News

Agile and DevOps standardization efforts in SC7

Posted by on Jun 3, 2019 in Uncategorized | 0 comments

Sundeep Oberoi, Chair SC 7: Software and systems engineering

SC7 delivers standards in the area of software and systems engineering that meet market and professional requirements.  SC7 has initiated work on Agile & DevOps standardization in multiple Working Groups and also directly under SC7. The details are as under:

SC 7 Direct

Development of two Technical Reports for defining:

  • Agile and DevOps Principles and Practices
  • Agile Readiness and Success Criteria

SC 7 WG2 – System Software Documentation

  • WG2 has an agile standard for technical communication that was updated and published in 2018. It is ISO/IEC/IEEE 26515.

SC 7 WG7 – System Life Cycle Process

  • Exploring possibility of collaborating with IEEE on Agile & DevOps as per the PSDO agreement.

SC 7 WG20 – Software and systems bodies of knowledge and professionalization

  • BOKs and Certifications Schemes can touch on Agile and DevOps.

SC 7 WG24 – SLC Profile and guidelines for VSE

  • TR 29110-5-4 Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 5-4: Agile Software Development Guidelines
  • TR 29110-5-5 Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 5-5: DevOps Guidelines

SC 7 WG26 – Testing

  • WG26 are working on a TR – 29119-6 Software and Systems Engineering — Software Testing — Part 6: Guidelines for the use of ISO/IEC/IEEE 29119 in Agile Projects.
  • The published ISO/IEC/IEEE 29119-1/-2/-3 also include coverage of agile.

SC 7 WG 42 – Architecture

  • Exploring the possibility to add Agility to the scope of 42021 – Guide to 42020 (Software, systems and enterprise — Architecture processes)

ISO/IEC JTC 1 explores emerging areas of Information Technology standardization

Posted by on May 16, 2019 in Information Technology, News | 0 comments

During the second week of May, ISO/IEC JTC 1 held its 34th plenary meeting in Lahaina, Maui, USA.. The meeting in Lahaina brought together more than 70 experts from 18 countries to discuss developments and plan new work programs across many aspects of the Information Technology standardisation landscape.

Delegates attending the ISO/IEC JTC 1 meeting in Lahaina, Maui, US

Constituted in 1987 as the first joint committee of both IEC and ISO, JTC 1 now comprises experts from 33 countries and has published 3181 standards in the field of Information Technology, with 544 currently under development.

Originally publishing standards in areas such as “Coded Character Sets” under sub-committee (SC) 2 and “Telecommunications and Information Exchange between Systems” under SC 6, JTC 1 has always kept pace with technology developments. JTC 1 has adopted its work program to the current technologies and technology trends and continues to focus on standards that build a foundation for the digitization of the technologies standardized across other committees of ISO and IEC.

The JTC 1 AG JETI (JTC 1 Emerging Technology and Innovation) is an important JTC 1 and is mandated to seek opportunities to facilitate JTC 1 standards development for future emerging and innovation technologies. It assesses the technology opportunities to identify the relevant standardization issues and priorities that warrant immediate action and those that should be watched for potential consideration later by JTC 1. JETI monitors the future considerations from JTC 1 SCs/WGs to perform successful execution of standards development and planning with an appropriate coordination in JTC 1

In order to gain the necessary input from a brought number of experts JETI is organizing an online-survey from June 10, 2019 to June 28, 2019. Dedicated information will submitted in due time

Some new trends and technologies being analysed and evaluated

  • Smart Cities,
  • 3D & 4D Printing & Scanning,
  • Autonomous and Data Rich Vehicles,
  • Open Source Software,
  • Quantum Computing,
  • Digital Twin,
  • VR /AR for Education, and
  • Trustworthiness

For updated information and news by JTC 1 on these topics please visit https://jtc1info.org/technology/ and https://jtc1info.org/update/

Meta Reference Architecture and Reference Architecture for Systems Integration

To enable better cooperation with other ISO and IEC Committees, JTC 1 has identified Meta Reference Architecture and Reference Architecture for Systems Integration as key components of the work program and has established an Advisory Group on this topic. Meta Reference Architecture and Reference Architecture for Systems Integration needs to provide the highest level of abstraction for multiple horizontal business domains under a systems-of-systems view, and Meta Reference Architecture and Reference Architecture should allow business value assessments to select among potential alternative models and or scenarios. The JTC 1 Meta-Reference Architecture Advisory Group will convene a workshop on August 20-22, 2019 at École de technologie supérieure (ETS), Montréal, Québec, Canada. The final program will also be posted as a JTC 1 document with an invitation for participation and also announced via the JTC 1 homepage on https://jtc1info.org/.

The new JTC 1 Advisory Group (AG) on Digital Twin

The Digital Twin, which combines a variety of modern technologies such as the Internet of Things (IoT), cyber-physical systems (CPS), 3D modeling, simulation, and artificial intelligence (AI), is at the heart of the fourth industrial revolution. If the Internet of Things is a disruptive technology that is applied to all industries and services and brings radical changes in human life, the Digital Twin will integrate and interwork the real world and the virtual world based on the Internet of Things.

For this reason, the Digital Twin can be recognized as a dimension-bridging technology in which a link is established between the real world and the virtual world. This AG will analyse  industry and market status  with a focus on manufacturing, renewable energy, smart cities, farming, buildings and healthcare and will recommend  potential areas of standardization to JTC 1.

The next JTC 1 Plenary meeting will be on November 4 – 8, 2019 in New Delhi, India



IT Asset Management Standards (ISO/IEC 19770) Business Case & Overview

Posted by on Apr 24, 2019 in Uncategorized | 0 comments

23 April, 2019

JTC 1/SC 7 Chair, Dr Sundeep Oberoi and SC 7/ WG 21 Convenor, Ron Brill

IT Asset Management (ITAM) encompasses the system, processes and technology used to detect, track, manage and optimize IT assets throughout all stages of their lifecycle. IT Assets are defined as any IT-related hardware, software, subscriptions or services which the organization owns, is paying for, or is otherwise utilizing directly or indirectly. This definition of an IT Asset is broad, and includes not only servers, desktops and mobile devices, but also IoT, network and storage devices, and cloud services such as Software as a Service, Infrastructure as a Service, and Platform as a Service (SaaS/IaaS/PaaS), amongst many others. 

Effective ITAM is important for organizations of all types and sizes, for three main reasons:

  1. ITAM is an enabling competency for IT. Many key IT functions are dependent on complete and accurate ITAM information. Examples include the following (partial list):
  • Information Security: you cannot secure what you don’t know. The first task within Information Security is to understand what devices are connecting to your network, how they are configured (down to the patch-level), is the hardware and software genuine and authorized, etc. This is all ITAM information.  The dependency between Information Security and ITAM is so material that Gartner had predicted that “By 2022, 50% of ITAM initiatives will be primarily driven by information security needs and concerns
  • Configuration Management and Change Management: without knowing what IT assets exist and how they are configured (all ITAM information), the organization cannot determine whether that configuration is correct, and that no unauthorized changes are being made to it
  • Disaster Recovery: without knowing what IT assets exist, where they are, how they are configured, and what business functions are they supporting (all ITAM information), it would be difficult to reconstruct these assets (and therefore company operations) following a disaster
  • IT Financial Management: without knowing how much money the organization is spending on what IT assets, and the ability to manage future requisitions for IT assets (all ITAM information), it is difficult to budget and forecast for IT with any accuracy

2. ITAM is key for IT risk mitigation. One type of risk unique to ITAM is software license compliance. The software industry is known for software license compliance audits. Without effective ITAM it is easy even for a well-intentioned organization to over-deploy software beyond the organization’s license entitlements, thus exposing the organization to legal, financial, and repetitional risks. This is due to multiple factors including the following:

  • Complexity of ever-changing licensing rules
  • New technologies impacting licensing (e.g. virtualization, cloud, and edge computing)
  • The number of different software vendors under management (which may exceed 1,000 for a large organization)
  • Mergers & acquisitions on both the organization’s side and the software publisher’s side
  • Inherent limitations of tools available to assist in the process
  • Inability to control rogue end-user actions, to name just a few challenges

3. ITAM is key for IT cost savings: lack of complete and accurate ITAM information may lead organizations to spend a lot more on IT Assets than they need to, particularly on software which is taking an ever-increasing share of IT budgets. Examples include the following:

  • Shelf-ware: this situation occurs where the organization is paying for software (or maintenance renewal) that is not in use and isn’t needed. SaaS is actually prone to shelf-ware more than traditional on-prem software. Effective ITAM prevents shelf-ware from occurring
  • Re-harvesting: when hardware is retired, the software licenses consumed by that hardware should become available for re-deployment within the organization; however, this is only possible with effective ITAM in place
  • Architecture optimization: without effective ITAM, organizations may configure their environments in an unoptimized way from a licensing standpoint, resulting in more licenses being needed without any functional or operational benefits to the organization
  • Negotiation from a position of knowledge: without effective ITAM, organizations lack information about their needs, and are at the mercy of software publishers when negotiating software contracts

IT Asset Management is addressed in the ISO/IEC series of standards (under JTC1/SC7/WG21). There are three types of standards within that series:

  1. ITAM System – currently, this group includes one standard:
  • ISO/IEC 19770-1 – currently in its third (2017) edition, ISO/IEC 19770-1 is the primary ITAM standard. It is a Management Systems Standard (MSS) which was designed to be implemented jointly with other relevant MSSs, specifically ISO/IEC 27001 for information security. ISO/IEC 19770-1 addresses the overall management system that needs to be in place for effective ITAM. The standard also discusses 15 process areas that are expected to be managed in any ITAM system, and presents an optional tiered approach for their implementation:
    • Tier 1: Trustworthy Data
    • Tier 2: Life Cycle Integration
    • Tier 3: Optimization

2. ITAM Information Structure – this group of standards provides technical specifications for facilitating the exchange of information between software publishers, ITAM tool vendors, and end- user organizations. It does this by providing data structures/schemas for capturing, storing, detecting, and exchanging ITAM information. These standards currently include the following:

3. Overview & Vocabulary – currently this group includes one standard:

  • ISO/IEC 19770-5 Overview and Vocabulary – currently in its second (2015) edition. This is the only freely-available ITAM standard

In Summary, IT Asset Management (ITAM) is a key enabling IT competency for supporting other IT functions, mitigating risks, and saving costs. The ISO/IEC 19770 series of standards addresses ITAM from the perspective of both a management system (ISO/IEC 19770-1) and data structure for the exchange of ITAM information.

Applying systems and software engineering standards in very small entities

Posted by on Apr 16, 2019 in Uncategorized | 0 comments

Worldwide, a large majority of organizations developing systems or software are very small entities (VSEs), enterprises, projects or public organizations having up to 25 people. With the ISO/IEC 29110 series of standards and guides, VSEs now have documented development processes and third-party certification helping them to be recognized as entities that produce quality systems or software products.

After the establishment of WG 24 in 2005, members of WG 24 conducted an international survey to question VSEs about their utilization of ISO/IEC JTC 1/SC 7 standards and to collect data to identify problems and potential solutions to help them apply these standards. Respondents to the survey indicated that they did not have the resources or the expertise to adapt existing standards to their needs and, standards were difficult and bureaucratic and they did not provide adequate guidance for use by VSEs. A large percentage of respondents also indicated that they would like more guidance with examples, lightweight and easy-to-understand standards, complete with templates.

Standards for very small entities

The ISO 29110 series targets VSEs with little or no experience or expertise in selecting the appropriate processes from systems or software engineering lifecycle standards tailoring and documenting them (e.g. with activities and tasks, inputs/outputs and roles) to a project’s needs.

The ISO 29110 series targets VSEs with little or no experience or expertise in selecting the appropriate processes from systems or software engineering lifecycle standards tailoring and documenting them (e.g. with activities and tasks, inputs/outputs and roles) to a project’s needs.

The ISO 29110 series targets VSEs with little or no experience or expertise in selecting the appropriate processes from systems or software engineering lifecycle standards tailoring and documenting them (e.g. with activities and tasks, inputs/outputs and roles) to a project’s needs.

Once established, the ISO/IEC JTC1 SC 7 Working Group 24 took an innovative approach, using standardized profiles, to develop the set of ISO/IEC 29110 standards and guides. WG 24 re-used elements of published engineering standards (such as ISO/IEC/IEEE 15288 or 12207), to develop a four-stage road map for Start-ups to Grown-ups VSEs (Entry, Basic, Intermediate, and Advanced). The profiles are applicable to the vast majority of VSEs that don’t develop critical systems or critical software.

Management and engineering guides at the core

The core of ISO/IEC 29110 are the Management and Engineering Guides (i.e. ISO/IEC 29110-5-1 and ISO/IEC 29110-5-6) providing project management and systems and software engineering processes. Some ISO/IEC 29110 documents, such as the overview and the Management and Engineering Guides, are freely available from ISO[1]. They’ve been translated into Czech, French, Portuguese, and Spanish and adopted as national standards by several countries. Recently, ISO has even published an ISO 29110 document in Spanish.

Note: The boxes in light blue indicate documents in development

“In addition to developing and selling their own products, VSEs can also develop and/or maintain systems or software, having hardware and/or software components, that are used in larger systems; therefore, recognition of VSEs as suppliers of high quality systems or software is often required” says Dr. Claude Y Laporte, Lead Editor  of ISO/IEC JTC1 WG 24[1].

Pilot projects for SMEs and VSEs

A recent pilot projects, with six engineering SMEs and VSEs of the south of France, implemented an ISO 29110 Systems Engineering and Management Guide. This guide is mainly based of the ISO/IEC/IEEE 15288 standard. The six enterprises, established between 1994 and 2016, are operating in a wide range of domains, such as agriculture, automotive, nuclear, space, and have a size ranging 10 to 150 people. Many benefits (e.g. better risk management, fewer errors and reduction of the cost of errors, detection/correction of errors early in the project, shorter validation time, and reduction of the number of incidents at integration) have resulted from the implementation of the systems engineering guide of ISO 29110.

Since many ISO 29110 management and engineering guides are freely available and have been translated, the diffusion and implementation of the ISO 29110 series was greatly accelerated by universities of over 20 countries. Also, the first textbook[2] and mini case studies covering
ISO 29110 are now available as teaching material. Four universities of Mexico have even obtained a formal certification for their software development centres where students develop software products for internal or external customers. Also, in Thailand, an early adopter of
ISO 29110, over 10 universities are teaching ISO 29110. So far, about 450 public and private Thai organizations have achieved the ISO 29110 certification to the basic profile.

A second survey was conducted, by members of WG 24, in 2018. The responses collected indicated a high level of satisfaction of VSEs and their customers about ISO 29110. As an example, to the question “How long, after you implemented ISO/IEC 29110, did you notice any improvement”, over 64% of respondents noted improvements in productivity, 58% in quality in the first six months after the implementation of ISO 29110. Over 89% of respondents are completely or largely satisfied with their ISO 29110 implementation. A large percentage of customers of VSEs (79%) were completely and largely satisfied with the results of the system/software/service provided. WG 24 will use the results of the 2018 survey as one input to guide the revision of the ISO 29110 series of standards and guides.

Current work of WG 24

WG 24 is presently developing standards and guides to address Agile and DevOps development. Experts of WG 24 are also investigating the development of a guide to help VSEs in implementing quality requirements (i.e. usability, security) and measures from the ISO/IEC 25000 and ISO/IEC 27000 series.

The ISO/IEC 29110 series of Standards and Guides has helped to reduce the difficulty of VSEs in applying SC 7 standards and justifying the application of those standards to their business needs and practices. “ISO 29110 helps meet the need for VSEs’ specific systems and software lifecycle profiles and guidelines”, says Tanin Uthayana, Convenor of WG 24 – ISO/IEC JTC 1/SC 7.


[1] ISO/IEC 29110 public site in English, French and Spanish: https://profs.etsmtl.ca/claporte/English/VSE/index.html

[2] https://www.wiley.com/en-ca/Software+Quality+Assurance-p-9781118501825



[1] https://standards.iso.org/ittf/PubliclyAvailableStandards/index.html

What questions should organization boards and executives be asking about AI technologies?

Posted by on Feb 27, 2019 in Uncategorized | 0 comments

Jan Begg, Chair SC 40, Wael Diab, Chair SC 42

Technologies such as artificial intelligence (AI) and IoT are changing the way we live and work. Complex business operations use increasingly data-rich systems, in order to enhance products and services.

These technologies bring many benefits, such as enhanced efficiency of manufacturing or improved healthcare delivery and quality of life; however, a number of issues must be addressed, such as new terminology, definitions, ways of doing things, and threats to business viability.

New Joint Working Group with broad stakeholder participation

The recent speed with which AI technologies, such as machine learning and analytics, have pervaded industries, cities, homes and infrastructures, has prompted the urgent need to address governance implications for the use of AI in organizations.

Against this backdrop, IEC and ISO Joint Technical Committee for information technologies (ISO/IEC JTC 1) has established a new Joint Working Group (JWC), with two of its committees (SCs), SC 40: IT Service Management and IT Governance and SC 42: Artificial intelligence. The JWG is tasked with developing the international standard ISO/IEC AWI 38507, Governance implications of the use of artificial intelligence by organizations.

The JWG will draw on the very broad business and IT expertise of SC 40 and SC 42 members and other IEC and ISO technical committees, covering different industries and related technology areas, such as analytics, big data, IoT, cyber security and more, in order to come up with a guidance document that can be understood by both audiences.

Guiding governance

“Time is of the essence and organization leaders need reliable and trusted advice as soon as possible. This new project will use standardized AI terminology and concepts which are being developed by SC 42 in parallel to the JWG development of 38507”, said Jan Begg, Chair, JTC 1/SC 40.

With a focus on business and providing a link with corporate governance, SC 40 looks at how technology areas or opportunities are managed within an organization, and then for people with responsibilities at governance level (board or executive managers), how they think about their governance responsibilities when it comes to technology. Find out more

“The partnership of SC 42 and SC 40 to address the governance implications of AI, through the joint working group, is an opportunity to expand the stakeholders interested in and involved in AI. Furthermore, it adds to the ecosystem approach that SC 42 has undertaken by bringing in another perspective, namely, governance”, said Wael Diab, Chair, JTC 1/SC 42.

SC 42 for AI was setup as a systems integration committee to provide guidance to IEC, ISO and JTC 1 committees looking at AI applications.

AI is a collection of technologies with numerous and different stakeholders who are approaching the deployment of AI systems from a business angle with a focus on customer needs, segments, services, products and regulatory requirements. Thus, it will need industry collaboration across domains, for example, IT and OT for applications in transportation, medical, financial, robotics, manufacturing and more.

For these reasons, SC 42 is the first international standards committee to look at the full AI ecosystem and adopt a broad approach that includes and goes beyond traditional interoperability. Find out more

More about the Joint Working Group

JTC 1 Resolution 11 – JWG between SC 40 and SC 42 on ISO/IEC AWI 38507, Governance implications of the use of artificial intelligence by organizations, was endorsed by JTC 1 and adopted during the 34th Meeting of ISO/IEC JTC 1, 5-8 November 2018 in Stockholm, Sweden, where it assigned the administrative lead to SC 42.

The Convenor is Janna Lingenfelder (Germany) and Dr Gyeung-min Kim is the Co-convenor, both until the end of 2021.

Peter Brown (United Kingdom) was nominated as editor of ISO/IEC AWI 38507.

Over 90 experts from 18 countries have registered to participate in this JWG.