Information Technology Standards

The following international standards relate to Information Technology. They are grouped into these categories:

Product Quality, Documentation, Life Cycle Processes, IT Security (including ISO 27001), IT and Software Measurement, Process Assessment, Service Management (including ISO 20000), and Software Asset Management.

PRODUCT QUALITY
ISO/TR 9126-2: 2003Software Engineering – Product Quality – Part 2: External Metrics
ISO/TR 9126-3: 2003Software Engineering – Product Quality – Part 3: Internal Metrics
ISO/TR 9126-4: 2004Software Engineering – Product Quality – Part 4: Quality in Use Metrics
DOCUMENTATION
ISO 15289:2015Systems and Software Engineering – Content of Life Cycle Information Products (Documentation)
ISO 26511:2011Systems and Software Engineering – Requirements for Managers of User Documentation
ISO 26512:2011Systems and Software Engineering – Requirements for Acquirers and Suppliers of User Documentation
ISO 26513:2009Systems and Software Engineering – Requirements for Testers and Assessors of User Documentation
ISO/DIS 26513:201xSystems and Software Engineering – Requirements for Testers and Assessors of User Documentation
ISO 26514:2008Systems and Software Engineering — Requirements for Designers and Developers of User Documentation
LIFE CYCLE PROCESSES
ISO 12207: 2008Systems and Software Engineering – Software Life Cycle Processes
ISO/CD 12207: 201xSystems and Software Engineering – Software Life Cycle Processes
ISO 14764: 2006Software Engineering – Software Life Cycle Processes – Maintenance
ISO 15026-1: 2013Systems and Software Engineering – Systems and Software Assurance – Part 1: Concepts and Vocabulary
ISO/DIS 15026-1: 201xSystems and Software Engineering – Systems and Software Assurance – Part 1: Concepts and Vocabulary
ISO 15026-2: 2011Systems and Software Engineering – Systems and Software Assurance – Part 2: Assurance Case
ISO 15026-3: 2015Systems and Software Engineering – Systems and Software Assurance – Part 3: System Integrity Levels
ISO 15026-4: 2012Systems and Software Engineering – Systems and Software Assurance – Part 4: Assurance in the Life Cycle
ISO 15288: 2015Systems and Software Engineering – System Life Cycle Processes
ISO 16085: 2006Information Technology – Software Life Cycle Processes – Risk Management
ISO 16326: 2009Software Engineering – Life Cycle Processes — Project Management
ISO/TR 19759: 2015Software Engineering – Guide to the Software Enginering Body of Knowledge
ISO 24748-1:2010Systems and Software Engineering – Life Cycle Management – Part 1: Guide for Life Cycle Management
ISO/TR 24748-2:2011Systems and Software Engineering – Life Cycle Management – Part 2: Guide to the Application of ISO 15288 (Systems Life Cycle Processes)
ISO/TR 24748-3:2011Systems and Software Engineering – Life Cycle Management – Part 3: Guide to the Application of ISO 12207 (Software Life Cycle Processes)
ISO 24748-4:2016Systems and Software Engineering – Life Cycle Management – Part 4: Systems Engineering Planning
ISO/DIS 24748-5:201xSystems and Software Engineering – Life Cycle Management – Part 5: Software Development Planning
ISO/PDTS 24748-6:201xSystems and Software Engineering – Life Cycle Management – Part 6: Guide to System Integration Engineering
ISO 29148:2011Systems and Software Engineering – Life Cycle Processes – Requirements Engineering
ISO 90005:2008Systems Engineering – Guidelines for the Application of ISO 9001 to System Life Cycle Processes
IT SECURITY
ISO/TR 14516: 2002Information Technology – Security Techniques – Guidelines for the Use and Management of Trusted Third Party Services
ISO/NP TR 14516-1: 201xInformation Technology – Security Techniques – Guidelines for the Use and Management of Electronic Trust Service Providers – Part 1: Overview and Concepts
ISO/NP TR 14516-2: 201xInformation Technology – Security Techniques – Guidelines for the Use and Management of Electronic Trust Service Providers – Part 2: Guidelines on Information Security for CA Trust Service Providers
ISO/NP TR 14516-3: 201xInformation Technology – Security Techniques – Guidelines for the Use and Management of Electronic Trust Service Providers – Part 3: Guidelines on Information Security for PKI Trust Service Providers
ISO 15408-1: 2009Information Technology – Security Techniques – Evaluation Criteria for IT Security – Part 1: Introduction and General Model
ISO 15408-2: 2008Information Technology – Security Techniques – Evaluation Criteria for IT Security – Part 2: Security Functional Requirements
ISO 15408-3: 2008Information Technology – Security Techniques – Evaluation Criteria for IT Security – Part 3: Security Assurance Requirements
ISO/TR 15446:2009Information Technology – Security Techniques – Guide for the Production of Protection Profiles and Security Targets
ISO 18028-3: 2005Information Technology – Security Techniques– IT Network Security – Part 3: Securing Communications between Networks using Security Gateways
ISO 18028-4: 2005Information Technology – Security Techniques– IT Network Security – Part 4: Securing Remote Access
ISO 18028-5: 2006Information Technology – Security Techniques– IT Network Security – Part 5: Securing Communications across Networks using Virtual Private Networks
ISO 18045:2008Information Technology – Security Techniques – Methodology for IT Security Evaluation
ISO/TR 19791:2010Information Technology – Security Techniques – Security Assessment of Operational Systems
ISO/TR 20004:2015Information Technology – Security Techniques – Refining Software Vulnerability Analysis under ISO 15408 and ISO 18045
ISO/NP 20543:201xInformation Technology – Security Techniques – Test and Analysis Methods for Random Bit Generators within ISO 19790 and ISO 15408
ISO 27000: 2016Information Technology – Security Techniques- Information Security Management Systems – Overview and Vocabulary
ISO 27001: 2013Information Technology – Security Techniques – Information Security Management Systems – Requirements
ISO 27002: 2013Information Technology – Security Techniques – Code of Practice for Information Security Management
ISO 27003:2017Information Technology – Security Techniques – Information Security Management System – Guidance
ISO 27004:2016Information Technology – Security Techniques – Information Security Management – Monitoring, Measurement, Analysis and Evaluation
ISO 27005: 2011Information Technology – Security Techniques – Information Security Risk Management
ISO/WD 27005: 201xInformation Technology – Security Techniques – Information Security Risk Management
ISO 27006: 2015Information Technology – Security Techniques – Requirements for Bodies Providing Audit and Certification of Information Security Management Systems
ISO 27007:2011Information Technology – Security Techniques – Guidelines for Information Security Management Systems Auditing
ISO/DIS 27007:201xInformation Technology – Security Techniques – Guidelines for Information Security Management Systems Auditing
ISO/TR 27008:2011Information Technology – Security Techniques – Guidelines for Auditors on Information Security Controls
ISO/PDTS 27008:201xInformation Technology – Security Techniques – Guidelines for Auditors on Information Security Controls
 ISO 27009:2016Information Technology – Security Techniques – Sector-Specific Application of ISO 27001 – Requirements
ISO 27010:2015Information Technology – Security Techniques – Information Security Management for Inter-Sector and Inter-Organizational Communications
ISO 27011: 2016Information Technology – Security Techniques – Code of Practice for Information Security Controls based on ISO 27002 for Telecommunications Organizations
ISO 27013:2015Information Technology – Security Techniques – Guidelines on the Integrated Implementation of ISO 27001 and ISO 20000-1
ISO 27014:2013Information Technology – Security Techniques – Governance of Information Security
ISO/TR 27015:2012Information Technology – Security Techniques – Information Security Management Guidelines for Financial Services
ISO/TR 27016:2014Information Technology – Security Techniques – Information Security Management – Organizational Economics
ISO 27017:2015Information Technology – Security Techniques – Code of Practice for Information Security Controls based on ISO 27002 for Cloud Services
ISO 27018:2014Information Technology – Security Techniques – Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds acting as PII Processors
ISO/TR 27019: 2013Information Technology – Security Techniques – Information Security Management Guidelines based on ISO 27002 for Process Control Systems specific to the Energy Utility Industry
ISO/AWI 27019: 201xInformation Technology – Security Techniques – Information Security Management Guidelines based on ISO 27002 for Process Control Systems specific to the Energy Utility Industry
ISO/NP 27021:201xInformation Technology – Security Techniques – Competence Requirements for Information Security Management Systems Professionals
ISO/TR 27023:2015Information Technology – Security Techniques – Mapping the Revised Editions of ISO 27001 and ISO 27002
ISO 27031:2011Information Technology – Security Techniques – Guidelines for Information and Communication Technology Readiness for Business Continuity
ISO 27032:2012Information Technology – Security Techniques – Guidelines for Cybersecurity
ISO 27033-1:2015Information Technology – Security Techniques – Network Security – Part 1: Overview and Concepts
ISO 27033-2:2012Information Technology – Security Techniques – Network Security – Part 2: Guidelines for the Design and Implementation of Network Security
ISO 27033-3:2010Information Technology – Security Techniques – Network Security – Part 3: Reference Networking Scenarios – Threats, Design Techniques and Control Issues
ISO 27033-4:2014Information Technology – Security Techniques – Network Security – Part 4: Securing Communications between Networks using Security Gateways
ISO 27033-5:2013Information Technology – Security Techniques – Network Security – Part 5: Securing Communications across Networks using Virtual Private Network (VPNs)
ISO 27033-6:2016Information Technology – Security Techniques – Network Security – Part 6: Securing Wireless IP Network Access
ISO 27034-1:2011Information Technology – Security Techniques – Application Security – Part 1: Overview and Concepts
ISO 27034-2:2015Information Technology – Security Techniques – Application Security – Part 2: Organization Normative Framework
ISO/CD 27034-3:201xInformation Technology – Security Techniques – Application Security – Part 3: Application Security Management Process
ISO/CD 27034-5:201xInformation Technology – Security Techniques – Application Security – Part 5: Protocols and Application Security Controls Data Structure
ISO/PDTS 27034-5-1:201xInformation Technology – Security Techniques – Application Security – Part 5-1: Protocols and Application Security Controls Data Structure — XML Schemas
ISO/DIS 27034-6-2:201xInformation Technology – Security Techniques – Application Security – Part 6: Case Studies
ISO 27035-1:2016Information Technology – Security Techniques – Information Security Incident Management – Part 1: Principles of Incident Management
ISO 27035-2:2016Information Technology – Security Techniques – Information Security Incident Management – Part 2: Guidelines to Plan and Prepare for Incident Response
ISO/PDTS 27035-3:201xInformation Technology – Security Techniques – Information Security Incident Management – Part 3: Guidelines for CSIRT Operations
 ISO 27036-1:2014Information Technology – Security Techniques – Information Security for Supplier Relationships – Part 1: Overview and Concepts
 ISO 27036-2:2014Information Technology – Security Techniques – Information Security for Supplier Relationships – Part 2: Requirements
 ISO 27036-3:2013Information Technology – Security Techniques – Information Security for Supplier Relationships – Part 3: Guidelines for Information and Communication Technology Supply Chain Security
ISO/DIS 27036-4:201xInformation Technology – Security Techniques – Information Security for Supplier Relationships – Part 4: Guidelines for Security of Cloud Services
 ISO 27037:2012Information Technology – Security Techniques – Guidelines for Identification, Collection, Acquisition and Preservation of Digital Evidence
ISO 27038:2014Information Technology – Security Techniques – Specification for Digital Redaction
ISO 27039:2015Information Technology – Security Techniques – Selection, Deployment and Operations of Intrusion Detection Systems (IDPS)
ISO 27040:2015Information Technology – Security Techniques – Storage Security
ISO 27041:2015Information Technology – Security Techniques – Guidance on Assuring Suitability and Adequacy of Incident Investigative Method
ISO 27042:2015Information Technology – Security Techniques – Guidelines for the Analysis and Interpretation of Digital Evidence
ISO 27043:2015Information Technology – Security Techniques – Incident Investigation Principles and Processes
ISO 29128:2011Information Technology – Security Techniques – Verification of Cryptographic Protocols
SOFTWARE MEASUREMENT
ISO 14143-1: 2007Information Technology – Software Measurement – Functional Size Measurement –  Part 1: Definition of Concepts
ISO 14143-2: 2011Information Technology – Software Measurement – Functional Size Measurement – Part 2: Conformity Evaluation of Software Size Measurement Methods to ISO 14143-1
ISO/TR 14143-3: 2003Information Technology – Software Measurement – Functional Size Measurement –  Part 3: Verification of Functional Size Measurement Methods
ISO/TR 14143-4: 2002Information Technology – Software Measurement – Functional Size Measurement –  Part 4: Reference Model
ISO/TR 14143-5: 2004Information Technology – Software Measurement – Functional Size Measurement –  Part 5: Determination of Functional Domains for use with Functional Size Measurement
ISO 14143-6: 2012Information Technology – Software Measurement – Functional Size Measurement –  Part 6: Guide for Use of ISO 14143 Series and Related International Standards.
ISO 14756: 1999Information Technology – Measurement and Rating of Performance of Computer-based Software Systems
ISO 15939: 2007Systems and Software Engineering — Measurement Process
PROCESS ASSESSMENT
ISO 15504-2: 2003Information Technology – Process Assessment – Part 2: Performing An Assessment
ISO 15504-3: 2004Information Technology – Process Assessment – Part 3: Guidance on Performing an Assessment
ISO 15504-4: 2004Information Technology – Process Assessment – Part 4: Guidance on Use for Process Improvement and Process Capability Determination
ISO 15504-5: 2012Information Technology – Process Assessment – Part 5: An Exemplar Software Life Cycle Process Assessment Model
ISO/TR 15504-6: 2008Information Technology – Process Assessment – Part 6: An Exemplar System Life Cycle Process Assessment Model
ISO/TS 15504-8: 2012Information Technology – Process Assessment – Part 8: An Exemplar Process Assessment Model for IT Service Management
ISO/TS 15504-9: 2011Information Technology – Process Assessment – Part 9: Target Process Profiles
ISO/TS 15504-10: 2011Information Technology – Process Assessment – Part 10: Safety Extension
ISO 33001: 2015Information Technology – Process Assessment – Concepts and Terminology
ISO 33002: 2015Information Technology – Process Assessment – Requirements for Performing Process Assessment
ISO 33003: 2015Information Technology – Process Assessment – Requirements for Process Measurement Frameworks
ISO 33004: 2015Information Technology – Process Assessment – Requirements for Process Reference, Process Assessment, and Maturity Models
ISO 33014: 2013Information Technology – Process Assessment – Guide for Process Improvement
ISO 33020: 2015Information Technology – Process Assessment – Process Measurement Framework for Assessment of Process Capability
ISO 33063: 2015Information Technology – Process Assessment – Process Assessment Model for Software Testing
SERVICE MANAGEMENT
ISO 20000-1: 2011Information Technology – Service Management – Part 1: Service Management System Requirements
ISO/WD 20000-1: 201xInformation Technology – Service Management – Part 1: Service Management System Requirements
ISO 20000-2: 2012Information Technology – Service Management – Part 2: Guidance on the Application of Service Management Systems
ISO 20000-3: 2012Information Technology – Service Management – Part 3: Guidance on Scope Definition and Applicability of ISO 20000-1
ISO/TR 20000-4: 2010Information Technology – Service Management – Process Reference Model
ISO/TR 20000-5: 2013Information Technology – Service Management – Part 5: Exemplar Implementation Plan for ISO 20000-1
ISO/DIS 20000-6: 201xInformation Technology – Service Management – Part 6: Requirements for Bodies providing Audit and Certification of Service Management Systems
ISO/CD 20000-7: 201xInformation Technology – Service Management – Part 7: Guidance on the Application of ISO 20000-1 to the Cloud
ISO/WD TR 20000-8: 201xInformation Technology – Service Management – Part 8: Guidance on Usage and Benefits of Service Management Systems for Smaller Organizations
ISO/TR 20000-9: 2015Information Technology – Service Management – Part 9: Guidance on the Application of ISO 20000-1 to Cloud Services
ISO/TR 20000-10: 2015Information Technology – Service Management – Part 10: Concepts and Terminology
ISO/TR 20000-11: 2015Information Technology – Service Management – Part 11: Guidance on the Relationship between ISO 20000-1:2011 and related Frameworks: ITIL®
ISO/PDTR 20000-12: 201xInformation Technology – Service Management – Part 12: Guidance on the Relationship between ISO 20000-1:2011 and Service Management Frameworks: CMMI-SVC
IT and SOFTWARE ASSET MANAGEMENT
ISO 19770-1: 2012Information Technology – Software Asset Management – Part 1: Processes and Tiered Assessment of Conformance
ISO/CD 19770-1: 201xInformation Technology – IT Asset Management – Part 1: IT asset management Systems – Requirements
ISO 19770-2: 2015Information Technology – Software Asset Management – Part 2: Software Identification Tag
ISO 19770-3: 2016Information Technology – IT Asset Management – Part 3: Entitlement Schema
ISO/CD 19770-4: 201xInformation Technology – IT Asset Management – Part 4: Resource Utilization Measurement (RUM)
ISO 19770-5: 2015Information Technology – IT Asset Management – Part 5: Overview and Vocabulary
SQuaRE = Software Product Quality Requirements and Evaluation
ISO 25000: 2005Software Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Guide to SQuaRE
ISO 25001: 2007Software Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Planning and Management
ISO 25010:2011Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – System and Software Quality Models
ISO/PDTS 25011: 201xInformation Technology – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Service Quality Model
ISO 25012: 2008Software and System Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Data Quality Model
ISO 25020: 2007Software and System Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Measurement Reference Model and Guide
ISO 25021: 2012Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Quality Measure Elements
ISO 25022:2016Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Measurement of Quality in Use
ISO 25023: 2016Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Measurement of System and Software Product Quality
ISO 25024: 2015Software Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Measurement of Data Quality
ISO 25030: 2007Software Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Quality Requirements
ISO 25040:2011Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE)  Evaluation Process
ISO 25041:2012Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Evaluation Guide for Developers, Acquirers and Independent Evaluators
ISO/NP 25044: 201xSystems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE)
ISO 25045: 2010Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Evaluation Module for Recoverability
ISO 25051: 2014Software Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Requirements for Quality of Ready to Use Software Product (RUSP) and Instructions for Testing
ISO/TR 25060: 2010Software Product Quality Requirements and Evaluation (SQuaRE) — Common Industry Format (CIF) for Usability — General Framework for Usability-related Information
ISO 25062: 2006Software Engineering – Software Quality Requirements and Evaluation (SQuaRE) – Common Industry Format for Usability Test Reports
 ISO 25064:2013Systems and Software Engineering – Software Quality Requirements and Evaluation (SQuaRE) – Common Industry Format (CIF) for Usability: User Needs Report
ISO/NP 25065: 201xSystems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Common Industry Format for Usability – User Requirements Specification
 ISO 25066: 2016Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Common Industry Format for Usability – Evaluation Report

NP = New Project; AWI = Approved Work Item; WD = Working Document; CD = Committee Draft; DIS = Draft International Standard; FDIS = Final Draft International Standard; TR = Technical Report; IWA = International Workshop Agreement.

Follow the progress of the draft standards at www.iso.org.

Whittington & Associates

We are committed to providing expert training, effective consulting, and valuable auditing. If you have any questions about our services, please contact us at 770-862-1766, or [email protected].