Software delivery is not deployment. Delivery hands over the software to the customer, while deployment installs and provisions the software to the production environment. We have to be cautious about the term CD. Does it mean continuous delivery or continuous deployment? Both share the same acronym but convey different ideas. Software or application is only one part of the information system that shall be certified and accredited (C&A) to get the authorization to operate (ATO). In other words, the information system is authorized instead of the software alone. Continuous deployment may not comply with the C&A process. It’s a security concern that the software development or IT operations team often ignores when implementing continuous deployment.
Quality refers to the “degree to which a set of inherent characteristics of an object fulfills requirements.” (ISO/TS 82304-2)
Software refers to “all or part of the programs, procedures, rules and associated documentation of an information-processing system.” (ISO 17894)
“In software development, a build is the process of converting source code files into standalone software artifact(s) that can be run on a computer, or the result of doing so.” (Wikipedia)
ISO Standards
- ISO/IEC/IEEE 15288:2023
Systems and software engineering — System life cycle processes - ISO/IEC/IEEE 12207:2017
Systems and software engineering — Software life cycle processes - ISO 9001:2015
Quality management systems — Requirements - ISO/IEC 20000-1:2018
Information technology — Service management — Part 1: Service management system requirements - ISO/IEC 19770-1:2017
Information technology — IT asset management — Part 1: IT asset management systems — Requirements - ISO/IEC 27000:2018
Information technology — Security techniques — Information security management systems — Overview and vocabulary