://standards.computer.org/sesc/

• http://www.iso.ch/

6/21/2008 45

23