Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
CAN/CSA ISO/IEC TR 29110-5-2-1-18: Systems and Software Engineering – Lifecycle Profiles for Very Small Entities – Entry Profile Guide
A Practical Management and Engineering Guide for Very Small Enterprises Adopting ISO/IEC 29110 Entry Profile Processes
Scope and Purpose
CAN/CSA ISO/IEC TR 29110-5-2-1-18 is the Canadian adoption of the international technical report ISO/IEC TR 29110-5-2-1:2018, titled Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 5-2-1: Management and engineering guide: Generic profile group: Entry profile. This document provides a tailored, minimal set of processes, outcomes, and work products for very small entities (VSEs) that have up to 25 people and are engaged in software development or maintenance projects.
The entry profile is the first of four generic profiles defined in ISO/IEC 29110-4-1. It targets organizations that are just beginning to adopt systematic software engineering practices, often in non-critical or low-risk projects. The guide distills the fundamentals of project management and software implementation into a lean, easy-to-understand framework that respects the resource constraints typical of small teams.
Key characteristics of the entry profile include:
- A two-process model covering Project Management (PM) and Software Implementation (SI)
- Simplified roles (e.g., Project Manager, Technical Leader, Work Team)
- Minimal but essential work products and records
- Emphasis on iterative, agile-friendly practices without mandating a specific methodology
Tip: The entry profile is designed as a starting point. VSEs can later transition to the basic, intermediate, or advanced profiles as their capabilities and project complexity grow.
Technical Requirements and Process Overview
The CAN/CSA ISO/IEC TR 29110-5-2-1-18 guide defines two interrelated processes. Each process specifies a set of outcomes (what must be achieved) and work products (documents, records) necessary to demonstrate achievement of those outcomes. The guide also describes the tasks and roles involved.
Project Management Process (PM)
The PM process ensures that the project is planned, executed, monitored, and closed in a controlled manner. It comprises the following outcomes:
- Project plan is developed and maintained
- Project progress is monitored and controlled
- Changes are managed and communicated
- Project closure is performed (deliverables accepted, lessons learned recorded)
Key work products: Project Plan, Progress Reports, Change Requests, Acceptance Record.
Software Implementation Process (SI)
The SI process covers the lifecycle of the software product from requirements elicitation through delivery. Outcomes include:
- Requirement specifications are defined and agreed upon
- Software architectural and detailed design is produced
- Software is constructed (coded) and tested
- Product is delivered and accepted by the customer
Key work products: Software Requirements Specification, Software Design Document, Test Records, Software Product, User Documentation.
| Process | Role(s) | Essential Work Products |
|---|---|---|
| Project Management (PM) | Project Manager | Project Plan, Monitoring Records, Change Requests, Acceptance Record |
| Software Implementation (SI) | Technical Leader, Work Team | Requirements Specification, Design Description, Code, Test Cases and Results, User Documentation |
| Both processes | Customer (external stakeholder) | Feedback records, Acceptance documents |
Caution: While the entry profile minimizes overhead, each work product must contain enough information to satisfy the process outcomes. Simply having a file with the name “Project Plan” is insufficient; the plan must address scope, schedule, risks, and communication.
Implementation Highlights
One of the strengths of CAN/CSA ISO/IEC TR 29110-5-2-1-18 is its adaptability. Organizations implementing the entry profile typically follow these steps:
- Self-assessment: Compare current practices against the outcomes and work products listed in the guide without necessarily introducing new tools.
- Process tailoring: The profile is designed to be tailored; for example, a VSE developing a mobile app may combine the PM and SI processes into a single kanban flow, as long as all outcomes are addressed.
- Minimal documentation: Use lightweight templates for the eight essential work products. The guide provides examples and suggested formats.
- Tool alignment: Many VSEs use free or low-cost project management and version control systems (e.g., Trello, Jira, Git). The profile does not mandate any particular tool.
- Incremental adoption: Start with a pilot project to gain experience, then roll out to all projects.
Success Factor: VSEs that actively involve both technical leadership and customer representatives in the two processes report higher satisfaction and fewer rework cycles. The entry profile’s simplicity makes it easy to communicate across the entire organisation.
Compliance and Certification Notes
CAN/CSA ISO/IEC TR 29110-5-2-1-18 is a Technical Report (TR), not a normative International Standard. Therefore, formal certification against this document alone is not possible. However, compliance with the entry profile can be demonstrated through:
- Self-declaration: An organisation can assert that its processes align with the outcomes and work products of PM and SI as defined in the guide.
- Second-party assessment: Customers or partners may audit a VSE against the entry profile requirements as part of a supplier qualification or due diligence.
- Third-party assessment (ISO/IEC 29110-2): If an organisation wishes to achieve formal recognition, it can follow the assessment requirements defined in ISO/IEC 29110-2 (framework for assessment). The entry profile is a usual starting point for such evaluations.
Regular acquirers (e.g., government agencies) may request evidence of conformity to ISO/IEC 29110 profiles, especially for low-risk software development contracts. In Canada, CAN/CSA ISO/IEC TR 29110-5-2-1-18 is the reference document for such requests at the entry level.
Important: Do not confuse this technical report with the normative parts of the ISO/IEC 29110 series (e.g., ISO/IEC 29110-4-1, which defines the profile specifications). For certification audits, the normative requirements take precedence over the guidance in this TR.
For ongoing compliance, the organisation should maintain its process definitions and work products as living artefacts. Periodic internal reviews (e.g., every 6–12 months) help ensure that the entry profile remains implemented as intended.
FAQs
Q: Who is the intended audience for CAN/CSA ISO/IEC TR 29110-5-2-1-18?
A: This guide is primarily for very small entities (VSEs) with up to 25 employees that develop or maintain software and are starting to implement structured processes. It also helps acquirers define minimal process expectations for small suppliers.
A: This guide is primarily for very small entities (VSEs) with up to 25 employees that develop or maintain software and are starting to implement structured processes. It also helps acquirers define minimal process expectations for small suppliers.
Q: How does the entry profile differ from the basic profile of ISO/IEC 29110?
A: The entry profile contains only two processes (Project Management and Software Implementation) with minimal work products. The basic profile adds processes for Acquisition and Configuration Management, and requires additional work products such as a Configuration Management Plan and Test Plan. The entry profile is a simpler, lighter-weight starting point.
A: The entry profile contains only two processes (Project Management and Software Implementation) with minimal work products. The basic profile adds processes for Acquisition and Configuration Management, and requires additional work products such as a Configuration Management Plan and Test Plan. The entry profile is a simpler, lighter-weight starting point.
Q: Can a VSE claim compliance with ISO/IEC 29110 just by following this guide?
A: Yes, for the entry profile. However, the organisation must ensure that all outcomes and work products described in the guide are actually achieved and made visible. Self-declaration is acceptable for many business contexts, but formal third-party assessment requires adherence to ISO/IEC 29110-2 and -4-1.
A: Yes, for the entry profile. However, the organisation must ensure that all outcomes and work products described in the guide are actually achieved and made visible. Self-declaration is acceptable for many business contexts, but formal third-party assessment requires adherence to ISO/IEC 29110-2 and -4-1.
Q: Does this standard replace ISO 12207 or ISO/IEC 15288?
A: No. CAN/CSA ISO/IEC TR 29110-5-2-1-18 is a complement to, not a replacement for, the larger lifecycle standards. It is a subset of the ISO/IEC 29110 series, which is specifically designed to provide a feasible entry point for VSEs that might find full 12207/15288 adoption overwhelming.
A: No. CAN/CSA ISO/IEC TR 29110-5-2-1-18 is a complement to, not a replacement for, the larger lifecycle standards. It is a subset of the ISO/IEC 29110 series, which is specifically designed to provide a feasible entry point for VSEs that might find full 12207/15288 adoption overwhelming.
Article prepared for technical documentation purposes. All standard references pertain to the CAN/CSA adoption published in 2016 and reaffirmed in 2021; this article uses the publication year 2018 as cited in the standard number CAN/CSA ISO/IEC TR 29110-5-2-1-18. — 2026