ISO/IEC 12207 is the international standard that defines software lifecycle processes. It provides a common framework for managing the development, operation, maintenance, and retirement of software systems in a controlled, consistent, and auditable way.
ISO/IEC 12207 is not a certifiable standard. Instead, it offers structured guidance that organisations can adopt to improve software engineering practices and lifecycle governance.
What is ISO/IEC 12207?
ISO/IEC 12207 is jointly published by the International Organization for Standardization and the International Electrotechnical Commission.
It specifies a set of processes that can be applied throughout the entire software lifecycle, from concept and acquisition through development, operation, maintenance, and eventual disposal.
The standard is designed to be tailorable, allowing organisations to select and adapt processes based on size, complexity, and risk.
What does ISO/IEC 12207 cover?
ISO/IEC 12207 defines a comprehensive set of software lifecycle processes, grouped into logical categories. These processes describe what should be done, not how to code.
Key areas include:
- Software development and engineering activities
- Project and quality management
- Configuration and change control
- Verification, validation, and testing
- Operation, support, and maintenance
- Process improvement and governance
The focus is on repeatability, traceability, and quality across the lifecycle.
Core process groups in ISO/IEC 12207
Primary lifecycle processes
These relate directly to the creation and use of software:
- Acquisition
- Supply
- Development
- Operation
- Maintenance
- Disposal
They describe how software is specified, built, delivered, used, supported, and retired.
Supporting processes
These processes ensure software quality and control:
- Documentation
- Configuration management
- Quality assurance
- Verification and validation
- Joint reviews
- Audit
- Problem resolution
They provide oversight and assurance throughout the lifecycle.
Organisational lifecycle processes
These focus on governance and capability:
- Management
- Infrastructure
- Process improvement
- Training
They ensure the organisation can consistently deliver and support software over time.
Who is ISO/IEC 12207 for?
ISO/IEC 12207 is suitable for organisations involved in:
- Software development and engineering
- Embedded and safety-related software
- Defence, aerospace, and regulated sectors
- Large or complex IT systems
- Long-lived or mission-critical software
It is used by software suppliers, integrators, acquirers, and organisations managing in-house development teams.
ISO/IEC 12207 and modern development methods
ISO/IEC 12207 is methodology-neutral. It can be applied alongside:
- Agile and Scrum
- DevOps and CI/CD
- Waterfall or hybrid approaches
The standard focuses on lifecycle outcomes and controls, allowing teams to retain flexibility in how work is delivered.
ISO/IEC 12207 vs ISO/IEC 15288
ISO/IEC 12207 is often used alongside ISO/IEC 15288:
| ISO/IEC 12207 | ISO/IEC 15288 |
|---|---|
| Software lifecycle processes | Systems lifecycle processes |
| Software-focused | System-wide (hardware, software, people) |
| Engineering depth | Broader system governance |
Together, they provide a complete systems and software engineering framework.
Is ISO/IEC 12207 certification possible?
No. ISO/IEC 12207 cannot be certified.
There are no accredited audits or certificates for ISO/IEC 12207. Organisations may state that their software processes are aligned with ISO/IEC 12207, but this is not the same as certification.
Benefits of using ISO/IEC 12207
Organisations that apply ISO/IEC 12207 effectively often achieve:
- More consistent and predictable software delivery
- Improved quality and defect control
- Clearer roles, responsibilities, and interfaces
- Better lifecycle traceability and documentation
- Reduced risk in long-term or critical software systems
- Stronger governance in regulated environments
Its value lies in process clarity and lifecycle discipline, not formal recognition.
Common misunderstandings about ISO/IEC 12207
- “ISO/IEC 12207 is a coding standard” – it is not
- “It only applies to waterfall projects” – it supports agile and DevOps
- “It is too complex for small teams” – it is tailorable
- “It replaces other ISO standards” – it complements them
Understanding its purpose helps organisations apply it proportionately.
How ISO/IEC 12207 fits with other ISO standards
ISO/IEC 12207 is commonly used alongside:
- ISO/IEC 27001 (secure software and information risk)
- ISO/IEC 20000-1 (IT service management)
- ISO 9001 (quality management)
- ISO 31000 (risk management)
This supports integrated governance across development, service delivery, and risk.
Next steps
If you want to improve software lifecycle management:
- Map existing development and support activities to ISO/IEC 12207 processes
- Identify gaps in control, quality, or governance
- Tailor processes to suit your size, risk, and delivery model
- Integrate lifecycle controls with quality, security, and service management
ISOcertified.net provides guidance on software and IT-related ISO standards, including how ISO/IEC 12207 supports structured, high-quality software lifecycle management without constraining modern development practices.