ISO/IEC 15288

ISO/IEC 15288 is a globally recognized standard for systems and software engineering. It offers a comprehensive framework for the life cycle processes of systems, which includes both software and hardware components.

Definition and purpose

The main objective of ISO/IEC 15288 is to define the processes involved in a system's life cycle, from its conception to its retirement. This encompasses not only the technical aspects but also the processes related to managing and acquiring system products. The standard aids organizations in leveraging best practices for system life cycle processes, ensuring quality, efficiency, and consistency.

Governing Body

The standard is jointly published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

Last updated

ISO/IEC 15288 was last updated in 2023, known as ISO/IEC15288:2023.

Applies to

ISO/IEC 15288 is pertinent to various sectors and industries that deal with systems engineering, including aerospace, automotive, software development, defense, electronics, and more. Any organization that is involved in designing, developing, and maintaining complex systems can make use of this standard.

Controls and requirements

The standard provides a detailed breakdown of processes, grouped into four main categories:

  • Agreement Processes: Focuses on processes that are used to establish agreements with stakeholders, such as acquisition and supply.
  • Organizational Project-Enabling Processes: Deals with the overall management and infrastructure of projects, like decision-making and quality assurance.
  • Technical Management Processes: These are processes that ensure the technical aspects of a project are correctly managed, which include requirements management, configuration management, and risk management.
  • Technical Processes: These relate directly to the technical tasks of creating and maintaining systems, encompassing stakeholder requirements definition, design definition, integration, validation, transition, and operation.

Please refer to the official ISO/IEC 15288:2023 documentation for a detailed list of controls and requirements.

Audit type, frequency, and duration

Audits for ISO/IEC 15288 would typically be systems engineering process audits. They could be conducted internally or by third-party organizations, especially when certification to the standard is sought. Audit frequency might vary based on organizational policies, industry requirements, or regulatory demands. For critical industries, more frequent audits may be necessary.

The audit duration is determined by the complexity of the system, the size of the organization, and the scope of the audit itself.

Get compliant using Secureframe Custom Frameworks