ISO/IEC 15288 is the international standard that defines system lifecycle processes. It provides a structured framework for managing the conception, development, operation, maintenance, and retirement of systems—including combinations of hardware, software, people, processes, and facilities.
ISO/IEC 15288 is not a certifiable standard. Instead, it offers recognised best-practice guidance to improve systems engineering discipline, governance, and lifecycle control.
What is ISO/IEC 15288?
ISO/IEC 15288 is jointly published by the International Organization for Standardization and the International Electrotechnical Commission.
The standard specifies a comprehensive set of processes that can be applied across the entire system lifecycle, from initial concept and stakeholder needs through design, implementation, operation, support, and disposal.
It is tailorable, allowing organisations to select and adapt processes based on system complexity, risk, and organisational maturity.
What does ISO/IEC 15288 cover?
ISO/IEC 15288 focuses on what processes are needed to manage systems effectively, rather than prescribing specific technical methods. It covers:
- Definition of stakeholder needs and system requirements
- System architecture and design
- Integration, verification, and validation
- Operation, maintenance, and support
- Configuration, change, and risk management
- Governance, assurance, and continual improvement
The emphasis is on end-to-end lifecycle control and traceability.
Core process groups in ISO/IEC 15288
ISO/IEC 15288 groups system lifecycle processes into four main categories.
Agreement processes
These govern relationships between parties:
- Acquisition
- Supply
They define how systems are commissioned, delivered, and accepted.
Organisational project-enabling processes
These provide organisational capability:
- Life cycle model management
- Infrastructure management
- Portfolio management
- Human resource management
- Quality management
- Knowledge management
They ensure the organisation can consistently deliver systems.
Technical management processes
These coordinate technical work:
- Project planning and assessment
- Risk management
- Configuration management
- Information management
- Measurement and decision management
They provide control, visibility, and assurance.
Technical processes
These define how systems are engineered:
- Stakeholder needs and requirements definition
- System requirements and architecture
- Design definition
- System analysis
- Implementation and integration
- Verification and validation
- Transition, operation, maintenance, and disposal
These processes span the full technical lifecycle of a system.
Who is ISO/IEC 15288 for?
ISO/IEC 15288 is particularly relevant for organisations involved in:
- Systems engineering and integration
- Defence, aerospace, and transport
- Infrastructure and utilities
- Complex IT and digital transformation programmes
- Safety-critical or long-lived systems
It is used by system owners, acquirers, suppliers, integrators, and operators.
ISO/IEC 15288 and software standards
ISO/IEC 15288 is commonly used alongside ISO/IEC 12207:
| ISO/IEC 15288 | ISO/IEC 12207 |
|---|---|
| System lifecycle processes | Software lifecycle processes |
| Covers hardware, software, people, facilities | Software-focused |
| System-level governance | Development and maintenance detail |
Together, they provide a complete framework for systems and software engineering.
Compatibility with modern delivery methods
ISO/IEC 15288 is methodology-neutral. It can be applied alongside:
- Agile and iterative development
- DevOps and continuous delivery
- Waterfall and V-model approaches
- Hybrid engineering models
The standard focuses on lifecycle outcomes, not on restricting delivery methods.
Is ISO/IEC 15288 certification possible?
No. ISO/IEC 15288 cannot be certified.
There are no accredited audits or certificates for this standard. Organisations may state that their system lifecycle processes are aligned with ISO/IEC 15288, but this is not the same as certification.
Benefits of using ISO/IEC 15288
Organisations that apply ISO/IEC 15288 effectively often achieve:
- Improved control of complex systems
- Better alignment between stakeholder needs and delivered capability
- Clearer roles, responsibilities, and interfaces
- Reduced lifecycle risk and rework
- Stronger governance and assurance
- More predictable long-term system performance
Its value lies in lifecycle discipline and systems thinking, not formal recognition.
Common misunderstandings about ISO/IEC 15288
- “ISO/IEC 15288 is a certification standard” – it is not
- “It is only for defence or aerospace” – it applies to any complex system
- “It conflicts with agile delivery” – it is delivery-method neutral
- “It is too heavy for smaller organisations” – it is tailorable
Understanding these points helps organisations apply the guidance proportionately.
How ISO/IEC 15288 fits with other ISO standards
ISO/IEC 15288 is often used alongside:
- ISO/IEC 12207 (software lifecycle processes)
- ISO/IEC 27001 (information security management)
- ISO/IEC 20000-1 (IT service management)
- ISO 9001 (quality management systems)
- ISO 31000 (risk management guidance)
This supports integrated governance across systems, software, services, and risk.
Next steps
If you want to strengthen system lifecycle management:
- Map existing system activities to ISO/IEC 15288 processes
- Identify gaps in governance, assurance, or traceability
- Tailor lifecycle processes to system risk and complexity
- Integrate systems engineering with quality, security, and service management
ISOcertified.net provides practical guidance on systems and software standards, including how ISO/IEC 15288 supports effective system lifecycle management without constraining modern delivery approaches.