A large majority of enterprises worldwide are VSEs (Very Small Entities – enterprises, organizations, departments or projects of up to 25 people). Like for any business, VSEs in the IT business sector face challenging and strong competition. Adopting "best practices", standardizing processes and obtaining an international recognition or certification, are key factors for success. The new standard ISO/IEC 29110 is VSE tailor-made, lightweight, certifiable and compatible with traditional models such as CMMI , ISO330xx , or ISO 9000 . This paper goes a bit further from the standard and presents the need of detailed materials for practical support and with examples to be directly reused by VSEs developing software.
Keywords: VSE, ISO/IEC 29110, upto25, process, process assessment, process improvement, conformity assessment, certification.
According to the very new ISO series standard, ISO/IEC 29110 , an entity comprising 25 people or less is called a Very Small Entity, or VSE. It refers not only to micro and small SMEs but also to organizations, departments or projects area.
Overall, SMEs accounted for more than 99% of all enterprises active in the EU28 nonfinancial business sector, being more than 65% of total employment and almost 60% of the value added (as in the EU28 in 2014/15 ). In Europe, for instance, more than 90% of enterprises have up to 9 employees . These figures are similar worldwide.
VSEs produce always more products which are made of or depend on software and its quality is directly influenced by the quality of their software.
Like for any business, VSEs in the IT sector face a challenging and strong competition. Adopting "best practices", standardizing processes and obtaining an international recognition or certification, in addition to improving productivity, competitiveness and organizational climate, help retaining customers and establishing new inter-business relationships. However, most international standards and models were initially designed thinking on large software organizations; although it is possible to adapt such models to the small and often growing companies, it consumes an important amount of extra time and effort not often available.
In 2005, the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) mandated to develop a set of tailored-made standards and guides to drive VSEs through a scalable, cost effective, less time consuming and manageable step by step approach in adopting and using world class Software Engineering practices. Therefore, now, SMEs are starting to have standards recognized internationally dedicated to their characteristics (few resources and time) and needs (without formalism, step by step, with guides, and with easy and affordable recognition schemas).
This series of standards provide guidance material detailing which are the steps to perform, by which roles and producing which work products when developing software, but are still only referring to the what-to-do's.
This paper presents how VSEs can get support for the how-to-do's and how they can be recognized internationally.
The ISO SC7 WG24 working group is defining incrementally a set of standards focused on a step-wise approach for VSEs to increase their maturity and excellency in implementing software, systems and service provision. The standards define profiles containing minimum recognised processes with best practices extracted from existing models and standards such as CMMI-DEV, ISO 12207, ISO 9001. One of these profile sets, the software related profiles, are shown in figure below:
Entry profile (a subset of the Basic profile) intended to be the starting point to implement the Basic Profile.
Basic profile as the first profile to be recognised/certified with specific basic processes for the scope: software, systems, etc.
Organizational profile, a more mature profile intended to be implemented after the basic one, providing management, standardization and organization aspects to the VSEs managing multiple projects.
Fig.1. VSE generic profiles for software development
ISO SC7 WG24's work resulted in the production of guidance for VSEs for implementing the profiles (e.g. ISO/IEC 29110-5-1-2  contains the guidance for the generic basic profile for software development). Together with the guide, the corresponding profiles specifications are defined (e.g. ISO/IEC 29110-4-1  contains the generic basic profile specification for software development) including traces to ISO/IEC 12207, ISO/IEC 15289  and/or ISO 9001  standards.
Within the structure of the ISO/IEC 29110 standard, the figure below highlights some of the standards for software:
Fig.2. The ISO/IEC 29110 standard
Part 5 of the standard is valuable for VSEs as it provides guidance for the implementation of the profile. For the Basic Profile for software, the guide details the 2 interrelated processes (the Project Management and the Software Implementation ones) with their activities and for each activity with the tasks to be performed. Also, the roles involved and the output of the processes i.e. work product, are detailed.
The purpose of the Project Management (PM) process is to establish and carry out in a systematic way the tasks of the software implementation project, which allows complying with the project"s objectives in the expected quality, time and cost.
The purpose of the Software Implementation (SI) process is the systematic performance of the analysis, design, construction, integration and delivery activities for new or modified software products according to the specified requirements.
Fig.3. The ISO /IEC 29110 Basic Profile processes for software
Although in the past some deployment packages (DP) have been developed to provide guidance on the implementation of the management and engineering guides (ISO/IEC 29110-5) for the VSEs, more accessible guidance are needed in order to better support VSEs in the implementation of the profiles that fit their improvement needs.
Graphical guidance for fast and easy visual understanding of the process details is needed, as well as detailed explanations of the defined activities, the roles and the work products. All this shall come accompanied by suggestions of possible methods and techniques to support implementing the activities and also by the provision of the so often demanded sample cases and downloadable templates. These how-to-do's shall use the modern web capabilities to ease the use and understanding of the detailed guides. Hereafter is a snapshot of a possible visual process flow:
Fig.4. Snapshot of the Project Planning activity flow
Research shows that only 18% of the VSEs are certified (compared to 53% for bigger organizations) but also that they, in great majority, recognize the benefit of being recognized and certified.
With the ISO/IEC 29110  new standard VSEs usually require no more than 6 months preparation to be ready for certification for the first basic profile. VSEs wishing to be certified shall contact an accredited certification body to initiate the simple, short and affordable certification process (also defined in part 3-3 of ISO/IEC 29110). This is what the VSEs market was expecting: to keep growing and demonstrate their excellency by being recognised.
ISO 29110-4-1  contains the requirements required by a profile definition to be the basis of claiming conformance to that profile.
ISO SC7 WG24 published a certification schema for the independent conformity assessment of the processes of VSEs based on "Process assessment and maturity levels". It contains the requirements any certification body shall fulfil to be accredited to certify VSE profiles, in a classical 3 years cycle with the surveillance assessments every year.
VSE certifications, as in any other certification, will need to be performed by 'Accredited Assessors' from (or subcontracted by) the also accredited certification bodies. The meaning of 'Accredited Assessors' is that these conformity assessments shall be performed by trained and qualified individuals who are trained by an "authorized" training organization, and who have the education, competencies and working and practical experience to be able to perform these certifications using the process assessment and maturity level schema.
An "ISO/IEC 29110 Accredited Assessor" needs Software Engineering specific knowledge, enough field experience, some ISO/IEC 29110 training and skills and qualification to properly conduct a VSE assessment, for example and in particular, of the ISO/IEC 29110-4-1 software basic profile processes. The organization training and accrediting assessors will need to train them in the above, plus will need to comply with ISO/IEC 17024  which contains the principles and requirements for a body certifying persons against specific requirements, and includes the development and maintenance of a certification scheme for persons. One example of an international organization performing this assessor"s competencies accreditation is INTRSA  (International Registration Schema for Assessors), certifying process assessors as assessor, lead assessor or principal assessor, trained and qualified in the principles and practices of assessing processes with the requirements ISO/IEC 330xx  (former ISO/IEC 15504). These accreditations are to be renewed periodically, and for example in INTRSA (www.intrsa.org) , for ISO/IEC 15504-5 and/or ISO/IEC 29110 assessors. it is every three years.
upto25 is a new web site resulting from a joint effort of recognised international experts in software and systems development and services provision and with demonstrated experience in standards and certification.
It is fully dedicated to VSEs with the mission to connect and help the world's VSEs to make them more productive and successful.
At the moment it provides a complete set of guidance material with the How-to-do's for the implementation of the Generic software Basic profile, complementing and correcting the ISO/IEC 29110 standards  and including concrete examples and templates directly usable by VSEs.
upto25 offers a helpdesk, not only to guide VSEs through the web site, but also to answer their technical questions by professionals with real expertise. It is also a modern VSE social network to find partners, customers, and to interchange experiences from other VSEs.
This web site is dedicated to VSEs but also to the assessors and certification bodies so that a complete solution is provided to facilitate both the adoption and the certification of the VSEs profiles.
It is the perfect path to implement the industrial best practices, to find new customers and be found by customers, to find consultancy support from accredited assessors and/or to be certified by contacting accredited certification bodies.
upto25.net will be a constantly growing web with materials not only for the Generic Software Basic profile but for higher maturity profiles, as well as for profiles for systems and services.
A large majority of organizations worldwide have up to 25 people and many of them develop software. The collection of ISO/IEC standards for software was not easily applied by VSEs, which generally find engineering and management standards difficult to understand and implement. A dedicated ISO working group has developed the ISO/IEC 29110 series , specifically intended for VSEs involved in the development of systems or software to satisfy their needs of improvement and recognition.
This paper has presented the existing documentation and processes proposed by the standard and highlighted the fact that there is need to go further in helping the VSEs in the implementation of the guidance. The ISO/IEC 29110  guides define the what-to-do but not the how-to-do"s explicitly required by the VSEs which need practical and easy to implement solutions. This paper also presented the ISO/IEC 29110 conformity assessment and certifications scheme so that VSEs can be recognized for which the upto25 website also provides support. This new web site presents a complete solution that will facilitate both, the implementation and the certification of the step-wise profiles with their best practices.
The status is still very incipient but fast moving into the right direction. In one hand, industry needs to get all VSE profiles published from ISO, together with all their process assessment models. The guides together with the profiles will get then the How-to-do guidance directly implementable in the upto25 web site.
In the other hand, and in order to be able to get recognition, first, the different Countries need to adopt the certification schema detailed in ISO/IEC 29110-3-3 , so that certification bodies can be accredited to certify VSE profiles. Second, these certification bodies need 'certified' assessors trained by an "authorized" training organization as also required in ISO/IEC 29110-3-3 .
Annual Report On European SMEs - 2014/2015. Catalogue number ET-AB-15-001-EN- N; ISBN 978-92-79-52922-1; ISSN 2467-0162; DOI 10.2873/886211; 2015 – European Union
CMMIÂ® for Development, Version 1.3. November 2010 CMU/SEI-2010-TR-033 ESC- TR-2010-033
ISO/IEC 12207. (2008). Systems and software engineering - Software life cycle processes. Geneva, Switzerland: International Organization for Standardization (ISO). New version in preparation.
ISO/IEC 15289. (2011). Systems and software engineering - Content of systems and software life cycle process information products. Geneva, Switzerland: International Organization for Standardization (ISO).
ISO/IEC 29110 - parts. Systems and Software engineering - Lifecycle profiles for Very Small Entities (VSEs). Geneva, Switzerland: International Organization for Standardization (ISO). Including new drafts for 29110-3-1, 29110-3-3 29110-4-1 on their way for publication all ISO copyright.
IntRSA. International Registration Scheme for Assessorshttp://www.intrsa.org
ISO/IEC 17024:2012 Conformity assessment -- General requirements for bodies operating certification of persons. International Organization for Standardization (ISO).
ISO/IEC 330xx Information technology -- Process assessment. International Organization for Standardization (ISO).
ISO 9000 - Quality management. International Organization for Standardization (ISO).
CMMIÂ® is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University.
ABOUT THE AUTHORS
Patricia Rodriguez is the CEO of Softwcare S.L. , an ISO9001 certified company for independent software product evaluation (e.g. critical safety assessments) and for software process assessments, in sectors like space, avionics, automotive, telecommunications, etc. She is ISO/IEC 15504-5 and ISO/IEC 29110 Principal assessor accredited by INTRSA. She has performed many process assessments in different organizations since 1998. She is part of the ISO/IEC SC7 for the definition of the ISO/IEC 29110 standard for VSE profiles and also participates in the ISO/IEC 330xx and other software and systems engineering standards. She is the founder of the upto25 website.
Philippe Lohier is a senor software engineer and quality manager at Softwcare S.L.
, an ISO 9001 certified company for independent software product evaluation (e.g. critical safety assessments) and for software process assessments, in sectors like space, avionics, automotive, telecommunications. He is the responsible for the ISO9001 certification and has an important experience in software development and management particularly in the space, avionics and mobile phone industries. He supports the edition of ISO/IEC 29110 standard for VSE profiles and also acted as the editor of the ISO/IEC 25051 standard for software product quality. He was a quality auditor for the French software NF mark (AFNOR). He is a registered 29110 Lead assessor accredited by INTRSA. He is the main editor of the upto25 website material.
Avda. Atlántida 100, 1-izquierda 36208 Vigo - Spain http://www.softwcare.com
Philippe Lohier1 1
Softwcare SL, CEO, Vigo, Spain