CSA Preface
Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).
For brevity, this Standard will be referred to as CSA ISO/IEC 29110-3-2 throughout.
At the time of publication, ISO/IEC 29110-3-2:2018 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC.
This Standard has been formally approved, without modification, by the Technical Committee and has been developed in compliance with Standards Council of Canada requirements for National Standards of Canada. It has been published as a National Standard of Canada by CSA Group.
Scope
This document:
— defines the rules applicable for certification of the implementation of systems engineering, software engineering and service delivery processes complying with the requirements given in ISO/IEC 29110‑4-m, Profile specifications; and
— provides the necessary information and confidence to customers about the way certification of their suppliers has been granted.
Certification of the implementation of systems and software engineering processes (named certification in this document) is a third-party conformity assessment activity (see ISO/IEC 17000:2004, 5.5). Bodies performing this activity are therefore third-party conformity assessment bodies (named certification body/bodies in this document).
NOTE This document is primarily intended to be used as a criteria document for the accreditation or peer assessment of certification bodies which seek to be recognized as being competent to certify that a Very Small Entity (VSE) complies with ISO/IEC 29110‑4-m, Profile Specifications. Some of its requirements could also be found useful by any other parties involved in the conformity assessment of such certification bodies.
Systems and software engineering processes certification does not attest the fitness of the systems and or software products offered by a VSE.
It is important to note that certification of the implementation of systems and software engineering processes according to ISO/IEC 29110‑4-m, Profile Specifications, is a process certification and not a management systems certification neither a product certification.
Certification of the implementation of systems and software engineering processes (SEP) of a very small entity (VSE) is one means of providing assurance that the VSE has implemented systems and software engineering processes to the development or maintenance of systems and or software.
Requirements for the implementation of SEP can originate from a number of sources, and this International Standard has been developed to assist in the certification of SEP that fulfil the requirements of ISO/IEC 29110‑4-m, Profile Specifications. The contents of this document can also be used to support certification of SEP that are based on other sets of specified SEP requirements.
This document is intended for use by bodies that carry out audit and certification of SEP for VSEs. It gives generic requirements for such certification bodies performing audit and certification in the field of SEP for VSEs. Such bodies are referred to as certification bodies. This wording is not intended to be an obstacle to the use of this document by bodies with other designations that undertake activities covered by the scope of this document. Indeed, this document is intended to be usable by anyone involved in the assessment of SEP for VSEs.
Certification activities involve the audit of a VSE’s SEP. The form of attestation of conformity of a VSE’s SEP to a specific lifecycle profile standard setting the applicable SEP (for example ISO/IEC 29110‑4-1 or ISO/IEC 29110‑4-3) or other specified requirements are normally a certification document or a certificate.
This certification is outside the scope of ISO/IEC 29169 to the assessment to process quality characteristics and organizational maturity, and does not cover the results of process assessment. ISO/IEC 29110-3-3 describes such a scheme.
It is for the VSE being certified to develop its own processes (including ISO/IEC 29110‑4-m SEP), other sets of specified SEP requirements, other processes and it is for the VSE to decide how the various components of these will be arranged. It is therefore for certification bodies that operate in accordance with this document to take into account the culture and practices of their clients with respect to the implementation of SEP, including, if applicable, within the wider organization.