How small organizations upto25 develop software better


A large majority of enterprises worldwide are VSEs (Very Small Entities – enterprises, organizations, departments or projects of up to 25 people). Like for any business, VSEs in the IT business sector face challenging and strong competition. Adopting "best practices", standardizing processes and obtaining an international recognition or certification, are key factors for success. The new standard ISO/IEC 29110 is VSE tailor-made, lightweight, certifiable and compatible with traditional models such as CMMI [2], ISO330xx [8], or ISO 9000 [9]. This paper goes a bit further from the standard and presents the need of detailed materials for practical support and with examples to be directly reused by VSEs developing software.

Keywords: VSE, ISO/IEC 29110, upto25, process, process assessment, process improvement, conformity assessment, certification.


According to the very new ISO series standard, ISO/IEC 29110 [5], an entity comprising 25 people or less is called a Very Small Entity, or VSE. It refers not only to micro and small SMEs but also to organizations, departments or projects area.

Overall, SMEs accounted for more than 99% of all enterprises active in the EU28 nonfinancial business sector, being more than 65% of total employment and almost 60% of the value added (as in the EU28 in 2014/15 [1]). In Europe, for instance, more than 90% of enterprises have up to 9 employees [1]. These figures are similar worldwide.

VSEs produce always more products which are made of or depend on software and its quality is directly influenced by the quality of their software.

Like for any business, VSEs in the IT sector face a challenging and strong competition. Adopting "best practices", standardizing processes and obtaining an international recognition or certification, in addition to improving productivity, competitiveness and organizational climate, help retaining customers and establishing new inter-business relationships. However, most international standards and models were initially designed thinking on large software organizations; although it is possible to adapt such models to the small and often growing companies, it consumes an important amount of extra time and effort not often available.

In 2005, the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) mandated to develop a set of tailored-made standards and guides to drive VSEs through a scalable, cost effective, less time consuming and manageable step by step approach in adopting and using world class Software Engineering practices. Therefore, now, SMEs are starting to have standards recognized internationally dedicated to their characteristics (few resources and time) and needs (without formalism, step by step, with guides, and with easy and affordable recognition schemas).

This series of standards provide guidance material detailing which are the steps to perform, by which roles and producing which work products when developing software, but are still only referring to the what-to-do's.

This paper presents how VSEs can get support for the how-to-do's and how they can be recognized internationally.

The ISO /IEC 29110 standard

The ISO SC7 WG24 working group is defining incrementally a set of standards focused on a step-wise approach for VSEs to increase their maturity and excellency in implementing software, systems and service provision. The standards define profiles containing minimum recognised processes with best practices extracted from existing models and standards such as CMMI-DEV, ISO 12207, ISO 9001. One of these profile sets, the software related profiles, are shown in figure below:

Fig.1. VSE generic profiles for software development

ISO SC7 WG24's work resulted in the production of guidance for VSEs for implementing the profiles (e.g. ISO/IEC 29110-5-1-2 [5] contains the guidance for the generic basic profile for software development). Together with the guide, the corresponding profiles specifications are defined (e.g. ISO/IEC 29110-4-1 [5] contains the generic basic profile specification for software development) including traces to ISO/IEC 12207, ISO/IEC 15289 [4] and/or ISO 9001 [9] standards.

Within the structure of the ISO/IEC 29110 standard, the figure below highlights some of the standards for software:

Fig.2. The ISO/IEC 29110 standard

Part 5 of the standard is valuable for VSEs as it provides guidance for the implementation of the profile. For the Basic Profile for software, the guide details the 2 interrelated processes (the Project Management and the Software Implementation ones) with their activities and for each activity with the tasks to be performed. Also, the roles involved and the output of the processes i.e. work product, are detailed.

The purpose of the Project Management (PM) process is to establish and carry out in a systematic way the tasks of the software implementation project, which allows complying with the project"s objectives in the expected quality, time and cost.

The purpose of the Software Implementation (SI) process is the systematic performance of the analysis, design, construction, integration and delivery activities for new or modified software products according to the specified requirements.

Fig.3. The ISO /IEC 29110 Basic Profile processes for software

Guidance materials with How-to-do's

Although in the past some deployment packages (DP) have been developed to provide guidance on the implementation of the management and engineering guides (ISO/IEC 29110-5) for the VSEs, more accessible guidance are needed in order to better support VSEs in the implementation of the profiles that fit their improvement needs.

Graphical guidance for fast and easy visual understanding of the process details is needed, as well as detailed explanations of the defined activities, the roles and the work products. All this shall come accompanied by suggestions of possible methods and techniques to support implementing the activities and also by the provision of the so often demanded sample cases and downloadable templates. These how-to-do's shall use the modern web capabilities to ease the use and understanding of the detailed guides. Hereafter is a snapshot of a possible visual process flow:

Fig.4. Snapshot of the Project Planning activity flow

Conformity assessment and certifications of VSE profiles

Research shows that only 18% of the VSEs are certified (compared to 53% for bigger organizations) but also that they, in great majority, recognize the benefit of being recognized and certified.

With the ISO/IEC 29110 [5] new standard VSEs usually require no more than 6 months preparation to be ready for certification for the first basic profile. VSEs wishing to be certified shall contact an accredited certification body to initiate the simple, short and affordable certification process (also defined in part 3-3 of ISO/IEC 29110). This is what the VSEs market was expecting: to keep growing and demonstrate their excellency by being recognised.

ISO 29110-4-1 [5] contains the requirements required by a profile definition to be the basis of claiming conformance to that profile.

ISO SC7 WG24 published a certification schema for the independent conformity assessment of the processes of VSEs based on "Process assessment and maturity levels". It contains the requirements any certification body shall fulfil to be accredited to certify VSE profiles, in a classical 3 years cycle with the surveillance assessments every year.

VSE certifications, as in any other certification, will need to be performed by 'Accredited Assessors' from (or subcontracted by) the also accredited certification bodies. The meaning of 'Accredited Assessors' is that these conformity assessments shall be performed by trained and qualified individuals who are trained by an "authorized" training organization, and who have the education, competencies and working and practical experience to be able to perform these certifications using the process assessment and maturity level schema.

An "ISO/IEC 29110 Accredited Assessor" needs Software Engineering specific knowledge, enough field experience, some ISO/IEC 29110 training and skills and qualification to properly conduct a VSE assessment, for example and in particular, of the ISO/IEC 29110-4-1 software basic profile processes. The organization training and accrediting assessors will need to train them in the above, plus will need to comply with ISO/IEC 17024 [7] which contains the principles and requirements for a body certifying persons against specific requirements, and includes the development and maintenance of a certification scheme for persons. One example of an international organization performing this assessor"s competencies accreditation is INTRSA [7] (International Registration Schema for Assessors), certifying process assessors as assessor, lead assessor or principal assessor, trained and qualified in the principles and practices of assessing processes with the requirements ISO/IEC 330xx [8] (former ISO/IEC 15504). These accreditations are to be renewed periodically, and for example in INTRSA ( [6], for ISO/IEC 15504-5 and/or ISO/IEC 29110 assessors. it is every three years.

Why upto25 web site?

upto25 is a new web site resulting from a joint effort of recognised international experts in software and systems development and services provision and with demonstrated experience in standards and certification.

It is fully dedicated to VSEs with the mission to connect and help the world's VSEs to make them more productive and successful.

At the moment it provides a complete set of guidance material with the How-to-do's for the implementation of the Generic software Basic profile, complementing and correcting the ISO/IEC 29110 standards [5] and including concrete examples and templates directly usable by VSEs.

upto25 offers a helpdesk, not only to guide VSEs through the web site, but also to answer their technical questions by professionals with real expertise. It is also a modern VSE social network to find partners, customers, and to interchange experiences from other VSEs.

This web site is dedicated to VSEs but also to the assessors and certification bodies so that a complete solution is provided to facilitate both the adoption and the certification of the VSEs profiles.

It is the perfect path to implement the industrial best practices, to find new customers and be found by customers, to find consultancy support from accredited assessors and/or to be certified by contacting accredited certification bodies. will be a constantly growing web with materials not only for the Generic Software Basic profile but for higher maturity profiles, as well as for profiles for systems and services.

Conclusions and future steps

A large majority of organizations worldwide have up to 25 people and many of them develop software. The collection of ISO/IEC standards for software was not easily applied by VSEs, which generally find engineering and management standards difficult to understand and implement. A dedicated ISO working group has developed the ISO/IEC 29110 series [5], specifically intended for VSEs involved in the development of systems or software to satisfy their needs of improvement and recognition.

This paper has presented the existing documentation and processes proposed by the standard and highlighted the fact that there is need to go further in helping the VSEs in the implementation of the guidance. The ISO/IEC 29110 [5] guides define the what-to-do but not the how-to-do"s explicitly required by the VSEs which need practical and easy to implement solutions. This paper also presented the ISO/IEC 29110 conformity assessment and certifications scheme so that VSEs can be recognized for which the upto25 website also provides support. This new web site presents a complete solution that will facilitate both, the implementation and the certification of the step-wise profiles with their best practices.

The status is still very incipient but fast moving into the right direction. In one hand, industry needs to get all VSE profiles published from ISO, together with all their process assessment models. The guides together with the profiles will get then the How-to-do guidance directly implementable in the upto25 web site.

In the other hand, and in order to be able to get recognition, first, the different Countries need to adopt the certification schema detailed in ISO/IEC 29110-3-3 [5], so that certification bodies can be accredited to certify VSE profiles. Second, these certification bodies need 'certified' assessors trained by an "authorized" training organization as also required in ISO/IEC 29110-3-3 [5].





Patricia Rodríguez-Dapena

Philippe Lohier1 1

Softwcare SL, CEO, Vigo, Spain