ISO IEC IEEE 32675-2022 PDF

Full title and description

ISO/IEC/IEEE 32675:2022 — Information technology — DevOps — Building reliable and secure systems including application build, package and deployment. This joint international standard specifies principles, practices and process guidance to help organisations build, package and deploy software and systems in a reliable and secure way, with emphasis on collaboration between development, operations and other stakeholders.

Abstract

This document provides requirements and guidance for implementing DevOps across the software life cycle to define, control and improve processes for building, packaging and deploying applications and systems. It covers processes, activities and tasks applicable to conception, development, production, utilisation, support and retirement of software, and addresses collaboration, secure-by-design practices, automation and controls to achieve reliable, continuous delivery. The standard aligns its process outcomes with established software life‑cycle models.

General information

• Status: Published (International standard, joint ISO/IEC/IEEE publication).
• Publication date: 2022-08-30 (publication listed in joint webstore/records in August–September 2022).
• Publisher: Joint publication by ISO, IEC and IEEE (ISO/IEC/IEEE).
• ICS / categories: 35.080 (Software engineering / information technology).
• Edition / version: Edition 1.0 (2022).
• Number of pages: 81 pages (base publication listing).

Scope

The standard applies to software systems, products and services (including the software portion of systems and firmware) and to the life cycle processes needed to provide context for software. It is intended for use within organisations or projects to implement DevOps practices that build, package and deploy software securely and reliably, and to support acquisition and supply of software whether performed internally or externally. The processes may be applied concurrently, iteratively and incrementally across different types and sizes of software systems.

Key topics and requirements

• DevOps principles and mindset: mission-first, customer focus, left‑shift (shift‑left), continuous everything and systems thinking.
• Processes for reliable and secure build, packaging and deployment of applications and systems, including automation and controls to reduce manual error and increase repeatability.
• Roles, responsibilities and collaboration patterns for development, operations, security and other stakeholders to support continuous delivery and operational resilience.
• Alignment of process outcomes and activities with ISO/IEC/IEEE life‑cycle process models (for example ISO/IEC/IEEE 12207 and 15288).
• Guidance on secure‑by‑design practices, packaging integrity, supply considerations and deployment controls to help meet compliance and security objectives.

Typical use and users

Organisations adopting or maturing DevOps and continuous delivery practices use this standard to establish consistent life‑cycle processes and governance. Typical users include software and systems engineers, release and build engineers, SRE and operations teams, security practitioners, project managers, procurement and quality/audit teams involved in software acquisition and supply. It is also useful for organisations that need to align DevOps work with established ISO/IEC/IEEE system and software life‑cycle standards.

Related standards

ISO/IEC/IEEE 32675:2022 is intended to align with and reference existing life‑cycle standards such as ISO/IEC/IEEE 12207 (software life‑cycle processes) and ISO/IEC/IEEE 15288 (system life‑cycle processes). It is part of the broader ISO/IEC/IEEE software and systems engineering family; related work (WG outputs) on DevOps and System Reliability Engineering (SRE) may also be relevant.

Keywords

DevOps, build, package, deployment, release engineering, continuous delivery, CI/CD, reliability, security, software life cycle, automation, collaboration, ISO/IEC/IEEE 12207, 15288.

FAQ

Q: What is this standard?

A: ISO/IEC/IEEE 32675:2022 is an international standard providing requirements and guidance for implementing DevOps practices to build, package and deploy software and systems in a reliable and secure way.

Q: What does it cover?

A: It covers processes, activities and tasks across the software life cycle (conception through retirement) related to building, packaging and deploying systems, with emphasis on collaboration, automation, security controls and alignment with established life‑cycle process models.

Q: Who typically uses it?

A: Software and systems engineers, DevOps and SRE practitioners, release/build engineers, operations and security teams, project and quality managers, and organisations procuring or supplying software that want to standardise DevOps practices.

Q: Is it current or superseded?

A: The standard was published in 2022 (edition 1.0) and is listed as a published/active international standard. Check with your national standards body or the issuing organisations for any amendments, corrigenda or later revisions.

Q: Is it part of a series?

A: It is part of the ISO/IEC/IEEE software and systems engineering family and is aligned to related life‑cycle standards such as ISO/IEC/IEEE 12207 and 15288; additional working group outputs (for example on system reliability engineering) have been produced by the same working group.

Q: What are the key keywords?

A: DevOps, build, package, deploy, CI/CD, reliability, security, software life cycle, automation, release engineering.