INTERNATIONAL ISO/IEC/

STANDARD IEEE
15289

Second edition
2015-05-15

Systems and software engineering —

Content of life-cycle information items
(documentation)
Ingénierie des systèmes et du logiciel — Contenu des articles
d'information du cycle de vie (documentation)

Recognized as an American National Standard

Reference number

ISO/IEC/IEEE 15289:2015(E)

© ISO/IEC 2015
© IEEE 2015

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat,
the IEC Central Office and IEEE do not accept any liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies
and IEEE members. In the unlikely event that a problem relating to it is found, please inform the ISO Central Secretariat or IEEE at the
address given below.

COPYRIGHT PROTECTED DOCUMENT

© ISO/IEC 2015
© IEEE 2015
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from ISO, IEC or IEEE at the respective
address below.
ISO copyright office IEC Central Office Institute of Electrical and Electronics Engineers, Inc.
Case postale 56 3, rue de Varembé 3 Park Avenue, New York
CH-1211 Geneva 20 CH-1211 Geneva 20 NY 10016-5997, USA
Tel. + 41 22 749 01 11 Switzerland E-mail [email protected]
Fax + 41 22 749 09 47 E-mail [email protected] Web www.ieee.org
E-mail [email protected] Web www.iec.ch
Web www.iso.org
Published in Switzerland

© ISO/IEC 2015 – All rights reserved

ii © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Contents Page

Foreword ............................................................................................................................................................ vi

Introduction ....................................................................................................................................................... vii
1 Scope ...................................................................................................................................................... 1
2 Applicability ........................................................................................................................................... 2
2.1 Purpose .................................................................................................................................................. 2
2.2 Intended users of this International Standard..................................................................................... 3
2.3 Applicability to work efforts.................................................................................................................. 3
2.4 Applicability to information item audiences ....................................................................................... 3
3 Conformance ......................................................................................................................................... 4
3.1 Definition of conformance .................................................................................................................... 4
3.2 Conformance situations ........................................................................................................................ 4
3.3 Type of conformance............................................................................................................................. 5
4 Normative references ............................................................................................................................ 5
5 Terms and definitions ........................................................................................................................... 5
6 Life-cycle data and information items ................................................................................................. 8
6.1 Life-cycle data characteristics .............................................................................................................. 8
6.2 Records compared to information items (documents) ...................................................................... 9
6.3 Management of life-cycle data (records) ............................................................................................. 9
6.4 Management of information items (documents) ................................................................................. 9
6.4.1 Developing the documentation plan ................................................................................................. 10
6.4.2 Managing and controlling information items ................................................................................... 10
7 Generic types of information items.................................................................................................... 10
7.1 General ................................................................................................................................................. 10
7.2 Description – generic content ............................................................................................................ 11
7.3 Plan – generic content......................................................................................................................... 11
7.4 Policy – generic content...................................................................................................................... 13
7.5 Procedure – generic content .............................................................................................................. 13
7.6 Report – generic content..................................................................................................................... 14
7.7 Request – generic content .................................................................................................................. 15
7.8 Specification – generic content .......................................................................................................... 15
8 Mapping of information items to the life cycle and service management processes ................... 16
8.1 Mapping of information items to the system life cycle..................................................................... 16
8.2 Mapping of information items to the software life cycle .................................................................. 20
8.3 Mapping of information items to the service management processes ........................................... 29
9 Records ................................................................................................................................................ 35
9.1 Record – generic content .................................................................................................................... 35
9.2 Specific record contents ..................................................................................................................... 36
10 Specific information item (document) contents ................................................................................ 40
10.1 General ................................................................................................................................................. 40
10.2 Acceptance plan .................................................................................................................................. 41
10.3 Acceptance review and testing report ............................................................................................... 41
10.4 Acquisition plan ................................................................................................................................... 41
10.5 Asset management plan...................................................................................................................... 42
10.6 Audit acknowledgement report .......................................................................................................... 42
10.7 Audit plan ............................................................................................................................................. 42

© ISO/IEC 2015 – All rights reserved

© IEEE 2015 – All rights reserved iii
Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

10.8 Audit procedure ...................................................................................................................................42

10.9 Audit report...........................................................................................................................................42
10.10 Capacity plan ........................................................................................................................................43
10.11 Capacity management procedure.......................................................................................................43
10.12 Change request ....................................................................................................................................43
10.13 Communication procedure..................................................................................................................44
10.14 Complaint procedure ...........................................................................................................................44
10.15 Concept of operations .........................................................................................................................44
10.16 Configuration management plan and policy .....................................................................................45
10.17 Configuration management procedure ..............................................................................................46
10.18 Configuration status report .................................................................................................................46
10.19 Contract ................................................................................................................................................47
10.20 Customer satisfaction survey .............................................................................................................47
10.21 Database design description ..............................................................................................................47
10.22 Development plan ................................................................................................................................48
10.23 Disposal plan ........................................................................................................................................49
10.24 Documentation plan .............................................................................................................................49
10.25 Documentation procedure ..................................................................................................................49
10.26 Domain engineering plan ....................................................................................................................50
10.27 Evaluation report ..................................................................................................................................50
10.28 Implementation procedure ..................................................................................................................50
10.29 Improvement plan ................................................................................................................................50
10.30 Improvement procedure ......................................................................................................................51
10.31 Incident management procedure ........................................................................................................51
10.32 Incident report ......................................................................................................................................52
10.33 Information management plan ............................................................................................................52
10.34 Information management procedure ..................................................................................................53
10.35 Information security plan ....................................................................................................................53
10.36 Information security policy .................................................................................................................54
10.37 Information security procedure ..........................................................................................................54
10.38 Installation plan ....................................................................................................................................54
10.39 Installation report .................................................................................................................................54
10.40 Integration and test report...................................................................................................................55
10.41 Integration plan ....................................................................................................................................55
10.42 Interface description ............................................................................................................................55
10.43 Life-cycle policy and procedure..........................................................................................................56
10.44 Maintenance plan .................................................................................................................................56
10.45 Maintenance procedure .......................................................................................................................56
10.46 Measurement plan ................................................................................................................................57
10.47 Monitoring and control report .............................................................................................................57
10.48 Operational test procedure .................................................................................................................57
10.49 Problem management procedure .......................................................................................................58
10.50 Problem report .....................................................................................................................................58
10.51 Process assessment procedure .........................................................................................................59
10.52 Process improvement analysis report ...............................................................................................59
10.53 Product need assessment ...................................................................................................................59
10.54 Progress report ....................................................................................................................................60
10.55 Project management plan ...................................................................................................................60
10.56 Proposal................................................................................................................................................61
10.57 Qualification test procedure................................................................................................................61
10.58 Qualification test report .......................................................................................................................61
10.59 Quality management plan....................................................................................................................62
10.60 Quality management policy and procedure .......................................................................................62
10.61 Release plan .........................................................................................................................................62
10.62 Request for proposal (RFP).................................................................................................................63
10.63 Resource request .................................................................................................................................64
© ISO/IEC 2015 – All rights reserved
iv © IEEE 2015 – All rights reserved.

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

10.64 Reuse plan ............................................................................................................................................ 64

10.65 Review minutes .................................................................................................................................... 64
10.66 Risk action request .............................................................................................................................. 64
10.67 Risk management policy and plan ..................................................................................................... 65
10.68 Service catalog .................................................................................................................................... 65
10.69 Service continuity and availability plan ............................................................................................. 65
10.70 Service level agreement (SLA) ........................................................................................................... 66
10.71 Service management plan................................................................................................................... 66
10.72 Service plan .......................................................................................................................................... 67
10.73 Service report ....................................................................................................................................... 67
10.74 Software architecture description ...................................................................................................... 68
10.75 Software design description ............................................................................................................... 69
10.76 Software requirements specification ................................................................................................. 70
10.77 Software unit description .................................................................................................................... 70
10.78 Software unit test procedure .............................................................................................................. 70
10.79 Software unit test report ..................................................................................................................... 71
10.80 Supplier management procedure ....................................................................................................... 71
10.81 Supplier selection procedure ............................................................................................................. 71
10.82 System architecture description ........................................................................................................ 71
10.83 System element description ............................................................................................................... 72
10.84 System requirements specification.................................................................................................... 72
10.85 Training documentation ...................................................................................................................... 73
10.86 Training plan ........................................................................................................................................ 73
10.87 User documentation ............................................................................................................................ 73
10.88 User notification................................................................................................................................... 74
10.89 Validation plan ..................................................................................................................................... 74
10.90 Validation report .................................................................................................................................. 74
10.91 Validation test specification ............................................................................................................... 75
10.92 Verification plan ................................................................................................................................... 75
10.93 Verification report ................................................................................................................................ 76
Annex A (informative) Procedure for identifying information items and their contents .......................... 77
Annex B (informative) Information items and records by source ............................................................... 79
Bibliography ...................................................................................................................................................... 83

List of Tables
Table 1 — Mapping of ISO/IEC 15288:2008 (IEEE Std 15288-2008), clauses to information items
for each system life-cycle process ................................................................................................... 17
Table 2 — Mapping of ISO/IEC 12207:2008 (IEEE Std 12207-2008) clauses to information items
for each software life-cycle process ................................................................................................. 22
Table 3 — Mapping of ISO/IEC 20000-1:2011 (IEEE Std 20000-1:2013) and ISO/IEC 20000-2:2012 (IEEE
Std 20000-2:2013) clauses to information items for each service management process ........... 30
Table 4 — Record references and contents .................................................................................................. 36
Table B.1 — Information items by source ...................................................................................................... 79
Table B.2 — Records by source ...................................................................................................................... 81

© ISO/IEC 2015 – All rights reserved

© IEEE 2015 – All rights reserved v
Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards ISO (the
International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the
specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in
the development of International Standards through technical committees established by the respective
organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in
fields of mutual interest. Other international organizations, governmental and non- governmental, in liaison with
ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a
joint technical committee, ISO/IEC JTC 1.

IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating Committees
of the IEEE Standards Association (IEEE-SA) Standards Board. The IEEE develops its standards through a
consensus development process, approved by the American National Standards Institute, which brings together
volunteers representing varied viewpoints and interests to achieve the final product. Volunteers are not
necessarily members of the Institute and serve without compensation. While the IEEE administers the process
and establishes rules to promote fairness in the consensus development process, the IEEE does not
independently evaluate, test, or verify the accuracy of any of the information contained in its standards.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of ISO/IEC JTC 1 is to prepare International Standards. Draft International Standards adopted by
the joint technical committee are circulated to national bodies for voting. Publication as an International Standard
requires approval by at least 75 % of the national bodies casting a vote.

Attention is called to the possibility that implementation of this standard may require the use of subject matter
covered by patent rights. By publication of this standard, no position is taken with respect to the existence or
validity of any patent rights in connection therewith. ISO/IEEE is not responsible for identifying essential patents or
patent claims for which a license may be required, for conducting inquiries into the legal validity or scope of
patents or patent claims or determining whether any licensing terms or conditions provided in connection with
submission of a Letter of Assurance or a Patent Statement and Licensing Declaration Form, if any, or in any
licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that
determination of the validity of any patent rights, and the risk of infringement of such rights, is entirely their own
responsibility. Further information may be obtained from ISO or the IEEE Standards Association.

ISO/IEC/IEEE 15289 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering, in cooperation with the Software & Systems Engineering
Standards Committee of the IEEE Computer Society, under the Partner Standards Development Organization
cooperation agreement between ISO and IEEE.

This second edition cancels and replaces the first edition (ISO/IEC 15289:2011), of which it constitutes a minor
revision. This second edition reflects ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) and ISO/IEC 20000-2:2012
(IEEE Std 20000-2-2013), which replaced ISO/IEC 20000-1:2005 and ISO/IEC 20000-2:2005.

© ISO/IEC 2015 – All rights reserved

vi © IEEE 2015 – All rights reserved.

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Introduction
The purpose of this International Standard is to provide requirements for identifying and planning the specific
information items (information products) to be developed and revised during systems and software life cycles
and service processes. This International Standard specifies the purpose and content of all identified systems
and software life-cycle information items, as well as information items for information technology service
management. The information item contents are defined according to generic document types and the specific
purpose of the document. Information items may be combined or subdivided as needed for project or
organizational purposes.

This International Standard is based on the life-cycle processes specified in ISO/IEC 12207:2008 (IEEE Std
12207-2008), Systems and software engineering — Software life cycle processes; ISO/IEC 15288:2008 (IEEE
Std 15288-2008), Systems and software engineering — System life cycle processes; and the service
management processes specified in ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013), Information technology —
Service management — Part 1: Service Management System Requirements; and ISO/IEC 20000-2:2012 (IEEE
Std 20000-2-2013), Information technology — Service management — Part 2: Guidance on the application of
service management systems.

IEEE contributed IEEE Std 12207.1-1997, IEEE Guide for Information Technology — Software Life Cycle
Processes — Life Cycle Data. (ISO/IEC 12207) IEEE Guide for Standard for Information Technology — Software
life cycle processes — Life cycle data, as a source for this International Standard

© ISO/IEC 2015 – All rights reserved

© IEEE 2015 – All rights reserved vii
Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Systems and software engineering — Content of life-cycle

information items (documentation)

1 Scope
This International Standard specifies the purpose and content of all identified systems and software life-cycle and
service management information items (documentation). The information item contents are defined according to
generic document types, as presented in Clause 7, and the specific purpose of the document (Clause 10).

This International Standard assumes an organization is implementing life-cycle processes, or practicing service
management, using one or more of the following:

x ISO/IEC 15288:2008 (IEEE Std 15288-2008), Systems and software engineering — System life cycle
processes,

x ISO/IEC 12207:2008 (IEEE Std 12207-2008), Systems and software engineering — Software life cycle
processes

x ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013), Information technology — Service management — Part 1:
Service management system requirements

This International Standard provides a mapping of ISO/IEC 15288:2008 (IEEE Std 15288-2008), ISO/IEC
12207:2008 (IEEE Std 12207-2008), and ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) and ISO/IEC
20000-2 (IEEE Std 20000-2-2013) clauses with a set of information items. It provides a consistent approach to
meeting the information and documentation requirements of systems and software engineering and IT service
management.

ISO/IEC 12207:2008 (IEEE Std 12207-2008) and ISO/IEC 15288:2008 (IEEE Std 15288-2008) define a set of
processes for managing and performing the stages of a systems life cycle. They define an Information
Management process, but they do “not detail documentation in terms of name, format, explicit content, and
recording media”. ISO/IEC 15288:2008 (IEEE Std 15288-2008), and ISO/IEC 12207:2008 (IEEE Std 12207-2008)
establish a common framework for software life-cycle processes and in passing identify or require a number of
documentation items. Its process reference model does not represent a particular process implementation
approach, nor does it prescribe a system/software life-cycle model, methodology, or technique. ISO/IEC
12207:2008 (IEEE Std 12207-2008) does not always specify when software information items are to be prepared,
nor does it identify information item contents. ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) establishes
comprehensive requirements for documents and records, with some specific requirements. ISO/IEC 20000-2:2012
(IEEE Std 20000-2-2013), Information technology — Service management — Part 2: Guidance on the application
of service management systems provides guidance on the use of Part 1.

The generic document types (which may be referred to as information item types) are to be used to identify the
information necessary to support the ISO/IEC 15288:2008 (IEEE Std 15288-2008) agreement, enterprise, project,
and technical processes; the ISO/IEC 12207:2008 (IEEE Std 12207-2008) primary, supporting, and
organizational life-cycle processes; or the ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) service
management system (SMS), service delivery, relationship, resolution, and control processes.

For each life-cycle process or service, it would be possible to prepare a policy, plan, procedures, and reports, as
well as numerous records, requests, descriptions and specifications. Such an elaboration of the documentation
schema would be more rigorous than specified by ISO/IEC 15288:2008 (IEEE Std 15288-2008) or ISO/IEC
12207:2008 (IEEE Std 12207-2008). As ISO/IEC 15288:2008 (IEEE Std 15288-2008) points out (1.4), “This

1
© ISO/IEC 2015 – All rights reserved
© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

International Standard does not detail the life-cycle processes in terms of methods or procedures required to meet
the requirements and outcomes of a process.” Thus, information items may be combined or subdivided as
needed for project or organizational purposes, as further defined in Clause 2, Applicability, and Clause 3,
Conformance.

This International Standard does not establish a service management system.

The scope of this International Standard does not include the following:

a) the format or content of recommended input data or input information items, except for the content of those
input items that are also output information items;

b) instructions on combining or subdividing information items and information item contents of a similar nature;

c) guidance on selecting an appropriate presentation format, delivery media, and maintenance technology for
system and software life-cycle data, records, information items, or documentation, such as electronic
publishing systems, content management systems, or data repositories;

NOTE 1 ISO/IEC/IEEE 26531, System and software engineering — Content management for product life-cycle, user, and
service management documentation, provides requirements for content management and component content management
systems.

d) detailed content for information items related to general business, organizational, and financial
management that is not specific to systems and software engineering and information technology service
management, such as business strategies, human resources and investment policies, personnel selection
criteria, financial budgeting and accounting policies and procedures, cost reports, or payroll data;
e) information items showing only approval of an ISO/IEC 12207:2008 (IEEE Std 12207-2008) subclause,
such as ISO/IEC 12207:2008 (IEEE Std 12207-2008), 6.1.2.3.4.5;
f) any ISO/IEC 15288:2008 (IEEE Std 15288-2008) or ISO/IEC 12207:2008 (IEEE Std 12207-2008) subclause
not explicitly or implicitly identifying the recording of information about an activity or task, for example,
ISO/IEC 12207:2008 (IEEE Std 12207-2008), 6.4.4;
g) work products, models, software, and other artifacts of life-cycle products and services that are not
information items or records used in information items.

NOTE 2 ISO/IEC 26514:2008, Systems and software engineering — Requirements for designers and developers of user
documentation, provides guidance on formats for software user documentation.

NOTE 3 ISO/IEC 15504-5:2012, Information technology — Process Assessment — Part 5: An exemplar software life cycle
process assessment model, Annex B (informative), and ISO/IEC 15504-6:2013 Information technology — Process
assessment — Part 6: An exemplar system life cycle process assessment model, Annex B (informative) detail the content of
work products as well as information items. Their guidance includes descriptions of a set of information items (documents) that
an assessor may encounter. The information items in their guidance may be produced by combinations and subdivisions of the
required information items in this International Standard.

2 Applicability

2.1 Purpose

The purpose of this International Standard is to provide requirements for users of ISO/IEC 12207:2008
(IEEE Std 12207-2008), ISO/IEC 15288:2008 (IEEE Std 15288-2008) and ISO/IEC 20000-1:2011
(IEEE Std 20000-1-2013) for identifying and planning the specific information items (information products) to be
developed and revised during systems and software life cycles and service management processes. This
International Standard is intended for use as follows.

a) To address the technical information needed by those involved in ISO/IEC 15288:2008 (IEEE Std 15288-
2008) and ISO/IEC 12207:2008 (IEEE Std 12207-2008) processes.

© ISO/IEC 2015 – All rights reserved

2 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

b) To specify information in an agreement process as described in ISO/IEC 15288:2008 (IEEE Std 15288-
2008) or a two-party situation as described in ISO/IEC 12207:2008 (IEEE Std 12207-2008), ISO/IEC
20000-1:2011 (IEEE Std 20000-1-2013) and ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013). The two-
party situation may range from an informal agreement within an organization to a legally binding contract
between organizations.
c) To develop information items that provide evidence for process assessment performed with respect to
ISO/IEC 15504, and to guide process improvement activities.
d) To guide a single party in self-imposed tasks.

2.2 Intended users of this International Standard

This International Standard is applicable for use by:

a) project managers responsible for the Information Management process of ISO/IEC 15288:2008 (IEEE Std
15288-2008) (6.3.6) during a system life cycle;
b) project managers responsible for identifying information item requirements and document contents when
using ISO/IEC 12207:2008 (IEEE Std 12207-2008), or any other software engineering life-cycle process, to
help determine what should be documented, when the documentation should be developed, and what the
contents of the documents should be;
c) acquirers responsible for determining what information items are needed to help ensure the quality of the
project, or delivered system, product or service;
d) individuals who write or support the design and development of service, systems and software information
items;
e) individuals responsible for identifying information items required to claim conformance with ISO/IEC
12207:2008 (IEEE Std 12207-2008), ISO/IEC 15288:2008 (IEEE Std 15288-2008), or ISO/IEC 20000-1:2011
(IEEE Std 20000-1-2013);
f) individuals undertaking service, system or software process improvement in their organizations.

2.3 Applicability to work efforts

Use of this International Standard is not limited by size, complexity or criticality of the project. It may be
applied to:

a) any type of project and life-cycle process;

b) any of the activities and tasks of a project and system or software product or service life cycle;
c) all forms of information items, information item content and document delivery media;
d) documentation in Commercial-Off-The-Shelf (COTS) products when the COTS product is specified as a
deliverable under a two-party situation.

NOTE See ISO/IEC 12207:2008 (IEEE Std 12207-2008), 1.2.

2.4 Applicability to information item audiences

Users of this International Standard should map this International Standard to the requirements and needs of their
agreements, or project and organizational procedures. The type of decision to be made or the work to be performed,
by users of the information should be considered before an information item is prepared. Reviewing and
understanding the requirements, needs, and background of users and stakeholders are essential to applying this
International Standard accurately and economically, since some information items are designed for various purposes
and user groups:

a) To provide information to specialized types of users who may not be a part of a particular project;
b) To address the same type of user but in environments not normally coexisting in the same effort;
c) To aid both users who are expected to be computer-literate and understand technical terminology, and
users who may not have this background.

© ISO/IEC 2015 – All rights reserved 3

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

3 Conformance

3.1 Definition of conformance

This International Standard may be used as a conformance or a guidance document for projects and organizations
claiming conformance to ISO/IEC 15288:2008 (IEEE Std 15288-2008), ISO/IEC 12207:2008 (IEEE Std 12207-
2008), or ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013).

NOTE 1 Service providers should refer to ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) and ISO/IEC TR 20000-
3:2012 regarding claims of conformance for a defined certification scope, for example, organizational units, services,
location.

NOTE 2 ISO/IEC 20000-1:2011 is a management system standard stating requirements for service providers. Some
requirements of this standard are not requirements of ISO/IEC 20000-1. Some requirements of ISO/IEC 20000-1 are not
requirements of this standard.

If the selected system or software life-cycle processes have been tailored in conformance with ISO/IEC 15288 or
ISO/IEC 12207, to claim conformance to this International Standard, the user of this International Standard shall
prepare the information items identified in this International Standard applicable to the selected and tailored
ISO/IEC 15288:2008 (IEEE Std 15288-2008), ISO/IEC 12207:2008 (IEEE Std 12207-2008), processes.

The generic and specific record and information item titles and contents in Clauses 7, 9, and 10 of this
International Standard may be tailored to satisfy requirements of an organization, its projects, or agreements
based on the tailored conformance to ISO/IEC 15288:2008 (IEEE Std 15288-2008) or ISO/IEC 12207:2008
(IEEE Std 12207-2008). In tailoring, information items provided in this International Standard may be modified
(added to, combined or retitled). The contents of the information items shall correspond to the selected and
tailored processes.

NOTE 3 Annex A of ISO/IEC 15288:2008 (IEEE Std 15288-2008) and ISO/IEC 12207:2008 (IEEE Std 12207-2008)
provide requirements for the Tailoring Process.

In this International Standard, for simplicity of reference, each information item is described as if it were
published as a separate document. However, information items shall be considered as conforming if they are
unpublished but available in a repository for reference, divided into separate documents or volumes, or
combined with other information items into one document. Use of the nomenclature of the specific records in
Clause 9 or the information item titles in Clause 10 is not required to claim conformance with this International
Standard.

Throughout this International Standard, “shall” is used to express a provision that is normative, “should” to
express a recommendation among other possibilities, and “may” to indicate a course of action permissible
within the limits of this International Standard.

The verb “include” used in this International Standard indicates that either (1) the information is present or (2) a
reference to the information is listed.

3.2 Conformance situations

Conformance may be claimed for organizations, projects, multi-supplier projects, services, and information
items, as identified in the claim of conformance:

a) When conformance is claimed for an organization or a service provider, the organization or service provider
shall make public a document declaring its tailoring of the records and information items, and its interpretation
of any clauses of the standard that reference “the contract.”
b) When conformance is claimed for a project (or program), the project plans or the contract shall document the
tailoring of the records and information items, and the interpretation of any clauses of the standard that
reference “the contract.”

© ISO/IEC 2015 – All rights reserved

4 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

c) When conformance is claimed for multi-supplier projects, it may be the case that no individual project can
claim conformance because no single contract calls for all the required records and information items.
Nevertheless, the projects, as a whole, may claim conformance if each of the required records and
information items is produced by an identified party. The program plans shall document the tailoring of the
records and information items, and their assignment to the various parties, as well as the interpretation of any
clauses of the standard that reference “the contract.”
d) When conformance is claimed for an information item, the item shall contain the generic contents required in
Clause 7 of this International Standard and the specific content required in Clause 10.

NOTE 1 One possible way for an organization to deal with clauses that cite “the contract” is to specify that they shall be
interpreted in the project plans for any particular project. A project’s claim of conformance is typically specified with respect to
the organization’s claim of conformance.

NOTE 2 In accordance with ISO/IEC 17000:2004, Conformity assessment — Vocabulary and general principles, an
organization or a project or a multi-supplier program may be said to comply with this document when its products (the
information items) fulfill the requirements, but the organization, project or program has not met the specific requirements for
conformance stated in items (a), (b) or (c) above.

3.3 Type of conformance

One of the following types of conformance shall be asserted. The selected type shall be identified in the claim of
conformance:

a) Tailored: The minimum set of required information items is determined by tailoring of processes and
activities in accordance with Annex A of ISO/IEC 12207:2008 (IEEE Std 12207-2008) or Annex A of
ISO/IEC 15288:2008 (IEEE Std 15288-2008).

b) Absolute: The minimum set of required information items is all of those specified as normative (that is,
clauses containing “shall”) in the text of the normative reference standards.

NOTE Absolute conformance may be claimed for selected processes or information items even if absolute conformance
with the entire standard is not claimed

4 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are indispensable
for its application. For dated references, only the edition cited applies. For undated references, the latest edition of
the referenced document (including any amendments) applies.

ISO/IEC 12207:2008 (IEEE Std 12207-2008), Systems and software engineering — Software life cycle processes

ISO/IEC 15288:2008 (IEEE Std 15288-2008), Systems and software engineering — System life cycle processes

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013), Information technology — Service management — Part 1:
Service management system requirements

5 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC/IEEE 24765 (available
at www.computer.org/sevocab and the following apply.

NOTE ISO/IEC 20000-1:2011 contains different definitions for the terms document, procedure, record and service request.
The definitions used in ISO/IEC 20000-1 should be used when conforming to that standard.

© ISO/IEC 2015 – All rights reserved 5

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

5.1
approval
notification by an authorized representative that a deliverable item appears to satisfy requirements and is
complete

Note 1 to entry: Such approval does not shift responsibility from the supplier to meet requirements under a two-party
situation.

5.2
complaint
record of perceived non-compliance with a service level agreement or customer dissatisfaction with service

5.3
complete [documentation]
including all critical information and any necessary, relevant information for the intended audience

5.4
consistent
without internal conflicts

5.5
Commercial-Off-The-Shelf
COTS
product available for purchase and use without the need to conduct development activities

5.6
criteria
rules on which a judgment or decision can be based, or by which a product, service, result, or process can be
evaluated

5.7
critical information
information describing the safe use of the software, the security of the information created with the software, or the
protection of the sensitive personal information created by or stored with the software

[SOURCE: ISO/IEC 26514:2008]

5.8
database
collection of data organized according to a conceptual structure describing the characteristics of the data and the
relationships among their corresponding entities, supporting one or more application areas

5.9
description
information item that represents a planned or actual concept, function, design, or object

5.10
document
uniquely identified unit of information for human use

EXAMPLE report, specification, manual or book, in printed or electronic form

Note 1 to entry: A document can be a single information item, or part of a larger information item.

© ISO/IEC 2015 – All rights reserved

6 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

5.11
documentation plan
plan identifying the documents to be produced during the system or software life cycle

5.12
include [information]
having either the information or a reference to the information present in the document

5.13
information item
separately identifiable body of information that is produced, stored, and delivered for human use

Note 1 to entry: “information product” is a synonym. A document produced to meet information requirements can be an
information item, or part of an information item, or a combination of several information items.

Note 2 to entry: An information item can be produced in several versions during a project life cycle.

5.14
information item content
information included in an information item, associated with a system, product or service, to satisfy a requirement or
need

5.15
information item type
group of information items consistent with a pre-arranged set of generic criteria

Note 1 to entry: “generic document type” is a synonym.

EXAMPLE A “plan” is the information item type for all plans and “report” is the information item type for all reports.

5.16
modifiable
structured and has a style such that changes can be made completely, consistently, and correctly while
retaining the structure

5.17
plan
information item that presents a systematic course of action for achieving a declared purpose, including when, how,
and by whom specific activities are to be performed

5.18
policy
clear and measurable statement of preferred direction and behavior to condition the decisions made within an
organization

[SOURCE: ISO/IEC 38500:2008]

5.19
presentable
retrievable and viewable

5.20
procedure
information item that presents an ordered series of steps to perform a process, activity, or task

Note 1 to entry: A procedure defines an established and approved way or mode of conducting business in an organization. It
details permissible or recommended methods in order to achieve technical or managerial goals or outcomes.

© ISO/IEC 2015 – All rights reserved 7

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

5.21
process
set of interrelated or interacting activities which transforms inputs into outputs

5.22
record
set of related data items treated as a unit

5.23
report
information item that describes the results of activities such as investigations, observations, assessments, or tests

5.24
request
information item that initiates a defined course of action or change to fulfill a need

5.25
service request
request for information, or for a routine change or procedure with previously evaluated risk

EXAMPLE a request to provide access to a controlled application, a request to move hardware

5.26
software item
identifiable part of a software product

EXAMPLE identification and descriptions of the software product, software life-cycle data, archive and release data, and
instructions for building the executable object code

5.27
specification
information item that identifies, in a complete, precise, and verifiable manner, the requirements, design,
behavior, or other expected characteristics of a system, service, or process

5.28
traceable
having components whose origin can be determined

5.29
unambiguous
described in terms that allow only a single interpretation, aided, if necessary, by a definition

5.30
verifiable
can be checked for correctness by a person or tool

6 Life-cycle data and information items

6.1 Life-cycle data characteristics

This International Standard specifies how life-cycle data is managed in information items. The required data from
the life-cycle or service process shall be organized into records and presented in one or more information items,
and shall be consistent with an information item generic type. An information item shall include its generic
information item contents (Clause 7).

© ISO/IEC 2015 – All rights reserved

8 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Each set of records and each information item produced as a document described in this International
Standard shall support the life-cycle data characteristics:

a) unambiguous
b) complete
c) verifiable
d) consistent
e) modifiable
f) traceable
g) presentable.

6.2 Records compared to information items (documents)

A record is a special type of information containing a set of structured data treated as a unit. Table 4 in Clause 9
identifies records. Consistent with the ISO 9000 series, the purpose of a record is to state results achieved or to
provide evidence of activities performed by an organizational entity. In fact, ISO/IEC 20000-1:2011 (IEEE Std
20000-1-2013) defines record as a “document stating results achieved or providing evidence of activities
performed” and considers any document or information item to be a record. However, this International
Standard distinguishes between records of data and documents (information items).

Data records gain their value from being combined with other records in a set, typically by inclusion in
structured databases, registers, or repositories where the individual records are available for retrieval and
analysis. Records hold the factual data (evidence) for the other generic information types. Data can be
aggregated into records, and these records may be included in a report which is already defined as a
particular information item (e.g. test report), or they may exist separately for other uses defined by the project. A
single record, a selection of records, or a complete listing of the repository’s contents is not suitable for
issuance as a complete communication product as are the information items (documents) such as a plan or
procedure. The information items (documents) are produced and communicated for human use and contain
formal elements (such as purpose, scope, and summary), intended to make them usable by their intended
audience.

6.3 Management of life-cycle data (records)

Life-cycle data results from the execution of the process or service management system activities and tasks of the
standard. Many of the clauses in ISO/IEC 15288:2008 (IEEE Std 15288-2008) and ISO/IEC 12207:2008 (IEEE
Std 12207-2008) require life-cycle data to be produced or recorded. However, the clauses of ISO/IEC 15288:2008
(IEEE Std 15288-2008) and ISO/IEC 12207:2008 (IEEE Std 12207-2008) do not dictate the content, location,
format, or media to be used to record and maintain the data. When choosing appropriate data to be recorded,
record managers should also determine where in the organization or project’s record- keeping systems the data
should be recorded. Records may be maintained in databases, registers, repositories, archives, or other data
management systems. Organizations or projects shall establish record retention policies in consideration of
system life-cycle and organizational or service management needs for the data. Clause 9 defines the content of
generic records and recommends content for specific records.

NOTE Requirements and guidance for records management are found in ISO/IEC 16175:2010, Information and
documentation — Principles and functional requirements for records in electronic office environments — Part 1: Overview and
statement of principles.

6.4 Management of information items (documents)

The management of information items shall be performed by applying the Information Management process of
ISO/IEC 12207:2008 (IEEE Std 12207-2008) and ISO/IEC 15288:2008 (IEEE Std 15288-2008), the
Documentation Management and Software Documentation Management processes of ISO/IEC 12207:2008
(IEEE Std 12207-2008), including the knowledge management activities of ISO/IEC 15288:2008 (IEEE Std
15288-2008) clause 6.2.4, or the documentation management activities of ISO/IEC 20000-1:2011 (IEEE Std 20000-
1-2013). The Information Management Process should support the needs of a project and the related product or

© ISO/IEC 2015 – All rights reserved 9

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

service. It should include procedures for preparing, collecting, identifying, classifying, distributing, storing,
updating, archiving, and retrieving information.

Annex A of this International Standard provides a summary procedure for identifying and planning for
information items and their contents. Information items should be defined to be applicable to multiple related
processes used by a project or organization, or to related services (such as incident and problem management).
Information items may be combined or subdivided consistent with the project, service, or system processes,
phases, and stakeholder needs.

The information management process shall include these activities:

a) Identify the documents to be produced by the organization, service, process or project;

b) Specify the content and purpose of all documents and plan and schedule their production;
c) Identify the standards to be applied for development of documents;
d) Develop and publish all documents in accordance with identified standards and in accordance with nominated
plans;
e) Maintain all documents in accordance with specified criteria.

6.4.1 Developing the documentation plan

The tasks to be performed in the Documentation Management Process shall be identified in a Documentation
Plan. When developing the Documentation Plan, consideration should be given to policies and procedures of the
acquirer and supplier. The Documentation Management Process for each project should be considered as part of a
repeatable process for the acquirer and supplier.

NOTE A documentation plan may be created for an entire organization or for multiple projects and services that reuse
document content.

6.4.2 Managing and controlling information items

Projects, organizations, and services may include their record descriptions and tailored information item
descriptions in a data dictionary or work breakdown structure. This practice helps the document management,
development, and maintenance activities. An established hierarchy of information items should be prescribed and
a mechanism developed for resolving conflicts between items. For example, there should be one master schedule
for the entire suite of plans relating to a single project, and schedule information given in specific plans should
relate to this master schedule.

Commercial or other existing information items may be substituted for all or part of an information item if they
contain the desired information, meet applicable quality characteristics, and are properly referenced. When
existing information items are readily available to users, organizations should consider providing a reference to
these information items rather than reproducing the information

7 Generic types of information items

7.1 General

The use of generic types simplifies the application of consistent structure, content, and formats for similar
information items (records and documents), to support usability. This International Standard defines the life- cycle
data of ISO/IEC 12207:2008 (IEEE Std 12207-2008),ISO/IEC 15288:2008 (IEEE Std 15288-2008) and ISO/IEC
20000-1:2011 (IEEE Std 20000-1-2013) and ISO/IEC 20000-2:2012 ((IEEE Std 20000-2-2013) by relating tasks and
activities to the following generic types of information items:

a) description
b) plan
c) policy
d) procedure
e) report

© ISO/IEC 2015 – All rights reserved

10 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

f) request
g) specification.

NOTE 1 Clause 9 identifies the generic content of data records.

NOTE 2 In ISO/IEC 20000, documents, except for records, state the intent to be achieved.

The generic information item contents shall be included in each applicable information item. Generic information
item (document) contents are mapped to the identified output information items shown in column 3 of Tables 1, 2,
and 3.

The lists of contents of generic types of information items do not specify a normative sequence, structure of
parts, or a list of section titles.

7.2 Description – generic content

Purpose: Represent a planned or actual context of use, function, design, service, or item

NOTE A description of something that is required is a specification. The level of detail involved and the presentation for
human use or for data storage determine whether information is presented as a description or as a preformatted record.

A description shall include the following elements:

a) Date of issue and status

b) Scope
c) Issuing organization
d) References
e) Context
f) Notation for description
g) Body
h) Summary
i) Glossary
j) Change history

Identified information items:

x Concept of operations
x Database design description
x Interface description
x Process description
x Proposal
x Service catalog
x Software architecture description
x Software design description
x Software unit description
x System architecture description
x System element description

7.3 Plan – generic content

Purpose: Define when, how, and by whom specific processes or activities are to be performed.

A plan shall include the following elements

a) Date of issue and status

b) Scope

© ISO/IEC 2015 – All rights reserved 11

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

c) Issuing organization
d) References (applicable policies, laws, standards, contracts, requirements, and other plans and procedures)
e) Approval authority
f) Introduction, containing the purpose, audience, and scope of the plan
g) Planned activities and tasks
h) Identification of tools, methods, and techniques
i) Schedules
j) Budgets and cost estimates
k) Resources and their allocation, including human resources, technical resources (infrastructure), and tools
l) Responsibilities and authority, including the senior responsible owner and immediate process or service
owner
m) Interfaces among parties involved
n) Risks and risk identification, assessment and mitigation activities
o) Quality assurance and performance measures
p) Environment, infrastructure, security, and safety
q) Training
r) Approach for technical and management review and reporting
s) Other plans (plans or task descriptions that expand on the details of a plan)
t) Glossary
u) Change procedures and history
v) Termination process.

Identified information items:

x Acceptance plan
x Acquisition plan
x Asset management plan
x Audit plan
x Capacity plan
x Communication plan
x Configuration management plan and policy
x Development plan
x Disposal plan
x Documentation plan
x Domain engineering plan
x Improvement plan (process improvement plan, service improvement plan)
x Information management plan
x Information security plan
x Installation plan
x Integration plan (implementation plan)
x Maintenance plan
x Measurement plan
x Project management plan
x Quality management plan (quality assurance plan)
x Release plan (deployment plan)
x Reuse plan
x Risk management policy and plan
x Service continuity and availability plan
x Service management plan
x Service plan (plan for new or changed services)
x Training plan
x Validation plan
x Verification plan

© ISO/IEC 2015 – All rights reserved

12 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

7.4 Policy – generic content

Purpose: Establish an organization's high-level intention and approach to achieve objectives for, and ensuring
effective control of, a service, process, or management system.

A policy shall include the following elements:

a) Date of issue, effective date, and status

b) Scope
c) Issuing organization
d) Approval authority and identification of those accountable for enforcing the policy
e) Authoritative references for compliance or conformance (such as policies, laws and regulations, standards,
contracts, requirements, and vision or mission statements)
f) Body, including objectives
g) Glossary
h) Change history.

NOTE Policies can be communicated in various media or included in plans, procedures, specifications, or other
documents. Policies are implemented through Plans and Procedures. Policies may be defined for any life-cycle process or
service process.

Identified information items:

x Budgeting and accounting policy (out of scope for this standard)

x Configuration management plan and policy (change management policy)
x Improvement plan (and continual improvement policy)
x Information security policy
x Life-cycle policy and procedure
x Quality management policy and procedure
x Release plan (and policy)
x Risk management policy and plan
x Service management plan (and policy)

7.5 Procedure – generic content

ISO/IEC 15288:2008 (IEEE Std 15288-2008), reference: 5.3.1

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 5.3

Purpose: Define in detail when and how to perform certain activities or tasks, including tools needed. A
procedure shall include the following elements:

a) Date of issue and status

b) Scope
c) Issuing organization
d) Approval authority
e) Relationship to plans and other procedures
f) Authoritative references
g) Inputs and outputs
h) Ordered description of steps to be taken by each participant
i) Error and problem resolution
j) Glossary
k) Change history

© ISO/IEC 2015 – All rights reserved 13

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Identified information items:

x Audit procedure
x Capacity management procedure
x Communication procedure
x Complaint procedure
x Configuration management procedure (change management procedure, release and deployment procedure)
x Documentation procedure
x Implementation procedure
x Improvement procedure
x Incident management procedure
x Information management procedure
x Information security procedure
x Life-cycle policy and procedure
x Maintenance procedure
x Operational test procedure
x Problem management procedure
x Process assessment procedure
x Qualification test procedure
x Quality management policy and procedure
x Software unit test procedure
x Supplier management procedure
x Supplier selection procedure
x Training documentation

7.6 Report – generic content

Purpose: Describe the results of activities such as investigations, assessments, and tests. A report communicates
decisions.

A report shall include the following elements:

a) Date of issue and status

b) Scope
c) Issuing organization
d) Contributors
e) Summary
f) Introduction, including the purpose, audience, and scope of the report
g) Context (assumptions)
h) Body (including methods of obtaining results)
i) Conclusions and recommendations
j) References
k) Bibliography
l) Glossary
m)Change history.

Identified information items:

x Acceptance review and testing report
x Audit acknowledgement report
x Audit report
x Configuration status report
x Evaluation report
x Incident report
x Installation report

© ISO/IEC 2015 – All rights reserved

14 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

x Integration and test report

x Monitoring and control report
x Problem report
x Process improvement analysis report
x Product need assessment
x Progress report
x Qualification test report
x Review minutes
x Service report
x Software unit test report
x User notification
x Validation report
x Verification report

7.7 Request – generic content

Purpose: Record information needed to solicit a response.

A request shall include the following elements:

a) Date of initiation
b) Scope
c) Subject
d) Originator of request
e) Identification of requested item, service, or response
f) Detailed description of requested item, service, or response, including due date
g) Justifications.

NOTE The identification of the requested item may be a Specification.

Identified information items:

x Change request
x Customer satisfaction survey
x Request for proposal (RFP)
x Resource request
x Risk action request
x Service request (record)

7.8 Specification – generic content

Purpose: provide requirements for a required service, product, or process.

Specifications should use a well-defined syntax. Specifications should be internally consistent in terminology,
definitions, and constraints. Unique specifications should be defined once to prevent inconsistent updates. A
specification shall include the following elements:

a) Date of issue and status

b) Scope
c) Issuing organization
d) References
e) Approval authority
f) Body
g) Assurance requirements
h) Conditions, constraints, and characteristics
i) Glossary

© ISO/IEC 2015 – All rights reserved 15

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

j) Change history

Identified information items:

x Contract
x Service level agreement (SLA)
x Software requirements specification
x System requirements specification (or service requirements)
x Validation test specification

8 Mapping of information items to the life cycle and service management processes
In Tables 1, 2, and 3, column 3, information items are identified and mapped to the process where they are
identified as output in ISO/IEC 15288:2008 (IEEE Std 15288-2008) or ISO/IEC 12207:2008 (IEEE Std 12207-2008)
or ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013). These references may be normative requirements,
recommended output, informative material, examples, or notes. This International Standard identifies information
items that are not explicitly specified by title in ISO/IEC 15288:2008 (IEEE Std 15288-2008) or
ISO/IEC 12207:2008 (IEEE Std 12207-2008) or ISO/IEC/IEEE Std 20000-1-2011 (IEEE Std 20000-1-2013). In these
cases, the base standards explicitly call out information to be documented, described, planned, specified, reported,
recorded, requested or specified. Annex B, Table B.1, compares information items by source. Table 1 maps
ISO/IEC 15288:2008 (IEEE Std 15288-2008) clauses (column 2), processes, and output information items.
Table 2 maps ISO/IEC 12207:2008 (IEEE Std 12207-2008) clauses (column 2), processes, and output
information items. Table 3 maps ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) and ISO/IEC 20000-2:2012
(IEEE Std 20000-2-2013) clauses (column 2), processes, and output information items. Tables 1, 2, and 3 also list
recommended input information items (source documents and data) in column 1 to help produce the output
information items.

Tables 1, 2, and 3 do not show all the possible inputs, nor all the required outputs for a process. They show the
recommended input information items for each output information item developed or revised during the process.
Tables 1-3 also show the specific reference citations from the source standards for each specified information
item, not all references for a process.

In numerous clauses, the life-cycle standards indicate that something (for example, a strategy) is to be
“defined.” However, definition does not in itself indicate that a specific information item is produced. Similarly,
clauses indicating that 'communication is maintained' do not necessarily mean that an information item (a
document) is produced.

For nearly every process, ISO/IEC/IEEE 15228:2008 and ISO/IEC 12207:2008 (IEEE Std 12207-2008) specify that
organizational policies and procedures are a source for process activities and outputs. In Tables 1, 2, and 3,
“organizational policies and procedures” are not listed, but should be considered as input for every information
item. In contractual work, the Contract/agreement and requirements should also be considered as input for every
information item, whether or not the source standard states that the process should be performed “as
specified in the contract.”

This International Standard does not specify the format or content of recommended input data or input
information items, except for the content of those items that are also output information items.

8.1 Mapping of information items to the system life cycle

As defined in ISO/IEC/IEEE 15288 and shown in Table 1 headings, in addition to the Tailoring Process, there are
two agreement processes, five organizational processes, seven project processes, and eleven technical
processes:

© ISO/IEC 2015 – All rights reserved

16 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Agreement Processes

1. Acquisition
2. Supply

Organizational Project-Enabling Processes

1. Life Cycle Model Management

2. Infrastructure Management
3. Project Portfolio Management
4. Human Resource Management
5. Quality Management

Project Processes

1. Project Planning
2. Project Assessment and Control
3. Decision Management
4. Risk Management
5. Configuration Management
6. Information Management
7. Measurement

Technical Processes

1. Stakeholder Requirements Definition

2. Requirements Analysis
3. Architectural Design
4. Implementation
5. Integration
6. Verification
7. Transition
8. Validation
9. Operation
10.Maintenance
11.Disposal
Table 1 — Mapping of ISO/IEC 15288:2008 (IEEE Std 15288-2008), clauses to information items for each
system life-cycle process
ISO/IEC 15288:2008
Typical Input information items Output information item
(IEEE Std 15288-2008)
reference
ACQUISITION
Proposal, other contracts 6.1.1.2d), 6.1.1.3c) Contract
System requirements
Needs assessment 6.1.1.3a)
specification
Concept of operations, system
requirements specification, software
6.1.1.3a) Request for proposal (RFP)
requirements specification, acceptance
strategy, other requests for proposal
SUPPLY
6.1.1.3.a), 6.1.1.3b),
Request for proposal, other proposals Proposal
6.1.2.2b), 6.1.2.3b)
6.1.2.2c), 6.1.2.2f),
Proposal, other contracts and agreements Contract
6.1.2.3c), 6.1.3.3f)

© ISO/IEC 2015 – All rights reserved 17

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 15288:2008
Typical Input information items Output information item
(IEEE Std 15288-2008)
reference
Problem report 6.1.2.3b) Product need assessment
Project management plan 6.1.2.3d) Progress report
Organizational procedure, other project
management plans, project charter, 6.1.2.3c, 6.1.2.3d) Project management plan
contract
LIFE CYCLE MODEL MANAGEMENT
Life-cycle policy and
Organizational procedure 6.2.1.2a), 6.2.1.3a)
procedure
Assessment report, organizational procedure 6.2.1.3c) Improvement plan
Organizational procedure, process
assessment procedure, process
Process improvement
assessment results, audit report, customer 6.2.1.3c)
analysis report
satisfaction report, assessment report,
progress report, problem report
INFRASTRUCTURE MANAGEMENT
Organizational procedure, other System requirements
6.2.2.2
system requirements specification specification
PROJECT PORTFOLIO MANAGEMENT
Organizational procedure, project
6.2.3.3a) Project management plan
plan, business action plan
System life-cycle policies and procedures 6.2.3.3a)6) Progress report
HUMAN RESOURCE MANAGEMENT
Employee Skill record, project
6.2.4.3.b) Training plan
management plan
Knowledge management policy, training
plan, user documentation, validation 6.2.4.3b) Training documentation
procedure
QUALITY MANAGEMENT
Project management plan 6.2.5.3 Quality management plan
Organizational procedure, quality
6.2.5.2a), Quality management
management plan, customer
6.2.5.3a) policy and procedure
satisfaction report, problem report
Survey, interview, requirements specification 6.2.5.3b) Evaluation report
PROJECT PLANNING
Contract, organizational procedure, 6.3.1.1, 6.3.1.2,
Project management plan
other plans 6.3.1.3
Product need assessment, contract 6.3.1.3b) Acceptance plan
Product need assessment 6.3.1.3b) Acquisition plan
Organizational quality management policy
6.3.1.3c) Quality management plan
and procedure
Project management plan, work
6.3.1.3.d) Resource request
breakdown structure, budget
PROJECT ASSESSMENT AND CONTROL
Contract, organizational procedure,
6.3.2.2 Problem report
project plan, quality assurance plan
Contract, organizational procedure, project
plan, quality assurance plan, other 6.3.2.2d), 6.3.2.3a)9)
Progress report
progress report
Problem report, analysis of metrics
6.3.2.3.b)4 Monitoring and control report
and variations

© ISO/IEC 2015 – All rights reserved

18 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 15288:2008
Typical Input information items Output information item
(IEEE Std 15288-2008)
reference
Project management plan, work
breakdown structure, budget, progress 6.3.2.3.b) Resource request
report
DECISION MANAGEMENT
Organizational procedure, contract 6.3.3.3a)2), 6.3.3.3c)1) Problem report
Report (see generic Report
Organizational procedure, contract 6.3.3.2.d)
information item)
RISK MANAGEMENT
Risk management policy and
Project management plan 6.3.4.3a)
plan
Risk management plan, risk profile 6.3.4.3d) Risk action request
Risk management plan, risk profile,
quality assurance procedure, problem 6.3.4.3b) Monitoring and control report
report
CONFIGURATION MANAGEMENT
project management plan, Configuration management
6.3.5.3a)
information management plan plan
INFORMATION MANAGEMENT
Organizational procedure, project
management plan, configuration 6.3.6.3a) Information management plan
management plan
MEASUREMENT
Organizational procedure,
6.3.7.3a) Measurement plan
project management plan
Measurement data, information
6.3.7.1, 6.3.7.3b) Monitoring and control report
management plan
Process improvement
Measurement plan, evaluation report 6.3.7.3 c)
analysis report
STAKEHOLDER REQUIREMENTS DEFINITION
Contract, needs assessment 6.4.1.2a), D.4.a Concept of operations
Contract, needs assessment, concept of System requirements
6.4.1.3c)
operations specification
REQUIREMENTS ANALYSIS
Organizational procedure, System requirements
6.4.2.2, 6.4.2.3
stakeholder requirements specification
ARCHITECTURAL DESIGN

Development plan, system System architecture

6.4.3.1, 6.4.3.2a) 6.4.3.3.c)
requirements specification description
System architecture description 6.4.3.2b) System element description
System architecture description,
6.4.3.3a), c) Interface description
system design description
IMPLEMENTATION
Agreement, organizational procedure,
Integration plan
system description, integration procedure, 6.4.4.3
(implementation plan)
interface control description
Implementation plan, system design 6.4.4.3.a), 6.4.4.3.b) Implementation procedure
INTEGRATION
Agreement, System requirements
specification, interface description, system 6.4.5.3a) Integration plan
test plan

© ISO/IEC 2015 – All rights reserved 19

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 15288:2008
Typical Input information items Output information item
(IEEE Std 15288-2008)
reference
configuration record 6.4.5.3b) Problem report
VERIFICATION
System requirements specification,
6.4.6.3a) Verification plan
system description, interface description
Organizational procedure, requirements
specification, verification plan, design
definition, interface control description, test 6.4.6.3b) Verification report
procedures, progress report, problem
report, test case
Test procedures, test report 6.4.6.2.c) 6.4.6.3b) Problem report
TRANSITION
Agreement, system description,
system requirements specification, 6.4.7.3a) Installation plan
interface description
Installation plan, problem report,
6.4.7.3b) Installation report
progress report
Quality management procedure 6.4.7.2.e), 6.4.7.3b) Problem report
VALIDATION
Stakeholder requirements, project
management plan, verification 6.4.8.3a) Validation plan
plan
Quality management plan, validation plan 6.4.8.3b) Validation report
Test procedure 6.4.8.2.d), 6.4.8.3b) Problem report
OPERATION
Problem report, evaluation report 6.4.9.3b) User documentation
User documentation, incident report,
6.4.9.2.c) Problem report
service level agreement
MAINTENANCE
Organizational procedure, operations
6.4.10.3a) Maintenance plan
plan, development plan
Maintenance plan, user documentation 6.4.10.3a), 6.4.10.3b) Maintenance procedure
Maintenance procedures 6.4.10.2e), 6.4.10.3b) Problem report
DISPOSAL
Project management plan, system
requirements specification, interface
6.4.11.3a) Disposal plan
description, installation procedure,
operations procedures
TAILORING
Standard life-cycle model, standard,
organizational policies and procedures,
A.2.3a), B.2.3 Life-cycle procedure
tailoring decision, agreement,
stakeholder requirement

8.2 Mapping of information items to the software life cycle

Table 2 maps information items to the software life cycle as defined in ISO/IEC 12207:2008 (IEEE Std 12207-2008).
ISO/IEC/IEEE 12207 has processes the same as the system life cycle: two Agreement processes, five
Organizational Project-Enabling processes, and seven Project processes. There are also distinctive processes
for the software life cycle: eleven Technical processes, seven Software Implementation processes, eight Software
Support processes, and three Software Reuse Processes.

© ISO/IEC 2015 – All rights reserved

20 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Agreement Processes

1. Acquisition
2. Supply

Organizational Project-Enabling Processes

1. Life Cycle Model Management

2. Infrastructure Management
3. Project Portfolio Management
4. Human Resource Management
5. Quality Management

Project Processes

1. Project Planning
2. Project Assessment and Control
3. Decision Management
4. Risk Management
5. Configuration Management
6. Information Management
7. Measurement

Technical Processes

1. Stakeholder Requirements Definition

2. System Requirements Analysis
3. System Architectural Design
4. Implementation
5. System Integration
6. System Qualification Testing
7. Software Installation
8. Software Acceptance Support
9. Software Operation
10.Software Maintenance
11.Software Disposal

Software Implementation Processes

1. Software Implementation
2. Software Requirements Analysis
3. Software Architectural Design
4. Software Detailed Design
5. Software Construction
6. Software Integration
7. Software Qualification Testing

Software Support Processes

1. Software Documentation Management

2. Software Configuration Management
3. Software Quality Assurance
4. Software Verification
5. Software Validation
6. Software Review
7. Software Audit
8. Software Problem Resolution

© ISO/IEC 2015 – All rights reserved 21

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

Software Reuse Processes

1. Domain Engineering
2. Reuse Asset Management
3. Reuse Program Management
Table 2 — Mapping of ISO/IEC 12207:2008 (IEEE Std 12207-2008) clauses to information items for each
software life-cycle process
ISO/IEC 12207:2008
Typical Input information items Output information item
(IEEE Std 12207-2008)
ACQUISITION
Acquisition report, contract product need
6.1.1.3.1.8, 6.1.1.3.1.9,
assessment, acquisition report, other Acquisition plan
6.1.1.3.1.12
acquisition plans
6.1.1.2, 6.1.1.3.4.2, B.3.1.2.2,
Proposal, other Contracts B.3.1.3.2, F.3.3.1.1, Contract
F.3.3.1.2, F.3.3.5.1
Other product need assessments 6.1.1.2, 6.1.1.3.1.1 Product need assessment
other system descriptions, concept of
6.1.1.3.1.1 Concept of operations
operations
Request for proposal, product needs
assessment, acquisition report, previous
requests for proposals (RFPs); concept;
system requirement; software requirements
6.1.1.3.1.10 Request for proposal (RFP)
definition and analysis result; past: scope
statement, bidder instructions, terms and
conditions; acceptance strategy and condition,
acquisition recommendation.
System requirements specification, product 6.1.1.3.1.2, 6.1.1.3.1.7, Software requirements
need assessment 6.1.1.3.1.8, 6.1.1.3.1.11 specification
Acquisition plan, system requirements
6.1.1.3.1.7 Maintenance plan
specification
Acquisition plan, acceptance plan,
6.1.1.3.6.1, 6.1.1.3.6.2 Qualification test procedure
requirements specification, contract
Other supplier selection procedures,
6.1.1.3.3.1 Supplier selection procedure
acquisition plan, other requests for proposals
Contract, problem report, monitoring and
F.3.2, F.3.3.2.1 Change request
control report
SUPPLY
6.1.2.2, 6.1.2.3.3.1,
Requirements specification, request for
6.1.2.3.6.2, B.3.2.2.1, Contract
proposal
B.3.2.2.2
Contract, supplier’s project management plan,
6.1.2.3.4.8, 6.1.2.3.4.15 Evaluation report
quality assurance plan
Project management plan 6.1.2.3.4.15 Review minutes
Monitoring result 6.1.2.3.4.8, 6.1.2.3.4.15 Monitoring and control report
Proposal review record, proposal, contract,
other project management plans, information 6.1.2.3.4.3, 6.1.2.3.4.5 Project Management Plan
security policy
Customer inquiry or request, request for
6.1.2.2b), B.3.2.1.2 Proposal
proposal, other proposals
Problem management procedure 6.1.2.3.4.15, B.3.2.3.2 Problem report
Project management plan 6.1.2.3.4.15 Progress report

© ISO/IEC 2015 – All rights reserved

22 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 12207:2008
Typical Input information items Output information item
(IEEE Std 12207-2008)
Audit plan, contract 6.1.2.3.4.15 Audit report
LIFE CYCLE MODEL MANAGEMENT
6.2.1.1, 6.2.1.2, 6.2.1.3.1.1,
Organizational procedures Life-cycle policy and procedure
6.2.1.3.3.1
Assessment report, organizational procedure 6.2.1.3 Improvement plan
Life-cycle procedure, process description,
review minutes, process improvement
6.2.1.3.2.2 Audit plan
analysis report, audit report, improvement
plan, project management plan
Life-cycle policies, process description 6.2.1.3.2.1 Process assessment procedure
Assessment report, progress report, problem
6.2.1.3.3.2, B.3.3.1.2, Process improvement analysis
report, audit report, customer satisfaction
B.3.3.2.2, B.3.3.3.2 report
report
INFRASTRUCTURE MANAGEMENT
Organizational procedure, strategic plan, 6.2.2.2, 6.2.2.3.1.1, System requirements
system requirements specification 6.2.2.3.2.1 specification
Work breakdown structure, infrastructure
6.2.2.3.1.2 Project management plan
system requirements specification.
PROJECT PORTFOLIO MANAGEMENT
Organizational procedures, project plan,
6.2.3.3.2.1, 6.2.3.3.1.6 Project management plan
business action plan, life-cycle procedure
HUMAN RESOURCE MANAGEMENT
Employee Skill records, project management
6.2.4.3.2.1, 6.2.4.3.4.1 Training plan
plans
Knowledge area schema, evaluation reports 6.2.4.3.4.1 Information management plan
Training plan, user documentation, validation
6.2.4.3, B.3.4.1.2 Training documentation
procedures
QUALITY MANAGEMENT
Project management plan 6.2.5.3.1.5 Quality management plan
Organizational procedures, quality
Quality management
management plan, customer satisfaction 6.2.5.2, 6.2.5.3.1.1
policy and procedure
report, problem report
Surveys, interviews, requirements
6.2.5.3.1.4 Service report
specification
PROJECT PLANNING
Proposal, contract, other plans, budget
requests, organizational procedures, contract 6.3.1.1, 6.3.1.2.e), 6.3.1.3.2.1
Project management plan
modification, other plans
Project management plan, contract 6.3.1.3.3.2 Resource request
PROJECT ASSESSMENT AND CONTROL
Contract, organizational procedures, project
6.3.2.3.2.1 Problem report
plan, quality assurance plan
Contract, organizational procedures, project
6.3.2.2, 6.3.2.3.1.1,
plan, quality assurance plan, other progress Progress report
6.3.2.3.2.2
report
Problem reports, analysis of metrics and
6.3.2.3.2, 6.3.2.3.3 Monitoring and control report
variations
DECISION MANAGEMENT
Organizational procedures, contract 6.3.3.3.1.3, 6.3.3.3.3.1 Problem report
Organizational procedures, contract 6.3.3.2d) Report

© ISO/IEC 2015 – All rights reserved 23

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 12207:2008
Typical Input information items Output information item
(IEEE Std 12207-2008)
RISK MANAGEMENT
Risk management policies, organizational 6.3.4.3.1.1, 6.3.4.3.1.2,
Risk management plan
procedures 6.3.4.3.2.1
Risk management plan 6.3.4.3.1.5 Improvement plan
Quality assurance procedures, problem
6.3.4.3.3.4, 6.3.4.3.6.3 Monitoring and control report
reports
Change request, monitoring and control
6.3.4.3.4.1 Risk action request
report, risk register, risk profile
CONFIGURATION MANAGEMENT
Project management plan, system Configuration management
6.3.5.3.1.1
requirements specification, plan and policy
INFORMATION MANAGEMENT
Organizational procedures, project
6.3.6.3.1, 6.3.6.3.2.5 Information management plan
management plan
Information management plan 6.3.6.3.1 Documentation plan
MEASUREMENT
Organizational policies, project management 6.3.7.2.c), 6.3.7.3.1.1,
Measurement plan
plan, contract, information management plan 6.3.7.3.1.3, 6.3.7.3.1.4
Measurement plan, measurement procedures 6.3.7.1, 6.3.7.3.2.4 Monitoring and control report
STAKEHOLDER REQUIREMENTS DEFINITION
Contract, needs assessment, concept of System requirements
6.4.1.3.2
operations specification
Contract, needs assessment 6.4.1.2, 6.4.1.3.2.3 Concept of operations
SYSTEM REQUIREMENTS ANALYSIS
Organizational procedures, contracts, quality System requirements
6.4.2.2, 6.4.2.3.1.1
requirements specification
System requirements specification, needs
6.4.2.3.2.1 Evaluation report
assessment
SYSTEM ARCHITECTURAL DESIGN
Development plan, system requirements Software architecture
6.4.3.2, 6.4.3.3.1.1
specification description
System architecture description, system
6.4.3.2d) Interface description
design description
System requirements specification, system
6.4.3.3.2.1 Evaluation report
architecture description, concept of operations
IMPLEMENTATION
[Replaced by the Software Implementation
Process]
SYSTEM INTEGRATION
System requirements specification, system
architecture description, software user 6.4.5.3.1.1 Integration and test report
documentation, software integration test plan
System requirements specification, Integration
6.4.5.3.2.2 Evaluation report
and test report
SYSTEM QUALIFICATION TESTING
System requirements specification, validation
6.4.5.3.2.1 Qualification test procedure
plan
Requirements, design definition, interface
control description, verification plan, test 6.4.6.3.1.2 Evaluation report
procedures, test case
System requirements specification, contract 6.4.6.3.1.3 Audit report

© ISO/IEC 2015 – All rights reserved

24 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 12207:2008
Typical Input information items Output information item
(IEEE Std 12207-2008)
SOFTWARE INSTALLATION
Contract, development plan, system
requirements specification, system
6.4.7.3.1.1 Installation plan
architecture description, other installation
plans
Contract, installation plan 6.4.7.3.1.2 Installation report
SOFTWARE ACCEPTANCE SUPPORT
Contract, acceptance plan, acceptance Acceptance review and testing
6.4.8.3.1.1
procedure report
Test procedures 6.4.8.2, 6.4.8.3.1.1 Problem report
SOFTWARE OPERATION
System requirements specification 6.4.9.3.1.1 Service management plan
Software requirements specification, detailed
system design description, concept of 6.4.9.3.3.1, 6.4.9.3.4.1 User documentation
operation
Software user documentation, problem
reports; change requests, other 6.4.9.3.1.3 Operational test procedure
operational test procedures
Problem management
Problem reports, other operational procedures 6.4.9.3.1.2, 6.4.9.3.1.3
procedure
Problem reports, problem management
6.4.9.3.4.2, 6.4.9.3.5.2 Problem report
procedure
Operations plan, user documentation, problem
6.4.9.3.4.2 Change request
report, customer satisfaction survey
SOFTWARE MAINTENANCE
Organizational procedures, operations plan,
development plan, contract, software user 6.4.10.1, 6.4.10.3.1.1 Maintenance plan
documentation,
Maintenance plan, user documentation,
6.4.10.3.1.1 Maintenance procedure
installation procedures, test procedures
Software requirements specification,
6.4.10.2,
modification report, low-level software design Software design description
6.4.10.3.3.1
document.
Release record, change request, detailed
6.4.10.2 User documentation
design document
Problem report, low-level software design
6.4.10.3.3.2 Software unit test procedure
description, verification plan
Maintenance procedures 6.4.10.3.1.2, 6.4.10.3.2.4 Problem report
Software unit test plan, problem report,
6.4.10.3.3.2 Software unit test report
change request
Maintenance plan, modification test and
evaluation criteria specification, modification
6.4.10.3.5.6 Review minutes
requirement report, modification notification
report, modification test report, migration plan
Contract, maintenance plan, installation plan,
verification plan, configuration management 6.4.10.3.5.2 Release plan
plan
Release plan 6.4.10.3.5.3, 6.4.10.3.5.5 User notification
SOFTWARE DISPOSAL
Software requirements
Retirement constraints, contract 6.4.11.2
specification
Disposal plan 6.4.11.3.2.2 User notification

© ISO/IEC 2015 – All rights reserved 25

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 12207:2008
Typical Input information items Output information item
(IEEE Std 12207-2008)
Organizational procedures, contract, project
6.4.11.3.1.1 Disposal plan
management plan
SOFTWARE IMPLEMENTATION
Life-cycle model, software requirements
7.1.1.3.1.2 Software design description
specification, software architecture description
Software design description, software
7.1.1.3.1.2 User documentation
requirements specification
Incidents, problem records 7.1.1.3.1.2 Problem report
Contract, supplier’s project management plan,
software requirements specification, quality 7.1.1.3.1.3, 7.1.1.3.1.4 Development plan
assurance plan
SOFTWARE REQUIREMENTS ANALYSIS
Contract, system requirements specification,
development plan, system architecture
Software requirements
description, stakeholder requirements, product 7.1.2.2, 7.1.2.3.1.1
specification
needs assessment, risk assessment,
evaluations of prototypes
Software requirements specification, concept
7.1.2.3.1.2 Evaluation report
of operations
SOFTWARE ARCHITECTURAL DESIGN
Contract, development plan, system
requirements specification, software 7.1.3.3.1.1 Software architecture description
requirements specification
System architecture description, concept of
operations, system requirements specification, 7.1.3.3.1.2 Interface description
software requirements specification
Software requirements specification, high-
7.1.3.3.1.3 Database design description
level software design description
System architecture description, concept of
7.1.3.3.1.4 User documentation
operations, interface description
Software requirements
Development plan, system design description 7.1.3.3.1.5
specification
Test requirements, project management plan
7.1.3.3.1.5 Development plan
(master schedule)
System architecture description, software
requirements specification, concept of
7.1.3.3.1.6 Evaluation report
operations, interface description, database
design description
SOFTWARE DETAILED DESIGN
Development plan, software requirements
7.1.4.3.1.1 Software design description
specification, system architecture description,
Software detailed design, system architecture
description, software requirements 7.1.4.3.1.2 Interface description
specification
Software requirements specification, system
7.1.4.3.1.3 Database design description
architecture description
Documentation plan, software requirements
specification, high-level software design
7.1.4.3.1.4 User documentation
description, other software user
documentation, database description

© ISO/IEC 2015 – All rights reserved

26 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 12207:2008
Typical Input information items Output information item
(IEEE Std 12207-2008)
Development plan, acceptance plan, software
requirements specification, low-level software
7.1.4.3.1.5 Software unit test procedure
design description, database detailed design
description
System architecture description, Software
detailed design, software requirements 7.1.4.3.1.7 Evaluation report
specification, software unit test plan
SOFTWARE CONSTRUCTION
Software items, databases, software unit test
7.1.5.3.1.1 Software unit test procedure
plan
Software design description 7.1.5.3.1.1 Software unit description
Software unit description, software unit test
7.1.5.3.1.2 Software unit test report
procedures
Documentation plan, software requirements
specification, software design description,
other software user documentation, database 7.1.5.3.1.3 User documentation
description, software unit test procedures,
software unit test report
Software unit test plan, software unit test
report, software requirements specification,
7.1.5.3.1.5 Evaluation report
concept of operations, integration and test
report
SOFTWARE INTEGRATION
Software requirements specification, software
design description, software architecture 7.1.6.3.1.1, 7.1.6.3.1.5 Integration plan
description, interface specifications
Integration plan, test plan, test procedures,
7.1.6.3.1.2 Integration and test report
test result records
Documentation plan, integration and test
7.1.6.3.1.3 User documentation
report, software design description
Acceptance plan, software user
documentation, development plan, system
requirements specification, integration plan,
7.1.6.3.1.4 Qualification test procedure
software design description, database design
description, software requirements
specification, system architecture description
Integration plan, software requirements
specification, concept of operations, 7.1.6.3.1.5 Evaluation report
integration and test report
SOFTWARE QUALIFICATION TESTING
Software requirements specification,
integration and test report, qualification test 7.1.7.3.1.1, 7.1.7.3.1.3 Qualification test report
procedures
Documentation plan, integration and test
7.1.7.3.1.2 User documentation
report, software design description
Concept of operations, user documentation,
qualification test procedures, qualification test 7.1.7.3.1.3 Evaluation report
report

© ISO/IEC 2015 – All rights reserved 27

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 12207:2008
Typical Input information items Output information item
(IEEE Std 12207-2008)
Acceptance plan, software user
documentation, development plan, software
requirements specification, software design 7.1.7.3.1.4 Audit report
description, database design description, test
report
SOFTWARE DOCUMENTATION MANAGEMENT
Program management plan, development
plan, audit reports, evaluation reports, 7.2.1.2, 7.2.1.3.1.1 Documentation plan
contract, other documentation plans
SOFTWARE CONFIGURATION MANAGEMENT
Contract, other configuration management
7.2.2.3.1.1 Configuration management plan
plans
Configuration records, other configuration 7.2.2.2.e, 7.2.2.3.4.1,
Configuration status report
status reports 7.2.2.3.5.1
SOFTWARE QUALITY ASSURANCE
Quality management
Contract, project management plan, system
7.2.3.3.1.3 plan (quality assurance
requirements specification
plan)
SOFTWARE VERIFICATION
Contract, software requirements specification 7.2.4.3.1.5, 7.2.4.3.1.6 Verification plan
Verification plan, test specifications, test
7.2.4.3.1.5 Verification report
records
SOFTWARE VALIDATION
Contract, other validation plans, software
7.2.5.3.1.4 Validation plan
requirements specification
Contract, qualification test report, system
requirements specifications, software 7.2.5.3.2.1, 7.2.5.3.2.2 Validation test specification
requirements specification
Validation test specification 7.2.5.3.1.4.d) Validation report
SOFTWARE REVIEW
Contract, review agenda, problem reports,
7.2.6.2, 7.2.6.3.1.5 Review minutes
plans, schedules, standards
SOFTWARE AUDIT
Organizational policies and procedures, 7.2.7.3.1.4 Audit procedure
Audit report 7.2.7.3.1.6 Audit acknowledgement report
Contract, software requirements specification,
test plans, validation test specification, test
7.2.7.3.1.6 Audit report
reports, user documentation, plans, monitoring
results, standards
SOFTWARE PROBLEM RESOLUTION
Problem management procedure, review 7.2.8.2, 7.2.8.3.1.1,
Problem report
minutes, incident reports 7.2.8.3.2.1
DOMAIN ENGINEERING
Configuration status report, evaluation report,
7.3.1.3.1.3 Change request
domain architecture description
Project management plan, organizational
procedures, business strategy, development 7.3.1.3.1.1 Domain engineering plan
plan
Domain engineering plan, test report, change
7.3.1.3.1.3 Problem report
request

© ISO/IEC 2015 – All rights reserved

28 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 12207:2008
Typical Input information items Output information item
(IEEE Std 12207-2008)
7.3.1.2, 7.3.1.3.3.1, Software architecture
Domain model, interface description
7.3.1.3.3.3 description
REUSE ASSET MANAGEMENT
Strategic plan, project management plan, 7.3.2.2, 7.3.2.3.1.1,
Asset management plan
maintenance plan, domain engineering plan 7.3.2.3.2.2,
Configuration status report 7.3.2.3.3.6 Change request
Change request, problem report 7.3.2.3.3.6 Maintenance plan
Problem report 7.3.2.3.3.8 User notification
Asset reuse data 7.3.2.3.3.5, 7.3.2.3.3.7 Monitoring and control report
Test report, audit report 7.3.2.3.3.6 Problem report
REUSE PROGRAM MANAGEMENT
Project management plan, organizational 7.3.3.1, 7.3.3.3.2.1,
procedures, business strategy, development 7.3.3.3.3.3, 7.3.3.3.4.1, Reuse plan
plan, domain engineering plan 7.3.3.3.4.2, 7.3.3.3.4.3
Reuse plan, configuration management
7.3.3.3.5.3 Problem report
procedure
TAILORING
standards, organizational policies and
A.2.3.1 Life-cycle procedure
procedures

8.3 Mapping of information items to the service management processes

Table 3 maps information items to the 14 service management processes as defined in ISO/IEC 20000-
1:2011 (IEEE Std 20000-1-2013) and ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013). The 14 processes include
the design and transition of new or changed services, six Service Delivery processes, two Relationship Processes,
two Resolution Processes, and three Control Processes. In addition, Clause 4 of ISO/IEC 20000-1:2011
(IEEE Std 20000-1-2013) requires some information items for the service management system in general,
applicable to all processes. In Table 3, policies, plans and procedures are shown for specific services when
additional detail is available in the referenced ISO/IEC 20000-1 (IEEE Std 20000-1-2013) or ISO/IEC 20000-2
(IEEE Std 20000-1-2013) clauses 5 to 9.

NOTE ISO/IEC 20000-2:2012, Information technology — Service management — Par t 2: Guidance on the application
of service management systems takes the form of guidance and recommendations. It should not be quoted as if it were a
specification and particular care should be taken to ensure that claims of conformance are not misleading.

Design and Transition of New or Changed Services Process

Service Delivery Processes

1. Service Level Management

2. Service Reporting
3. Service Continuity and Availability Management
4. Budgeting and Accounting for Services
5. Capacity Management
6. Information Security Management

Relationship Processes

1. Business Relationship Management

2. Supplier Management

© ISO/IEC 2015 – All rights reserved 29

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

Resolution Processes

1. Incident and Service Request Management

2. Problem Management

Control Processes

1. Configuration Management
2. Change Management
3. Release and Deployment Management
Table 3 — Mapping of ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) and ISO/IEC 20000-2:2012 (IEEE Std
20000-2-2013) clauses to information items for each service management process
ISO/IEC 20000-1:2011

(IEEE Std 20000-1-2013)

Typical Input information items or ISO/IEC 20000-2: 2012 Output information item

(IEEE Std 20000-2-2013)

clause
APPLICABLE ACROSS THE SERVICE MANAGEMENT SYSTEM TO ALL PROCESSES
SERVICE MANAGEMENT
1: 1.1, 4.1.1, 4.1.2,
4.3.1,.4.5.1, 4.5.2
Service management policy,
2: 4.1.1.1, 4.1.1.4, 4.1.1.5, Service management plan
contract, objectives, scope,
4.1.1.6, 4.1.2.1, 4.1.2.2, (includes service
customer requirements,
4.1.3.1, 4.1.4.2, 4.2.4, management policy)
performance reports
4.3.1.1, 4.5.2.1, 4.5.2.2,
4.5.2.4, 4.5.4.1
1: 4.1.3
Service management plan including policy Communication procedure
2: 4.1.1.3, 4.1.3.2
1: 4.3.1
Service management plan, SLA Service catalog
2. 4.3.1.1
Contract (or agreement), service 1: 4.3.1
Service level agreement (SLA)
management plan, service catalog 2: 4.1.1.3, 4.3.1.1,
Documentation plan, information 1: 4.3.1, 4.3.2
Documentation procedure
management plan 2: 4.1.3.1, 4.3.1.2, 4.3.2
Information
Configuration management plan, 1: 4.3.3 management procedure
information management plan 2: 4.3.3, 4.4.2.2 (records management
procedure)
1: 4.5.2
Service description, process description Interface description
2: 4.2.4, 4.5.2.4
Service management plan, service 1: 4.1.4.e, 4.5.3.f, 4.5.5.2
Service report
level agreement, audit report 2: 4.1.4.4, 4.5.4.2
1: 4.5.4.1, 4.5.4.2
SLA, service management plan Audit plan
2: 4.5.4.2
Contract, SLA, Service management plan,
customer satisfaction survey, resource
1: 4.5.4.1,4.5.4.3
information, risk register, audit results, Review minutes
2: 4.1.1.2, 4.1.2.1.f)
changes, improvements meeting decisions
and actions,
1: 4.5.4.2
Audit plan Audit procedure
2: 4.5.4.2

© ISO/IEC 2015 – All rights reserved

30 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 20000-1:2011

(IEEE Std 20000-1-2013)

Typical Input information items or ISO/IEC 20000-2: 2012 Output information item

(IEEE Std 20000-2-2013)

clause
1: 4.5.4.2
Audit procedure Audit report
2: 4.5.4.2
Service management plan, SLA,
improvement policy, measurement plan, 1: 4.5.5.1
Improvement procedure
monitoring and control reports, review 2 4.5.5.2
minutes, audit results
Organizational policies, service plans
Improvement plan
Improvement policy, service 1: 4.5.5.1, 4.5.5.2
(includes improvement
management plan, problem reports, test 2: 4.5.5.1, 4.5.5.2
policy)
reports
Service management plan,
2: 4.2.1, 4.2.5, 4.3.1.1,
service requirements, service Contract (agreement)
4.5.2.3, 4.5.3,
design
DESIGN AND TRANSITION OF NEW OR CHANGED SERVICES
Service management policy, change System requirements
management policy, contract, customer 1: 5.1, 5.2, 5.3 specification (service
requirements requirements)
Service management policy, change
management policy, contract, objectives, 1: 5.2, 5.3 Service Plan (plan for new or
customer requirements, service 2: 5.2.7, 5.3.3.1 changed services)
requirements, performance reports
Service management plan, service 1: 5.2. 5.3
Contract (agreement)
requirements, service design 2: 5.2.8
Service management plan, service plan, 1: 5.2
Interface description
service design 2: 5.2.8.h.
1: 5.2
Service management plan, service catalog Disposal plan
2: 5.2.8
Service management plan, SLA 1: 5.3 Service catalog
Contract (or agreement), service 1: 5.3
Service level agreement (SLA)
management plan, service catalog 2: 5.3.1, 5.5
Procedure (generic
Service management plan, SLA 1: 5.3
information item)
Service management plan, service level 1: 5.4
Service report
agreement, audit report 2: 5.2.8, 5.4, 5.5
SERVICE LEVEL MANAGEMENT
1: 6.1
SLA, service management plan Contract (agreement)
2. 6.1.4
Service management plan, contract
(underpinning or operational level
agreement), service catalog, change
1: 6.1,
request, service report, service management
2: 6.1.3.2, 6.1.3.3,6.1.3.4, Service level agreement (SLA)
procedures, organizational procedures, or
customer procedures, security policy, 6.1.4
service performance, continuity, and
availability requirements
1:6.1
Service management plan, SLA Service catalog
2: 6.1.3.4, 6.1.4

© ISO/IEC 2015 – All rights reserved 31

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 20000-1:2011

(IEEE Std 20000-1-2013)

Typical Input information items or ISO/IEC 20000-2: 2012 Output information item

(IEEE Std 20000-2-2013)

clause
SLA, contract, service plan, problem report,
monitoring and control report, cost report, 1:6.1
Review minutes
business relationship management 2: 6.1.4
procedure
Service report, service management plan 2. 6.1.4 Improvement plan
SLA, availability record, incident
2: 6.1.3.1, 6.1.3.4, 6.1.4 Service report
record, complaint record
SLA, service procedure 2: 6.1.4 Monitoring and control report
SERVICE REPORTING
Service continuity plan, monitoring and
control report; SLA; incident report; problem
report; release record; service reporting
requirements specification; monitoring and
control records for performance data, non- 1: 6.2
2: 6.2.1, 6.2.2, 6.2.3, Table Service report
conformity with standards, workload A.3
characteristics and volume information,
trend information by period (e.g. day, week,
month, period); future and scheduled
workloads
SLA, audit plan 2: 6.2.3.c Audit report
SERVICE CONTINUITY AND AVAILABILITY MANAGEMENT
Business plan; SLA; risk assessment;
1: 6.3 Service availability and
service availability and continuity
2: 6.3.2, 6.3.3.2, 6.3.3.3, continuity plan (includes service
requirements; capacity plan, service
6.3.4, 6.3.5 availability and continuity policy)
recovery procedure; change request
Availability records, service level agreement,
service availability and continuity plan, test 1: 6.3.3
Evaluation report
results, action plans, Risk management plan, 2: 6.3.4.3, 6.3.5
service continuity plan
Integration and test report
SLA, Verification plan 2 6.3.5 (service continuity and
availability test report)
Service availability and continuity plan, SLA 2: 6.3.5 Monitoring and control report
Verification plan (service
Service availability and continuity plan, SLA 2: 6.3.5 continuity and availability
test plan)
BUDGETING AND ACCOUNTING FOR SERVICES
Business policies and financial procedures, Financial management,
previous budgets and cost reports, financial budgeting, and accounting
policies and procedures Budget
forecast reports, service management plan, Financial accounting report (cost
SLA 1:6.4 report)
NOTE : Business policies and financial 2: 4.4.1.2, 6.4.1, 6.4.2 NOTE : The contents of these
procedures relating to budgeting, financial financial items are not further
accounting, and reporting on costs are outside the specified in this International
scope of this standard. Standard.
CAPACITY MANAGEMENT
1: 6.5
Capacity plan Capacity management procedure
2: 6.5.3.2, 6.5.4

© ISO/IEC 2015 – All rights reserved

32 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 20000-1:2011

(IEEE Std 20000-1-2013)

Typical Input information items or ISO/IEC 20000-2: 2012 Output information item

(IEEE Std 20000-2-2013)

clause
Service management plan. SLA, capacity
1: 6.5
and performance requirements (current and
2: 6.5.1, 6.5.2, 6.5.3.2, Capacity plan
future), capacity usage data and analyses,
6.5.4
change management reports
Capacity and performance data,
problem report, monitoring and control 2:6.5.3.1, 6.5.4 Service report
report
INFORMATION SECURITY MANAGEMENT
1: 6.6.1
Organizational policies, regulations 2: 6.6.2, 6.6.3.1, 6.6.4, Information security policy
Table A.7
Information security plan, security control
1: 6.6.2
description, incident report; problem report, Evaluation report
2: 6.6.4
process assessment
Information security policy and plan, 1: 6.6.2
2: 6.6.2, 6.6.4 Information security procedures
problem management procedures
Information security plan, monitoring and
1: 6.6.2, 6.6.3
control report, incident management Incident report
2: 6.6.3.4, 6.6.4
procedures, incident records
Information security policy,
requirements specification, Information
security risk assessment procedure, 2: 6.6.2, 6.6.4 Information security plan
risk management plan, security control
procedure
Information security policy and plan 2: 6.6.3.4.n Training plan
Incident report, problem report,
2: 6.6.3.5 Change request
assessment report
BUSINESS RELATIONSHIP MANAGEMENT
1: 7.1
SLA, service management plan,
2: 7.1.3.1, 7.1.3.3, 7.1.4, Complaint (record)
complaint procedure
Table A.8
1: 7.1
Agreement, SLA, service management plan Complaint procedure
2: 7.1.3.3, 7.1.4
SLA, Communications plan 2: 7.1.1 Communications procedure
1: 6.2.5.3.1.4, 7.1
SLA, contract, compliment, complaint Customer satisfaction survey
2: 7.1.3.3, 7.1.4, Table A.8
SLA, contract, service management plan,
problem report, monitoring and control 1: 7.1
Review minutes
report, cost report, business relationship 2: 7.1.4
management procedure
SLA, Problem report, customer
satisfaction survey, Performance 2: 7.1.4 Service report
measurements
SUPPLIER MANAGEMENT
Service level agreement, service
1: 7.2
management plan, service catalog, change Contract (and contract changes)
2: 7.2.2, 7.2.3.1, 7.2.4
request, information security policy
1: 7.2
Contract, supplier management procedure Interface description
2: 7.2.4

© ISO/IEC 2015 – All rights reserved 33

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 20000-1:2011

(IEEE Std 20000-1-2013)

Typical Input information items or ISO/IEC 20000-2: 2012 Output information item

(IEEE Std 20000-2-2013)

clause
Service management plan, contract, 1: 7.2
2: 7.2.2, 7.2.3.2 Service level agreement (SLA)
supplier's SLA
1: 7.2
Contract, SLA, monitoring and control report Service report
2: 7.2.3.1

Organizational policy, service 1: 7.2

management plan, service level 2: 7.2.2 Supplier management procedure
agreement
INCIDENT AND SERVICE REQUEST MANAGEMENT
Change management procedure, service
Incident management
management plan, configuration 1: 8.1
procedure or service request
management database, known errors, 2: 8.1.2, 8.1.4, 8.1.5
management procedure
catalog of services, SLA
Incident procedure, known error and
2: 8.1.5 Incident report
problem resolution, configuration records
PROBLEM MANAGEMENT
Problem report 1: 8.2 Change request
1: 8.2 Problem management
SLA, service management plan, 2: 8.2.2, 8.2.3, 8.2.4 procedure and policy
Incident report, information on known 1: 8.2
2: 8.2.4 Problem report
errors, problem management procedure
Problem review, problem reports 1: 8.22: 8.2.4.f Review minutes
CONFIGURATION MANAGEMENT
Configuration management
1: 9.1
procedure, configuration status 2: 9.1.3.2, 9.1.4 Audit report
report
1: 9.1
Configuration management procedure Change request
2: 9.1.3.5
1: 9.1 Configuration
Configuration management plan
2. 9.1.3.2, 9.1.3.3, 9.1.4. management procedure
Service management plan 1: 9.1 Interface description
System management policies, System
design description, service level agreement, 2 9.1.2, 9.1.3.2, 9.1.3.3, Configuration management plan
system requirements specification, 9.1.4 and policy
configuration management policy
Audit plan, configuration management
2. 9.1.3.2, 9.1.3.5. Audit procedure
plan and policy, configuration records
Configuration management
2: 9.1.1, 9.1.4 Configuration status report
procedure, configuration records
CHANGE MANAGEMENT
1: 9.2
Incident report, Problem report,
2: 9.2.2, 9.2.3.2, 9.2.3.3, Change request
configuration status report
9.2.4

© ISO/IEC 2015 – All rights reserved

34 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 20000-1:2011

(IEEE Std 20000-1-2013)

Typical Input information items or ISO/IEC 20000-2: 2012 Output information item

(IEEE Std 20000-2-2013)

clause
Contract, System management policies,
change requests, service catalog, service
availability and continuity plan, Service Configuration management plan
management plan, service requirements, 1: 9.2
2: 9.2.3.1, 9.2.3.2, 9.2.4 and policy (change management
problem management procedure, SLA, plan and policy)
service continuity and availability plan,
capacity plan, changes to cost estimates
Configuration management
Configuration management plan, 1: 9.2
procedure (change
problem management procedure, SLA, 2; 9.2.2, 9.2.4
management procedure)
Change request, change management
2: 9.2.4 Release plan (deployment plan)
plan, change management procedures
Change request 2: 9.2.3.2, 9.2.4 Evaluation report
RELEASE AND DEPLOYMENT MANAGEMENT
Configuration management
1: 9.3
Change request, SLA procedure (release
2: 9.3.3.2, 9.3.3.3
management procedure)
1: 9.3
Release plan, release management plan Evaluation report
2: 9.3.4
Change management policy, service
management plan, test plan, verification 1: 9.3
Release plan and policy
plan, acceptance plan, disposal plan, 2: 9.3.3.1, 9.3.3.2, 9.3.4
release schedule, change request
Test plan, incident reports or records 2: 9.3.3.4, 9.3.4 Integration and test report
Release management plan, release
2: 9.3.3.4, 9.3.4 Verification plan (Test plan)
plan; change request, problem report
Communication
Release plan, service management plan 2: 9.3.4 procedure
(communications plan).
Release management plan,
2: 9.3.4 Training plan
service management plan
Release plan, installation plan, integration
2: 9.3.4 User documentation
and test plan

9 Records
This clause identifies the generic and specific content of records called out in ISO/IEC 12207:2008 (IEEE Std
12207-2008), ISO/IEC 15288:2008 (IEEE Std 15288-2008), ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) and
ISO/IEC 20000-2:2012 (IEEE Std 20000-1-2013). The project, organization, or service shall maintain the records
needed for the required information items (documents). Records contain data structured in a permanent, readable
form. Records may be generated for any life-cycle process, task, or activity in a project or organization, to include
data on requirements, policies, decisions and their rationale, designs, source code, problems, reviews, requests,
measurements, and test data, as well as product, quality, legal and official, financial, and historical data.
Records should be maintained for retrieval in registers, repositories, or databases.

9.1 Record – generic content

Purpose: Organize the data an organizational entity retains.

© ISO/IEC 2015 – All rights reserved 35

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

NOTE Consistent with the ISO 9000 series, the purpose of a record is to state results achieved or to provide
evidence of activities performed by an organizational entity.

A record shall include the following elements:

a) Date of record, date recorded, and status

b) Scope
c) Subject or category
d) Issuing organization
e) References
f) Body
g) Unique record identifier

9.2 Specific record contents

Table 4 provides references for the applicable life-cycle process and content of specific records referenced in
ISO/IEC 12207:2008 (IEEE Std 12207-2008), ISO/IEC 15288:2008 (IEEE Std 15288-2008), ISO/IEC 20000-
1:2011 (IEEE Std 20000-1-2013), and ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013). The generic content of
records is presented in clause 9.1. Table 4 does not include every reference to records of results that are
required to be collected, stored, and verified, such as measurement data. Problem records are included in the
Problem Report in Clauses 8 and 10. Annex B, Table B.2 compares Records by Source.

NOTE 1 The term “configuration record” may be used for either a record of an individual component (item) in a
configuration or the record of a system's configuration at a point in time (baseline).

NOTE 2 ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) and ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) distinguish
between complaints, incidents and problems. A problem is the underlying root cause of one or more incidents or complaints. For
information management purposes in this standard, the records for complaints, incidents, and problems have similar content and
often use the same or related records management systems.
Table 4 — Record references and contents
Record Process Reference Record Contents
Customer/acquirer agreement
Acceptanc
Service management 20000-2: 5.4, 7.2.3.2 that acceptance criteria have
e record
been met
Life-cycle model
management,
12207: 6.2.1.3.2.1,
project assessment
Assessment 6.2.1.3.3.2, 6.3.2.2, Information and data related to the
and control, service
record B.3.3.2.2 use of the standard process for
management,
(audit 20000-1: 4.5.4.1, 4.5.4.2, specific projects and services;
information security
record) 5.2 result of the audit or assessment.
management,
20000-2: 6.6.3.3, 9.1.3.2
configuration
management
Response time compared to
Service continuity
Availability 20000-1: 6.3.3 SLA, actual available time
and availability
record 20000-2: 6.3.4.2, 6.3.5 divided by planned available
management
time
Customer, customer type,
variance, defect, conflicting
Complaint Business relationship requirement, or non-
20000-1: 7.1
record management, conformance; complaint category,
20000-2: 7.1.3.3, 7.1.4,
(compliment supplier correction actions, known error,
7.2.3.4, Table A.8
record) management dispute information, assigned
responsibility, resolution. See
problem report, change request

© ISO/IEC 2015 – All rights reserved

36 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Record Process Reference Record Contents

Functional and physical
characteristics, version, location,
configuration status; approvals and
authorizations; associated items,
associated incident or problem
records, associated known errors,
associated change requests,
Configuration
associated incident or service
management,
requests, the rationale for approval
implementation,
15288: 6.2.5.3b), 6.4.4.3b) of the baseline; changes to
maintenance,
12207: 6.3.5.3.1.2, baseline; association to
disposal, reuse asset
6.3.5.3.2.1, 6.3.5.3.2.2, requirements; indication that the
management, domain
Configuration 7.2.2.3.3.1 item or element fulfilled the
engineering, asset
record (asset 20000-1: 3.4, 9.1, 9.2 agreement or requirements;
management,
record, change 20000-2: 4.1.4.3, 4.3.2, maintenance, failure and lifetime
information security
record) 4.3.3, 9.1.1, 9.1.2, 9.1.3.1, data; disposal record; owner, use
management,
9.1.3.3, 9.1.3.4, 9.1.3.5, and criticality of asset; and activities
problem
9.1.4, 9.1.5, 9.2.2, 9.2.3.3, performed, such as backup,
management, change
9.2.4 storage, archiving, handling and
management, release
delivery of configured items.
and deployment
Stored in a configuration
management
management database (CMDB)
or change log
See also change request, incident
record, problem record, release
record, software item configuration
record, system element
description.
15288: 6.3.3.1, 6.3.3.3.1
Decision making,
12207: 5.1.2, 6.3.3.1 Decision, assumptions, and
Decision record supplier
20000-1: 4.5.4.3 rationale; outstanding actions
management
20000-2: 4.1.1.2, 5.4, 7.2.4
12207: 6.4.11.1, Disposal actions for future risk
Disposal record Disposal
6.4.11.2.e) and impact analysis
Maintenance, supply,
service continuity and
availability
Incident summary, service request,
management, 15288: 6.4.10.3.b)2)
associated configuration items,
Incident record capacity 20000-1: 6.6.3, 8.1
variance, defect, or non-
(security management, 20000-2: 4.2.3,.3.1.2,4.3.3,
conformance; priority, incident
incident record, information security 5.5 6.3.3.3, 6.3.4.2, 6.5.4,
category, root cause, fault
service request management, incident 6.6.3.4, 6.6.3.5, 6.6.4,
correction actions, known error,
record, major and service request 8.1.2, 8.1.3.1, 8.1.3.2,
assigned responsibility and
incident record) management, change 8.1.5, 8.2.1, 9.3.3.5, 9.3.4,
escalation, resolution and closure.
management, problem Table A.2, Table A.10
See incident report, change request
management, release
and deployment
management
Information Information 12207: 6.3.6.2, 6.3.6.3.2.2 Information status, version
item storage managemen 15288: 6.3.6.2d), description, distribution
record t 6.3.6.3 b record, security classification

© ISO/IEC 2015 – All rights reserved 37

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

Record Process Reference Record Contents

Human resource
management,
Knowledge 12207: 6.2.4.3.3.5 Knowledge,
disposal, incident and
management 15288: 6.2.4.3, recommended
service request
record 6.4.11.3b) applicability
management,
problem management
Service Data on service performance
Performance
management, 20000-1: 6.1, 7.2 against targets, the results of
control
supplier 20000-2: 7.2.3.2 applying the process, service
record
management quality level
Human 15288: 6.2.4.3a)2) Employee identifier, skill, level
Personnel
resource 20000-1: 4.4.2 of proficiency.
skills record
management 20000-2: 4.4.2.2, See also Skill development record
Decision
management,
integration,
maintenance, project 15288: 6.3.3.3, 6.4.5.3,
assessment and 6.4.10.1, 6.4.10.2
control, software 12207: 6.1.2.3.4.8,
review, software 6.3.2.3.2.1, 6.3.3.3.1.3,
audit, software 6.3.3.3.3.2, 6.4.9.3.1.2, Problem, variance, defect, or non-
operations, software 6.4.9.3.4.1, 6.4.10.3.1.2, conformance; problem category,
quality assurance, 7.2.3.2.c), 7.2.3.3.1.4, associated configuration item, fault
Problem
software problem 7.2.4.2.d), 7.2.5.2.d), correction actions, known error,
record (known
resolution, software 7.2.6.2.e), 7.2.6.3.1.4, root cause, assigned
error record)
verification, software 7.2.7.2, 7.2.7.3.1.5, responsibility, resolution.
validation, domain 7.2.8.2.b). 7.2.8.3.1.1, See also problem report,
engineering, reuse 7.3.3.3.5.3 change request
management, 20000-1: 3.19, 8.2, 9.1
configuration 20000-2: 4.5.5.2, 6.3.4.2,
management, 8.2.2, 8.2.3, 8.2.4, 8.2.5,
problem 9.3.3.5, 9.3.4, Table A.10
management, release
and deployment
management
12207: 7.2.3.3.1.3.c),
Software quality Execution of the quality activity,
Quality 7.2.3.3.1.4, 7.2.3.3.1.5
assurance, such as document review or
activity record 20000-1: 4.3.3
improvement, assessment activity
20000-2: 4.3.3
Establish the cost of preventing
Life-cycle
Quality and resolving problems and non-
model 12207: 6.2.1.3.3.3
cost data conformities and support process
management
improvement

© ISO/IEC 2015 – All rights reserved

38 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Record Process Reference Record Contents

Identifies, tracks, and controls a
release and its configuration items
at the time a version (including the
baseline version) is released. For
software, it identifies a software
version consisting of one or more
Supply, software
12207: 6.4.9.3.1.3, software items. It lists items being
operation, release
B.3.2.3.2 delivered, including system and
and deployment
Release record 20000-1: 9.3 software item versions, traceability
management,
20000-2: 9.1.2, 9.3.3.5, to specifications or previous
configuration
9.3.4 releases, what has been changed;
management
known errors, problems and
workarounds. It may refer to
installation or delivery procedures
and information on the success of
the release or associated
problems.
Traceability, priority, resources,
15288: 6.4.1.3
constraints, capacity, continuity and
12207: 6.4.1.3.5.1
Stakeholder availability, usability of interactions,
20000-1 3.34, 4.1.4, 4.5.2,
requirements health and safety, information
5.2, 6.3.1, 6.5, 7.1, 7.2,
definition security, environment, statutory,
Requiremen 20000-2: 4.1.1.3, 4.1.1.7,
All service regulatory, financial, reporting,
t record 4.1.1.8, 4.1.1.9, 4.1.1.10,
management quality
4.1.4.3, 4.5.2.1, 4.5.2.2,
processes See also: software requirements
4.5.2.4, 5.2.4, 5.2.5, 5.2.7,
and services specification, system
5.3.1, 5.5, 6.1.4, 6.2.3,
requirements specification
6.3.5, 6.5.4
(service requirements)
Risk management,
stakeholder
15288: 6.3.4.3 b)
requirements
12207: 6.3.4.3.2,
definition. Source, probability, consequence,
6.3.4.3.3.4, 6.4.1.3.2.5,
operations, software acceptability threshold, priority,
Risk record 6.4.9.3.1.1, 7.2.6.2.e)
review, service risk action requests, treatment
or profile 20000-1: 4.1.1, 4.5.5.1,
management, strategy, status; also
(opportunity) 5.2, 6.3.1, 6.6.1, 9.2
service continuity opportunities for improvement.
20000-2: 4.1.1.10,
management, Stored in a risk register.
4.1.1.11, 5.2.3, 5.2.6,
information security
6.6.3.3, 9.2.4
management,
change management
12207: 6.2.4.3.2.3,
Skill Human resource Skill area, employee identifying
6.2.4.3.3.5
development management, data, duration of training,
15288: 6.2.4.3b)4)
record information proficiency level, certifying
20000-1: 4.4.2.e
(Training security authority
20000-2: 4.4.2.2, 6.3.5,
record) management See also: Personnel skills record
6.6.3.4.n

© ISO/IEC 2015 – All rights reserved 39

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

Record Process Reference Record Contents

A software configuration index may
contain software item configuration
records for one software item or a
set of software items. A software
Software item item configuration record should
12207: 7.2.2.2.e),
configuration Software identify generic record information,
7.2.2.3.2.1, 7.2.2.3.4.1,
record configuration the software product (source),
7.3.1.2.e), 7.3.1.3.4.2,
(software asset management executable object code, archive and
7.3.2.2.e)
record) release data, instructions for
building the executable object, and
data integrity checks for the
executable object, and reuse of
assets
Development,
system qualification
12207: 6.4.6.2, 7.1.6.2.e),
testing, software
7.1.7.2, 7.1.7.3.1.1
Test result integration, software Result of testing, includes
20000-1: 6.3.3
record qualification testing, verification and validation records
20000-2: 5.3.3.2, 9.3.3.2,
service continuity
9.3.3.4
and availability
management

10 Specific information item (document) contents

10.1 General

Specific contents of the information items shall be provided as required in this clause. For each information item,
the generic contents as specified in Clause 7 shall be part of the required item content. The information item
contents serve as a checklist that can be satisfied by the organization’s content mapping, templates and
information models. This clause is not intended to address all possible information item contents, or to
mandate the title of the information item, nor the order or titles of the sections in an information item.

Some contents are duplicated or adapted in multiple information items and information item types. A single
source repository (such as a content management system) should be used for similar contents for consistency and
ease of development. The Information Management Plan, Development Plan, and Documentation Plan should
include the type of information and level of detail to be provided in each information item where duplications
in content exist.

The contents of the information items identified in Clause 10 include those explicitly identified (but may not be
required for conformance) and those implicitly identified in ISO/IEC 12207:2008 (IEEE Std 12207-2008),
ISO/IEC 15288:2008 (IEEE Std 15288-2008), and ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) and
ISO/IEC 20000-2:2012 (IEEE Std 20000-1-2013).

In this International Standard, the project has been chosen as the context for describing processes concerned with
planning, assessment and control. The principles related to these processes may be applied in any area of an
organization’s management (for example, for a program or organization).

Qualifiers and adjectives (such as “Software,” “Architecture,” “Component”, “Summary”, “Preliminary”,

“Customer’s,” “Stakeholders”, “Enterprise”) may be applied as part of the information item or document title.

Information items for systems may be specialized for software.

EXAMPLE A system element description produced for a software item may be called a software element description. A
change request for software may be called a software modification request.

© ISO/IEC 2015 – All rights reserved

40 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

10.2 Acceptance plan

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.3.1.3.b)

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.1.3.1.9

Generic type: Plan

The acceptance plan should prepare for acceptance based on the defined acceptance strategy and criteria. It
specifies objective criteria for determining acceptability of the deliverable work products, and any technical
processes, methods, or tools required for product acceptance. Methods such as testing, demonstration,
analysis, and inspection should be specified. It indicates the extent of supplier involvement. If acceptance is
based on tests, it may reference or provide an overall test plan.

See also: software integration test plan

10.3 Acceptance review and testing report

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.4.8.3.1.1

Generic type: Report

The acceptance review and testing report states that an acquirer has reviewed and tested a product. It
indicates whether the product is accepted.

10.4 Acquisition plan

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.1.3.1.8, 6.1.1.3.1.9, 6.1.1.3.1.12

Generic type: Plan

The acquisition plan includes the following:

a) a definition of the technical and managerial processes necessary to satisfy the software acquisition
requirements, that is, the following acquisition activities: process initiation, request for proposal (RFP)
(tender) preparation, contract preparation and maintenance, supplier monitoring, and acceptance and
completion
b) system requirements, planned employment of the system, contract type, organizational responsibilities, and the
concept of support
c) risks and methods to manage risks
d) acquisition options and criteria to include risk, cost, and benefits for each option considered.

Acquisition options include off-the-shelf product, product developed internally or contracted out, and reuse or
enhancement of existing product or service, or any combination thereof.

The acquisition plan should include the following:

a) supplier selection criteria

b) the purpose of the system or software
c) a description of the general nature of the system and components, including software
d) an outline of the expected life-cycle processes and the need for system development, operation, and
maintenance
e) identification of the project sponsor, acquirer organization, user organizations, and support agencies
f) the project review and audit milestones
g) current and planned operating sites.

The acquisition plan may include costs and budgets for the acquisition.

© ISO/IEC 2015 – All rights reserved 41

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

10.5 Asset management plan

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference 7.3.2.2, 7.3.2.3.1.1, 7.3.2.3.1.3, 7.3.2.3.2.2

Generic type: Plan

The asset management plan defines the strategy, management and technical processes for asset
management. It defines an asset classification scheme, the asset storage, handling and retrieval mechanism; and
asset acceptance, certification, and retirement procedures.

10.6 Audit acknowledgement report

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.2.7.3.1.6

Generic type: Report

The audit acknowledgement report acknowledges audit results and presents the planned resolution of problems to
the auditing party.

10.7 Audit plan

ISO/IEC 12207:2008 (IEEE Std 12207-2008): 6.2.1.3.2.2, 7.2.7.3.2.1

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 4.5.4.1, 4.5.4.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.5.4.2

Generic type: Plan

The audit plan defines the overall audit program, as well as the specific processes, services, or other activities to
be audited. It includes the audit objectives and priorities and the subjects of the audits, including work
products and records to be reviewed. It defines roles and responsibilities for the audit and plans for recording and
communicating the audit results.

10.8 Audit procedure

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.2.7.3.1.4,

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 4.5.4.2,

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.5.4.2, 9.1.3.5

Generic type: Procedure

The audit procedure includes the audit criteria, scope, frequency, and methods for conducting audits. It
outlines how deficiencies are recorded and reported. It identifies who is responsible for planning and conducting
the audit, reporting the results, maintaining the audit records, and initiating and performing corrective action.

10.9 Audit report

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.2.3.4.15, 6.4.6.3.1.3, 7.1.7.3.1.4, 7.2.7.3.1.6

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 4.5.4.2, 9.1

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.3.1.1, 4.5.4.2, 6.2.3.c, 9.1.3.2, 9.1.4
© ISO/IEC 2015 – All rights reserved
42 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Generic type: Report

The audit report provides audit results and is delivered to the audited party. It identifies participants, certification of
auditor’s independence, agreement on resources involved in the audit, audit schedule, list of items to be audited,
audit scope, audit procedures, entry and exit criteria, reference to problem records, action item responsibilities and
closure criteria and status of corrective actions, compliance/conformity. It may include an audit strategy, the names
of organizations audited, product or service being audited, name of auditor, date and location of audit, audit criteria,
status of previous audit action items, new action items (including responsible person or organization and due date),
and observations and findings.

10.10 Capacity plan

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 6.5

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 6.5.1, 6.5.2, 6.5.3.2, 6.5.4

Generic type: plan

The capacity plan documents how the supplier meets the capacity and performance requirements for a
service, including continuity and availability. It identifies factors affecting capacity, including current and
anticipated demand, legal and regulatory changes, changes in agreements or organizations, and
implementation of new technology or procedures. It defines the approach for predictive analysis to determine
thresholds when additional capacity should be provided to upgrade the service. It describes how schedules and
cost estimates are prepared for recommended changes in capacity. The capacity plan should be updated at least
annually.

10.11 Capacity management procedure

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 6.5

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 6.5.3.2, 6.5.4

Generic type: procedure

The capacity management procedures explain how the organization performs predictive analyses of capacity
based on system monitoring data, such as modelling predicted or actual performance of the infrastructure
systems in terms of component and resource utilization.

10.12 Change request

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.1.3.4.3, 6.1.2.3.3.2, 6.3.5.3.1, 6.4.9.3.1.3, 6.4.9.3.4.1,
6.4.9.3.4.2, 6.4.10.3.1.2, 6.4.10.3.2.1, 6.4.10.3.2.4, 7.2.2.3.3.1, 7.2.8.2, 7.3.1.3.1.3, 7.3.1.3.5.1, 7.3.2.3.3.6,
7.3.2.3.3.7, F.3.2, F.3.3.2.1,

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 8.2, 9.1, 9.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 6.6.3.5, 9.1.3.5, 9.2.2, 9.2.3.2, 9.2.3.3, 9.2.4, Table
A.14

Generic type: Request

A change request (or request for change) identifies a problem or desired improvement and requests
modifications. The requested change may affect a configuration item, system, service, hardware, software,
interface, asset, or documentation. It is the input to initiate contract changes and the change management
process. It may reflect requests and related actions from customers and users for assistance and consultation, or a
request to retire a configuration item. The change request should present the benefit and scope of the change,

© ISO/IEC 2015 – All rights reserved 43

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

including the new or modified asset, service or functions, or problem to be corrected; with the priority, assumptions
and constraints. It may address the impact to schedules, cost, products, and test.

See also: problem report, service request (record)

NOTE Change requests should be recorded and may use the same system that records complaints, service requests,
incidents, or problems.

10.13 Communication procedure

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 4.1.3, 7.1

ISO/IEC 20000-2:2012 (IEEE Std 20000-1-2013) reference: 4.1.1.3, 4.1.3.2, 7.1.1, 9.3.4

Generic type: Procedure

The communication procedure aligns the objectives of written and oral communication with the occasions,
frequency, media, and types of communication, such as reviews, meetings, briefings, workshops, notifications, and
unscheduled discussions, as well as electronic or printed communications. It identifies communication
audiences and parties who should communicate, such as managers and team members or stakeholders,
supplier and acquirer, or service provider and customers, users, and interested parties. It explains how
communications can be escalated, with contact details. It covers how contact information on communication
recipients (distribution list) is maintained, schedules for periodic communications, who is responsible for
communicating, and who has access to communication tools and source information (records). Types of
information to be communicated may include policies, new or changed requirements, alignment of a service
with objectives and customer expectations, and understanding of the environment for services.

10.14 Complaint procedure

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 7.1

ISO/IEC 20000-2:2012 (IEEE Std 20000-1-2013) reference: 7.1.3.3, 7.1.4

Generic type: Procedure

The complaint procedure defines what constitutes a complaint. It identifies the service provider's point of
contact for formal complaints. It documents how to receive record, prioritize, investigate, review, escalate,
resolve, and close complaints, and how to report on complaints and provide feedback. It may explain when
complaints become recorded as incidents.

See also: complaint (record), incident (service request) management procedure, incident report, problem
management procedure, problem report, service level agreement

10.15 Concept of operations

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.4.1.2.a), D.4.a

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.1.3.1.1, 6.4.1.2, 6.4.1.3.2.3

Generic type: Description

The concept of operations (or operational concept) includes the following:

a) a description of how a system works from the users' point of view

b) identification of stakeholder needs and the anticipated types of system users

© ISO/IEC 2015 – All rights reserved

44 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

c) identification of interfaces to existing and future systems

d) summary of operational, organizational, and development impacts
e) reviews of cost, criticality and feasibility of the intended system. The concept of operations may include the
following:
f) the intended interaction of the system in its operational environment, such as scenarios, models, or activity
sequences of business processes handled by the system, as the basis for defining the system
requirements. Scenarios (or use cases) should include events, actions, stimuli, information, and
interactions.
g) context of use of services, such as user culture, system constraints, operational situation, needs and
requirements imposed by society, the constraints imposed by a supplier organization, and the capabilities
and limiting characteristics of staff
h) a description of the current system or situation, including background, operational policies and constraints,
modes of operation, operational environment, user classes, interfaces to external systems or
procedures, capabilities/functions, performance characteristics, and support environment
i) comparison of the as-is processes to the future processes to be handled by a new system
j) Identification of change issues, including priorities, assumptions and constraints, and changes considered
but not recommended.

See also: product need assessment, system requirements specification

NOTE ISO/IEC/IEEE 29148:2011 Systems and software engineering — Life cycle processes — Requirements
engineering provides additional guidance.

10.16 Configuration management plan and policy

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.3.5.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.3.5.3.1.1, 7.2.2.3.1.1

ISO/IEC 20000-1: (IEEE Std 20000-1-2013) reference: 5.1, 9.2, 9.3

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference 9.1.2, 9.1.3.2, 9.1.3.3, 9.1.4, 9.2.3.1, 9.2.3.2,
9.2.3.4, 9.2.4, 9.3.3.1, 9.3.3.2, 9.3.3.3, 9.3.3.5, 9.3.4

Generic type: Plan, Policy

The configuration management (CM) policy (or change management policy) includes the policy for how a
configuration item and its components are defined and what items are subject to change control and release
management.

Configuration or change management policy may be included in the configuration or change management plan
or as a separate set of policies.

The change management policy defines what constitutes a major change and an emergency change (emergency
release), and responsibilities for authorizing and implementing normal and emergency changes.

The configuration management (CM) plan (or change management or release and deployment management plan)
describes the responsible organization for authorizing and performing these activities, and their relationship with
other organizations, such as software development, asset management, suppliers and subcontractors, and
maintenance. For a review board or special organization established for authorizing and performing CM activities
on a project, the plan shall describe its purpose and objectives; membership and affiliations; scope of authority;
and operational practices.

For software, the CM plan should include how the organization performs:

a) configuration identification, including the scheme for the identification and classification of software item

© ISO/IEC 2015 – All rights reserved 45

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

records and information items and their versions, and the establishment of baselines
b) configuration control and change management
c) configuration status accounting
d) configuration audit and evaluation, including recording deficiencies, initiating corrective actions, and reporting.

NOTE IEEE Std 828-2012, IEEE Standard for Configuration Management in Systems and Software Engineering,
provides additional guidance.

See also: release plan

10.17 Configuration management procedure

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 9.1, 9.2, 9.3.

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.1.4.3, 5.3.3.2.l, 9.1.3.2, 9.1.3.3, 9.1.3.5, 9.1.4.,
9.2.2, 9.2.4, 9.3.3.2, 9.3.3.3

Generic type: Procedure

The configuration management procedure (or asset management or change management or release and
deployment procedure) presents how to perform the detailed activities for the configuration management or
change management or release and deployment processes.

NOTE : ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) requires that planning for the release and deployment
management process be coordinated with the change management process.

The procedures include the following:

a) process implementation
b) configuration identification and recording
c) configuration control
d) configuration status accounting (tracking)
e) configuration evaluation
f) logging and analysis of the impact of change requests
g) procedures to verify the completeness and correctness of systems and software releases
h) Release and deployment management and delivery
i) management of emergency changes or releases when the normal procedure is insufficient.
j) how an unsuccessful change or release can be backed out or corrected.

They should include the following:

a) procedures for initial baselining of work products and configuration items

b) documenting the scope of changes
c) change control board authority, membership, and procedures for approval or denial of change requests
d) tracking of changes in progress
e) updating configuration data
f) notifying concerned parties when baselines are first established or later changed.

They may include asset management procedures, such as asset retirement.

10.18 Configuration status report

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.2.2.2.e), 7.2.2.3.4.1, 7.2.2.3.5.1

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference 9.1.1, 9.1.4, 9.2.3.3

© ISO/IEC 2015 – All rights reserved

46 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Generic type: Report

The configuration status report (or change management report) provides the status of controlled configuration
items, including baselines, release identifiers, and location of the item or software master version. It may
include the number of changes for a project, version history, number of releases, and comparisons of releases. It
may be in the same format as an Audit Report.

10.19 Contract

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.1.1.2, 6.1.1.3, 6.1.2.2, 6.1.2.3, 6.3.1.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.1.2, 6.1.1.3.4.2, 6.1.1.3.4.3, 6.1.2.2, 6.1.2.3.3.1,
6.1.2.3.6.2, 6.4.1.3.2.1, B.3.2.2.1, B.3.2.2.2, B.3.1.2.2, B.3.1.3.2, F.3.3.1.1, F.3.3.1.2, F.3.3.5.1

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 5.2, 5.3, 6.1, 7.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.2.1, 4.2.5, 4.3.1.1, 4.5.2.3, 4.5.3, 5.2.8, 6.1.3, 6.1.4,
7.2.2, 7.2.3.1, 7.2.4, Table A.14

Generic type: Specification

A contract (or agreement) is the formal agreement between an acquirer and a supplier. Informally, commitments
or agreements may be specified between parts of the same organization (sometimes called a memorandum of
understanding). A contract or agreement addresses the following:

a) identification of the performing organizations and their responsibilities

b) statement of work to be performed, with tasks based on a service management process or a system or
software life-cycle model, and scope of tasks
c) system requirements and software requirements definition and analysis results
d) negotiated price and payment schedule
e) deliverables, including documentation, records, and off-the-shelf products identified
f) schedule for suppliers to deliver the product or service
g) proprietary rights to systems and technical data and software intellectual property rights: usage, ownership,
warranty and licensing rights
h) provisions for monitoring; reporting, verification, validation, and acceptance criteria
i) procedures for contract changes, exceptions, resolving disputes, and closeout, such as supplier
responsibilities in the event of expected or early termination of the contract or formal agreement and the
transfer of services to another party.

The contract may specify best practices, to include standards and strategies for processes, activities and
tasks.

10.20 Customer satisfaction survey

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.2.5.3.1.4, 7.1

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 7.1.3.3, 7.1.4, Table A.8

Generic type: request

The customer satisfaction survey requests opinions on service performance from the customers. Series of
surveys may be issued to track trends in customer satisfaction.

10.21 Database design description

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.1.3.3.1.3, 7.1.4.3.1.3

© ISO/IEC 2015 – All rights reserved 47

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

Generic type: Description

The database design description is the top-level design for databases. It includes the following:

a) database overview and identification

b) database design (including descriptions of applicable design levels, for example, conceptual, internal,
logical, and physical)
c) reference to design descriptions of software used for database access or manipulation
d) rationale for database design
e) database-wide design decisions about its activity from a user’s viewpoint, in meeting its functional and
performance requirements.

The database detailed design description covers software items used to access or manipulate data. It provides
visibility into the design and information needed for database management. It is used as the basis for implementing
a database and related software items. It includes the following:

a) a summary of the history of the database development, use and maintenance

b) the database design at the conceptual, internal, logical and physical levels
c) identification of each software item used for database access or manipulation
d) any constraints, limitations or unusual features in the design of the database software items
e) the types of errors affecting the database and the handling of those errors
f) traceability between each database or related software item, and the system or software item requirements.

The database detailed design may specify

a) database access methods

b) data entities and their relationships
c) security and integrity constraints
d) data retention requirements
e) expected size of the data elements.

10.22 Development plan

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.1.1.3.1.3, 7.1.1.3.1.4, 7.1.3.3.1.5

Generic type: Plan

The development plan presents how the organization or project plans to conduct development activities (the
software implementation strategy). It includes the following:

a) identification of the objectives and standards to be used in the system or software development process
b) identification of the system or software life-cycle model to be used to satisfy the product or service
requirements, based on the project’s scope, magnitude and complexity
c) mapping of development process activities and best practices to the selected life-cycle model
d) schedule, resources, methodology, tools, reuse strategy, action items, roles and responsibilities to be used in
development and test
e) qualification of all requirements, including safety and security
f) references to separate plans or procedures to address different activities in the development stage or
process, such as development process implementation, system requirements analysis, system architecture
design, system and software requirements specification, high-level and low-level system or software design,
software construction or coding, system element test or software unit test, system or software integration
test, system or software qualification test, system or software installation, and acceptance
g) Identification of notations and naming conventions used in development.

© ISO/IEC 2015 – All rights reserved

48 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

10.23 Disposal plan

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.4.11.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.4.11.3.1.1

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 5.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 5.2.8

Generic type: Plan

The disposal plan (or retirement plan or service removal plan) presents how activities are conducted to retire
systems or software items or services and related documents. It identifies stakeholders and user
organizations or users to be notified of the planned withdrawal from service, replacement systems and
services, if any; a schedule for cessation of support. Plans for system disposal or archiving of the software and
documentation should include the removal of sensitive or secured information. It includes the schedules, actions
and resources for disassembly or destruction of a system, bringing it into a socially and physically acceptable
state in accordance with relevant safety, security, privacy and environmental standards, directives and laws, and
avoiding subsequent adverse effects on stakeholders, society and the environment. It considers the associated
enabling systems and storage locations.

10.24 Documentation plan

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.3.6.3, 7.2.1.2, 7.2.1.3.1.1

Generic type: Plan

The documentation plan identifies and specifies the project’s documentation (information items). It specifies the
purpose, audience, content, structure, media, and format of each document and document set. It identifies the
documents and information to be acquired, re-used, or developed, and includes schedule, resources,
methodology, tools, content management or reuse strategy for the documentation, action items, and roles and
responsibilities, consistent with the information management plan. It includes schedules for document
development, review and approval. It identifies who receives or have access to restricted documents. The
documentation plan should include the controlling template or standard for each document.

See also: information management plan.

10.25 Documentation procedure

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 4.3.1, 4.3.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-1-2013) reference: 4.1.3.1, 4.3.1.2, 4.3.2

Generic type: Procedure

The documentation procedure (or document management procedure) details how documents are identified,
including versions; how they are reviewed and approved, how documents are made available to users; and how
stakeholders are notified about new, changed, or archived documents. It describes how documents are controlled
to prevent unauthorized change or damage. It applies to printed, electronic, or web-accessible documentation.

NOTE ISO/IEC/IEEE 26513-2009 Systems and software engineering — Requirements for testers and reviewers of user
documentation provides additional detail on documentation review and approval.

See also: documentation plan, information management plan

© ISO/IEC 2015 – All rights reserved 49

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

10.26 Domain engineering plan

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.3.1.3.1.1

Generic type: Plan

The domain engineering plan presents how the organization intends to conduct domain engineering procedures
and activities. It describes the process for handling change requests.

10.27 Evaluation report

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.2.5.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.2.3.4.5, 6.1.2.3.4.8, 6.1.2.3.4.15, 6.4.2.3.2.1
6.4.3.3.2.1, 6.4.5.3.2.2, 6.4.6.3.1.2, 7.1.2.3.1.2, 7.1.3.3.1.6, 7.1.4.3.1.7, 7.1.5.3.1.5, 7.1.6.3.1.5, 7.1.7.3.1.3

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013): 6.3.3, 6.6.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 5.5, 6.3.4.3, 6.3.5, 9.2.3.2, 9.2.4, 9.3.4

Generic type: Report

The evaluation report provides results of reviews and evaluations, such as a risk assessment or an evaluation of
design constraints, suppliers, customer satisfaction, effectiveness of security controls, analysis of change
records or change requests, or financial variances. It includes evaluation criteria. Evaluations may be based on
criteria of traceability, consistency, testability, risk reduction, usability and customer satisfaction, and
feasibility. The report provides information and recommendations to assist future decision-making, and it may
indicate trends and recommendations for future comparable situations. For software configuration management
evaluations, the report provides information about functional completeness of the software items against their
requirements and the physical completeness of the software items (whether their design and code reflect an
up-to-date technical description).

See also: audit report, monitoring and control report, progress report, review minutes, service report, validation
report, and verification report.

10.28 Implementation procedure

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.4.4.3.b) Generic type: Procedure

The implementation procedure details how the system or system elements are produced to satisfy the design
requirements. Implementation procedures may address system hardware and software configuration; software
creation and compilation, and operational readiness.

See also: operational test procedure, training documentation

10.29 Improvement plan

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.2.1.3, 6.3.4.3.1.5

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.2.1.3, 6.3.4.3

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 4.5.5.1, 4.5.5.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.5.5.1, 4.5.5.2, 6.1.3.1, 6.1.4, 9.2.3.3

© ISO/IEC 2015 – All rights reserved

50 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Generic type: Plan

The improvement plan (which may include the improvement policy) presents how the organization plans to
improve a service (service improvement plan) or process (process improvement plan). The improvement
should be linked to organizational objectives. The Improvement Policy may be included in the Improvement Plan
or as a separate set of policies.

The improvement policy expresses the organization's commitment to improving its services or products by
making them more effective and efficient. Following the 'Plan-Do-Check-Act' methodology for continual
improvement, the policy outlines how opportunities for improvement are evaluated and how improvement is
incorporated into plans for specific processes and services. It identifies roles and responsibilities for improvement
activities.

The plan includes how processes are reviewed, and recommended improvements and change requests are
identified, recorded, prioritized, authorized, performed, measured, assessed, and communicated. The
improvement plan references baseline documentation of the process or service level to be improved and may
specify a service or process improvement target (new level).The improvement plan identifies what information
items (policies, procedures, and plans) need to be updated to reflect the improved process or service. The
improvement plan may include an assessment of the organizational culture and managers' attitudes and
ability to adapt; the available resources, facilities, and tools; and financial constraints on the improvement
project.

NOTE ISO/IEC 15504-4 Information technology — Process assessment — Part 4: Guidance on use for process
improvement and process capability determination provides additional guidance.

10.30 Improvement procedure

ISO/IEC 20000-1:2012 reference: 4.5.5.1

ISO/IEC 20000-2:2012 reference: 4.5.5.2

Generic type: Procedure

The improvement procedure presents how improvements are identified, recorded, evaluated, prioritized, authorized,
performed, measured, assessed, and reported, to improve a management system, service (service improvement
procedure) or process (process improvement)

10.31 Incident management procedure

ISO/IEC 20000-1:2011 (IEEE Std. 20000-1-2013) reference: 6.6.3, 8.1

ISO/IEC 20000-2:2012 (IEEE Std. 20000-2-2013) reference: 6.6.6, 8.1.2, 8.1.3.1, 8.1.4, 8.1.5

Generic type: Procedure

The incident management procedure (or service request management procedure or security incident
management procedure) defines how to receive, record and update, classify and assign responsibility, prioritize,
escalate, resolve, and close incidents or service requests, including security incidents; and how to provide
feedback. It includes the definition of what constitutes a service request or an incident, a major incident, and
a problem. It covers action initiation, assignment of a responsible individual for major incidents, notification, trend
analysis, status tracking and reporting, and incident records management. It includes a procedure to help
ensure that all security incidents are investigated and receive management response.

See also: problem management procedure

© ISO/IEC 2015 – All rights reserved 51

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

10.32 Incident report

ISO/IEC 20000-1:2011 (IEEE Std. 20000-1-2013) reference: 6.6.2, 6.6.3

ISO/IEC 20000-2:2012 (IEEE Std. 20000-2-2013) reference: 6.6.3.4, 6.6.4, 8.1.5

Generic type: Report

The incident report or security incident report, addresses performance in resolving issues, statistical reports on
incident processing, issues or non-conformance (deviance) with service level agreements or contract
requirements, and reported customer concerns, links to customer complaints or problems, and improvements
made in response to incidents. The report may be a compilation or analysis of incidents or complaints.

It should include information for future reference to prevent problems (lessons learned) and identify a duplication of
issues and trends.

It may include

a) reporting control number and related control information

b) identification of the incident reporter
c) date and time of incident occurrence, escalation, resolution, and closure
d) location (environment) of the incident in the system, software or information configuration item
e) applicable contract provision or conformance requirement
f) cause, nature, and impact (severity) of the incident
g) immediate corrective action recommended or performed
h) opportunities for improvement, related action items, the responsible person or organization, and the due
date
i) references to similar incidents, previously reported problems, and known errors
j) responsible person or organization, along with appropriate confirmation showing approval and implementation
of the solution
k) incident closure information
l) information from organizational (internal) reviews.

NOTE ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) and ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) distinguish
between incidents and problems. An incident response deals with the restoration of service to the users, whereas a
problem resolution is concerned with identifying and removing the causes of incidents. An opportunity report is similar, but
includes analysis of potential positive events.

See also: change request, incident (record), problem report, service request (record)

10.33 Information management plan

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.3.6.3, D.4.m)

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.2.3.3.3.2, 6.2.4.3.4.1, 6.2.4.3.4.5, 6.3.6.3.1, 6.3.6.3.2.5,
7.2.4.3.2.5

Generic type: Plan

The information management plan (or documentation management plan or knowledge management plan)
presents how the project or service provider plans to conduct information management or knowledge management
activities during the life cycle. It includes

a) descriptions of the process and activities for authorizing, developing, reviewing, storing, communicating,
and maintaining knowledge or information in electronic and printed media

© ISO/IEC 2015 – All rights reserved

52 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

b) identification of the information to be acquired, re-used, produced, and maintained

c) resources, methodology, tools, action items, and roles and responsibilities, consistent with the overall
project management plan
d) provisions for content management or reuse strategy and version control (document configuration
management)
e) schedules for information development, review, and approval
f) who may receive or have access to restricted information
g) the organizational policy and process for retention or disposal of information and records after project
closure.

The knowledge management plan includes the definition of the infrastructure and training to support the
contributors and the users of the organization’s knowledge assets, the classification schema for the assets, and
the asset criteria.

See also: documentation plan

10.34 Information management procedure

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 4.3.3

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.3.3, 4.4.2.2, 6.1.3.4, Table A.11

Generic type: Procedure

The information management procedure (or records management procedure) details how information, such as
content or records, is managed and controlled. It includes procedures to identify, update, store, retrieve, and archive
or remove information.

See also: documentation procedure

10.35 Information security plan

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 6.6.2, 6.6.3.2, 6.6.4, Table A.14

Generic type: Plan

The information security plan includes the following:

a) description of how the organization identifies, controls, and protects the physical and logical security of
systems, assets, and information
b) description of how requirements for confidentiality, integrity, and availability of information are implemented
c) description of how the system or service denies unauthorized access, permits authorized access, secures
data in transmission, storage, and processing; and provides security in a cost-effective manner
d) description of security risks and related controls, including access controls, and how security controls are
operated and maintained
e) description of systems monitoring, monitoring to detect security incidents, and security trends analysis
f) specific procedures for the protection of sensitive personal data and security-classified data, investigation of
security problems, and reporting
g) procedures for analyzing the effectiveness of information security policy, procedures, and activities

NOTE ISO/IEC 27002:2013, Information technology — Security techniques — Code of practice for information
security controls provides guidelines for information security management. ISO/IEC 27001:2013, Information technology —
Security techniques — Information security management systems — Requirements addresses the Information Security
Management System (ISMS) processes for establishing, implementing, operating, monitoring, reviewing, maintaining and
improving information security.

© ISO/IEC 2015 – All rights reserved 53

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

10.36 Information security policy

ISO/IEC 12207:2008 (IEEE Std 12207-2008): reference 6.1.2.3.4.5 l)

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 6.6.1

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 6.6.2, 6.6.3.1, 6.6.4, Table A.7

Generic type: Policy

The information security policy includes the following:

a) the organization's commitment to identify, control, and protect the physical and logical security of information
and systems used to store, transmit, and process information
b) objectives for preserving the confidentiality, integrity, and availability of information
c) rules for need-to-know and access-to-information at each project organization level
d) methodology for managing information security risks
e) approach for establishing, documenting, and monitoring security controls, including audits
f) approach for information security training and awareness for employees and customers.

10.37 Information security procedure

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 6.6.2, 6.6.3

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 6.6.4, Table A.9

Generic type: Procedure

The information security procedure details how the organization controls and protects the physical and logical
security of information and systems used to store, transmit, and process information. Procedures cover how the
organization establishes, documents, and monitors security controls. It includes how the organization
manages information security events and incidents. It includes how the organization protects sensitive and
personally identifiable information.

See also: incident management procedure

10.38 Installation plan

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference 6.4.7.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.4.7.3.1.1

Generic type: Plan

The installation plan provides the approach for installing a configuration item in its target environment. It
includes software and hardware prerequisites, problems resolved, workarounds for unresolved problems,
provisions for user training, conversion from existing systems, an installation checklist, and installation instructions.
It provides a point of contact for questions relating to the installation, supporting material and any issues
concerning security, safety and privacy. For software installation, it provides information on software application
and database initialization, execution, and termination.

10.39 Installation report

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference 6.4.7.3

© ISO/IEC 2015 – All rights reserved

54 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.4.7.3.1.2

Generic type: Report

The installation report provides results of the installation, including the related events, installation location,
version being installed, installation dates, and completed installation checklist.

10.40 Integration and test report

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.4.5.3.1.1, 7.1.6.3.1.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) references: 6.3.5, 9.3.3.4, 9.3.4

Generic type: Report

Based on the system or software requirements, the integration and test report (or service continuity and
availability test report) presents the results from integration and testing of the system, which may include
software components or software combined with the hardware configuration items and manual operations. The
results should demonstrate conformance with the test plan and item requirements and the integration of items
into the next version of the integrated baseline. It includes an item identification, date of testing, integration
and test requirements and criteria, test identifier, overview of results, detailed results, and rationale for decisions. It
describes problems encountered and deviations from the planned test procedures.

10.41 Integration plan

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.4.4.3, 6.4.5.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.1.6.3.1.1, 7.1.6.3.1.2, 7.1.6.3.1.5

Generic type: Plan

The integration plan (or implementation plan) describes the approach to implementation, integration or assembly of
system elements, including provision of facilities, tools and resources and preparation for integration testing. For
systems, the implementation plan defines the scheme of actions, timing and resources governing the build, buy or
reuse actions that make available a system element ready for system assembly. It defines the tasks for the design
of system elements; the fabrication processes and constraints appropriate to the selected fabrication medium,
technology, enabling tools and equipment. For software, the integration plan defines how the software units and
components are linked or combined to form the deliverable software item. It includes traceability to the system or
software requirements. It includes or references the test plan with test requirements and test procedures.

See also: Improvement plan

NOTE In service management, an implementation plan may be prepared for the project of implementing a new
service or improving an existing service, as described in ISO/IEC TR 20000-5: 2010.

10.42 Interface description

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.4.3.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.3.5.3.2.2, 6.4.3.2d), 7.1.3.3.1.2, 7.1.4.3.1.2

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 4.5.2, 5.2, 7.2, 9.1

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.2.4, 4.5.2.4, 5.2.8.h, 7.2.4

Generic type: Description

© ISO/IEC 2015 – All rights reserved 55

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

The interface description describes the interface characteristics of one or more systems, subsystems, domains,
hardware items, software items, manual operations (processes) or other system components. It presents
interface characteristics, including systems or configuration items performing the interface (including human-
system and human-human interfaces), standards and protocols, responsible parties, information or data
records transmitted by the interface, interface operational schedule, and error handling. It includes interface
diagrams to depict the interfaces. It should define existing or permanent interface characteristics and those that are
being developed or modified.

10.43 Life-cycle policy and procedure

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.2.1.2, 6.2.1.3, 6.2.3.3 b) 1) iii), A.2.3, B.2.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.2.1.1, 6.2.1.2, 6.2.1.3.1.1, 6.2.1.3.3.1, A.2.3.1

Generic type: Policy, Procedure

The life-cycle policy and procedure includes high-level policy guidance and specific steps to select, tailor, and
implement a life-cycle model in a project. It defines roles, responsibility, accountability, and authority for life- cycle
process management, including process improvement. It identifies the criteria for entering and completing each
life-cycle stage. It identifies and describes the organization's processes to be applied in projects.

10.44 Maintenance plan

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.4.10.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.1.3.1.7, 6.4.10.1, 6.4.10.3.1.1, 7.3.2.3.3.6

Generic type: Plan

The maintenance plan presents how the organization or project plans to meet system availability requirements and
conduct maintenance (logistics) activities. It includes the following:

a) the objectives, strategy, and approach for the system or software maintainer to resolve problems, update the
system and test new updates
b) criteria for performing maintenance
c) the approach to the following activities: maintenance process implementation (how to request
maintenance); problem and modification analysis; modification implementation; maintenance update, review,
and acceptance; migration; and software retirement
d) the outputs of the maintenance process
e) the resources (for example, facilities, software, hardware, tools, and personnel) needed to perform all
aspects of maintenance, and the interrelationships among resources
f) scheduled periods for performing maintenance
g) special procedural requirements during maintenance (for example, security, access rights, and documentation
control).

It should identify the specific standards, methods, tools, and responsibilities for scheduled and preventive
maintenance activities.

10.45 Maintenance procedure

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.4.10.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.4.10.3.1.1

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: Generic type: Procedure

© ISO/IEC 2015 – All rights reserved

56 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

The maintenance procedure covers the processes for performing preventive and corrective maintenance, and
providing customer support feedback to the users. It should identify the specific standards, methods, tools, and
responsibilities for maintenance activities. It may identify system or software areas that could change and needs
for training. Maintenance procedures for systems cover the disassembly strategy, fault diagnosis techniques,
and re-assembly and testing sequences. Maintenance procedures for software include procedures for
archiving, backup, and recovery.

See also: problem management procedure

10.46 Measurement plan

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.3.7.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.3.7.2.c), 6.3.7.3.1.1, 6.3.7.3.1.3, 6.3.7.3.1.4, 6.3.7.3.2.1

Generic type: Plan

The measurement plan identifies the needs and requirements for measurement in an organization, project, or
service. It identifies the selected measures and the data collection, storage, analysis, and reporting procedures.
It defines how the process and the measurements are evaluated. Items to be measured include the achievement
of service targets, customer satisfaction, resource utilization, major issues, and trends.

10.47 Monitoring and control report

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.3.2.3, 6.3.4.3b), 6.3.7.1, 6.3.7.3 b)

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.2.3.4.8, 6.1.2.3.4.15, 6.3.2.3, 6.3.4.3.3.4, 6.3.4.3.6.3,
6.3.7.1, 6.3.7.3.2.4, 7.3.2.3.3.5, 7.3.2.3.3.7

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 6.3.3

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 6.1.4, 6.3.5

Generic type: Report

The monitoring and control report provides monitoring results. It may include the following:

a) a history of all monitoring results and control actions and results of individual monitoring audits
b) measurements of processes and services against objectives and requirements
c) monitoring the progress of technical performance, risk mitigation, cost and schedules; and reporting of
project status
d) actions taken to correct deficiencies in service availability and continuity
e) an analysis of the effects of risks on the achievement of system quality, timeliness and profitability
f) results of asset reuse, including information on the original developer or owner of the asset, cost of
reusing the asset, and savings and benefits derived from reusing the asset.

10.48 Operational test procedure

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.4.9.3.1.3, 6.4.9.3.2.2

Generic type: Procedure

The operational test procedure defines how to test a system or software before its operational release, in its
intended environment. It includes acceptance criteria, version identification of the system or software being
tested, test data, and post-test analysis procedure to help ensure testing occurred as planned. It explains use of
the organization’s problem resolution procedure.

© ISO/IEC 2015 – All rights reserved 57

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

See also: qualification test procedure

10.49 Problem management procedure

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.2.1.3.2.1, 6.4.9.3.1.2, 6.4.9.3.1.3, 7.2.8.3.1.1

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 8.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 8.2.2, 8.2.3, 8.2.4

Generic type: Procedure

The problem management procedure defines how to receive, record, classify and assign, prioritize, escalate,
resolve, and close problems; how to control and minimize or avoid the impact of problems; and how to provide
feedback. It includes the definition of what constitutes a major problem or an incident. It covers action initiation,
notification, root cause analysis, trend analysis, status tracking and reporting, and problem records
management. It may include the policy for prioritizing, investigating, and resolving problems.

See also: incident management procedure

10.50 Problem report

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.3.3.3a) 2), 6.4.5.3b), 6.4.6.2.b), 6.4.6.3b), 6.4.7.2.e),
6.4.7.3b), 6.4.8.3b), 6.4.9.2.c), 6.4.10.2.e, 6.4.10.3b)

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.2.3.4.15, 6.3.2.3.2.1, 6.3.3.3.1.3, 6.3.3.3.3.1,
6.4.8.2, 6.4.8.3.1.1, 6.4.8.3.1.3, 6.4.9.3.1.3, 6.4.9.3.4.2, 6.4.9.3.5.2, 6.4.10.3.1.2, 6.4.10.3.2.1, 6.4.10.3.2.4,
7.1.1.3.1.2, 7.2.8.2.f), 7.2.8.3.1.1, 7.2.8.3.2.1, 7.3.1.3.1.3, 7.3.2.3.3.6, 7.3.3.3.5.3, B.3.2.3.2

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 8.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 8.2.4

Generic type: Report

The problem report (also called non-conformance report or corrective action request) reports problems or non-
conformance (deviance) with contract requirements. It may be a consolidation of problem records. It serves as input
to the ISO/IEC 12207:2008 (IEEE Std 12207-2008) problem resolution process.

It should include information for future reference to prevent problems (lessons learned) and identify a duplication of
issues and trends.

It may include

a) a problem reporting control number and related control information

b) identification of the problem reporter
c) the date and time of problem occurrence, escalation, resolution, and closure
d) location (environment) of the problem in the system, software or information configuration item
e) applicable contract provision or conformance requirement
f) cause, nature, and impact (severity) of the problem
g) solution or corrective action recommended
h) related action items, the responsible person or organization, and the due date
i) references to similar problems previously reported
j) responsible person or organization, along with appropriate confirmation showing approval and implementation
of the solution

© ISO/IEC 2015 – All rights reserved

58 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

k) problem closure information

l) information from organizational (internal) reviews.

For problems occurring during testing or operation, it should include the inputs, expected results, actual
results, anomalies, date and time, procedure step, environment, attempts to repeat the problem, and observers. It
may report a temporary or permanent solution to a problem.

NOTE ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) and ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) distinguish
between incidents and problems. An incident response deals with the restoration of service to the users, whereas a
problem resolution is concerned with identifying and removing the causes of incidents. An opportunity report is similar, but
includes analysis of potential positive events.

See also: change request, incident report, problem record.

10.51 Process assessment procedure

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.2.1.3.2.1

Generic type: Procedure

The process assessment procedure describes how to conduct life-cycle process improvement and how to
evaluate the suitability and effectiveness of organizational processes. It may include assessment goals.

10.52 Process improvement analysis report

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.2.1.3 c), 6.3.7.3 c)

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.2.1.3.3.2, B.3.3.1.2, B.3.3.2.2, B.3.3.3.2, 6.3.7.3.3

Generic type: Report

Based on historical, technical and evaluation data, the process improvement analysis report presents approaches
to improve processes, to recommend changes and to determine technology advancement needs. It may include
quality cost data to improve an organization’s processes and to determine the cost of quality.

10.53 Product need assessment

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.1.2.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.1.2, 6.1.1.3.1.1

Generic type: Report

The product need assessment is used to obtain consensus among an acquirer, developer, and support and user
organizations on the demand for a proposed system. It may focus on communicating the user’s needs to a
developer or a developer’s ideas to a user and other stakeholders. It includes the following:

a) the decision and rationale to acquire, develop, or enhance a system, software product or service
b) description of a proposed system in terms of user needs to be fulfilled, the system’s relationship to existing or
planned systems or procedures, and the way the system should be used (the concept of operations).

The product need assessment may include

a) analysis of improvements, disadvantages and limitations, and considered alternatives and tradeoffs
b) assessments for technical, strategic, economic and market bases, and trade-off studies
c) preliminary information on system requirements, system prototypes, possible system employment, possible

© ISO/IEC 2015 – All rights reserved 59

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

support concepts
d) preliminary information on contract type
e) current and potential organizational responsibilities
f) risk identification and risk management methods. See also: concept of operations

10.54 Progress report

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.1.2.3, 6.2.3.3, 6.3.2.2, 6.3.2.3, 6.3.3.2, 6.3.3.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.2.3.4.15, 6.3.2.2, 6.3.2.3.1.1, 6.3.2.3.2.2, 6.3.3.2,
6.3.3.3.3.1, 6.3.3.3.3.1

Generic type: Report

The progress report provides results of monitoring the execution of the defined plan or processes for internal or
external distribution. It includes a summary of decisions, monitoring results, action items, process or
performance data, and recorded process improvements. It assesses the degree of adherence to the plans. It
provides information about projected cost, performance, and schedule risks; any changes to previously
approved plans and the related impact to the project; corrective actions; risk treatment actions; and problem
tracking and problem analysis.

See also: service report

10.55 Project management plan

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.1.2.3, 6.2.3.3, 6.3.1.1, 6.3.1.2, 6.3.1.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.1.3.4.3, 6.1.2.3.4.3, 6.1.2.3.4.5, 6.1.2.3.4.6, 6.2.2.3.1.2,
6.2.3.3.1.6, 6.2.3.3.2.1, 6.3.1.1, 6.3.1.2, 6.3.1.3.2.1, 6.3.1.3.3.3, 6.3.2.3.2.1, 6.2.3.3.1.6, 7.2.6.3.1.1, 7.2.6.3.2.1,
F.3.3.5.3

Generic type: Plan

The project management plan presents how the project processes and activities are executed to assure the
project’s successful completion, and the quality of the deliverable product or service. It includes the following:

a) identification of the selected system or software life-cycle model to satisfy contractual requirements, and
mapping of processes, activities and tasks to the selected life-cycle model
b) the project’s organizational structure, showing authority and responsibility of each organizational unit,
including external organizations and responsibilities of acquirers, suppliers, and users
c) requirements for resource needs and the acquirer’s involvement in providing resources
d) the expected acquirer involvement in joint reviews, audits, informal meetings, reports, change requests,
implementation, approval, acceptance, and access to facilities
e) the expected user involvement in requirements specification, reviews, and evaluations
f) security policies for the control of access to systems and software items, project information, data, and
infrastructures
g) the means of reporting and the documents and information items to be delivered
h) other plans to be produced as separate documents during the project
i) risks and risk analysis for technical, cost, and schedule risks

It should include a Work Breakdown Structure (WBS) of the life-cycle processes and activities, including the
products, services, and non-deliverable items to be provided, such as establishing the project infrastructure.

It may include the following:

© ISO/IEC 2015 – All rights reserved

60 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

a) procedures for replanning

b) options for developing the product or providing the service and an analysis of the risks associated with each
option
c) plans for subcontractor management, including subcontractor selection and involvement between the
subcontractor and the acquirer, if any
d) plans for project closeout, including debriefings of project personnel and staff reassignment, archiving
project materials, and preparation of a final report to include lessons learned and analysis of project
objectives achieved.

See also: service management plan

NOTE 1 In addition to projects, management plans may be prepared for programs, organizations, processes, including the
portfolio management process.

NOTE 2 ISO/IEC/IEEE 16326-2009 Systems and software engineering — Lifecycle processes — Project management,
provides extensive detail on the contents of the project management plan

10.56 Proposal

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.1.1.3, 6.1.2.2, 6.1.2.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.2.2 b), B.3.2.1.2

Generic type: Description

The proposal is information prepared by a potential supplier to support the offer of a contract bid, including cost,
schedule, risk statements, methodology to satisfy the Request for Proposal (RFP), experiences and
capabilities, any recommendations to tailor the RFP or contract, and the signature of the supplier’s approving
authority. Informally, proposals may be prepared within an organization, such as for software reuse.

10.57 Qualification test procedure

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.1.3.6.1, 6.1.1.3.6.2, 6.4.5.3.2.1. 7.1.6.3.1.4, 7.2, 7.3.2.1

Generic type: Procedure

The qualification test procedure (acceptance procedure) documents how acceptance review and testing of a
deliverable product or service is conducted, and the conditions to be satisfied before acceptance. The
acceptance procedure is initially prepared by the acquirer consistent with the Acquisition Plan. The qualification
test procedure provides a set of tests so that each qualification requirement is addressed for the system or
software items. It includes mapping of requirements to qualification tests and overall requirements to perform
qualification testing, test objectives, test criteria, test configurations, preparations, test cases (inputs, steps,
and outputs), expected results, and post-test analysis procedures.

10.58 Qualification test report

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.1.7.3.1.1, 7.1.7.3.1.3, 7.2.7.3.2.1

Generic type: Report

The qualification test report indicates that the system was tested for conformity with each system requirement,
produced the expected results, and is feasible to operate and maintain. It provides the results of each
qualification test and states whether all requirements were satisfied. It includes system identification and
overview, qualification requirements and criteria, overview of results, identification of items tested and dates of
testing, detailed results, problems encountered, and rationale for decisions.

© ISO/IEC 2015 – All rights reserved 61

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

10.59 Quality management plan

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.2.5.3, 6.3.1.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.2.3.4.3, 6.2.5.3.1.5, 6.3.1.3, 7.2.3.3.1.3

Generic type: Plan

The quality management plan (or quality assurance plan), in accordance with ISO/IEC 9001:2008 or other
quality standard, presents the approach to fulfil the quality aspects of the program, project, product or service. It
includes the following:

a) the project or organization's quality objectives and the organization’s quality policies
b) product or service improvement plans
c) product and service assessment plans, with assessment requirements, criteria, responsibilities, and allocations
to standards,
d) methods, procedures or tools needed for quality management
e) identification of required records of the quality activities and tasks, as well as records of problems and
problem resolutions
f) the configuration management of records
g) specific reviews, assessments and audits to be performed, with references to the associated testing,
verification, validation, problem reporting, and corrective action processes
h) assessment of configuration control practices for system or software configuration items and media
i) required coordination of software quality assurance activities with other project activities.

10.60 Quality management policy and procedure

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.2.5.2, 6.2.5.3.1.1

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.2.5.2, 6.2.5.3

Generic type: Policy, Procedure

The quality management policy and procedure (or quality assurance procedure) defines the framework for
establishing and reviewing quality objectives. It explains how quality objectives are met and expresses the
personal contribution of all involved to the quality of the product or service. The quality procedure details how the
quality aspects of the program, product or service are performed. It includes procedures for contract reviews,
inspections, assessments, reviews and audits. It addresses procedures for the tasks of testing, problem
reporting, process improvement, and corrective action; as included in the quality management, software
quality assurance, software audit, verification, validation, and process improvement processes.

NOTE Quality management policy may be included in the quality management plan or quality management procedures or
in a separate set of policies.

10.61 Release plan

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.4.10.3.5.2, 6.4.11.3.2.1

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 9.3

ISO/IEC 20000-2:2012 (IEEE Std 20000-1-2013) reference: 9.3.3.1, 9.3.3.2, 9.3.4

Generic type: Plan

The release plan (or deployment plan or migration plan or roll-out plan) presents how a system, service, or

© ISO/IEC 2015 – All rights reserved

62 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

software product or software release is transferred to a new environment, with the release dates and schedule.

A release management plan provides overall direction for release planning, including coordination with
configuration management and change management, and identification of standard types of releases routinely
performed. A specific release plan includes the applicable details for a specific release. The release plan
includes

a) the deliverables, including updates to related SLA, operational procedures, and user documentation
b) the related change requests, identified configuration items, known errors, and problems
c) identified risks, potential problems
d) plans for reversing or correcting an unsuccessful release.
e) how the release is authorized, scheduled, coordinated, and tracked

The migration plan includes

a) the description of deliverables

b) dependencies and scheduled dates
c) the expected configuration of the target environment at the time of migration
d) the back-out or recovery plans
e) verification and acceptance procedures
f) communications with and training for the customer and support staff

It should include planning for decommissioning of replaced systems or services.

A release policy may be included in a release and deployment management plan or as a separate set of
policies.

The release policy establishes

a) the expected frequency and types of releases, including emergency releases

b) authority for the release into acceptance test and production environments
c) schema for uniquely identifying a release and its contents
d) the approach for grouping changes and configuration items into a uniquely identified release and versions
e) approach for automating releases
f) approach for verifying (testing) and accepting the release

See also: configuration management plan and policy, configuration management procedure (release procedure).

10.62 Request for proposal (RFP)

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.1.1.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 4.24, 4.36, 6.1.1.3.1.10, 6.1.1.3.1.11, 6.1.1.3.2.1,
6.1.2.2, 6.1.2.3.2.1, 6.1.2.3.2.3, 6.4.1.3.2.1

Generic type: Request

The request for proposal (RFP) is the acquirer’s request for information and commitments needed from the
supplier that are required to be included in the potential supplier’s proposal. It announces the acquirer's
intention to potential bidders to acquire a specified system, software product or software service. It includes the
following:

a) the stakeholders’ system requirements

b) scope statement
c) bidder instructions
d) the scope of tasks to be referenced in the draft contract

© ISO/IEC 2015 – All rights reserved 63

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

e) deliverable product list

f) terms and conditions
g) contract milestones (for example, review and audit of supplier progress)
h) control of subcontracts
i) procedural and technical constraints (for example, target environment)
j) supporting processes and their performing organizations, including responsibilities (if other than supplier), so
suppliers may, in their proposals, define the approach to each of the specified supporting processes.

It may outline the supplier selection criteria.

NOTE Actual contents depend upon the legal environment. Also known as acquisition requirements, acquisition
document, call for proposals (CFP), invitation to tender (ITT), request for tender.

10.63 Resource request

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.3.1.3.d), 6.3.2.3.b ISO/IEC 12207:2008 (IEEE Std 12207-
2008) reference: 6.3.1.3.3.2

A request for resources arises from project or service planning and is directed to management who can
commit the resources and, if necessary, approve modifying the contract.

10.64 Reuse plan

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.3.3.1, 7.3.3.3.2.1, 7.3.3.3.3.3, 7.3.3.3.4.1, 7.3.3.3.4.2,
7.3.3.3.4.3, 7.3.3.3.5.2

Generic type: Plan

The reuse plan presents how activities are conducted to support the reuse of systems or software assets and
related documents. It defines the reuse strategy, domains where reuse is managed, and the implementation
approach, including infrastructure support.

10.65 Review minutes

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.2.3.4.15, 6.4.10.3.5.6, 7.2.6.2, 7.2.6.3.1.5

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 4.5.4.1, 4.5.4.3, 6.1, 7.1, 7.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.1.1.2, 4.1.2.1.f), 6.1.4, 7.1.4, 7.2.4, 8.2.4.f

Generic type: Report

The review minutes (or joint review minutes or service review minutes) provide a report of a review, such as a
meeting between the acquirer and the supplier or the service provider and the customer. Minutes include
attendees, agenda, product or service under review, objectives, entry and exit points for the review, main
discussion topics, assumptions, presentation material, decisions relating to resources and improvement of the
service management system and services, approvals, action items and their status and closure criteria.
Minutes document the evaluation of status and conformity of products and services, and activities and
schedule status. Minutes include problems found and their resolution or anticipated resolution.

10.66 Risk action request

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.3.4.3.

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6 3.4.3.2.3, 6.3.4.3.4.1

© ISO/IEC 2015 – All rights reserved

64 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Generic type: Request

The risk action request is submitted from the project or service management organization to the stakeholders. It
includes recommended alternatives for risk treatment.

10.67 Risk management policy and plan

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.3.4.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.3.4.3.1.1, 6.3.4.3.1.2, 6.3.4.3.2.1

Generic type: Plan, policy

The risk management policy and plan presents the conditions under which risk management is performed and the
context of risk management, such as management and technical objectives, assumptions, and constraints. It defines
the approach to the identification, assessment, treatment (including avoidance, mitigation, and contingency
plans), and monitoring of risks, as well as the approach for registering risks, creating and maintaining risk
profiles (records), and reporting risk status. It establishes risk categories and risk assessment criteria. It identifies
the risks to service continuity and availability.

NOTE ISO/IEC 16085:2006, Systems and software engineering — Life cycle processes — Risk management,
provides additional guidance.

10.68 Service catalog

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 4.3.1, 5.3, 6.1

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.3.1.1, 6.1.3.2, 6.1.3.3, 6.1.3.4, 6.1.4

Generic type: Description

The service catalog describes the information technology services available for customers, with the
dependencies between services and service components. For each service, it defines the service; identifies
those responsible for providing the service; includes the schedule of service availability and unavailability,
access control provisions and security arrangements, and contact points for requesting assistance or reporting
incidents. It summarizes target service levels as further specified in the service level agreement (SLA).

See also: complaint procedure, risk management plan.

10.69 Service continuity and availability plan

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 6.3.1, 6.3.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.1.1.5, 6.3.2, 6.3.3.2, 6.3.3.3, 6.3.4, 6.3.5, Table A.4,
Table A.14

Generic type: Plan

The service continuity and availability plan, also known as a continuity of operations plan (COOP) or disaster
recovery plan, may also include service continuity and availability strategy and policy. It describes the provisions to
make services available under normal conditions and in the event of failure of a site or a system component
(recovery procedure). The service continuity and availability plan shall be available in printed media to all
concerned, for ready access in the event of system unavailability. A copy of the service continuity plan, applicable
agreements and contracts shall be available at a secure remote or virtual location where it is planned that
alternate service are provided. It includes the following:

© ISO/IEC 2015 – All rights reserved 65

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

a) availability requirements for the service as stated in the service level agreements, including access rights,
end-to-end availability, and service restoration times
b) availability targets for service restoration
c) the business impact of services unavailability for various durations, and priorities for restoring services
d) criteria for invoking the plan (threshold for events and major incidents)
e) procedures and alternate means of providing service (such as paper-based records) while automated
systems are being restored
f) roles and responsibilities for system recovery, including points of contact of people authorized to invoke
contingency plans and act in emergencies
g) procedures for restoring service
h) procedures for testing the continuity plan
i) advance activities to prepare for service disruptions, such as off-site system backups or arrangements with
emergency service providers.

See also: verification plan

10.70 Service level agreement (SLA)

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 3.29, 4.3.1, 5.3, 6.1, 7.2

ISO/IEC 20000-2: 2912 (IEEE Std 20000-2-2013) reference: 4.1.1.3, 4.3.1.1, 5.3.1, 5.5, 6.1.3.3, 6.1.3.4, 6.1.4, 7.2.2,
7.2.3.2

Generic type: Specification

A Service Level Agreement (SLA) is a documented agreement between the service provider and customer that
identifies services and service targets. The SLA is the service level requirements document. The SLA should be
authorized by the service supplier and acquirer. It specifies the following:

a) Requirements and scope of the service

b) Service targets and workload limits (upper and lower) and exceptions
c) Responsibilities of both supplier and customer
d) Details of service availability (hours of service), which may be referenced in the service catalog
e) Procedures and points of contact for incident and problem management, escalation, notifications, and
complaints
f) Measures and acceptance criteria, such as performance, availability, reliability, service period, and operator
and maintenance responsiveness
g) Communication process for periodic reporting on the achieved service level to the customer

10.71 Service management plan

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.4.9.3.1.1

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 4.1.1, 4.1.2, 4.3.1, 4.5.1, 4.5.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.1.1.1, 4.1.1.4, 4.1.1.5, 4.1.1.6, 4.1.2.1, 4.1.2.2,
4.1.3.1, 4.1.4.2, 4.3.1.1, 4.5.2.1, 4.5.2.2, 4.5.2.3, 4.5.3, 4.5.4.1, 7.1.3.1

Generic type: Plan

The service management plan (or operations plan) includes the service management policy. It presents how the
service provider's processes and activities are managed, executed, measured, and controlled to successfully
deliver the service.

NOTE When applied to a new, modified, or improved service, the service management plan may be called a plan for new or

© ISO/IEC 2015 – All rights reserved

66 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

changed service or service plan.

It identifies the following:

a) the service management system scope, policy, objectives, and requirements and business needs, including
customer requirements along with expected outcomes and acceptance criteria
b) the processes included in the service management system, including the responsible organization; process
inputs, activities, and outcomes; interfaces to other processes and services; and records and
documentation needed to govern the process
c) resource plans for human, technical, information, and financial resources, and succession plans to staff the
service
d) constraints and limitations affecting the service management system
e) descriptions of the organizations or roles involved in approving, designing, developing, transitioning,
changing, implementing, operating, maintaining, and improving the service and the service management
plan, and the relationships of those involved, including suppliers and customers
f) the coordination of interfaces among related services, processes and activities
g) plans for reports, reviews and communications with stakeholders and assurance of customer satisfaction.
h) how the organization measures, audits, reports on, and improves the SMS and the services

See also: audit plan, complaint procedure, implementation plan, improvement plan, interface specification,
information management plan, project management plan, disposal plan, risk management plan, service plan

10.72 Service plan

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 5.2, 5.3

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 5.2.7, 5.3.3.1, 5.4, 5.5

Generic type: Plan

The service plan (plan for new or changed services) presents plans for designing and implementing a major change
or major new service. A service plan may be prepared for a new, existing, modified, or improved service. It includes
the following:

a) description of the new or changed service, including service requirements, expected outcomes and outputs,
service measurements, and activities to be performed for service delivery
b) analysis of required resources, such as human, financial, and technological, and dependencies on other
services
c) analysis of risks in the new service and risks to existing services
d) testing and acceptance criteria for the new or changed service
e) responsibilities and authorities for service delivery
f) communication planning
g) needed changes in other documents, including plans and policies, agreements, SLAs, service catalog, and
procedures.

See also: concept of operations, disposal plan, implementation plan, improvement plan, project management plan,
retirement plan, risk management plan, service catalog, service management plan

10.73 Service report

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.2.5.3.1.4

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 4.1.4.e, 4.5.3.f, 4.5.5.2, 5.4, 6.2, 7.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.1.1.1, 4.1.4.4, 4.5.4.1, 4.5.4.2, 5.2.8, 5.4, 5.5, 6.1.2,
6.1.3.1, 6.1.3.4.c, 6.1.4, 6.2.1, 6.2.2, 6.2.3, 6.3.2, 6.3.4.3, 6.4. 6.5.3.1, 6.5.4, 7.1.4, 7.2.3.1, 8.1.2, Table A.3, Table

© ISO/IEC 2015 – All rights reserved 67

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

A.7, Table A.8

Generic type: Report

The service report informs management or customers about the performance of service management activities,
and the level of service provided. It reports results and reviews of performance by the service provider
against the service targets, SLA and other contractual commitments and customer satisfaction
measurements and analyses. It is issued periodically or following major events, transitions, and changes in the
service. It includes a summary of significant events, monitoring results, trends and historical analysis, customer
satisfaction measurements, and recorded service improvements. It provides information about non-conformities,
options for changes, complaints, action items, corrective actions; anticipated problems, and risk treatment
actions. It includes information concerning workload volume and scheduled workloads, trends and periodic
changes. It may include cost reports and comparisons of capacity to service performance for the service, specific
components, or exceptional events.

See also: audit report, evaluation report, incident report, monitoring and control report, progress report.

10.74 Software architecture description

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.4.3.2, 6.4.3.3.1.1, 7.1.1.2, 7.1.3.2, 7.1.3.3.1, 7.1.3.3.1.1,
7.3.1.2, 7.3.1.3.3.1, 7.3.1.3.3.3

Generic type: Description

The software architecture description includes the following:

a) the fundamental conception of the software for the system-of-interest in terms of its purpose, software
qualities (such as performance, usability and security), constraints, and decisions
b) the architecture's stakeholders and the stakeholders' architecture-related concerns. Key stakeholders include
the client, users, developers, acquirers, suppliers and maintainers.
c) definitions of viewpoints to document the procedures for creating, interpreting, analyzing and evaluating
architectural data
d) one or more views of the system. Each architecture view is a representation of the complete system from the
perspective of one or more concerns, for its stakeholders.

The software architecture description should do the following:

a) provide rationale for architectural decisions, with traceability information to both software and system
requirements.
b) establish the principles for partitioning the software into design elements
c) record the important properties of, and relationships among, those elements in a manner consistent with the
work breakdown structure
d) demonstrate that architecturally significant requirements are met and allocated to design elements
e) provide a basis for software requirements specification and design refinement.

The software architecture description may present the following:

a) the concept of operation in terms of its elements

b) a domain model or reference architecture for a family of, or system of, software systems. See also: system
architecture description

NOTE The software architecture description may be considered as a specification for the software design. For more
information on architecture description, refer to ISO/IEC/IEEE 42010:2011, Systems and software engineering — Architecture
description.

© ISO/IEC 2015 – All rights reserved

68 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

10.75 Software design description

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.4.10.2, 6.4.10.3.3.1, 7.1.1.3.1.2, 7.1.4.3.1.1, 7.2.2.3.5.1,
7.3.1.3.3.3

Generic type: Description

The software design description presents the characteristics of one or more systems, subsystems, software
items, or other system components, and their interfaces. It includes the following:

a) identification of external interfaces, software components, software units, and other interfaces
b) allocation of software item requirements to software components, further refined, as needed, to facilitate
detail design
c) description of the items (systems, configuration items, users, hardware, software, etc.) that communicate
with other items to pass and receive data, instructions or information
d) the concept of execution including data flow and control flow
e) security considerations
f) reuse elements
g) error handling.

It should include the following:

a) traceability information to both architectural components and software requirements.

b) specification of protocols
c) partitioning of the software into design entities and description of the important properties and relationships
among those entities.

The low-level software design description describes the design of a software item or interface, including
software item-wide design decisions, software item architectural design and the detailed design needed to
implement software. The low-level description permits software development or selection of items for reuse
without the need for further information. It provides visibility into the design and information needed for
software reuse and support. It is used as the basis for implementing software. It includes the following:

a) the detailed structure description of software components (to the software unit level to be coded, compiled
and tested)
b) allocation of software component requirements to software items, further refined, as needed, to facilitate
detail design and traceability from each software item to the software item requirements allocated to it
c) the software item-wide design decisions about the software item’s behavioral design (how it behaves, from a
user’s viewpoint, in meeting its requirements, ignoring internal implementation)
d) decisions affecting the selection and design of the software items making up a software item
e) detailed design for software components’ external interfaces to the software item, between related software
components, and between related software units
f) the interface entity characteristics of one or more systems, subsystems, hardware items, software items,
manual operations or other system components.

It should include the following:

a) descriptions of the size, frequency or other characteristics of the data elements

b) reference to known timing constraints
c) specification of protocols

See also: system element description

NOTE IEEE Std 1016-2008, IEEE Recommended Practice for Software Design Descriptions provides further guidance.

© ISO/IEC 2015 – All rights reserved 69

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

10.76 Software requirements specification

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.1.3.1.2, 6.1.1.3.1.7, 6.1.1.3.1.8, 6.1.1.3.1.11,
6.4.11.2, 7.1.2.2, 7.1.2.3.1.1, 7.1.3.3.1.5

Generic type: Specification

The software requirements specification includes the following:

a) precedence and criticality of requirements

b) description of the methods and tools used to define traceability from system requirements to system
architecture, software requirements, software architecture, and software items and units
c) product assumptions and dependencies
d) references for design and testing standards and procedures
e) product functions and system functional requirements
f) business, organizational, and user system requirements
g) human-factors engineering (ergonomics) requirements
h) system criticality requirements
i) safety, security and quality characteristics and system quality requirements
j) requirements for internal and external interfaces with the system, hardware, communications; human users,
and other software
k) design constraints and system design requirements
l) system testing and qualification requirements
m) acceptance requirements
n) site adaptation requirements
o) requirements for user documentation and training
p) requirements for packaging, installation, operations, product updating, and maintenance See also: system
requirements specification

Each requirement should be uniquely identified.

NOTE ISO/IEC/IEEE 29148:2011 Systems and software engineering — Life cycle processes — Requirements engineering
provides additional guidance.

10.77 Software unit description

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.1.5.3.1.1

Generic type: Description

The software unit description represents the software object or code. It may be provided by embedded
documentation or comments in the code.

10.78 Software unit test procedure

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.4.10.3.3.2, 7.1.4.3.1.5, 7.1.5.3.1.1

Generic type: Procedure

The software unit test procedure includes the test steps to be used to test each software unit. It includes the
software unit test schedule and the test approach to stress the software units to the limits of the requirements. It
may include the test case specifications to document the actual values used for input along with the
anticipated outputs. It includes provisions for problem resolution.

© ISO/IEC 2015 – All rights reserved

70 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

10.79 Software unit test report

ISO/IEC 12207:2008 (IEEE Std 12207-2008) references: 6.4.10.3.3.2, 7.1.5.3.1.2

Generic type: Report

The software unit test report provides the results of testing software components (units, items) and states
whether all applicable requirements were satisfied. It includes an item identification, date of testing, test
requirements and criteria, test identifier, overview of results, detailed results, problems encountered, and
rationale for decisions.

10.80 Supplier management procedure

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 7.2

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 7.2.2, 7.2.3.1, 7.2.5

Generic type: Procedure

The supplier management procedure explains how to manage the supplier to help ensure delivery of contracted
services and supplies. It includes the communication, reporting, and management control processes, a
procedure for collecting information about supplier performance, and a procedure for resolving contractual
disputes. It includes documentation of the roles and relationships of the lead and second-tier suppliers. It
includes a process for ending the agreement and transferring to a new supplier.

See also: contract, project management plan.

10.81 Supplier selection procedure

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.1.3.3.1

Generic type: Procedure

The supplier selection procedure explains how to select the supplier, including proposal evaluation criteria and
requirements weighting.

10.82 System architecture description

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.3.1.3, 6.4.3.1, 6.4.3.2, 6.4.3.3

Generic type: Description

The system architecture description includes the following:

a) the fundamental conception of a system-of-interest in terms of its purpose, system qualities (such as
feasibility, performance, safety and interoperability), constraints, and design decisions and rationale
b) identification of the architecture's stakeholders and the stakeholders' architecture-related concerns. Key
stakeholders include the client, acquirers, certifiers, vendors, maintainers and operators
c) definitions of viewpoints to document the procedures for creating, interpreting, analyzing and evaluating
architectural data
d) one or more views of the system. Each architectural view is a representation of the complete system from the
perspective of one or more system concerns, for its stakeholders.

The system architecture description should do the following:

© ISO/IEC 2015 – All rights reserved 71

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

a) include traceability information to system requirements

b) establish the principles for partitioning the system into system elements (such as hardware, software and
operations)
c) record the important properties of, and relationships among, those elements in a manner consistent with the
work breakdown structure
d) demonstrate that architecturally-significant requirements are met and allocated to provide a framework for
requirements specification and design refinement.

The system architecture description may do the following:

a) present the system concept of operation in terms of system elements

b) present a domain model or reference architecture for a family of, or system of, systems.

See also: software architecture description

NOTE The systems architecture description may be considered as a specification for the system design. For more
information on architecture description, refer to ISO/IEC/IEEE 42010, Systems and software engineering — Recommended
practice for architectural description of software-intensive systems.

10.83 System element description

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.4.3.2

Generic type: Description

The system element description applies the system architecture description and software design description to the
low-level system configuration items and elements. The system element description is at a level of detail to permit
design, implementation and test. The system element descriptions should be reviewed to help ensure they
represent consistently integrated system architecture.

10.84 System requirements specification

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.2.2.2, 6.2.2.3.1.1, 6.2.2.3.2.1, 6.4.1.2, 6.4.1.3.2,
6.4.2.2, 6.4.2.3.1.1

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.1.1.3, 6.2.2.2, 6.3.1.3, 6.4.1.3, 6.4.2.2, 6.4.2.3

ISO/IEC 20000-1:2011 (IEEE Std 20000-1-2013) reference: 3.34, 4.5.2, 5.1, 5.2, 5.3, 7.1

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 4.1.1.7, 4.1.1.8, 4.1.1.9, 4.3.1.1, 5.2.5, 6.1.2

Generic type: Specification

The system requirements specification (or service requirements) may be divided into a stakeholder requirements
specification and a system requirements specification.

At a preliminary stage, system requirements include business, organizational, and user (stakeholder)
requirements (the stakeholder requirements baseline). Stakeholder requirements (or service requirements) define
a system or service that can meet the needs of users and other identified stakeholders in a defined environment,
including their needs, wants, desires, expectations, and their essential constraints, such as the consequences
of existing agreements, management decisions and technical decisions. Stakeholder requirements define the
measures of effectiveness for key needs. Requirements may be represented using scenarios and use cases.

The system requirements specification includes the following:

© ISO/IEC 2015 – All rights reserved

72 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

a) technical specifications for the selected system-of interest

b) usability specifications for the envisaged human-system interaction
c) system-level functions
d) safety and security requirements
e) critical maximum and minimum performance constraints
f) references to related system design and testing standards.

Each requirement should be uniquely identified.

It may include the requirements for infrastructure and enabling systems for the organization, including resources
and tools.

NOTE 1 ISO/IEC/IEEE 12207 refers to system requirements specification when the software is considered to be the
system.

NOTE 2 ISO/IEC/IEEE 29148:2011 Systems and software engineering — Life cycle processes — Requirements
engineering provides additional guidance.

See also: concept of operations, software requirements specification.

10.85 Training documentation

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.2.4.3, B.3.4.1.2

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.2.4.3

Generic type: Procedure

Training documentation includes the training manuals, tutorials, and presentation material used in providing
instruction. It may include a list of materials needed to develop and implement training manuals and presentations.

10.86 Training plan

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.2.4.3.2.1, 6.2.4.3.2.3, 6.2.4.3.4.1

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.2.4.3

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) reference: 6.6.3.4.n, 9.3.4

Generic type: Plan

The training plan (or skills development plan) presents how knowledge is to be managed and communicated and
skills are to be developed. It includes how training is prepared, conducted, and evaluated. It identifies the required
outcomes of training; required resources; management and technical staff skills and categories of personnel
needing and providing training; types and levels of training and knowledge to satisfy needs of personnel,
project team or organization; knowledge assets, topics or course contents; implementation schedule; and
evaluation approach.

10.87 User documentation

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.4.9.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.1.1.3.1.7.b), 6.4.9.3.3.1, 6.4.9.3.4.1, 6.4.10.2, 7.1.1.3.1.2,
7.1.3.3.1.4, 7.1.4.3.1.4, 7.1.5.3.1.3, 7.1.6.3.1.3, 7.1.7.3.1.2, 7.2.7.3.2.1

ISO/IEC 20000-2:2012 (IEEE Std. 20000-2-2013) reference: 9.3.4

© ISO/IEC 2015 – All rights reserved 73

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

Generic type: Procedure

User documentation provides user procedures for performing specified tasks with the system or software. It may
include implementation, integration (assembly), installation and de-installation, operating, and retirement and
disposal procedures.

User documentation for systems or software includes the following:

a) a brief description of the intended use of the system (the concept of operations)
b) warnings, cautions, and notes, with corrective actions
c) the supplied and required resources and operational environment (hardware/software platform)
d) user procedures (instructions) in numbered steps for performing specified tasks to use (operate) the system
e) troubleshooting and error correction procedures
f) availability of problem reporting and assistance.

Software user documentation provides procedures to access and exit the software. It should list and explain
software commands and system-provided messages to the user.

NOTE ISO/IEC 26514:2008, Systems and software engineering —Requirements for designers and developers of user
documentation provides requirements and guidance on the process, content, structure, and formats for software user
documentation.

10.88 User notification

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 6.4.10.3.5.3, 6.4.10.3.5.5, 6.4.11.3.2.2, 7.3.2.3.3.8

Generic type: Report

The user notification (or customer notification or release note) announces that a system, software item or asset
is about to be, or has been, migrated, modified, or retired. It provides the rationale and schedule for the change,
describes the new environment, and identifies support options, or disposal or archiving provisions for retired
infrastructures, systems or software. User notifications may also be sent to business and service provider
staff.

10.89 Validation plan

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.4.8.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.2.5.3.1.4

Generic type: Plan

The validation plan presents the validation strategy: how the validation process is to be conducted, including
items subject to validation; validation criteria, validation tasks; resources, responsibilities, tools, and schedule; and
procedures for recording and reporting results of validation. It identifies the methods used for validation, such as
analysis, evaluation, review, inspection, assessment, and testing of the products, interfaces, and the processes
that produced the products. It specifies the organizational relationships and degrees of independence between
development activities and validation activities. It may identify a software integrity level and scheme.

NOTE IEEE Std 829-2008, IEEE Standard for Software and System Test Documentation provides additional detail.

10.90 Validation report

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.4.8.3

© ISO/IEC 2015 – All rights reserved

74 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.2.5.3.1.4.d) Generic type: Report

The validation report provides the results and conclusions of system or software validation on a software item,
system, or subsystem. It enables the acquirer to assess the validation and its results. It includes system
identification and overview, validation requirements and criteria, overview of results, identification of items
validated and dates of validation, detailed results, problems encountered, and rationale for decisions.

10.91 Validation test specification

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.2.5.3.2.1, 7.2.5.3.2.2, 7.2.7.3.2.1

Generic type: Specification

The validation test specification details the conditions for validation testing, including environment, objectives,
scenarios or test cases, acceptance criteria, and expected results that validate that the users can successfully
achieve their intended tasks using the system or software.

10.92 Verification plan

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.4.6.3

ISO/IEC 12207:2008 (IEEE Std 12207-2008) references: 7.2.4.3.1.5, 7.2.4.3.1.6

ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) references: 6.3.5, 9.3.3.4, 9.3.4

Generic type: Plan

The verification plan (or integration and test plan or service continuity and availability test plan) may also
address unit, system, and qualification tests, or service continuity or disaster recovery tests. It enables an
assessment of the adequacy of planning for testing. It includes the following:

a) the verification strategy and how the verification process is to be conducted

b) the life-cycle activities and system and software products or services subject to verification
c) the required verification tasks for each life-cycle activity and product or service
d) the organizational relationships and degree of independence between development activities and verification
activities
e) preliminary test requirements and a schedule for software integration
f) the scope, approach, resources, and schedule of the testing activities. As events near the schedule for each
test type, the test schedule should be updated to provide more detailed information.
g) the methods used for verification, such as analysis, evaluation, review, inspection, assessment, and testing of
the products and the processes that produced the products
h) test objectives, mapping of tests to covered requirements
i) For each software integration task and test, a list of applicable software units, software components and
previously integrated software items
j) the items to be tested, the features to be tested, the testing tasks to be performed
k) the assigned responsibilities for executing the test procedures, including the locations and organizations for the
test manager, testers, quality assurance, configuration management, test evaluation and reporting, and supplier
involvement in testing
l) description of the test environment, test tools, and supporting hardware and software
m) the test preparations and test cases to be configured or built
n) for each test case, listings of data to be used during testing
o) the sequence of events (sequence of executing the test procedures) and procedures/steps for executing a
test, (for example, pre-test procedure requirements, test set up, test execution, post-test analysis steps,
completion instructions)
p) expected test results (output data) for each test step
q) how the results of test executions are to be recorded to show product or service requirements have been

© ISO/IEC 2015 – All rights reserved 75

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

satisfied
r) the procedure for forwarding verification reports to those who need them
s) the risks associated with the plan.

It may include the following:

— the software integrity level and scheme;

— remaining deficiencies, limitations or constraints in the system;

— the impact of the test environment;

— recommended improvements in the design, operation or testing of the software.

NOTE IEEE Std 829-2008, IEEE Standard for Software and System Test Documentation provides additional detail.

10.93 Verification report

ISO/IEC 15288:2008 (IEEE Std 15288-2008) reference: 6.4.6.3b

ISO/IEC 12207:2008 (IEEE Std 12207-2008) reference: 7.2.4.3.1.5

Generic type: Report

The verification report (or test report) provides the results and conclusions of verification on a software item,
system, subsystem, release, or service. It enables the acquirer to assess the verification and its results. It
includes system or service identification and overview, verification requirements and criteria, overview of
results, identification of items verified and dates of verification, detailed results, problems encountered, and
rationale for decisions.

See also: evaluation report

© ISO/IEC 2015 – All rights reserved

76 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Annex A
(informative)
Procedure for identifying information items and their contents

The following steps should be performed while developing an information management plan and a documentation
plan, to determine what information items are needed and the information-item contents:

1. Review and tailor (as needed) ISO/IEC 15288:2008 (IEEE Std 15288-2008) or ISO/IEC 12207:2008 (IEEE Std
12207-2008), to determine the system or software life-cycle model for the project. This includes any
tailoring of the Information Management process. As applicable, review ISO/IEC 20000-1:2011 (IEEE Std
20000-1-2013) and ISO/IEC 20000-2:2012 (IEEE Std 20000-2-2013) to determine the requirements and
recommendations for services to be managed.

2. Examine Clause 8, Tables 1, 2, and 3 of this International Standard to match the information items with the
organization and project’s life-cycle processes and services.

3. Tailor Clause 8, Tables 1, 2, and 3 of this International Standard to satisfy the project’s information and
documentation needs and requirements.

4. Determine and list what information items are deliverable documents, intermediate deliverables, or non-
deliverables; and what information items are to be archived.

NOTE This step is performed based on applicable agreements and organizational policies.

5. Determine information item content requirements for the system or software life cycle, organization and
project or service, using Clauses 9 and 10 of this International Standard.

6. Tailor and finalize the content requirements of each required information item.

7. Determine the title, style, format and schedule of each information item or information item type, including
provisions for updates of preliminary and intermediate information items.

8. Examine Tables 1, 2, and 3 to identify sources of information-item inputs.

NOTE Information sources can include records, organizational data, and other work products, such as models and
simulations.

9. Develop a plan for information reuse: consider what is common among information items and applicable
information item types, define a hierarchy of information items, and select a method or system for sharing
information sources and content among related information items.

10. Define the procedures for configuration management of intermediate and final information item versions.

11. Determine the quality characteristics of each information item and information item type.

12. Determine how the quality characteristics are evaluated for each information item and information item type.

13. Define the deliverable information item review and approval criteria and process, including authority,
responsibilities and title of individuals who can approve each information item.

14. Determine how long the archived information items are to be stored and on what media, for example,
paper or disk.

© ISO/IEC 2015 – All rights reserved 77

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

15. Include the actions and results of the above activities in a documentation plan.

© ISO/IEC 2015 – All rights reserved

78 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Annex B
(informative)
Information items and records by source

Table B.1 — Information items by source

ISO/IEC 20000-1:2011

ISO/IEC 15288:2008 ISO/IEC 12207:2008 (IEEE Std 20000-1-2013)

(IEEE Std 15288-2008) (IEEE Std 12207-2008) ISO/IEC 20000-2:2012

(IEEE Std 20000-2-2013)

Acceptance plan
Acceptance review and testing report
Acquisition plan
Asset management plan
Audit acknowledgement report
Audit plan Audit plan
Audit procedure Audit procedure
Audit report Audit report
Capacity plan
Capacity management procedure
Change request Change request
Communication procedure
Complaint procedure
Concept of operations Concept of operations
Configuration management plan
Configuration management plan Configuration management plan and
and policy (change management
and policy policy
plan and policy)
Configuration management
procedure (change management
procedure, release and
deployment procedure)
Configuration status report Configuration status report
Contract Contract Contract (or agreement)
Customer satisfaction survey
Database design description
Development plan
Disposal plan Disposal plan Disposal plan
Documentation plan
Domain engineering plan
Evaluation report Evaluation report Evaluation report
Implementation procedure
Improvement plan Improvement plan Improvement plan (and policy)
Improvement procedure
Incident (service request)
management procedure
Incident report
Information management plan

© ISO/IEC 2015 – All rights reserved 79

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 20000-1:2011

ISO/IEC 15288:2008 ISO/IEC 12207:2008 (IEEE Std 20000-1-2013)

(IEEE Std 15288-2008) (IEEE Std 12207-2008) ISO/IEC 20000-2:2012

(IEEE Std 20000-2-2013)

Information management
procedure
Information security plan
Information security policy Information security policy
Information security procedure
Installation plan Installation plan
Installation report Installation report
Integration and test report Integration and test report
Integration plan (implementation
Integration plan
plan)
Interface description Interface description Interface description
Life-cycle policy and procedure Life-cycle policy and procedure
Maintenance plan Maintenance plan
Maintenance procedure Maintenance procedure Maintenance procedure
Measurement plan Measurement plan
Monitoring and control report Monitoring and control report Monitoring and control report
Operational test procedure
Problem management procedure Problem management procedure
Problem report Problem report Problem report
Process assessment procedure
Process improvement analysis
Process improvement analysis report
report
Product need assessment Product need assessment
Progress report Progress report
Project management plan Project management plan
Proposal Proposal
Qualification test procedure
Qualification test report
Quality management plan (quality
Quality management plan
assurance plan)
Quality management policy and Quality management policy and Quality management policy and
procedure procedure procedure
Release plan Release plan
Request for proposal (RFP) Request for proposal (RFP)
Resource request Resource request
Reuse plan
Review minutes Review minutes
Risk action request Risk action request
Risk management policy and Risk management policy and plan
Service catalog
Service continuity and availability
plan
Service level agreement (SLA)
Service management plan Service management plan
Service Plan
Service report Service report
Software architecture description

© ISO/IEC 2015 – All rights reserved

80 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 20000-1:2011

ISO/IEC 15288:2008 ISO/IEC 12207:2008 (IEEE Std 20000-1-2013)

(IEEE Std 15288-2008) (IEEE Std 12207-2008) ISO/IEC 20000-2:2012

(IEEE Std 20000-2-2013)

Software design description
Software requirements
specification
Software unit description
Software unit test procedure
Software unit test report
Supplier management procedure
Supplier selection procedure
System architecture description
System element description
System requirements Service requirements
System requirements specification
specification specification
Training documentation Training documentation
Training plan Training plan Training plan
User documentation User documentation User documentation
User notification
Validation plan Validation plan
Validation report Validation report
Validation test specification
Verification plan Verification plan Verification plan
Verification report Verification report

Table B.2 — Records by source

ISO/IEC 15288:2008 ISO/IEC 12207:2008 ISO/IEC 20000-1:2011

(IEEE Std 15288-2008) (IEEE Std 12207-2008) (IEEE Std 20000-1-2013)

ISO/IEC 20000-2:2012

(IEEE Std 20000-2-2013)

Acceptance record
Assessment record Assessment record
Availability record
Complaint record (compliment
record)
Configuration record (asset Configuration record (asset record, Configuration record (asset
record, change record) change record) record, change record)
Decision record Decision record Decision record
Disposal record
Incident record (security incident Incident record (security incident
record, service request record) record, service request record)
Information item storage record Information item storage record
Knowledge management record Knowledge management record
Performance control record
Personnel skills record Personnel skills record
Problem record Problem record Problem record

© ISO/IEC 2015 – All rights reserved 81

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

ISO/IEC 15288:2008 ISO/IEC 12207:2008 ISO/IEC 20000-1:2011

(IEEE Std 15288-2008) (IEEE Std 12207-2008) (IEEE Std 20000-1-2013)

ISO/IEC 20000-2:2012

(IEEE Std 20000-2-2013)

Process control record
Quality activity record Quality activity record
Quality cost data
Release record Release record
Requirement record Requirement record Requirement record
Risk record (profile) Risk record (profile) Risk record (profile)
Software item configuration record
Skill development record (training Skill development record (training record) Skill development record (training
record) record)
Software configuration record
Test result Test result

© ISO/IEC 2015 – All rights reserved

82 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Bibliography
[1] IEEE Std 1016-2008, IEEE Recommended Practice for Software Design Descriptions

[2] IEEE Std 1228-1994, IEEE Standard for Software Safety Plans

[3] IEEE Std 828-2012, IEEE Standard for Configuration Management in Systems and Software Engineering

[4] IEEE Std 829-2008, IEEE Standard for Software and System Test Documentation

[5] ISO/IEC 15504-5:2012, Information technology — Process assessment — Part 5: An exemplar software
life cycle process assessment model

[6] ISO/IEC 15504-6:2013, Information technology — Process assessment — Part 6: An exemplar system
life cycle process assessment model

[7] ISO/IEC 16085:2006, Systems and software engineering — Life cycle processes — Risk management

[8] ISO/IEC 16175-1:2010, Information and documentation — Principles and functional requirements for
records in electronic office environments — Part 1: Overview and statement of principles

[9] ISO/IEC 20000-2:2012, Information technology — Service management — Part 2: Guidance on the
application of service management systems

[10] ISO/IEC 20000-3:2012, Information technology—Service management – Part 3: Guidance on scope

definition and applicability of ISO/IEC 20000-1

[11] ISO/IEC 26513:2009, Systems and software engineering — Requirements for testers and reviewers of
user documentation

[12] ISO/IEC 26514:2008, Systems and software engineering — Requirements for designers and developers
of user documentation

[13] ISO/IEC 27001:2013, Information technology — Security techniques — Information security management
systems — Requirements

[14] ISO/IEC 27002:2013, Information technology — Security techniques — Code of practice for information
security controls

[15] ISO/IEC 31000:2009, Risk management — Principles and guidelines

[16] ISO/IEC 38500:2008, Corporate governance of information technology

[17] ISO/IEC/IEEE 42010:2011, Systems and software engineering — Architecture description

[18] ISO/IEC 90003:2004, Software engineering — Guidelines for the application of ISO 9001:2000 to
computer software

[19] ISO/IEC 9001:2008, Quality management systems — Requirements

[20] ISO/IEC TR 10000-1:1998, Information technology — Framework and taxonomy of International

Standardized Profiles — Part 1: General principles and documentation framework

[21] ISO/IEC TR 20000-3:2012, Information technology — Service management — Part 3: Guidance on

scope definition and applicability of ISO/IEC 20000-1

[22] ISO/IEC TR 20000-5:2013, Information technology — Service management — Part 5: Exemplar

implementation plan for ISO/IEC 20000-1

© ISO/IEC 2015 – All rights reserved 83

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
ISO/IEC/IEEE 15289:2015(E)

[23] ISO/IEC TR 90005:2008, Systems engineering — Guidelines for the application of ISO 9001 to system
life cycle processes

[24] ISO/IEC TR 90006:2013, Information technology — Guidelines for the application of ISO 9001:2008 to IT
service management and its integration with ISO/IEC 20000-1:2011

[25] ISO/IEC/IEEE 16326:2009, Systems and software engineering — Lifecycle processes — Project
management

[26] ISO/IEC/IEEE 24765, Systems and software engineering — Vocabulary1

[27] ISO/IEC/IEEE 26531:2015, Systems and software engineering — Content management for product life-
cycle, user, and service management documentation

[28] ISO/IEC/IEEE 29148:2011, Systems and software engineering — Life cycle processes — Requirements
engineering

[29]

1 ISO/IEC 24765 is a “snapshot” of the SEVOCAB (systems and software engineering vocabulary) database, which is
publicly accessible at www.computer.org/sevocab.

© ISO/IEC 2015 – All rights reserved

84 © IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 Important Notices and Disclaimers Concerning IEEE Standards Documents
Notice and Disclaimer of Liability Concerning the Use of IEEE Standards Documents
IEEE Standards documents (standards, recommended practices, and guides), both full-use and trial-use, are developed within IEEE Societies and the Standards Coordinating
Committees of the IEEE Standards Association (“IEEE-SA”) Standards Board. IEEE (“the Institute”) develops its standards through a consensus development process, approved
by the American National Standards Institute (“ANSI”), which brings together volunteers representing varied viewpoints and interests to achieve the final product. Volunteers are
not necessarily members of the Institute and participate without compensation from IEEE. While IEEE administers the process and establishes rules to promote fairness in the
consensus development process, IEEE does not independently evaluate, test, or verify the accuracy of any of the information or the soundness of any judgments contained in its
standards.
IEEE does not warrant or represent the accuracy or content of the material contained in its standards, and expressly disclaims all warranties (express, implied and statutory) not
included in this or any other document relating to the standard, including, but not limited to, the warranties of: merchantability; fitness for a particular purpose; non-infringement;
and quality, accuracy, effectiveness, currency, or completeness of material. In addition, IEEE disclaims any and all conditions relating to: results; and workmanlike effort. IEEE
standards documents are supplied “AS IS” and “WITH ALL FAULTS.”
Use of an IEEE standard is wholly voluntary. The existence of an IEEE standard does not imply that there are no other ways to produce, test, measure, purchase, market, or
provide other goods and services related to the scope of the IEEE standard. Furthermore, the viewpoint expressed at the time a standard is approved and issued is subject to
change brought about through developments in the state of the art and comments received from users of the standard.
In publishing and making its standards available, IEEE is not suggesting or rendering professional or other services for, or on behalf of, any person or entity nor is IEEE
undertaking to perform any duty owed by any other person or entity to another. Any person utilizing any IEEE Standards document, should rely upon his or her own independent
judgment in the exercise of reasonable care in any given circumstances or, as appropriate, seek the advice of a competent professional in determining the appropriateness of a
given IEEE standard.
IN NO EVENT SHALL IEEE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO: PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE PUBLICATION, USE OF, OR RELIANCE UPON ANY STANDARD, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE AND REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE.

Translations
The IEEE consensus development process involves the review of documents in English only. In the event that an IEEE standard is translated, only the English version published
by IEEE should be considered the approved IEEE standard.

Official statements
A statement, written or oral, that is not processed in accordance with the IEEE-SA Standards Board Operations Manual shall not be considered or inferred to be the official
position of IEEE or any of its committees and shall not be considered to be, or be relied upon as, a formal position of IEEE. At lectures, symposia, seminars, or educational
courses, an individual presenting information on IEEE standards shall make it clear that his or her views should be considered the personal views of that individual rather than the
formal position of IEEE.

Comments on standards
Comments for revision of IEEE Standards documents are welcome from any interested party, regardless of membership affiliation with IEEE. However, IEEE does not provide
consulting information or advice pertaining to IEEE Standards documents. Suggestions for changes in documents should be in the form of a proposed change of text, together
with appropriate supporting comments. Since IEEE standards represent a consensus of concerned interests, it is important that any responses to comments and questions also
receive the concurrence of a balance of interests. For this reason, IEEE and the members of its societies and Standards Coordinating Committees are not able to provide an instant
response to comments or questions except in those cases where the matter has previously been addressed. For the same reason, IEEE does not respond to interpretation requests.
Any person who would like to participate in revisions to an IEEE standard is welcome to join the relevant IEEE working group.
Comments on standards should be submitted to the following address:
Secretary, IEEE-SA Standards Board
445 Hoes Lane
Piscataway, NJ 08854 USA

Photocopies
Subject to payment of the appropriate fee, IEEE will grant users a limited, non-exclusive license to photocopy portions of any individual standard for company or organizational
internal use or individual, non-commercial use only. To arrange for payment of licensing fees, please contact Copyright Clearance Center, Customer Service, 222 Rosewood
Drive, Danvers, MA 01923 USA; +1 978 750 8400. Permission to photocopy portions of any individual standard for educational classroom use can also be obtained through the
Copyright Clearance Center.

Patents
Attention is called to the possibility that implementation of this standard may require use of subject matter covered by patent rights. By publication of this standard, no position is
taken by the IEEE with respect to the existence or validity of any patent rights in connection therewith. If a patent holder or patent applicant has filed a statement of assurance via
an Accepted Letter of Assurance, then the statement is listed on the IEEE-SA Website at http://standards.ieee.org/about/sasb/patcom/patents.html. Letters of Assurance may
indicate whether the Submitter is willing or unwilling to grant licenses under patent rights without compensation or under reasonable rates, with reasonable terms and conditions
that are demonstrably free of any unfair discrimination to applicants desiring to obtain such licenses.
Essential Patent Claims may exist for which a Letter of Assurance has not been received. The IEEE is not responsible for identifying Essential Patent Claims for which a license
may be required, for conducting inquiries into the legal validity or scope of Patents Claims, or determining whether any licensing terms or conditions provided in connection with
submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination
of the validity of any patent rights, and the risk of infringement of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE Standards
Association.
Participants: The list of IEEE participants can be accessed at the following URL: http://standards.ieee.org/downloads/15289/15289-2015/15289-2015_wg-participants.pdf.
IMPORTANT NOTICE: IEEE Standards documents are not intended to ensure safety, health, or environmental protection, or ensure against interference with or from
other devices or networks. Implementers of IEEE Standards documents are responsible for determining and complying with all appropriate safety, security, environmental,
health, and interference protection practices and all applicable laws and regulations.This IEEE document is made available for use subject to important notices and legal
disclaimers. These notices and disclaimers appear in all publications containing this document and may be found under the heading “Important Notice” or “Important
Notices and Disclaimers Concerning IEEE Documents.” They can also be obtained on request from IEEE or viewed at http://standards.ieee.org/IPR/disclaimers.html.

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.
 ISO/IEC/IEEE 15289:2015(E)

Abstract: The purpose and content of all identified systems and software life cycle and
service management information items (documentation) are specified in this standard.
The information item contents are defined according to generic document types, as
presented in Clause 7, and the specific purpose of the document (Clause 10).

This International Standard provides a mapping of ISO/IEC/IEEE 15288, ISO/IEC

12207:2008 (IEEE Std 12207-2008), ISO/IEC 20000-1:2011 (IEEE Std 20000-1:2013),
and ISO/IEC 20000-2 (IEEE Std 20000-2:2013) clauses with a set of information items.

This International Standard identifies records and information items based on analysis
of references in ISO/IEC/IEEE 15288, ISO/IEC 12207:2008 (IEEE Std 12207-2008),
ISO/IEC 20000-1:2011 (IEEE Std 20000-1:2013) and ISO/IEC 20000-2:2012 (IEEE
20000-2:2013), which in some cases provide partial or complete outlines for the
content of specific documents. However, the requirements for the life-cycle processes
do not uniquely and unambiguously state the requirements for the information items
contents or the information needed by a user of an information item. Moreover, the
information from the life-cycle processes may overlap or may be created and revised at
different times. In short, the analyzed references do not result in a logically complete
list of information items.

Keywords: 15289, life cycle, life cycle process, software

ICS 35.080
ISBN 978-0-7381-9530-8
Price based on 83 pages

© ISO/IEC 2015 – All rights reserved

© IEEE 2015 – All rights reserved

Authorized licensed use limited to: TU Delft Library. Downloaded on February 19,2025 at 22:22:03 UTC from IEEE Xplore. Restrictions apply.