Engineering, Life Cycle Stages, and Processes

NIST SP 800-160 V1 and ISO 15288
NIST SP 800-160 V1 and ISO 15288


  • Engineering is an approach that involves a set of processes to develop a solution, which can be a system, software, or any deliverable, transformed from stakeholders’ requirements and support the solution throughout its life. (short version)
  • Engineering is an approach that involves a set of processes of applying knowledge and skills to understand and manage stakeholders’ requirements, propose and implement a solution to address those requirements, and utilize and support that solution to create value persistently until its retirement. (long version)
  • Systems and software engineering are engineering approaches to deliver systems or software as a solution.

Systems Engineering

Systems Engineering is an interdisciplinary approach and means to enable the realization of successful systems.
– It focuses on defining stakeholder needs and required functionality early in the development cycle, documenting requirements, then proceeding with design synthesis and system validation while considering the complete problem.
– It integrates all the disciplines and specialty groups into a team effort forming a structured development process that proceeds from concept to production to operation.
– It considers both the business and the technical needs of all stakeholders with the goal of providing a quality product that meets the needs of users and other applicable stakeholders. This life cycle spans the conception of ideas through to the retirement of a system.
– It provides the processes for acquiring and supplying systems.
– It helps to improve communication and cooperation among the parties that create, utilize and manage modern systems in order that they can work in an integrated, coherent fashion.

Source: ISO/IEC/IEEE 15288:2015 Systems and software engineering — System life cycle processes

SDLC: System or Software?
SDLC: System or Software?

Life Cycle

Every person has his or her own life, so does a system or software. The life cycle of systems or software differs. A system or software life cycle typically comprises a collection of processes (aka life cycle processes) conducted across stages (or phases) from its inception to retirement in engineering.

The term “development” in the system or software development life cycle (SDLC) has been misleading because it implies “building,” “making,” “constructing,” or “implementing” something. However, it’s far from possible nowadays for an organization to “develop” alone without any procurement or acquisition. Procurement means buying something from suppliers, while acquisition is used in a broader sense to refer to getting anything from any parties paid or for free.


The stages of a life cycle vary. Organizations tend to tailor life cycle stages based on an engineering approach and may iterate the life cycle in a project. ISO/IEC 15288 proposes life cycle processes but doesn’t prescribe six stages in the system life cycle (SLC).


It’s not uncommon that the processes conducted across life cycles vary from time to time. However, the revised ISO/IEC/IEEE 15288:2015 and ISO/IEC/IEEE 12207:2017 are intended to achieve a fully harmonized view of the system and software life cycle processes.

A process is typically conducted across the life cycle with various degrees. Verification and validation are primary processes conducted in the commonly known “testing” or “test” stage. However, requirements, designs, work products, deliverables, final products, etc., can and should be verified and validated in different stages.

The 4 phases and 9 disciplines of the Rational Unified Process
The 4 phases and 9 disciplines of the Rational Unified Process (Image Credit: Humberto Cervantes)



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

Leave a Reply