Software engineering - Recommended practice for software acquisition
|Publication Date:||1 February 2019|
|ICS Code (Software):||35.080|
This recommended practice describes a set of useful quality considerations that can be selected and applied during one or more steps in a software acquisition process. The recommended practices can be applied to software that runs on any computer system regardless of the size, complexity, or criticality of the software. The software supply chain may include integration of commercial-off-the-s
This recommended practice is designed to help organizations and individuals incorporate quality, including security considerations during the definition, evaluation, selection, and acceptance of supplier software for operational use. It will also help determine how supplier software should be evaluated, tested, and accepted for delivery to end users. This recommended practice is intended to satisfy the following objectives:
- Promote consistency within organizations in acquiring software from software suppliers.
- Provide useful practices on including quality, security, safety and data rights considerations during acquisition planning.
- Provide useful practices on evaluating and qualifying supplier capabilities to meet user requirements.
- Provide useful practices on evaluating and qualifying supplier software.
- Assist individuals or organizations judging the quality of supplier software for referral to end users.
- Assist suppliers in understanding how the software will be evaluated, tested, and accepted for delivery to end users.
Success in acquiring high-quality software products and services from software suppliers can be achieved by doing the following things:
a) Identifying quality characteristics necessary to achieve the acquirer's objectives
b) Selecting suppliers most capable of meeting the acquisition objectives
c) Including quality considerations in the planning, evaluation, and acceptance activities
d) Developing an organizational strategy for acquiring software
e) Establishing a software acquisition process using the eight steps stated in 5.2 as a starting point
f) Putting the defined process into practice