ISO/IEC/IEEE 32675:2022

INTERNATIONAL ISO/
STANDARD IEC/IEEE
32675
First edition
2022-08
Information technology — DevOps —
Building reliable and secure systems
including application build, package
and deployment
Technologies de l'information — DevOps — Création de systèmes
fiables et sûrs notamment en matière de compilation, paquetage et
déploiement d'applications
Reference number
ISO/IEC/IEEE 32675:2022(E)
© IEEE 2021

---------------------- Page: 1 ----------------------
ISO/IEC/IEEE 32675:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© IEEE 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from IEEE at the address below.
Institute of Electrical and Electronics Engineers, Inc
3 Park Avenue, New York
NY 10016-5997, USA
Email: stds.ipr@ieee.org
Website: www.ieee.org
Published in Switzerland
ii
 © IEEE 2021 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC/IEEE 32675:2022(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO/IEC documents should be noted (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating
Committees of the IEEE Standards Association (IEEE-SA) Standards Board. The IEEE develops its
standards through a consensus development process, approved by the American National Standards
Institute, which brings together volunteers representing varied viewpoints and interests to achieve the
final product. Volunteers are not necessarily members of the Institute and serve without compensation.
While the IEEE administers the process and establishes rules to promote fairness in the consensus
development process, the IEEE does not independently evaluate, test, or verify the accuracy of any of the
information contained in its standards.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details
of any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC list of patent
declarations received (see https://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the World
Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT),
see www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
ISO/IEC/IEEE 32675 was prepared by the Systems and Software Engineering Standards Committee of
the IEEE Computer Society (as IEEE Std 2675-2021) and drafted in accordance with its editorial rules. It
was adopted, under the “fast-track procedure” defined in the Partner Standards Development
Organization cooperation agreement between ISO and IEEE, by Joint Technical Committee ISO/IEC JTC 1,
Information technology, Subcommittee SC 7, Software and systems engineering.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html and www.iec.ch/national-
committees.
© IEEE 2021 – All rights reserved iii

---------------------- Page: 3 ----------------------
IEEE Std 2675™-2021
IEEE Standard for DevOps:
Building Reliable and Secure Systems
Including Application Build, Package,
and Deployment
Developed by the
Software & Systems Engineering Standards Committee
of the
IEEE Computer Society
Approved 9 February 2021
IEEE SA Standards Board

---------------------- Page: 4 ----------------------
ISO/IEC/IEEE 32675:2022(E)
Abstract: Technical principles and processes to build, package, and deploy systems and
applications in a reliable and secure way are specified. Establishing effective compliance and
information technology (IT) controls is the focus. DevOps principles presented include mission
first, customer focus, left-shift, continuous everything, and systems thinking. How stakeholders,
including developers and operations staff, can collaborate and communicate effectively is
described. The process outcomes and activities herein are aligned with the process model
specified in ISO/IEC/IEEE 12207:2017 and ISO/IEC/IEEE 15288:2015.
Keywords: agile, continuous delivery, continuous deployment, continuous integration, DevOps,
IEEE 2675™, left-shift
•
The Institute of Electrical and Electronics Engineers, Inc.
3 Park Avenue, New York, NY 10016-5997, USA
Copyright © 2021 by The Institute of Electrical and Electronics Engineers, Inc.
All rights reserved. Published 16 April 2021. Printed in the United States of America.
IEEE is a registered trademark in the U.S. Patent & Trademark Office, owned by The Institute of Electrical and Electronics
Engineers, Incorporated.
PDF: ISBN 978-1-5044-7407-8 STD24616
Print: ISBN 978-1-5044-7408-5 STDPD24616
IEEE prohibits discrimination, harassment, and bullying.
For more information, visit https://www.ieee.org/about/corporate/governance/p9-26.html.
No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without the prior written permission
of the publisher.

2
Copyright © 2021 IEEE. All rights reserved

---------------------- Page: 5 ----------------------
ISO/IEC/IEEE 32675:2022(E)
Important Notices and Disclaimers Concerning IEEE Standards Documents
IEEE Standards documents are made available for use subject to important notices and legal disclaimers.
These notices and disclaimers, or a reference to this page (https://standards.ieee.org/ipr/disclaimers.html),
appear in all standards and may be found under the heading “Important Notices and Disclaimers
Concerning IEEE Standards Documents.”
Notice and Disclaimer of Liability Concerning the Use of IEEE Standards
Documents
IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating
Committees of the IEEE Standards Association (IEEE SA) Standards Board. IEEE develops its standards
through an accredited consensus development process, which brings together volunteers representing
varied viewpoints and interests to achieve the final product. IEEE Standards are documents developed by
volunteers with scientific, academic, and industry-based expertise in technical working groups. Volunteers
are not necessarily members of IEEE or IEEE SA, and participate without compensation from IEEE. While
IEEE administers the process and establishes rules to promote fairness in the consensus development
process, IEEE does not independently evaluate, test, or verify the accuracy of any of the information or the
soundness of any judgments contained in its standards.
IEEE does not warrant or represent the accuracy or completeness of the material contained in its standards,
and expressly disclaims all warranties (express, implied and statutory) not included in this or any other
document relating to the standard, including, but not limited to, the warranties of: merchantability; fitness
for a particular purpose; non-infringement; and quality, accuracy, effectiveness, currency, or completeness
of material. In addition, IEEE disclaims any and all conditions relating to results and workmanlike effort. In
addition, IEEE does not warrant or represent that the use of the material contained in its standards is free
from patent infringement. IEEE Standards documents are supplied “AS IS” and “WITH ALL FAULTS.”
Use of an IEEE standard is wholly voluntary. The existence of an IEEE Standard does not imply that there
are no other ways to produce, test, measure, purchase, market, or provide other goods and services related
to the scope of the IEEE standard. Furthermore, the viewpoint expressed at the time a standard is approved
and issued is subject to change brought about through developments in the state of the art and comments
received from users of the standard.
In publishing and making its standards available, IEEE is not suggesting or rendering professional or other
services for, or on behalf of, any person or entity, nor is IEEE undertaking to perform any duty owed by any
other person or entity to another. Any person utilizing any IEEE Standards document, should rely upon his or her
own independent judgment in the exercise of reasonable care in any given circumstances or, as appropriate, seek
the advice of a competent professional in determining the appropriateness of a given IEEE standard.
IN NO EVENT SHALL IEEE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO: THE
NEED TO PROCURE SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE PUBLICATION, USE OF, OR RELIANCE
UPON ANY STANDARD, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE AND
REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE.
Translations
The IEEE consensus development process involves the review of documents in English only. In the event that
an IEEE standard is translated, only the English version published by IEEE is the approved IEEE standard.

3
Copyright © 2021 IEEE. All rights reserved

---------------------- Page: 6 ----------------------
ISO/IEC/IEEE 32675:2022(E)
Official statements
A statement, written or oral, that is not processed in accordance with the IEEE SA Standards Board
Operations Manual shall not be considered or inferred to be the official position of IEEE or any of its
committees and shall not be considered to be, nor be relied upon as, a formal position of IEEE. At lectures,
symposia, seminars, or educational courses, an individual presenting information on IEEE standards shall
make it clear that the presenter’s views should be considered the personal views of that individual rather
than the formal position of IEEE, IEEE SA, the Standards Committee, or the Working Group.
Comments on standards
Comments for revision of IEEE Standards documents are welcome from any interested party, regardless of
membership affiliation with IEEE or IEEE SA. However, IEEE does not provide interpretations,
consulting information, or advice pertaining to IEEE Standards documents.
Suggestions for changes in documents should be in the form of a proposed change of text, together with
appropriate supporting comments. Since IEEE standards represent a consensus of concerned interests, it is
important that any responses to comments and questions also receive the concurrence of a balance of
interests. For this reason, IEEE and the members of its Societies and Standards Coordinating Committees
are not able to provide an instant response to comments, or questions except in those cases where the matter
has previously been addressed. For the same reason, IEEE does not respond to interpretation requests. Any
person who would like to participate in evaluating comments or in revisions to an IEEE standard is
welcome to join the relevant IEEE working group. You can indicate interest in a working group using the
Interests tab in the Manage Profile & Interests area of the IEEE SA myProject system. An IEEE Account is
needed to access the application.
Comments on standards should be submitted using the Contact Us form.
Laws and regulations
Users of IEEE Standards documents should consult all applicable laws and regulations. Compliance with
the provisions of any IEEE Standards document does not constitute compliance to any applicable
regulatory requirements. Implementers of the standard are responsible for observing or referring to the
applicable regulatory requirements. IEEE does not, by the publication of its standards, intend to urge action
that is not in compliance with applicable laws, and these documents may not be construed as doing so.
Data privacy
Users of IEEE Standards documents should evaluate the standards for considerations of data privacy and
data ownership in the context of assessing and using the standards in compliance with applicable laws and
regulations.
Copyrights
IEEE draft and approved standards are copyrighted by IEEE under US and international copyright laws.
They are made available by IEEE and are adopted for a wide variety of both public and private uses. These
include both use, by reference, in laws and regulations, and use in private self-regulation, standardization,
and the promotion of engineering practices and methods. By making these documents available for use and
adoption by public authorities and private users, IEEE does not waive any rights in copyright to the
documents.

4
Copyright © 2021 IEEE. All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC/IEEE 32675:2022(E)
Photocopies
Subject to payment of the appropriate licensing fees, IEEE will grant users a limited, non-exclusive license
to photocopy portions of any individual standard for company or organizational internal use or individual,
non-commercial use only. To arrange for payment of licensing fees, please contact Copyright Clearance
Center, Customer Service, 222 Rosewood Drive, Danvers, MA 01923 USA; +1 978 750 8400;
https://www.copyright.com/. Permission to photocopy portions of any individual standard for educational
classroom use can also be obtained through the Copyright Clearance Center.
Updating of IEEE Standards documents
Users of IEEE Standards documents should be aware that these documents may be superseded at any time
by the issuance of new editions or may be amended from time to time through the issuance of amendments,
corrigenda, or errata. An official IEEE document at any point in time consists of the current edition of the
document together with any amendments, corrigenda, or errata then in effect.
Every IEEE standard is subjected to review at least every 10 years. When a document is more than 10 years
old and has not undergone a revision process, it is reasonable to conclude that its contents, although still of
some value, do not wholly reflect the present state of the art. Users are cautioned to check to determine that
they have the latest edition of any IEEE standard.
In order to determine whether a given document is the current edition and whether it has been amended
through the issuance of amendments, corrigenda, or errata, visit IEEE Xplore or contact IEEE. For more
information about the IEEE SA or IEEE’s standards development process, visit the IEEE SA Website.
Errata
Errata, if any, for all IEEE standards can be accessed on the IEEE SA Website. Search for standard number
and year of approval to access the web page of the published standard. Errata links are located under the
Additional Resources Details section. Errata are also available in IEEE Xplore. Users are encouraged to
periodically check for errata.
Patents
IEEE Standards are developed in compliance with the IEEE SA Patent Policy.
IMPORTANT NOTICE
IEEE Standards do not guarantee or ensure safety, security, health, or environmental protection, or ensure
against interference with or from other devices or networks. IEEE Standards development activities
consider research and information presented to the standards development group in developing any safety
recommendations. Other information about safety practices, changes in technology or technology
implementation, or impact by peripheral systems also may be pertinent to safety considerations during
implementation of the standard. Implementers and users of IEEE Standards documents are responsible for
determining and complying with all appropriate safety, security, environmental, health, and interference
protection practices and all applicable laws and regulations.

5
Copyright © 2021 IEEE. All rights reserved

---------------------- Page: 8 ----------------------
ISO/IEC/IEEE 32675:2022(E)
Participants
At the time this IEEE standard was completed, the DevOps Working Group had the following membership:
Bob Aiello, Chair
Lynn Robert Carter, Secretary
Devora Aiello Bob Jenkins Annette Reilly
Sarah Baker Daniel Katzman Ayhan Tek
Jaynee Beach Ruth Lennon Mark Underwood
Kristian Beckers Nithyanandam Mathiyazhagan Altaz Valani
Subroto Bhattacharya Malu Milan Chris Walker
Paul Bruce Harvey Nusz Robert J. White
Simon Goldsmith Martin Radley Steve Woodward
Victoria Hailey Tafline Ramos Hasan Yasar
The following members of the individual Standards Association balloting group voted on this standard.
Balloters may have voted for approval, disapproval, or abstention.
Bob Aiello Piotr Karocki Stefan Schlichting
Johann Amsenga Daniel Katzman Stephen Schwarm
Bakul Banerjee Ralph Kearfott Subrato Sensharma
William Bearden Stuart Kerry Carl Singer
Juris Borzovs Edmund Kienast Friedrich Stallinger
Pieter Botman Yongbum Kim Thomas Starai
Lynn Robert Carter Naga Sai Kruthiventi Walter Struppler
Manuel Castro Thomas Kurihara Gerald Stueve
Ronald Dean Jim Lewis Max Turner
Teresa Doran Johnny Marques Mark-Rene Uchida
Andrew Fieldsend Rajesh Murthy Altaz Valani
Dan Friedman Nick S. A. Nikjoo John Vergis
David Fuschi Joanna Olszewska Marcel Winandy
Louis Gullo Beth Pumo
Hasan Yasar
Jon Hagar R. K. Rannow Yu Yuan
Victoria Hailey Annette Reilly Oren Yuen
Werner Hoelzl Robert Schaaf Janusz Zalewski
When the IEEE SA Standards Board approved this standard on 9 February 2021, it had the following
membership:
Gary Hoffman, Chair
Vacant Position, Vice Chair
John D. Kulick, Past Chair
Konstantinos Karachalios, Secretary
Edward A. Addy Daozhuang Lin Dorothy Stanley
Doug Edwards Kevin Lu Mehmet Ulema
Ramy Ahmed Fathy
Daleep C. Mohla Lei Wang
J. Travis Griffith Chenhui Niu F. Keith Waters
Thomas Koshy Damir Novosel Karl Weber
Joseph L. Koepfinger* Annette Reilly Sha Wei
David J. Law Jon Walter Rosdahl Howard Wolfman
Howard Li Daidi Zhong
*Member Emeritus
6
Copyright © 2021 IEEE. All rights reserved.

---------------------- Page: 9 ----------------------
ISO/IEC/IEEE 32675:2022(E)
Introduction
This introduction is not part of IEEE Std 2675™-2021, IEEE Standard for DevOps: Building Reliable and Secure
Systems Including Application Build, Package, and Deployment.
The complexity of software systems has increased to an unprecedented level. This has led to new
opportunities, but also to increased challenges for the organizations that create and utilize systems. One of
the greatest challenges has been to address the increased rate of change in modern development
methodologies, including agile and even rapid iterative development. These challenges exist throughout the
life cycle of a system and at all levels of architectural detail. This document highlights the manner in which
DevOps can help address the challenges inherent in accelerated development methodologies and achieve
end user goals for increased productivity and quality.
DevOps is an interdisciplinary approach and means to enable the realization of successful software
systems. It focuses on defining stakeholder needs and required functionality early in the development cycle,
documenting requirements, and performing design synthesis and system validation while considering the
complete problem. It integrates the disciplines and specialty groups into a team effort forming a structured
development process that proceeds from concept to production to operation and maintenance. It considers
both the business and the technical needs of stakeholders with the goal of providing a quality product that
meets the needs of users and other applicable stakeholders. This life cycle spans the conception of ideas
through to the retirement of a system. It provides the processes for acquiring and supplying systems. It
helps improve communication and cooperation among the parties that create, utilize, and manage modern
software systems. In addition, this framework provides for the assessment and improvement of the life
cycle processes.
This document is appropriate both for organizations that are unused to applying engineering process
standards, and for those who have used longstanding standards, who have the goal of implementing
effective information technology (IT) controls, embracing and managing risk, while enabling more rapid
development (higher velocity). Organizations that are already embracing IEEE standards can find IEEE Std
2675 to be essential in helping them to implement the DevOps transformation. Organizations that choose
IEEE Std 2675 as their first industry standard can subsequently apply a broader family of IEEE standards.
1
This document is closely aligned with the life cycle processes in ISO/IEC/IEEE 12207:2017 [B14] and
ISO/IEC/IEEE 15288:2015. Configuration management is the basis of DevOps and hence it is also closely
aligned with IEEE Std 828™ [B3], along with other related standards.
1
The numbers in brackets correspond to those of the bibliography in Annex A.
7
Copyright © 2021 IEEE. All rights reserved.

---------------------- Page: 10 ----------------------
ISO/IEC/IEEE 32675:2022(E)

Contents
1. Overview . 9
1.1 Scope . 9
1.2 Purpose .10
1.3 Word usage .10
2. Normative references .11
3. Definitions, acronyms, and abbreviations .11
3.1 Definitions .11
3.2 Acronyms and abbreviations .14
4. Conformance .16
4.1 Compliance criteria .16
4.2 Full conformance to outcomes .17
4.3 Full conformance to tasks .17
4.4 Tailored conformance .17
5. DevOps concepts .17
5.1 Value of DevOps .17
5.2 DevOps principles .18
5.3 DevOps and organizational culture .20
5.4 DevOps and life cycle processes .23
6. Relation of software life cycle processes to DevOps.23
6.1 Agreement processes .23
6.2 Organizational Project-Enabling processes .27
6.3 Technical Management processes .38
6.4 Technical processes .61
Annex A (informative) Bibliography .88





8
Copyright © 2021 IEEE. All rights reserved.

---------------------- Page: 11 ----------------------
ISO/IEC/IEEE 32675:2022(E)

IEEE Standard for DevOps:
Building Reliable and Secure Systems
Including Application Build, Package,
and Deployment
1. Overview
1.1 Scope
This document provides requirements and guidance on the implementation of DevOps to define, control,
and improve software life cycle processes. It applies within an organization or a project to build, package,
and deploy software and systems in a secure and reliable way. This document specifies practices to
collaborate and communicate effectively in groups including development, operations, and other key
stakeholders.
This document applies a common framework for software life cycle processes, with well-defined
terminology. It contains processes, activities, and tasks that are to be applied to the full life cycle of
software systems, products, and services, including conception, development, production, utilization,
support, and retirement. It also applies to the acquisition and supply of software systems, whether
performed internally or externally to an organization. These life cycle processes are accomplished through
the involvement of stakeholders, with the ultimate goal of achieving customer satisfaction. The life cycle
processes of this document can be applied concurrently, iteratively, and recursively to a software system
and incrementally to its elements.
This document applies to software systems, products, and services, and the software portion of any system.
Software includes the software portion of firmware. Those aspects of system definition needed to provide
the context for software systems, products, and services are included.
There is a wide variety of software systems in terms of their purpose, domain of application, complexity,
size, novelty, adaptability, quantities, locations, life spans, and evolution. This document describes the
processes that comprise the life cycle of software systems. It therefore applies to one-of-a-kind software
systems, software systems for wide commercial or public distribution, and customized, adaptable software
systems. It also applies to a complete stand-alone software system and to software systems that are
embedded and integrated into larger, more complex, and complete systems.
9
Copyright © 2021 IEEE. All rights reserved.

---------------------- Page: 12 ----------------------
ISO/IEC/IEEE 32675:2022(E)
IEEE Std 2675-2021
IEEE Standard for DevOps: Building Reliable and Secure Systems Including Application Build, Package, and Deployment
1.2 Purpose
The purpose of this standard is to specify required practices for operations, development, and other key
stakeholders to collaborate and communicate to deploy systems and applications in a secure and reliable
way. This document provides a defined set of processes and methods to facilitate DevOps principles and
practices, including improved communication between stakeholders throughout the systems life cycle, not
just during development and operations. This document is written for DevOps stakeholders, which
includes, but is not limited to, acquirers, suppliers, developers, integrators, operators, maintainers,
managers, quality assurance managers, compliance managers, auditors, and users of software systems,
products, and services. It can be used by a single organization in a self-imposed mode or in a multi-party
situation. Parties can be from the same organization or from different organizations, and the situation can
range from an informal agreement to a formal contract.
The processes in this document can be used as a basis for implementing DevOps while establishing
organizational environment
...