The following international standards relate to Information Technology. They are grouped into these categories:
Product Quality, Documentation, Life Cycle Processes, IT Security (including ISO 27001), IT and Software Measurement, Process Assessment, Service Management (including ISO 20000), and Software Asset Management.
| PRODUCT QUALITY | |
| ISO/TR 9126-2: 2003 | Software Engineering – Product Quality – Part 2: External Metrics |
| ISO/TR 9126-3: 2003 | Software Engineering – Product Quality – Part 3: Internal Metrics |
| ISO/TR 9126-4: 2004 | Software Engineering – Product Quality – Part 4: Quality in Use Metrics |
| DOCUMENTATION | |
| ISO 15289:2015 | Systems and Software Engineering – Content of Life Cycle Information Products (Documentation) |
| ISO 26511:2011 | Systems and Software Engineering – Requirements for Managers of User Documentation |
| ISO 26512:2011 | Systems and Software Engineering – Requirements for Acquirers and Suppliers of User Documentation |
| ISO 26513:2009 | Systems and Software Engineering – Requirements for Testers and Assessors of User Documentation |
| ISO/DIS 26513:201x | Systems and Software Engineering – Requirements for Testers and Assessors of User Documentation |
| ISO 26514:2008 | Systems and Software Engineering — Requirements for Designers and Developers of User Documentation |
| LIFE CYCLE PROCESSES | |
| ISO 12207: 2008 | Systems and Software Engineering – Software Life Cycle Processes |
| ISO/CD 12207: 201x | Systems and Software Engineering – Software Life Cycle Processes |
| ISO 14764: 2006 | Software Engineering – Software Life Cycle Processes – Maintenance |
| ISO 15026-1: 2013 | Systems and Software Engineering – Systems and Software Assurance – Part 1: Concepts and Vocabulary |
| ISO/DIS 15026-1: 201x | Systems and Software Engineering – Systems and Software Assurance – Part 1: Concepts and Vocabulary |
| ISO 15026-2: 2011 | Systems and Software Engineering – Systems and Software Assurance – Part 2: Assurance Case |
| ISO 15026-3: 2015 | Systems and Software Engineering – Systems and Software Assurance – Part 3: System Integrity Levels |
| ISO 15026-4: 2012 | Systems and Software Engineering – Systems and Software Assurance – Part 4: Assurance in the Life Cycle |
| ISO 15288: 2015 | Systems and Software Engineering – System Life Cycle Processes |
| ISO 16085: 2006 | Information Technology – Software Life Cycle Processes – Risk Management |
| ISO 16326: 2009 | Software Engineering – Life Cycle Processes — Project Management |
| ISO/TR 19759: 2015 | Software Engineering – Guide to the Software Enginering Body of Knowledge |
| ISO 24748-1:2010 | Systems and Software Engineering – Life Cycle Management – Part 1: Guide for Life Cycle Management |
| ISO/TR 24748-2:2011 | Systems and Software Engineering – Life Cycle Management – Part 2: Guide to the Application of ISO 15288 (Systems Life Cycle Processes) |
| ISO/TR 24748-3:2011 | Systems and Software Engineering – Life Cycle Management – Part 3: Guide to the Application of ISO 12207 (Software Life Cycle Processes) |
| ISO 24748-4:2016 | Systems and Software Engineering – Life Cycle Management – Part 4: Systems Engineering Planning |
| ISO/DIS 24748-5:201x | Systems and Software Engineering – Life Cycle Management – Part 5: Software Development Planning |
| ISO/PDTS 24748-6:201x | Systems and Software Engineering – Life Cycle Management – Part 6: Guide to System Integration Engineering |
| ISO 29148:2011 | Systems and Software Engineering – Life Cycle Processes – Requirements Engineering |
| ISO 90005:2008 | Systems Engineering – Guidelines for the Application of ISO 9001 to System Life Cycle Processes |
| IT SECURITY | |
| ISO/TR 14516: 2002 | Information Technology – Security Techniques – Guidelines for the Use and Management of Trusted Third Party Services |
| ISO/NP TR 14516-1: 201x | Information Technology – Security Techniques – Guidelines for the Use and Management of Electronic Trust Service Providers – Part 1: Overview and Concepts |
| ISO/NP TR 14516-2: 201x | Information Technology – Security Techniques – Guidelines for the Use and Management of Electronic Trust Service Providers – Part 2: Guidelines on Information Security for CA Trust Service Providers |
| ISO/NP TR 14516-3: 201x | Information Technology – Security Techniques – Guidelines for the Use and Management of Electronic Trust Service Providers – Part 3: Guidelines on Information Security for PKI Trust Service Providers |
| ISO 15408-1: 2009 | Information Technology – Security Techniques – Evaluation Criteria for IT Security – Part 1: Introduction and General Model |
| ISO 15408-2: 2008 | Information Technology – Security Techniques – Evaluation Criteria for IT Security – Part 2: Security Functional Requirements |
| ISO 15408-3: 2008 | Information Technology – Security Techniques – Evaluation Criteria for IT Security – Part 3: Security Assurance Requirements |
| ISO/TR 15446:2009 | Information Technology – Security Techniques – Guide for the Production of Protection Profiles and Security Targets |
| ISO 18028-3: 2005 | Information Technology – Security Techniques– IT Network Security – Part 3: Securing Communications between Networks using Security Gateways |
| ISO 18028-4: 2005 | Information Technology – Security Techniques– IT Network Security – Part 4: Securing Remote Access |
| ISO 18028-5: 2006 | Information Technology – Security Techniques– IT Network Security – Part 5: Securing Communications across Networks using Virtual Private Networks |
| ISO 18045:2008 | Information Technology – Security Techniques – Methodology for IT Security Evaluation |
| ISO/TR 19791:2010 | Information Technology – Security Techniques – Security Assessment of Operational Systems |
| ISO/TR 20004:2015 | Information Technology – Security Techniques – Refining Software Vulnerability Analysis under ISO 15408 and ISO 18045 |
| ISO/NP 20543:201x | Information Technology – Security Techniques – Test and Analysis Methods for Random Bit Generators within ISO 19790 and ISO 15408 |
| ISO 27000: 2016 | Information Technology – Security Techniques- Information Security Management Systems – Overview and Vocabulary |
| ISO 27001: 2013 | Information Technology – Security Techniques – Information Security Management Systems – Requirements |
| ISO 27002: 2013 | Information Technology – Security Techniques – Code of Practice for Information Security Management |
| ISO 27003:2017 | Information Technology – Security Techniques – Information Security Management System – Guidance |
| ISO 27004:2016 | Information Technology – Security Techniques – Information Security Management – Monitoring, Measurement, Analysis and Evaluation |
| ISO 27005: 2011 | Information Technology – Security Techniques – Information Security Risk Management |
| ISO/WD 27005: 201x | Information Technology – Security Techniques – Information Security Risk Management |
| ISO 27006: 2015 | Information Technology – Security Techniques – Requirements for Bodies Providing Audit and Certification of Information Security Management Systems |
| ISO 27007:2011 | Information Technology – Security Techniques – Guidelines for Information Security Management Systems Auditing |
| ISO/DIS 27007:201x | Information Technology – Security Techniques – Guidelines for Information Security Management Systems Auditing |
| ISO/TR 27008:2011 | Information Technology – Security Techniques – Guidelines for Auditors on Information Security Controls |
| ISO/PDTS 27008:201x | Information Technology – Security Techniques – Guidelines for Auditors on Information Security Controls |
| ISO 27009:2016 | Information Technology – Security Techniques – Sector-Specific Application of ISO 27001 – Requirements |
| ISO 27010:2015 | Information Technology – Security Techniques – Information Security Management for Inter-Sector and Inter-Organizational Communications |
| ISO 27011: 2016 | Information Technology – Security Techniques – Code of Practice for Information Security Controls based on ISO 27002 for Telecommunications Organizations |
| ISO 27013:2015 | Information Technology – Security Techniques – Guidelines on the Integrated Implementation of ISO 27001 and ISO 20000-1 |
| ISO 27014:2013 | Information Technology – Security Techniques – Governance of Information Security |
| ISO/TR 27015:2012 | Information Technology – Security Techniques – Information Security Management Guidelines for Financial Services |
| ISO/TR 27016:2014 | Information Technology – Security Techniques – Information Security Management – Organizational Economics |
| ISO 27017:2015 | Information Technology – Security Techniques – Code of Practice for Information Security Controls based on ISO 27002 for Cloud Services |
| ISO 27018:2014 | Information Technology – Security Techniques – Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds acting as PII Processors |
| ISO/TR 27019: 2013 | Information Technology – Security Techniques – Information Security Management Guidelines based on ISO 27002 for Process Control Systems specific to the Energy Utility Industry |
| ISO/AWI 27019: 201x | Information Technology – Security Techniques – Information Security Management Guidelines based on ISO 27002 for Process Control Systems specific to the Energy Utility Industry |
| ISO/NP 27021:201x | Information Technology – Security Techniques – Competence Requirements for Information Security Management Systems Professionals |
| ISO/TR 27023:2015 | Information Technology – Security Techniques – Mapping the Revised Editions of ISO 27001 and ISO 27002 |
| ISO 27031:2011 | Information Technology – Security Techniques – Guidelines for Information and Communication Technology Readiness for Business Continuity |
| ISO 27032:2012 | Information Technology – Security Techniques – Guidelines for Cybersecurity |
| ISO 27033-1:2015 | Information Technology – Security Techniques – Network Security – Part 1: Overview and Concepts |
| ISO 27033-2:2012 | Information Technology – Security Techniques – Network Security – Part 2: Guidelines for the Design and Implementation of Network Security |
| ISO 27033-3:2010 | Information Technology – Security Techniques – Network Security – Part 3: Reference Networking Scenarios – Threats, Design Techniques and Control Issues |
| ISO 27033-4:2014 | Information Technology – Security Techniques – Network Security – Part 4: Securing Communications between Networks using Security Gateways |
| ISO 27033-5:2013 | Information Technology – Security Techniques – Network Security – Part 5: Securing Communications across Networks using Virtual Private Network (VPNs) |
| ISO 27033-6:2016 | Information Technology – Security Techniques – Network Security – Part 6: Securing Wireless IP Network Access |
| ISO 27034-1:2011 | Information Technology – Security Techniques – Application Security – Part 1: Overview and Concepts |
| ISO 27034-2:2015 | Information Technology – Security Techniques – Application Security – Part 2: Organization Normative Framework |
| ISO/CD 27034-3:201x | Information Technology – Security Techniques – Application Security – Part 3: Application Security Management Process |
| ISO/CD 27034-5:201x | Information Technology – Security Techniques – Application Security – Part 5: Protocols and Application Security Controls Data Structure |
| ISO/PDTS 27034-5-1:201x | Information Technology – Security Techniques – Application Security – Part 5-1: Protocols and Application Security Controls Data Structure — XML Schemas |
| ISO/DIS 27034-6-2:201x | Information Technology – Security Techniques – Application Security – Part 6: Case Studies |
| ISO 27035-1:2016 | Information Technology – Security Techniques – Information Security Incident Management – Part 1: Principles of Incident Management |
| ISO 27035-2:2016 | Information Technology – Security Techniques – Information Security Incident Management – Part 2: Guidelines to Plan and Prepare for Incident Response |
| ISO/PDTS 27035-3:201x | Information Technology – Security Techniques – Information Security Incident Management – Part 3: Guidelines for CSIRT Operations |
| ISO 27036-1:2014 | Information Technology – Security Techniques – Information Security for Supplier Relationships – Part 1: Overview and Concepts |
| ISO 27036-2:2014 | Information Technology – Security Techniques – Information Security for Supplier Relationships – Part 2: Requirements |
| ISO 27036-3:2013 | Information Technology – Security Techniques – Information Security for Supplier Relationships – Part 3: Guidelines for Information and Communication Technology Supply Chain Security |
| ISO/DIS 27036-4:201x | Information Technology – Security Techniques – Information Security for Supplier Relationships – Part 4: Guidelines for Security of Cloud Services |
| ISO 27037:2012 | Information Technology – Security Techniques – Guidelines for Identification, Collection, Acquisition and Preservation of Digital Evidence |
| ISO 27038:2014 | Information Technology – Security Techniques – Specification for Digital Redaction |
| ISO 27039:2015 | Information Technology – Security Techniques – Selection, Deployment and Operations of Intrusion Detection Systems (IDPS) |
| ISO 27040:2015 | Information Technology – Security Techniques – Storage Security |
| ISO 27041:2015 | Information Technology – Security Techniques – Guidance on Assuring Suitability and Adequacy of Incident Investigative Method |
| ISO 27042:2015 | Information Technology – Security Techniques – Guidelines for the Analysis and Interpretation of Digital Evidence |
| ISO 27043:2015 | Information Technology – Security Techniques – Incident Investigation Principles and Processes |
| ISO 29128:2011 | Information Technology – Security Techniques – Verification of Cryptographic Protocols |
| SOFTWARE MEASUREMENT | |
| ISO 14143-1: 2007 | Information Technology – Software Measurement – Functional Size Measurement – Part 1: Definition of Concepts |
| ISO 14143-2: 2011 | Information Technology – Software Measurement – Functional Size Measurement – Part 2: Conformity Evaluation of Software Size Measurement Methods to ISO 14143-1 |
| ISO/TR 14143-3: 2003 | Information Technology – Software Measurement – Functional Size Measurement – Part 3: Verification of Functional Size Measurement Methods |
| ISO/TR 14143-4: 2002 | Information Technology – Software Measurement – Functional Size Measurement – Part 4: Reference Model |
| ISO/TR 14143-5: 2004 | Information Technology – Software Measurement – Functional Size Measurement – Part 5: Determination of Functional Domains for use with Functional Size Measurement |
| ISO 14143-6: 2012 | Information Technology – Software Measurement – Functional Size Measurement – Part 6: Guide for Use of ISO 14143 Series and Related International Standards. |
| ISO 14756: 1999 | Information Technology – Measurement and Rating of Performance of Computer-based Software Systems |
| ISO 15939: 2007 | Systems and Software Engineering — Measurement Process |
| PROCESS ASSESSMENT | |
| ISO 15504-2: 2003 | Information Technology – Process Assessment – Part 2: Performing An Assessment |
| ISO 15504-3: 2004 | Information Technology – Process Assessment – Part 3: Guidance on Performing an Assessment |
| ISO 15504-4: 2004 | Information Technology – Process Assessment – Part 4: Guidance on Use for Process Improvement and Process Capability Determination |
| ISO 15504-5: 2012 | Information Technology – Process Assessment – Part 5: An Exemplar Software Life Cycle Process Assessment Model |
| ISO/TR 15504-6: 2008 | Information Technology – Process Assessment – Part 6: An Exemplar System Life Cycle Process Assessment Model |
| ISO/TS 15504-8: 2012 | Information Technology – Process Assessment – Part 8: An Exemplar Process Assessment Model for IT Service Management |
| ISO/TS 15504-9: 2011 | Information Technology – Process Assessment – Part 9: Target Process Profiles |
| ISO/TS 15504-10: 2011 | Information Technology – Process Assessment – Part 10: Safety Extension |
| ISO 33001: 2015 | Information Technology – Process Assessment – Concepts and Terminology |
| ISO 33002: 2015 | Information Technology – Process Assessment – Requirements for Performing Process Assessment |
| ISO 33003: 2015 | Information Technology – Process Assessment – Requirements for Process Measurement Frameworks |
| ISO 33004: 2015 | Information Technology – Process Assessment – Requirements for Process Reference, Process Assessment, and Maturity Models |
| ISO 33014: 2013 | Information Technology – Process Assessment – Guide for Process Improvement |
| ISO 33020: 2015 | Information Technology – Process Assessment – Process Measurement Framework for Assessment of Process Capability |
| ISO 33063: 2015 | Information Technology – Process Assessment – Process Assessment Model for Software Testing |
| SERVICE MANAGEMENT | |
| ISO 20000-1: 2011 | Information Technology – Service Management – Part 1: Service Management System Requirements |
| ISO/WD 20000-1: 201x | Information Technology – Service Management – Part 1: Service Management System Requirements |
| ISO 20000-2: 2012 | Information Technology – Service Management – Part 2: Guidance on the Application of Service Management Systems |
| ISO 20000-3: 2012 | Information Technology – Service Management – Part 3: Guidance on Scope Definition and Applicability of ISO 20000-1 |
| ISO/TR 20000-4: 2010 | Information Technology – Service Management – Process Reference Model |
| ISO/TR 20000-5: 2013 | Information Technology – Service Management – Part 5: Exemplar Implementation Plan for ISO 20000-1 |
| ISO/DIS 20000-6: 201x | Information Technology – Service Management – Part 6: Requirements for Bodies providing Audit and Certification of Service Management Systems |
| ISO/CD 20000-7: 201x | Information Technology – Service Management – Part 7: Guidance on the Application of ISO 20000-1 to the Cloud |
| ISO/WD TR 20000-8: 201x | Information Technology – Service Management – Part 8: Guidance on Usage and Benefits of Service Management Systems for Smaller Organizations |
| ISO/TR 20000-9: 2015 | Information Technology – Service Management – Part 9: Guidance on the Application of ISO 20000-1 to Cloud Services |
| ISO/TR 20000-10: 2015 | Information Technology – Service Management – Part 10: Concepts and Terminology |
| ISO/TR 20000-11: 2015 | Information Technology – Service Management – Part 11: Guidance on the Relationship between ISO 20000-1:2011 and related Frameworks: ITIL® |
| ISO/PDTR 20000-12: 201x | Information Technology – Service Management – Part 12: Guidance on the Relationship between ISO 20000-1:2011 and Service Management Frameworks: CMMI-SVC |
| IT and SOFTWARE ASSET MANAGEMENT | |
| ISO 19770-1: 2012 | Information Technology – Software Asset Management – Part 1: Processes and Tiered Assessment of Conformance |
| ISO/CD 19770-1: 201x | Information Technology – IT Asset Management – Part 1: IT asset management Systems – Requirements |
| ISO 19770-2: 2015 | Information Technology – Software Asset Management – Part 2: Software Identification Tag |
| ISO 19770-3: 2016 | Information Technology – IT Asset Management – Part 3: Entitlement Schema |
| ISO/CD 19770-4: 201x | Information Technology – IT Asset Management – Part 4: Resource Utilization Measurement (RUM) |
| ISO 19770-5: 2015 | Information Technology – IT Asset Management – Part 5: Overview and Vocabulary |
| SQuaRE = Software Product Quality Requirements and Evaluation | |
| ISO 25000: 2005 | Software Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Guide to SQuaRE |
| ISO 25001: 2007 | Software Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Planning and Management |
| ISO 25010:2011 | Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – System and Software Quality Models |
| ISO/PDTS 25011: 201x | Information Technology – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Service Quality Model |
| ISO 25012: 2008 | Software and System Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Data Quality Model |
| ISO 25020: 2007 | Software and System Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Measurement Reference Model and Guide |
| ISO 25021: 2012 | Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Quality Measure Elements |
| ISO 25022:2016 | Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Measurement of Quality in Use |
| ISO 25023: 2016 | Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Measurement of System and Software Product Quality |
| ISO 25024: 2015 | Software Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Measurement of Data Quality |
| ISO 25030: 2007 | Software Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Quality Requirements |
| ISO 25040:2011 | Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) Evaluation Process |
| ISO 25041:2012 | Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Evaluation Guide for Developers, Acquirers and Independent Evaluators |
| ISO/NP 25044: 201x | Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) |
| ISO 25045: 2010 | Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Evaluation Module for Recoverability |
| ISO 25051: 2014 | Software Engineering – Software Product Quality Requirements and Evaluation (SQuaRE) – Requirements for Quality of Ready to Use Software Product (RUSP) and Instructions for Testing |
| ISO/TR 25060: 2010 | Software Product Quality Requirements and Evaluation (SQuaRE) — Common Industry Format (CIF) for Usability — General Framework for Usability-related Information |
| ISO 25062: 2006 | Software Engineering – Software Quality Requirements and Evaluation (SQuaRE) – Common Industry Format for Usability Test Reports |
| ISO 25064:2013 | Systems and Software Engineering – Software Quality Requirements and Evaluation (SQuaRE) – Common Industry Format (CIF) for Usability: User Needs Report |
| ISO/NP 25065: 201x | Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Common Industry Format for Usability – User Requirements Specification |
| ISO 25066: 2016 | Systems and Software Engineering – Systems and Software Quality Requirements and Evaluation (SQuaRE) – Common Industry Format for Usability – Evaluation Report |
NP = New Project; AWI = Approved Work Item; WD = Working Document; CD = Committee Draft; DIS = Draft International Standard; FDIS = Final Draft International Standard; TR = Technical Report; IWA = International Workshop Agreement.
Follow the progress of the draft standards at www.iso.org.
Whittington & Associates
Sign up for our monthly email newsletter to get the latest guidance on ISO 9001, AS9100, ISO 13485, ISO/TS 16949, TL 9000, ISO 14001, ISO 27001, ISO 20000, and related ISO standards, as well as, Six Sigma.
