Information Technology Standards

The following international standards relate to Information Technology. They are grouped into these categories:

Product Quality, Documentation, Life Cycle Processes, IT Security (including ISO 27001), IT and Software Measurement, Process Assessment, Service Management (including ISO 20000), and Software Asset Management.

DOCUMENTATION
ISO 15289:2019Systems and Software Engineering – Content of Life Cycle Information Products (Documentation)
ISO 26511:2018Systems and Software Engineering – Requirements for Managers of Information for Users of Systems, Software, and Services
ISO 26512:2018Systems and Software Engineering – Requirements for Acquirers and Suppliers of Information for Users
ISO 26513:2017Systems and Software Engineering – Requirements for Testers and Reviewers of Information for Users
ISO 26514:2008Systems and Software Engineering — Requirements for Designers and Developers of User Documentation
LIFE CYCLE PROCESSES
ISO 12207: 2017Systems and Software Engineering – Software Life Cycle Processes
ISO 14764: 2006Software Engineering – Software Life Cycle Processes – Maintenance
ISO 15026-1: 2019Systems and Software Engineering – Systems and Software Assurance – Part 1: Concepts and Vocabulary
ISO 15026-2: 2011Systems and Software Engineering – Systems and Software Assurance – Part 2: Assurance Case
ISO 15026-3: 2015Systems and Software Engineering – Systems and Software Assurance – Part 3: System Integrity Levels
ISO 15026-4: 2012Systems and Software Engineering – Systems and Software Assurance – Part 4: Assurance in the Life Cycle
ISO 15288: 2015Systems and Software Engineering – System Life Cycle Processes
ISO 16085: 2006Information Technology – Software Life Cycle Processes – Risk Management
ISO/CD 16085.3: 20xxInformation Technology – Software Life Cycle Processes – Risk Management
ISO 16326: 2009Software Engineering – Life Cycle Processes — Project Management
ISO/FDIS 16326: 20xxSoftware Engineering – Life Cycle Processes — Project Management
ISO/TR 19759: 2015Software Engineering – Guide to the Software Engineering Body of Knowledge
ISO 24748-1:2016Systems and Software Engineering – Life Cycle Management – Part 1: Guidelines for Life Cycle Management
ISO/TR 24748-2:2011Systems and Software Engineering – Life Cycle Management – Part 2: Guide to the Application of ISO 15288 (System Life Cycle Processes)
ISO/TR 24748-3:2011Systems and Software Engineering – Life Cycle Management – Part 3: Guide to the Application of ISO 12207 (Software Life Cycle Processes)
ISO 24748-4:2016Systems and Software Engineering – Life Cycle Management – Part 4: Systems Engineering Planning
ISO 24748-5:2017Systems and Software Engineering – Life Cycle Management – Part 5: Software Development Planning
ISO/TS 24748-6:2016Systems and Software Engineering – Life Cycle Management – Part 6: System Integration Engineering
ISO/TS 24748-7:2019Systems and Software Engineering – Life Cycle Management – Part 7: Application of Systems Engineering on Defense Programs
ISO/TS 24748-8:2019Systems and Software Engineering – Life Cycle Management – Part 8: Technical Reviews and Audits on Defense Programs  
ISO 29148:2018Systems and Software Engineering – Life Cycle Processes – Requirements Engineering
IT SECURITY
ISO/TR 14516: 2002Information Technology – Security Techniques – Guidelines for the Use and Management of Trusted Third Party Services
ISO 15408-1: 2009Information Technology – Security Techniques – Evaluation Criteria for IT Security – Part 1: Introduction and General Model
ISO 15408-2: 2008Information Technology – Security Techniques – Evaluation Criteria for IT Security – Part 2: Security Functional Requirements
ISO 15408-3: 2008Information Technology – Security Techniques – Evaluation Criteria for IT Security – Part 3: Security Assurance Requirements
ISO/TR 15446:2017Information Technology – Security Techniques – Guide for the Production of Protection Profiles and Security Targets
ISO 18045:2008Information Technology – Security Techniques – Methodology for IT Security Evaluation
ISO/CD 18045.3:20xxInformation Technology – Security Techniques – Methodology for IT Security Evaluation
ISO/TR 19791:2010Information Technology – Security Techniques – Security Assessment of Operational Systems
ISO/TR 20004:2015Information Technology – Security Techniques – Refining Software Vulnerability Analysis under ISO 15408 and ISO 18045
ISO 20543:2019Information Technology – Security Techniques – Test and Analysis Methods for Random Bit Generators within ISO 19790 and ISO 15408
ISO 27000: 2018Information Technology – Security Techniques- Information Security Management Systems – Overview and Vocabulary
ISO 27001: 2013Information Technology – Security Techniques – Information Security Management Systems – Requirements
ISO 27002: 2013Information Technology – Security Techniques – Code of Practice for Information Security Management
ISO 27003:2017Information Technology – Security Techniques – Information Security Management System – Guidance
ISO 27004:2016Information Technology – Security Techniques – Information Security Management – Monitoring, Measurement, Analysis and Evaluation
ISO 27005: 2018Information Technology – Security Techniques – Information Security Risk Management
ISO 27006: 2015Information Technology – Security Techniques – Requirements for Bodies Providing Audit and Certification of Information Security Management Systems
ISO 27007:2017Information Technology – Security Techniques – Guidelines for Information Security Management Systems Auditing
ISO/TS 27008:2019Information Technology – Security Techniques – Guidelines for Auditors on Information Security Controls
 ISO 27009:2016Information Technology – Security Techniques – Sector-Specific Application of ISO 27001 – Requirements
ISO 27010:2015Information Technology – Security Techniques – Information Security Management for Inter-Sector and Inter-Organizational Communications
ISO 27011: 2016Information Technology – Security Techniques – Code of Practice for Information Security Controls based on ISO 27002 for Telecommunications Organizations
ISO 27013:2015Information Technology – Security Techniques – Guidelines on the Integrated Implementation of ISO 27001 and ISO 20000-1
ISO 27014:2013Information Technology – Security Techniques – Governance of Information Security
ISO/CD 27014:20xxInformation Technology – Security Techniques – Governance of Information Security
ISO/TR 27016:2014Information Technology – Security Techniques – Information Security Management – Organizational Economics
ISO 27017:2015Information Technology – Security Techniques – Code of Practice for Information Security Controls based on ISO 27002 for Cloud Services
ISO 27018:2019Information Technology – Security Techniques – Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds acting as PII Processors
ISO/TR 27019: 2017Information Technology – Security Techniques – Information Security Management Controls for the Energy Utility Industry
ISO 27021:2017Information Technology – Security Techniques – Competence Requirements for Information Security Management Systems Professionals
ISO/WD 27022: 20xxInformation Technology – Security Techniques – Guidance on ISMS Processes 
ISO/TR 27023:2015Information Technology – Security Techniques – Mapping the Revised Editions of ISO 27001 and ISO 27002
ISO/WD 27030:20xxInformation Technology – Security Techniques – Guidelines for Security and Privacy in Internet of Things (IoT)
ISO 27031:2011Information Technology – Security Techniques – Guidelines for Information and Communication Technology Readiness for Business Continuity
ISO 27032:2012Information Technology – Security Techniques – Guidelines for Cybersecurity
ISO 27033-1:2015Information Technology – Security Techniques – Network Security – Part 1: Overview and Concepts
ISO 27033-2:2012Information Technology – Security Techniques – Network Security – Part 2: Guidelines for the Design and Implementation of Network Security
ISO 27033-3:2010Information Technology – Security Techniques – Network Security – Part 3: Reference Networking Scenarios – Threats, Design Techniques and Control Issues
ISO 27033-4:2014Information Technology – Security Techniques – Network Security – Part 4: Securing Communications between Networks using Security Gateways
ISO 27033-5:2013Information Technology – Security Techniques – Network Security – Part 5: Securing Communications across Networks using Virtual Private Network (VPNs)
ISO 27033-6:2016Information Technology – Security Techniques – Network Security – Part 6: Securing Wireless IP Network Access
ISO 27034-1:2011Information Technology – Security Techniques – Application Security – Part 1: Overview and Concepts
ISO 27034-2:2015Information Technology – Security Techniques – Application Security – Part 2: Organization Normative Framework
ISO 27034-3:2018Information Technology – Application Security – Part 3: Application Security Management Process
ISO/CD 27034-4:20xxInformation Technology – Application Security – Part 4: Validation and Verification
ISO 27034-5:2017Information Technology – Security Techniques – Application Security – Part 5: Protocols and Application Security Controls Data Structure
ISO/TS 27034-5-1:2018Information Technology – Security Techniques – Application Security – Part 5-1: Protocols and Application Security Controls Data Structure — XML Schemas
ISO 27034-6:2016Information Technology – Security Techniques – Application Security – Part 6: Case Studies
ISO 27034-7: 2018Information Technology – Application Security – Part 7: Assurance Prediction Framework 
ISO 27035-1:2016Information Technology – Security Techniques – Information Security Incident Management – Part 1: Principles of Incident Management
ISO 27035-2:2016Information Technology – Security Techniques – Information Security Incident Management – Part 2: Guidelines to Plan and Prepare for Incident Response
ISO/DIS 27035-3:20xxInformation Technology – Security Techniques – Information Security Incident Management – Part 3: Guidelines for Incident Response Operations
 ISO 27036-1:2014Information Technology – Security Techniques – Information Security for Supplier Relationships – Part 1: Overview and Concepts
 ISO 27036-2:2014Information Technology – Security Techniques – Information Security for Supplier Relationships – Part 2: Requirements
 ISO 27036-3:2013Information Technology – Security Techniques – Information Security for Supplier Relationships – Part 3: Guidelines for Information and Communication Technology Supply Chain Security
ISO 27036-4:2016Information Technology – Security Techniques – Information Security for Supplier Relationships – Part 4: Guidelines for Security of Cloud Services
 ISO 27037:2012Information Technology – Security Techniques – Guidelines for Identification, Collection, Acquisition and Preservation of Digital Evidence
ISO 27038:2014Information Technology – Security Techniques – Specification for Digital Redaction
ISO 27039:2015Information Technology – Security Techniques – Selection, Deployment and Operations of Intrusion Detection and Prevention Systems
ISO 27040:2015Information Technology – Security Techniques – Storage Security
ISO 27041:2015Information Technology – Security Techniques – Guidance on Assuring Suitability and Adequacy of Incident Investigative Method
ISO 27042:2015Information Technology – Security Techniques – Guidelines for the Analysis and Interpretation of Digital Evidence
ISO 27043:2015Information Technology – Security Techniques – Incident Investigation Principles and Processes
ISO 27701:2019Security techniques — Extension to ISO 27001 and ISO 27002 for privacy information management — Requirements and guidelines
ISO 29128:2011Information Technology – Security Techniques – Verification of Cryptographic Protocols
ISO/WD 29128:20xxInformation Technology – Security Techniques – Verification of Cryptographic Protocols
SOFTWARE MEASUREMENT
ISO 14143-1: 2007Information Technology – Software Measurement – Functional Size Measurement –  Part 1: Definition of Concepts
ISO 14143-2: 2011Information Technology – Software Measurement – Functional Size Measurement – Part 2: Conformity Evaluation of Software Size Measurement Methods to ISO 14143-1
ISO/TR 14143-3: 2003Information Technology – Software Measurement – Functional Size Measurement –  Part 3: Verification of Functional Size Measurement Methods
ISO/TR 14143-4: 2002Information Technology – Software Measurement – Functional Size Measurement –  Part 4: Reference Model
ISO/TR 14143-5: 2004Information Technology – Software Measurement – Functional Size Measurement –  Part 5: Determination of Functional Domains for use with Functional Size Measurement
ISO 14143-6: 2012Information Technology – Software Measurement – Functional Size Measurement –  Part 6: Guide for Use of ISO 14143 Series and Related International Standards.
ISO 14756: 1999Information Technology – Measurement and Rating of Performance of Computer-based Software Systems
ISO 15939: 2017Systems and Software Engineering — Measurement Process
PROCESS ASSESSMENT
ISO 15504-4: 2004Information Technology – Process Assessment – Part 4: Guidance on Use for Process Improvement and Process Capability Determination
ISO 15504-5: 2012Information Technology – Process Assessment – Part 5: An Exemplar Software Life Cycle Process Assessment Model
ISO/TR 15504-6: 2013Information Technology – Process Assessment – Part 6: An Exemplar System Life Cycle Process Assessment Model
ISO/TR 15504-7: 2008Information Technology – Process Assessment – Part 7: Assessment of Organizational Maturity
ISO/TS 15504-8: 2012Information Technology – Process Assessment – Part 8: An Exemplar Process Assessment Model for IT Service Management
ISO/TS 15504-9: 2011Information Technology – Process Assessment – Part 9: Target Process Profiles
ISO/TS 15504-10: 2011Information Technology – Process Assessment – Part 10: Safety Extension
ISO 29169:2016Information Technology – Process Assessment – Application of Conformity Assessment Methodology to the Assessment to Process Quality Characteristics and Organizational Maturity
ISO 33001: 2015Information Technology – Process Assessment – Concepts and Terminology
ISO 33002: 2015Information Technology – Process Assessment – Requirementsfor Performing Process Assessment
ISO 33003: 2015Information Technology – Process Assessment – Requirements for Process Measurement Frameworks
ISO 33004: 2015Information Technology – Process Assessment – Requirements for Process Reference, Process Assessment, and Maturity Models
ISO 33014: 2013Information Technology – Process Assessment – Guide for Process Improvement
ISO/TR 33015:2019Information Technology – Process Assessment – Guidance for Process Risk Determination
ISO/PDTR 33017: 20xxInformation Technology – Process Assessment – Guidance for Assessor Training
ISO/TR 33018:2019Information Technology – Process Assessment – Guidance for Assessor Competency
ISO 33020: 2015Information Technology – Process Assessment – Process Measurement Framework for Assessment of Process Capability
ISO 33030:2017Information Technology – Process Assessment – An Exemplar Documented Assessment Process
ISO/PRF TS 33053:20xxInformation Technology – Process Assessment – Process Reference Model (PRM) for Quality Management
ISO/PD TS 33054:20xxInformation Technology – Process Assessment – Process Reference Model (PRM) for Service Management
ISO/CD TS 33060:20xxInformation Technology – Process Assessment – Process Assessment Model for System Life Cycle Processes 
ISO 33063: 2015Information Technology – Process Assessment – Process Assessment Model for Software Testing
ISO 33071:2016Information Technology – Process Assessment – An Integrated Process Capability Assessment Model for Enterprise Processes
ISO 33072:2016Information Technology – Process Assessment – Process Capability Assessment Model for Information Security Management
ISO 33073:2017Information Technology – Process Assessment – Process Capability Assessment Model for Quality Management
SERVICE MANAGEMENT
ISO 20000-1: 2018Information Technology – Service Management – Part 1: Service Management System Requirements
ISO 20000-2: 2019Information Technology – Service Management – Part 2: Guidance on the Application of Service Management Systems
ISO 20000-3: 2019Information Technology – Service Management – Part 3: Guidance on Scope Definition and Applicability of ISO 20000-1
ISO/TR 20000-5: 2013Information Technology – Service Management – Part 5: Exemplar Implementation Plan for ISO 20000-1
ISO 20000-6: 2017Information Technology – Service Management – Part 6: Requirements for Bodies providing Audit and Certification of Service Management Systems
ISO/TR 20000-7: 2019Information Technology – Service Management – Part 7: Guidance on the Integration and Correlation of ISO 20000-1:2018 to ISO 9001:2015 and ISO 27001:2013
ISO/TR 20000-9:2015Information technology – Service management – Part 9: Guidance on the application of ISO/IEC 20000-1 to cloud services
ISO 20000-10: 2018Information Technology – Service Management – Part 10: Concepts and Terminology
ISO/TR 20000-11: 2015Information Technology – Service Management – Part 11: Guidance on the Relationship between ISO 20000-1:2011 and related Frameworks: ITIL®
ISO/TR 20000-12: 2016Information Technology – Service Management – Part 12: Guidance on the Relationship between ISO 20000-1:2011 and Service Management Frameworks: CMMI-SVC
ISO/TR 20000-13:20xxInformation Technology – Service Management – Part 12: Guidance on the Relationship between ISO 20000-1:2018 and Service Management Frameworks: COBIT
IT and SOFTWARE ASSET MANAGEMENT
ISO 19770-1: 2017Information Technology – IT Asset Management – Part 1: IT Asset Management Systems – Requirements
ISO 19770-2: 2015Information Technology – Software Asset Management – Part 2: Software Identification Tag
ISO 19770-3: 2016Information Technology – IT Asset Management – Part 3: Entitlement Schema
ISO 19770-4: 2017Information Technology – IT Asset Management – Part 4: Resource Utilization Measurement
ISO 19770-5: 2015Information Technology – IT Asset Management – Part 5: Overview and Vocabulary
SQuaRE = Software Product Quality Requirements and Evaluation
ISO 25000: 2014Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Guide to SQuaRE
ISO 25001: 2014Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Planning and Management
ISO 25010:2011Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – System and Software Quality Models
ISO/TS 25011: 2017Information Technology – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Service Quality Models
ISO 25012: 2008Software and System Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Data Quality Model
ISO 25020: 2019Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Quality Measurement Framework
ISO 25021: 2012Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Quality Measure Elements
ISO 25022:2016Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Measurement of Quality in Use
ISO 25023: 2016Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Measurement of System and Software Product Quality
ISO 25024: 2015Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Measurement of IT Service Quality
ISO/PDTS 25025Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Measurement of System and Software Product Quality
ISO 25030: 2007Software Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Quality Requirements
ISO 25030:2019Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Quality Requirements Framework
ISO 25040:2011Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE)  Evaluation Process
ISO 25041:2012Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Evaluation Guide for Developers, Acquirers and Independent Evaluators
ISO 25045: 2010Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Evaluation Module for Recoverability
ISO 25051: 2014Software Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Requirements for Quality of Ready to Use Software Product (RUSP) and Instructions for Testing
ISO/TR 25060: 2010Software Product Quality Requirements and Evaluation (SQuaRE) — Common Industry Format (CIF) for Usability — General Framework for Usability-related Information
ISO 25062: 2006Software Engineering – Software Quality Requirements and Evaluation (SQuaRE) – Common Industry Format for Usability Test Reports
 ISO 25064:2013Systems and Software Engineering – Software Quality Requirements and Evaluation (SQuaRE) – Common Industry Format (CIF) for Usability: User Needs Report
ISO 25065: 2019Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Common Industry Format for Usability – User Requirements Specification
 ISO 25066: 2016Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Common Industry Format for Usability – Evaluation Report

NP = New Project; AWI = Approved Work Item; WD = Working Document; CD = Committee Draft; DIS = Draft International Standard; FDIS = Final Draft International Standard; TR = Technical Report; IWA = International Workshop Agreement.

Follow the progress of the draft standards at www.iso.org.

Whittington & Associates

We are committed to providing expert training, effective consulting, and valuable auditing. If you have any questions about our services, please contact us at 770-862-1766, or Larry@WhittingtonAssociates.com.