ISO/IEC 24748

ISO/IEC 24748 is a series of international standards providing guidance on life cycle management, including terms and definitions, process, and conceptual models. It is part of the systems and software engineering suite of standards and is closely related to the processes defined in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207.

Definition and purpose

The purpose of ISO/IEC 24748 is to establish a common framework for the life cycle management of systems and software. It offers guidance on the use of life cycle processes (such as in ISO/IEC 15288 and ISO/IEC 12207), including the adaptation and application of such processes, and the terms and definitions related to life cycle management.

Governing Body

The standard is maintained by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

Last updated

ISO/IEC 24748 was initially published in 2018 and updated in 2018. The standard is reviewed every 5 years and will be replaced by ISO/IEC/IEEE FDIS 24748-1, which is currently under development.

Applies to

ISO/IEC 24748 applies to organizations involved in the development, procurement, and maintenance of systems and software products. This includes industries such as aerospace, defense, software development, IT services, and others involved in complex system engineering.

Controls and requirements

While ISO/IEC 24748 itself doesn't mandate controls, it provides guidance on life cycle management, including:

  • General Concepts of Life Cycle Management: Overview and general principles, including life cycle stages and process models.
  • Life Cycle Processes: Integration of life cycle processes, including planning, assessment, and control.
  • Life Cycle Information: Management and documentation of life cycle information.

Please refer to the official ISO/IEC 24748:2018 documentation for details on controls and requirements.

Audit type, frequency, and duration

Audits related to ISO/IEC 24748 would typically assess the alignment and application of life cycle management practices within an organization. This might be done internally or by external auditors. The frequency of audits can be based on organizational policy, regulatory requirements, or as deemed necessary based on project or program milestones.

The duration of audits would vary depending on the organization's size, the complexity of the systems, the scope of the audit, and the specific aspects of life cycle management being assessed.

Get compliant using Secureframe Custom Frameworks