Good Practice Guidelines for Software Engineering in New Zealand

ID= 116 IACUTE /> ID= 293 UDBLACUTE /> AFII10084 /> ID= 443 NCEDILLA /> ID= 452 RCEDILLA /> ID= 117 IGRAVE /> ID= 294 UDBLACUTE /> AFII10085 /> ID= 444 ID= 453 NCEDILLA /> SCIRCUMFLEX /> ID= 118 ICIRCUMFLEX /> ID= 295 ZACUTE /> AFII10086 /> ID= 445 ID= 454 ENG /> SCIRCUMFLEX /> ID= 119 IDIERESIS /> ID= 296 ZACUTE /> AFII10087 /> ID= 446 ID= 455 ENG /> TBAR /> ID= 120 NTILDE /> ID= 297 ZDOT /> AFII10088 /> ID= 447 ID= 456 OMACRON /> TBAR /> ID= 121 OACUTE /> ID= 298 ZDOT /> AFII10089 /> ID= 448 ID= 457 OMACRON /> UTILDE /> ID= 122 OGRAVE /> ID= 299 GAMMA /> AFII10090 /> ID= 449 ID= 458 OBREVE /> UTILDE /> ID= 123 OCIRCUMFLEX /> ID= 300 THETA /> AFII10091 /> ID= 450 ID= 459 OBREVE /> UMACRON /> ID= 124 ODIERESIS /> ID= 301 PHI /> AFII10092 /> ID= 451 ID= 460 RCEDILLA /> UMACRON /> ID= 125 OTILDE /> ID= 302 ALPHA /> AFII10093 /> ID= 452 ID= 461 RCEDILLA /> UBREVE /> ID= 126 UACUTE /> ID= 303 DELTA /> AFII10094 /> ID= 453 ID= 462 SCIRCUMFLEX /> UBREVE /> ID= 127 UGRAVE /> ID= 304 EPSILON /> AFII10095 /> ID= 454 ID= 463 SCIRCUMFLEX /> UOGONEK /> ID= 128 UCIRCUMFLEX /> ID= 305 SIGMA /> AFII10096 /> ID= 455 ID= 464 TBAR /> UOGONEK /> ID= 129 UDIERESIS /> ID= 306 TAU /> AFII10097 /> ID= 456 ID= 465 TBAR /> WCIRCUMFLEX /> ID= 130 DAGGER /> ID= 307 PHI /> AFII10071 /> ID= 457 ID= 466 UTILDE /> WCIRCUMFLEX /> ID= 131 DEGREE /> ID= 308 UNDERSCOREDBL /> AFII10099 /> ID= 458 ID= 467 UTILDE /> YCIRCUMFLEX /> ID= 132 CENT /> ID= 309 EXCLAMDBL /> AFII10100 /> ID= 459 ID= 468 UMACRON /> YCIRCUMFLEX /> ID= 133 STERLING /> ID= 310 NSUPERIOR /> AFII10101 /> ID= 460 ID= 469 UMACRON /> LONGS /> ID= 134 SECTION /> ID= 311 PESETA /> AFII10102 /> ID= 461 ID= 470 UBREVE /> ARINGACUTE /> ID= 135 BULLET /> ID= 312 ARROWLEFT /> AFII10103 /> ID= 462 ID= 471 UBREVE /> ARINGACUTE /> ID= 136 PARAGRAPH /> ID= 313 ARROWUP /> AFII10104 /> ID= 463 ID= 472 UOGONEK /> AEACUTE /> ID= 137 GERMANDBLS /> ID= 314 ARROWRIGHT /> AFII10105 /> ID= 464 ID= 473 UOGONEK /> AEACUTE /> ID= 138 REGISTERED /> ID= 315 ARROWDOWN /> AFII10106 /> ID= 465 ID= 474 WCIRCUMFLEX /> OSLASHACUTE /> ID= 139 COPYRIGHT /> ID= 316 ARROWBOTH /> AFII10107 /> ID= 466 ID= 475 WCIRCUMFLEX /> OSLASHACUTE /> ID= 140 TRADEMARK /> ID= 317 ARROWUPDN /> AFII10108 /> ID= 467 ID= 476 YCIRCUMFLEX /> ANOTELEIA /> ID= 141 ACUTE /> ID= 318 ARROWUPDNBSE /> AFII10109 /> ID= 468 ID= 477 YCIRCUMFLEX /> WGRAVE /> ID= 142 DIERESIS /> ID= 319 ORTHOGONAL /> AFII10110 /> ID= 469 ID= 478 LONGS /> WGRAVE /> ID= 143 NOTEQUAL /> ID= 320 INTERSECTION /> AFII10193 /> ID= 470 ID= 479 ARINGACUTE /> WACUTE /> ID= 144 AE /> ID= 321 EQUIVALENCE /> AFII10050 /> ID= 471 ID= 480 ARINGACUTE /> WACUTE /> ID= 145 OSLASH /> ID= 322 HOUSE /> AFII10098 /> ID= 472 ID= 481 AEACUTE /> WDIERESIS /> ID= 146 INFINITY /> ID= 323 REVLOGICALNOT /> AFII00208 /> ID= 473 ID= 482 AEACUTE /> WDIERESIS /> ID= 147 PLUSMINUS /> ID= 324 INTEGRALTP /> AFII61352 /> ID= 474 ID= 483 OSLASHACUTE /> YGRAVE /> ID= 148 LESSEQUAL /> ID= 325 INTEGRALBT /> PI /> ID= 475 ID= 484 OSLASHACUTE /> YGRAVE /> ID= 149 GREATEREQUAL /> ID= 326 SF100000 /> SHEVA /> ID= 476 ID= 485 ANOTELEIA /> QUOTEREVERSED /> ID= 150 YEN /> ID= 327 SF110000 /> HATAFSEGOL /> ID= 477 ID= 486 WGRAVE /> RADICALEX /> ID= 151 MU1 /> ID= 328 SF010000 /> HATAFPATAH /> ID= 478 ID= 487 WGRAVE /> AFII08941 /> ID= 152 PARTIALDIFF /> ID= 329 SF030000 /> HATAFQAMATS /> ID= 479 ID= 488 WACUTE /> ESTIMATED /> ID= 153 SUMMATION /> ID= 330 SF020000 /> HIRIQ /> ID= 480 ID= 489 WACUTE /> ONEEIGHTH /> ID= 154 PRODUCT /> ID= 331 SF040000 /> TSERE /> ID= 481 ID= 490 WDIERESIS /> THREEEIGHTHS /> ID= 155 PI1 /> ID= 332 SF080000 /> SEGOL /> ID= 482 ID= 491 WDIERESIS /> FIVEEIGHTHS /> ID= 156 INTEGRAL /> ID= 333 SF090000 /> PATAH /> ID= 483 ID= 492 YGRAVE /> SEVENEIGHTHS /> ID= 157 ORDFEMININE /> ID= 334 SF060000 /> QAMATS /> ID= 484 ID= 493 YGRAVE /> COMMAACCENT /> ID= 158 ORDMASCULINE /> ID= 335 SF070000 /> HOLAM /> ID= 485 ID= 494 QUOTEREVERSED /> UNDERCOMMAACCENT /> ID= 159 OHM /> ID= 336 SF050000 /> QUBUTS /> ID= 486 ID= 495 RADICALEX /> TONOS /> ID= 160 AE /> ID= 337 SF430000 /> DAGESH /> ID= 487 ID= 496 AFII08941 /> DIERESISTONOS /> ID= 161 OSLASH /> ID= 338 SF240000 /> METEG /> ID= 488 ID= 497 ESTIMATED /> ALPHATONOS /> ID= 162 QUESTIONDOWN /> ID= 339 SF510000 /> MAQAF /> ID= 489 ID= 498 ONEEIGHTH /> EPSILONTONOS /> ID= 163 EXCLAMDOWN /> ID= 340 SF520000 /> RAFE /> ID= 490 ID= 499 THREEEIGHTHS /> ETATONOS /> ID= 164 LOGICALNOT /> ID= 341 SF390000 /> PASEQ /> ID= 491 ID= 500 FIVEEIGHTHS /> IOTATONOS /> ID= 165 RADICAL /> ID= 342 SF220000 /> SHINDOT /> ID= 492 ID= 501 SEVENEIGHTHS /> OMICRONTONOS /> ID= 166 FLORIN /> ID= 343 SF210000 /> SINDOT /> ID= 493 ID= 502 COMMAACCENT /> UPSILONTONOS /> ID= 167 APPROXEQUAL /> ID= 344 SF250000 /> SOFPASUQ /> ID= 494 ID= 503 UNDERCOMMAACCENT /> OMEGATONOS /> ID= 168 DELTA /> ID= 345 SF500000 /> ALEF /> ID= 495 ID= 504 TONOS /> IOTADIERESISTONOS /> ID= 169 GUILLEMOTLEFT /> ID= 346 SF490000 /> BET /> ID= 496 ID= 505 DIERESISTONOS /> ALPHA /> ID= 170 GUILLEMOTRIGHT /> ID= 347 SF380000 /> GIMEL /> ID= 497 ID= 506 ALPHATONOS /> BETA /> ID= 171 ELLIPSIS /> ID= 348 SF280000 /> DALET /> ID= 498 ID= 507 EPSILONTONOS /> DELTA#1 /> ID= 172 AGRAVE /> ID= 349 SF270000 /> HE /> ID= 499 ID= 508 ETATONOS /> EPSILON /> ID= 173 ATILDE /> ID= 350 SF260000 /> VAV /> ID= 500 ID= 509 IOTATONOS /> ZETA /> ID= 174 OTILDE /> ID= 351 SF360000 /> ZAYIN /> ID= 501 ID= 510 OMICRONTONOS /> ETA /> ID= 175 OE /> ID= 352 SF370000 /> HET /> ID= 502 ID= 511 UPSILONTONOS /> IOTA /> ID= 176 OE /> ID= 353 SF420000 /> TET /> ID= 503 ID= 512 OMEGATONOS /> KAPPA /> ID= 177 ENDASH /> ID= 354 SF190000 /> YOD /> ID= 504 ID= 513 IOTADIERESISTONOS /> LAMBDA /> ID= 178 EMDASH /> ID= 355 SF200000 /> FINALKAF /> ID= 505 ID= 514 ALPHA /> MU /> ID= 179 QUOTEDBLLEFT /> ID= 356 SF230000 /> KAF /> ID= 506 ID= 515 BETA /> NU /> ID= 180 QUOTEDBLRIGHT /> ID= 357 SF470000 /> LAMED /> ID= 507 ID= 516 DELTA#1 /> XI /> ID= 181 QUOTELEFT /> ID= 358 SF480000 /> FINALMEM /> ID= 508 ID= 517 EPSILON /> OMICRON /> ID= 182 QUOTERIGHT /> ID= 359 SF410000 /> MEM /> TION! --> ID= 509 ID= 518 ZETA /> PI /> ID= 183 DIVIDE /> ID= 360 SF450000 /> FINALNUN /> ID= 510 ID= 519 ETA /> RHO /> ID= 184 LOZENGE /> ID= 361 SF460000 /> NUN /> ID= 511 ID= 520 IOTA /> SIGMA /> ID= 185 YDIERESIS /> ID= 362 SF400000 /> SAMEKH /> ID= 512 ID= 521 KAPPA /> TAU /> ID= 186 YDIERESIS /> ID= 363 SF540000 /> AYIN /> ID= 513 ID= 522 LAMBDA /> UPSILON /> ID= 187 FRACTION /> ID= 364 SF530000 /> FINALPE /> ID= 514 ID= 523 MU /> CHI /> ID= 188 ID= 524 EURO /> ID= 365 PSI /> SF440000 /> PE /> ID= 515 NU /> ID= 189 ID= 525 GUILSINGLLEFT /> ID= 366 OMEGA /> UPBLOCK /> FINALTSADI /> ID= 516 XI /> ID= 190 ID= 526 GUILSINGLRIGHT /> ID= 367 IOTADIERESIS /> DNBLOCK /> TSADI /> ID= 517 OMICRON /> ID= 191 ID= 527 FI /> ID= 368 UPSILONDIERESIS /> BLOCK /> QOF /> ID= 518 PI /> ID= 192 ID= 528 FL /> ID= 369 ALPHATONOS /> LFBLOCK /> RESH /> ID= 519 RHO /> ID= 193 ID= 529 DAGGERDBL /> ID= 370 EPSILONTONOS /> RTBLOCK /> SHIN /> ID= 520 SIGMA /> ID= 194 ID= 530 PERIODCENTERED /> ID= 371 ETATONOS /> LTSHADE /> TAV /> ID= 521 TAU /> ID= 195 ID= 531 QUOTESINGLBASE /> ID= 372 IOTATONOS /> SHADE /> DOUBLEVAV /> ID= 522 UPSILON /> ID= 196 ID= 532 QUOTEDBLBASE /> ID= 373 UPSILONDIERESISTON DKSHADE /> VAVYOD /> ID= 523 CHI /> OS /> ID= 197 PERTHOUSAND /> ID= 374 FILLEDBOX /> DOUBLEYOD /> ID= 524 PSI /> ID= 198 ID= 533 ACIRCUMFLEX /> ID= 375 BETA /> FILLEDRECT /> GERESH /> ID= 525 OMEGA /> ID= 199 ID= 534 ECIRCUMFLEX /> ID= 376 GAMMA /> TRIAGUP /> GERSHAYIM /> ID= 526 IOTADIERESIS /> ID= 200 ID= 535 AACUTE /> ID= 377 ZETA /> TRIAGRT /> NEWSHEQELSIGN /> ID= 527 UPSILONDIERESIS /> ID= 201 ID= 536 EDIERESIS /> ID= 378 ETA /> TRIAGDN /> VAVSHINDOT /> ID= 528 ALPHATONOS /> ID= 202 ID= 537 EGRAVE /> ID= 379 THETA /> TRIAGLF /> FINALKAFSHEVA /> ID= 529 EPSILONTONOS /> ID= 203 ID= 538 IACUTE /> ID= 380 IOTA /> CIRCLE /> FINALKAFQAMATS /> ID= 530 ETATONOS /> ID= 204 ID= 539 ICIRCUMFLEX /> ID= 381 KAPPA /> INVBULLET /> LAMEDHOLAM /> ID= 531 IOTATONOS /> ID= 205 ID= 540 IDIERESIS /> ID= 382 LAMBDA /> INVCIRCLE /> LAMEDHOLAMDAGESH /> ID= 532 UPSILONDIERESISTONOS /> ID= 206 ID= 541 IGRAVE /> ID= 383 MU /> SMILEFACE /> ALTAYIN /> ID= 533 BETA /> ID= 207 ID= 542 OACUTE /> ID= 384 NU /> INVSMILEFACE /> SHINSHINDOT /> ID= 534 GAMMA /> ID= 208 ID= 543 OCIRCUMFLEX /> ID= 385 XI /> SUN /> SHINSINDOT /> ID= 535 ZETA /> ID= 209 ID= 544 OGRAVE /> ID= 386 OMICRON /> FEMALE /> SHINDAGESHSHINDOT /> ID= 536 ETA /> ID= 210 ID= 545 UACUTE /> ID= 387 RHO /> MALE /> SHINDAGESHSINDOT /> ID= 537 THETA /> ID= 211 ID= 546 UCIRCUMFLEX /> ID= 388 SIGMA1 /> SPADE /> ALEFPATAH /> ID= 538 IOTA /> ID= 212 ID= 547 UGRAVE /> ID= 389 UPSILON /> CLUB /> ALEFQAMATS /> ID= 539 KAPPA /> ID= 213 ID= 548 DOTLESSI /> ID= 390 CHI /> HEART /> ALEFMAPIQ /> ID= 540 LAMBDA /> ID= 214 ID= 549 CIRCUMFLEX /> ID= 391 PSI /> DIAMOND /> BETDAGESH /> ID= 541 MU /> ID= 215 ID= 550 TILDE /> ID= 392 OMEGA /> MUSICALNOTE /> GIMELDAGESH /> ID= 542 NU /> ID= 216 ID= 551 MACRON /> ID= 393 IOTADIERESIS /> MUSICALNOTEDBL /> DALETDAGESH /> ID= 543 XI /> ID= 217 ID= 552 BREVE /> ID= 394 UPSILONDIERESIS /> IJ /> HEDAGESH /> ID= 544 OMICRON /> ID= 218 ID= 553 DOTACCENT /> ID= 395 OMICRONTONOS /> IJ /> VAVDAGESH /> ID= 545 RHO /> ID= 219 ID= 554 RING /> ID= 396 UPSILONTONOS /> NAPOSTROPHE /> ZAYINDAGESH /> ID= 546 SIGMA1 /> ID= 220 ID= 555 CEDILLA /> ID= 397 OMEGATONOS /> MINUTE /> TETDAGESH /> ID= 547 UPSILON /> ID= 221 ID= 556 HUNGARUMLAUT /> ID= 398 AFII10023 /> SECOND /> YODDAGESH /> ID= 548 CHI /> ID= 222 ID= 549 ID= 557 OGONEK /> PSI /> ID= 399 AFII10051 /> AFII61248 /> FINALKAFDAGESH /> ID= 223 ID= 550 ID= 558 CARON /> OMEGA /> ID= 400 AFII10052 /> AFII61289 /> KAFDAGESH /> ID= 224 ID= 551 ID= 559 LSLASH /> IOTADIERESIS /> ID= 401 AFII10053 /> H22073 /> LAMEDDAGESH /> ID= 225 ID= 552 ID= 560 LSLASH /> UPSILONDIERESIS /> ID= 402 AFII10054 /> H18543 /> MEMDAGESH /> ID= 226 ID= 553 ID= 561 SCARON /> OMICRONTONOS /> ID= 403 AFII10055 /> H18551 /> NUNDAGESH /> ID= 227 ID= 554 ID= 562 SCARON /> UPSILONTONOS /> ID= 404 AFII10056 /> H18533 /> SAMEKHDAGESH /> ID= 228 ID= 555 ID= 563 ZCARON /> OMEGATONOS /> ID= 405 AFII10057 /> OPENBULLET /> FINALPEDAGESH /> ID= 229 ID= 556 ID= 564 ZCARON /> AFII10023 /> ID= 406 AFII10058 /> AMACRON /> PEDAGESH /> ID= 230 ID= 557 ID= 565 BROKENBAR /> AFII10051 /> ID= 407 AFII10059 /> AMACRON /> TSADIDAGESH /> ID= 231 ID= 558 ETH /> AFII10052 /> ID= 408 CCIRCUMFLEX /> QOFDAGESH /> ID= 232 ID= 559 ETH /> AFII10053 /> ID= 409 CCIRCUMFLEX /> RESHDAGESH /> ID= 233 ID= 560 YACUTE /> AFII10054 /> ID= 410 CDOT /> SHINDAGESH /> ID= 234 ID= 561 YACUTE /> AFII10055 /> ID= 411 CDOT /> TAVDAGES /> ID= 562 AFII10056 /> ID= 412 EMACRON /> VAVHOLAM /> ID= 563 AFII10057 /> ID= 413 EMACRON /> BETRAFE /> KAFRAFE /> ID= 564 AFII10058 /> PERAFE /> ID= 565 AFII10059 /> ID= 566 AFII10060 /> Good Practice Guidelines for Software Engineering in New Zealand March 2007 The New Zealand Computer Society Inc.

2

CONTENTS Minister s Foreword Foreword Introduction What Is Different About Software? Why Worry About Software Engineering Process Standards? How Can Engineering Standards Help Software Development? How Can Standards Help Software-intensive System Operations? Conclusion Acknowledgements References Appendix 1: Examples of Key Software Development and Operations Engineering Process Standards 2 3 4 5 5 6 13 15 15 16 18 1

MINISTER S FOREWORD New Zealand s future economic development and international competitiveness is reliant upon improving our digital capability, infrastructures and skills across government, the business sector and communities. These aims are brought together in the Labour-led Government s Digital Strategy. Underpinning many of these areas is reliance upon international good practice and conformance with internationallyrecognised standards. In the area of software engineering standards IPENZ has taken a leadership role and developed Good Practice Guidelines for Software Engineering in New Zealand. Increasingly, New Zealand software development companies will need to conform to accepted international benchmarks in order to remain internationally competitive. These guidelines mean that New Zealand companies will have a point of reference for the standards required by the global software market when developing new products. The Government recognises that these guidelines are important. Industry-led initiatives, such as the development of these guidelines, assist in New Zealand s transformation into an innovative, knowledge-based, internationallycompetitive economy. Therefore, I commend the Institution and its collaborators for undertaking this valuable work. Hon David Cunliffe 2

FOREWORD New Zealand s economic development relies on good practices for developing and operating software-intensive systems. Moreover, to strengthen New Zealand s export competitiveness both in terms of cost structures and delivered product quality software development organisations must adopt the good practices already being used elsewhere around the world. The fi nancial transaction component of our economy has been largely digital for many years now. We are also rapidly implementing digital government through initiatives fl owing from the Government s Digital Strategy. But these critical infrastructures for our 21st century economy fundamentally rely on trustworthy softwareintensive systems. Already our society is highly dependent on software intensive systems, and in turn their defi nition, development, implementation and operations. Obvious everyday examples include: electronic cash registers used for virtually all purchasing whatever the fi nal payment mechanism might be stock control systems monitoring and control systems for public utilities, transportation systems and health care rapid and easy web-based access to government-held information industrial control systems Building and operating these kinds of critical systems are dependent on good practices across the whole softwareintensive system lifecycle, such as those codifi ed by international software engineering standards and maturity frameworks. While slavishly following good practices won t guarantee reliable or cost-effective development and operations, poor or mediocre practices make reliability and effectiveness a matter of chance rather than good management. There are many other reasons for referring to documented good practices. They: foster traceability of features delivered to meet customers requirements describe ways of avoiding risks caused by the failure of software-intensive systems provide checklists of procedures and practices that improve the overall effi ciency of software development processes encompass considerations for building in and maintaining security, privacy and resilience to malicious attacks In short, good practices as embodied in international software standards and frameworks are the roadmaps towards a disciplined approach to software systems development and operations. 3

INTRODUCTION 4 Engineers like solving problems especially diffi cult problems. Although it has become relatively easy to commission hardware for information technology, many non-trivial problems continue to plague software development and operational processes. Software engineering problems have remained hard. Many of the good practices in other engineering disciplines have been codifi ed and are enforced in nationally and internationally accepted standards. However, this doesn t generally apply to software development and operations in New Zealand. There is plenty of room for improvement in referencing to and conforming (J Moore, personal communication) 1 with software engineering process standards in New Zealand (Sung and Paynter, 2006). While not a silver bullet solution (Brooks, 2003) to all software problems, software engineering standards can support improvement in software development and operations. Software engineering standards can also help reduce costs and complexity when specifying and evaluating components incorporating software in larger systems. International standards in software and system engineering are also excellent references for good practice in software development and operations. Along with international economic, legal and cultural requirements, internationally accepted software engineering process standards are becoming increasingly important. Software intensive systems development and operations can be undertaken anywhere in the world for clients anywhere in the world. So, at whatever scale they operate, New Zealand software developers will increasingly be at a competitive disadvantage if they cannot demonstrate knowledge of and adherence to software engineering standards. Successful export of valueadded products that rely on software-controlled processes for manufacture, quality assurance and inventory control will also increasingly depend on demonstrable conformance and possibly obligatory compliance to software engineering process standards. The following are some international and New Zealand examples of guidelines or requirements to comply with software engineering standards or quasi-standards: The Payment Card Industry (PCI) Security Standards Council s Data Security Standards (DSS) (2006) which include requirements to develop software applications based on industry best practices and incorporate information security throughout the software development lifecycle and to develop all web applications based on secure coding guidelines such as the Open Web Application Security Project guidelines. The Association for Computing Machinery s studies of implementing voter registration databases (2006) (equivalent to New Zealand s electoral roll system) concludes that e-voting systems technology, if engineered and tested carefully, and if deployed with safeguards against failure, can strengthen [the USA s] voting system, but we still have work to do in meeting these goals (Spafford, 2006). In New Zealand, issues with Student Management Systems (SMS) for use in primary and secondary schools led to the Ministry of Education initiating an SMS accreditation process so schools would have reliable and consistent data about the various SMS packages available in the New Zealand market (2005). In addition to reviewing the functionality of the SMS applications, The Ministry also reviewed suppliers business organisation, supply of application support services, software development management and quality assurance, and technology roadmaps. The New Zealand Government s Communications Security Bureau s Security of Information Technology publication NZSIT 400 (2005) which provides guidance to government agencies for managing the risks of sharing information and includes reference to various international IT security standards. Software engineering process standards can be used in essentially two ways (Christensen and Thayer, 2001): to defi ne the right things to do as normative reference model codifi cations of good practices to guide software engineering processes the implicit assumption being that the quality of a software-intensive system is directly infl uenced by the quality of the development and operational processes to measure whether the right things are being done that is, the degree of conformance to codifi cations 2 of good practices often expressed as a score derived from a process maturity level framework This document identifi es some sources of software engineeringspecifi c process standards to which practising professional engineers in New Zealand might want to refer, and it identifi es situations when standards might be useful (J Dietrich, personal communication). 3 1 Moore notes that the preferred nomenclature is to conform, which connotes voluntary agreement to standards, as opposed to to comply, which carries a meaning of enforced obligation. 2 A normative document prescribes what an engineer should do in a specifi ed situation rather than providing information that might be helpful. The normative literature is validated by consensus formed among practitioners and is concentrated in standards and related documents. (ISO/IEC 19759) 3 In addition to the standards mentioned in [this document] there are several de-facto standards. These standards are not (yet) maintained by an international standard body but are either promoted by vendors and consultancy fi rms (example: IBM s Rational Unifi ed Process RUP) or by communities like the Agile Alliance, http://www.agilealliance.org/ Examples include: Extreme Programming XP, Scrum, FDD. The existence of these de-facto standards refl ects the very nature of the software industry where technology and methodologies used change frequently and [international] standard bodies are not agile enough to refl ect this.

WHAT IS DIFFERENT ABOUT SOFTWARE? In essence, software is a set of instructions to carry out a sequence of actions resulting in a set of observable states, each state being dependent on some or all previous inputs and intermediate states. A useful metaphor for both software and its development is solving a scrambled Rubik s cube. The initial state and goal state can be well defi ned but a variety of action sequences ( algorithms or procedures ) can be taken to achieve the desired result. In practice, not all new individuals entering the domain of software development and operations have trained in computer science or software engineering. Even if they have computing degrees, they may never have learnt about what has been done by people before them. Many [of these] people purposely ignore the lessons of the past. It may take a major project failure before these people realise that the problems they encountered were neither new nor unique. (Endres and Rombach, 2003) Other engineering disciplines are generally well supported by science-based knowledge. However, the industrial practices of software engineering are not generally well supported by the theories of computer science. For example, there is little support from robust, well-accepted theories and abstractions about quantifying the complexities of real-world problem spaces. WHY WORRY ABOUT SOFTWARE ENGINEERING PROCESS STANDARDS? Professional engineers involved in specifying, developing, evaluating or managing software or specifying and evaluating systems incorporating software-intensive components should ask the following questions: To what extent should, and does, the development process comply with recognised standards? Are the standards complied with appropriate for the development being undertaken? What are the potential problems that could arise if the software fails to perform as required? As articulated in IEC 61508 and the accompanying paper (Durdle, 2006), this should be assessed and expressed in similar terms to the outcomes of a hardware engineering risk analysis. If there is some degree of non-compliance, what is the impact on the process, the software or system being delivered and the resulting risks? If the client is not aware of or concerned about compliance to appropriate standards, how should the impacts of the above be communicated? In general, we can t accurately estimate how much effort should be required to solve a given software development problem unless we have solved a very similar problem before (Brooks, 2003). Empirical information about the effort and cost involved in successful software development is generally only anecdotal or proprietary in nature. The tie back to universal physical laws and constraints and the experiences of having solved numerous tangible engineering problems have very limited applicability in software development. Furthermore, unlike a physical structure, it can be very diffi cult to discern the overall software architecture and quality attributes of a software system by examining the code implementing the system s algorithms (Baragry and Reed, 2001). This accounts for the signifi cant effort required to reconstruct the software architecture of an operating system once the original creators have moved on and knowledge of the decision-making considerations that resulted in the design is lost (O Brien et al, 2002; P Kruchten, personal communication; Kruchten, 2004). It s about as easy as reconstructing a pig from a sausage (Eastwood, 1993). 5

HOW CAN ENGINEERING STANDARDS HELP SOFTWARE DEVELOPMENT? 6 Software engineering is the part of systems engineering (Doran, 2006) 4 that deals with the systematic development, evaluation and maintenance of software. Software engineering standards can provide the equivalent of instructions to cheat by disassembling the Rubik s cube and piecing it back to achieve a desired result. While standards can provide guidance as to how to decompose the total problem space into coordinated component problems, they won t tell the developer how to create new algorithmic procedures. So in that sense, standards are only part of an engineering approach to software system development. But they can form the basis of a robust, auditable and repeatable quality management approach to tackling the hard problems of software-intensive large-system development. Some of the advantages of conforming with software engineering standards include (E Tempero, personal communication): risk management process standards have often been formulated purposefully to identify, address, reduce and avoid risk, as discussed in Best Practice Guidelines for Risk Management of Software-based Systems (IPENZ, 2006) predictability by following consistent processes the resource requirements for similar kinds of activity will become easier to identify and estimate audit to satisfy customers expectations that appropriate processes have been followed to produce the end product, much as Producer Statements do to comply with the Building Act 1991 health and safety requirements particularly in order to demonstrate that appropriate design consideration has been taken for life-critical and safety-critical software systems service differentiation as a marketing feature, demonstrable adherence to standards might well be perceived as added value by customers who can choose between alternative suppliers of software engineering services However, some factors to consider before mandating heavyweight software engineering process standards are (Glass, 2003; Garcia, 2005): size matters small development projects that involve a handful of developers are vastly easier than larger projects application domain matters for example the mathematical formalism often needed for scientifi c applications is typically unnecessary for business oriented software intensive systems criticality matters if lives or vast sums of money are impacted by the results of a project it should be treated carefully, especially in respect to reliability requirements innovativeness matters if the problem being addressed is quite unlike one previously solved, an exploratory and less process-driven approach to its solution may be appropriate what the competition is doing matters complying with software engineering process standards might well become a requirement for entry into some markets, or remaining in existing markets poor performance matters adopting software engineering process standards might help solve diffi culties in getting the right quality level of software delivered to customers on time and within budget required investment matters adopting software engineering process standards incurs costs in terms of process development, deployment, maintenance and appraisal organisational culture matters key considerations include business strategy and goals, embedded work practices, potential for transformation and the appetite for change Nevertheless, software engineering process standards are important to software quality assurance as they codify good practices and they go a long way to address the distinctive problems of non-trivial software development noted above. The assumption that software engineering process standards are too expensive and diffi cult for implementation by small-sized software development organisations is challenged by reported successes from using tailored approaches for example in Australia (Cater-Steel, 2004), Brazil (von Wangenheim et al, 2006) and various countries in Europe (Lawthers, 1999). An historical issue was the proliferation of software engineering standards and standards setting bodies, resulting in the quip the nice thing about standards is that there are so many to choose from. 5 At one time, 55 producers of software engineering standards were active publishing more than 300 standards (Magee and Thiele, 2004). However, this quagmire (Sheard, 2000) has now solidifi ed to a smaller set of key producers and standards (Moore, 1998; Brotbeck et al, 1999). From a New Zealand perspective, the key internationally accepted software engineering development process standards (and quasi standards) producers are: IEC the International Electrotechnical Commission ISO the International Organization for Standardization JTC1 the ISO/IEC Joint Technical Committee and its subcommittees working on IT standards IEEE the Institute of Electrical and Electronics Engineers, Software and Systems Engineering Standards Committee SEI the Software Engineering Institute OMG the Object Management Group 4 Standards for the wider area of systems engineering are being harmonised and include ISO/IEC 15288 Systems Engineering System Lifecycle Processes; IEEE 1220 IEEE Standard for Application and Management of the Systems Engineering Process. 5 Attributed to A Tannenbaum.

While the standards produced by these bodies aren t always consistent and at the same level of detail, they do defi ne a common set of processes that are generally adequate for current use. In practice, the processes can be tailored to meet development requirements and capabilities but caution should be exercised should contractual or regulatory requirements dictate compliance. As of 2006 some New Zealand-specifi c IT standards have been mandated or are under development for government agencies: e-government Interoperability Framework Standards relating to Network; Data Integration; Business Services; Access and Presentation; Web Services; Security; Best Practices in Digital Rights Management, Trusted Computing, Business Process Execution Language, Business Data Transformation, Data Modelling, Processing Structured Data, Document File Formats; Meta Data relating to government agencies; Authentication; Email Security and Intranet usage guidelines for the management and design of public sector websites the New Zealand Government Locator Service (NZGLS) Metadata Element Set, providing a set of metadata elements designed to improve the discovery, visibility, accessibility and interoperability of online information and services process guidelines for managing and monitoring major IT projects published in August 2001 by the State Services Commission In general, these government-adopted standards and guidelines are representative of industry-acknowledged international good practices. Internationally, the following standards and framework are accepted as normative prescriptions and measures of good practice for software engineering development processes: Industries Alliance (EIA) added to ISO/IEC 12207 by publishing three additional standards forming part of the IEEE Software and Systems Engineering Standards collection: IEEE/EIA 12207.0 Standard for Information Technology Software lifecycle processes. This contains ISO/IEC 12207 in its entirety and includes six additional annexes which address: basic concepts such as categorising lifecycle processes into primary, supporting, organisational and tailoring compliance situations, levels and criteria lifecycle process objectives acquisition, audit, confi guration management, development, documentation, improvement, infrastructure, joint review, maintenance, management, operation, problem resolution, quality assurance, supply, training, validation, verifi cation lifecycle data objectives relationships between standards errata 12207.1 Standard for Information Technology Software lifecycle processes. Lifecycle data, which provides additional guidance on recording lifecycle data. 12207.2. Standard for Information Technology Software lifecycle processes. Implementation considerations, which provides additions, alternatives and clarifi cations to ISO/ IEC 12207 based on US industrial experience. ISO/IEC 12207 is intended to be independent of development technologies and methodologies and useful for any form of lifecycle model, for example, waterfall, incremental, spiral, etc.. In fact, one of the specifi ed responsibilities of the supplier s role is to select a lifecycle model and map the requirements of the standard to that model. (Moore, 2006) 7 ISO/IEC 12207 Information Technology Software Lifecycle Processes ISO/IEC TR 19759 Software Engineering Guide to the Software Engineering Body of Knowledge ISO/IEC 15504 Information Technology Software Process Assessment SEI s Capability Maturity Model Integration ISO/IEC 12207 ISO/IEC 12207 establishes a common framework for software lifecycle processes, with well-defi ned terminology, that can be referenced by the software industry. It provides a process that can be employed for defi ning, controlling, and improving software lifecycle processes. 6 The IEEE and Electronics ISO/IEC TR 19759 ISO/IEC TR 19759 (International Organization for Standardization, 2005) is a republication of a document sponsored by the IEEE Computer Society commonly referred to as the guide to the SWEBOK (Software Engineering Body of Knowledge) (IEEE Computer Society Software Engineering Coordinating Committee, 2004). Offi cially it is a Technical Report of type 3: when the joint technical committee has collected data of a different kind from that normally published as an International Standard ( state of the art, for example). ISO/IEC TR 19759 represents a broad consensus within the professional software engineering community of the processes of and good practices in software engineering for both development and operations through identifying and describing the body 6 From ISO/IEC 12207, Section 1.1: Purpose. 7 This is an excellent guide to the use of the IEEE Software and Systems Engineering Standards (and those IEEE standards shared with ISO/IEC) as a codifi ed set of knowledge and good practices in accordance with ISO/IEC TR 19759. 7

8 of knowledge that is generally accepted as being software engineering. From the beginning, the SWEBOK project was conceived as having a strong relationship to the normative literature of software engineering. The two major standards bodies for software engineering (IEEE Computer Society Software and Systems Engineering Standards Committee and ISO/IEC JTC1/ SC7) are represented in the project. Ultimately, it is hoped that software engineering practice standards will contain principles directly traceable to the Guide. ISO/IEC TR 19759 is subdivided into ten software engineering knowledge areas plus an additional section providing an overview of the knowledge areas strongly related to software engineering process disciplines: software requirements software design software construction software testing software maintenance software confi guration management software engineering management software engineering process software engineering tools and methods software quality disciplines related to software engineering: computer engineering, computer science, management, mathematics, project management, quality management, software ergonomics, systems engineering Appendix C of ISO/IEC TR 19759 maps various IEEE Computer Society Software and Systems Engineering standards and ISO/IEC software engineering standards to the ten software knowledge areas. The material covered by ISO/IEC TR 19759 will be extended as its users needs evolve. For example, consideration of security aspects in software development activities and software itself has become a topic of increasing concern for high integrity systems in both commercial and governmental domains. To address these new needs, as of late 2006 the United States Departments of Homeland Security and Defense are developing two related documents: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software (Redwine, 2006) Security in the Software Lifecycle (Goertzel, 2006) a source of information and guidance for good software development practices focused on security Content from these documents might well be incorporated in future versions of ISO/IEC TR 19759. ISO/IEC 15504 ISO/IEC 15504 provides a framework for the assessment of software processes to help: understand the state of an organisation s softwareintensive systems development processes and process improvement opportunities determine the suitability of an organisation s softwareintensive systems development processes for a particular requirement or class of requirements ISO/IEC 15504 provides a common approach to describing the results of process assessment while allowing for some degree of comparison of assessments based upon different but compatible models and methods. The sophistication and complexity required of a process is dependent upon its context. For instance, the planning required for a fi ve-person project team is much less than for a fi fty-person team. The ISO/IEC 15504 and CMMI frameworks have been mapped to each other by the Software Quality Institute at Griffi th University in Brisbane (Rout et al, 2000). The major benefi ts of the ISO/IEC 15504 approach to process assessment are that it: reduces uncertainties in selecting suppliers of softwareintensive systems by enabling the risks associated with the supplier s capabilities to be identifi ed enables appropriate controls to be put in place to manage the risks of software-intensive systems acquisition or development provides a quantifi ed basis for choice in balancing business needs, requirements and estimated project cost against the capabilities of competing sources of software-intensive systems and components of such systems provides a public, shared approach for process assessment provides a common understanding of the use of process assessment for process improvement and capability evaluation facilitates capability evaluation in procurement can be controlled and regularly reviewed in the light of experience of use can be changed only by international consensus The ISO/IEC 15504 reference model architecture has two dimensions: a process dimension for software-intensive systems development, largely aligned to ISO/IEC 12207 for which example base practices for each process are listed below a process capability dimension

ISO/IEC 15504 defi nes two primary lifecycle process categories: customer-supplier processes that directly impact the customer, support development and transition of software to the customer and provide for the correct operation and use of the software engineering processes that directly specify, implement, or maintain the software product, its relation to the system and its documentation The customer-supplier category is broken down into the following processes: acquisition: preparation, supplier selection, supplier monitoring, customer acceptance supply requirements elicitation operation: operational use, customer support The engineering category is broken down into the following TABLE 1: ISO/IEC 15504 REFERENCE MODEL CAPABILITY LEVELS Capability Level Description Level 0: Incomplete Level 1: Performed Level 2: Managed Level 3: Established Level 4: Predictable Level 5: Optimising There is general failure to attain the purpose of the process. There are few or no easily identifi able work products or outputs of the process. The purpose of the process is generally achieved. The achievement may not be rigorously planned and tracked. Individuals within the organisation recognize that an action should be performed and there is general agreement that this action is performed as and when required. There are identifi able work products for the process and these testify to the achievement of the purpose. The process delivers work products according to specifi ed procedures and is planned and tracked. Work products conform to specifi ed standards and requirements. The primary distinction from the Performed Level is that the performance of the process now delivers work products that fulfi l expressed quality requirements within defi ned timescales and resource needs. The process is performed and managed using a defi ned process based upon good software engineering principles. Individual implementations of the process use approved, tailored versions of standard and documented processes to achieve the process outcomes. The resources necessary to establish the process defi nition are also in place. The primary distinction from the Managed Level is that the process of the Established Level is using a defi ned process that is capable of achieving its process outcomes. The defi ned process is performed consistently in practice within defi ned control limits, to achieve its defi ned process goals. Detailed measures of performance are collected and analysed, leading to a quantitative understanding of process capability and an improved ability to predict and manage performance. Performance is quantitatively managed. The quality of work products is quantitatively known. The primary distinction from the Established Level is that the defi ned process is now performed consistently within defi ned limits to achieve its process outcomes. Performance of the process is optimised to meet current and future business needs and the process achieves repeatability in meeting its defi ned business goals. Quantitative process effectiveness and effi ciency goals (targets) for performance are established based on the business goals of the organisation. Continuous process monitoring against these goals is enabled by obtaining quantitative feedback and improvement is achieved by analysis of the results. Optimising a process involves piloting innovative ideas and technologies and changing non-effective processes to meet defi ned goals or objectives. The primary distinction from the Predictable Level is that the defi ned and standard processes now dynamically change and adapt to effectively meet current and future business goals. 9

10 development processes: system requirements analysis and design software requirements analysis software design software construction software integration software testing system integration and testing An additional engineering process is also defi ned at a basic level system and software maintenance. ISO/IEC 15504 supporting lifecycle processes are those that may be employed by any of the other processes at various points in the software lifecycle. They include: documentation confi guration management quality assurance verifi cation validation joint review audit problem resolution ISO/IEC 15504 organisational lifecycle processes establish the business goals of the organisation and develop processes, products, and resource assets which, when help the organisation achieve its business goals. They include: management processes: project management, quality management, risk management organisational processes: organisational alignment, improvement processes process establishment, process assessment, process improvement human resource management infrastructure measurement reuse The six capability levels in the ISO/IEC 15504 reference model are described in Table 1 (see page 9). CMMI CMMI was developed by the SEI and is more widely used in the USA than ISO/IEC 15504 for which it is essentially an alternative assessment framework. CMMI provides a measurement framework to assess process maturity for systems engineering, software engineering, integrated product and process development and supplier sourcing. CMMI is also a process measurement and improvement approach that defi nes the elements of effective processes for software development and operations. It can be used to guide process improvement across a project, a division, or an entire organisation. CMMI helps integrate organisational functions, set process improvement goals and priorities, provide guidance for quality processes, and provide a point of reference for appraising current processes (Carnegie Mellon University Software Engineering Institute, 2007). A CMMI staged representation metric commonly quoted is the maturity level which describes the organisation s overall maturity in software engineering processes from 1 (initial, low maturity) to 5 (optimised, high maturity). The CMMI is a descriptive framework it doesn t specify how organisations should satisfy the specifi c practices identifi ed at each maturity level. Rather it focuses on what should be demonstrated. The IEEE Software and Systems Engineering Standards (for example) defi ne how to implement specifi c practices to fulfi l the CMMI requirements (for example, Land, 2005). They defi ne processes along with the work products (also known as artefacts ) that provide support to and result from the development processes. Other Sources of Software Engineering Development Process and Related Standards Another potential source of good practice guidance for New Zealand software-intensive systems engineering is the British Standards Institute-initiated TickIT website (2005). TickIT is essentially a UK-focused accreditation scheme for certifi cation organisations that conduct ISO 9000 audit/registration for software development companies. A TickIT accredited ISO 9001 certifi cate is roughly equivalent to between CMMI Maturity Levels 2 and 3. The TickIT Web site offers: Getting The Measure Of TickIT Guidance and Information about the emerging ISO measurement standards for improving software processes and how they relate to ISO 9001, published in February 2002 TickIT Reference List An extension of the standards list in appendix 5 of Issue 5 TickIT Guide including details of standards databases, an extensive reading list and procurement information, published with revisions in July 2001 Software Architecture Standards One of the major challenges to large software-intensive systems development is establishing the software architecture at the early stages of development. An April 2004 report jointly released by the Royal Academy of Engineering and the British Computer Society noted:

In general, the signifi cance of architecture for complex IT projects also tends to be poorly appreciated. The SEI has developed elements of a Software Architecture Lifecycle Integration process approach to defi ning and analysing software architectures for large software-intensive systems development (2007): The Quality Attribute Workshop (QAW) offers a method for eliciting quality attribute requirements. The Attribute-Driven Design (ADD) method provides an approach to defi ne software architectures by basing the design process on the system s quality attribute requirements. The Active Reviews for Intermediate Designs (ARID) concentrate on whether the software architecture design being proposed is suitable from the point of view of other parts of the architecture that must use it. The Architecture Trade-off Analysis Method (ATAM) helps a system s stakeholders understand the consequences of software architectural decisions with respect to the TABLE 2: CMMI CMMI Maturity Level Process Area Number of Specific Practices that Must Be Demonstrated Above Lower Maturity Level 1: Initial Ad hoc occasionally chaotic processes that rely on individual heroes and heroics to deliver death march (Yourdon, 2004) projects. 2: Managed Basic project management disciplines are in place to allow repeatable success for similar projects Requirements Management Project Planning Project Monitoring and Control Process and Product Quality Assurance Confi guration Management Supplier Agreement Management Measurement and Analysis 15 24 20 14 17 17 18 125 3: Defi ned A wider range of software engineering processes for development and operations are documented and complied possibly with some tailoring. 4: Quantitatively Managed Detailed metrics are collected and used to manage the quality of both the software engineering processes and end deliverables. 5: Optimised Continuous software engineering process improvement based on quantitative analyses. Requirements Development Technical Solution Product Integration Verifi cation Validation Organisational Process Focus Organisational Process Defi nition Organisational Training Integrated Project Management Risk Management Organisational Process Performance Quantitative Project Management Organisational Innovation and Deployment Causal Analysis and Resolution 20 21 21 20 17 19 17 19 20 19 193 17 20 37 19 17 36 11

system s quality attribute requirements and business goals. The Cost Benefi t Analysis Method (CBAM) and Software Architecture Comparison Analysis Method (SACAM) are methods for architecture-based economic and businessgoal analyses of software-intensive systems to help the system s stakeholders choose between software architectural alternatives. In addition, various volumes in the SEI Series in Software Engineering defi ne good practices and for software architecture development Bass et al, 2003). The book Documenting Software Architectures: Views and Beyond (Clements et al, 2002) represents a de facto application guide to the rather abstract IEEE Standard 1471 Recommended Practice for Architectural Description of Software-Intensive Systems. As of 2006, IEEE 1471 is in the process of being adopted as an ISO/ IEC standard (J Moore, personal communication). Other open standards for enterprise information systems architecture from the defi nition of business architecture requirements and processes, through to information architecture, technology and software implementation, documentation and change management include: the Open Group Architecture Framework ( TOGAF ) Version 8.1 Enterprise Edition (2006) the National Association of Chief Information Offi cers Enterprise Architecture Toolkit version 3.0 (2006) the US Federal Enterprise Architecture Reference Models (2006) Software-intensive Systems Modelling Notation Standards Graphical and mathematical representations of real objects are important for engineering analysis and design in the physical world. The equivalent representations for software-intensive systems make use of various modelling notations, one of which has been published as ISO/IEC 19501 Information technology Open Distributed Processing Unifi ed Modelling Language (UML) Version 1.4.2 8 (UML release 2.0 is also available from the Object Management Group, 2007). Another modelling notation the Business Process Modelling Notation (BPMN) is emerging as a de facto standard for describing the business processes and software-intensive system interactions. design to intermediate-level descriptions of implementation. From ISO/IEC 19501: Developing a model for an industrial-strength software system prior to its construction or renovation is as essential as having a blueprint for large building. Good models are essential for communication among project teams and to assure architectural soundness. We build models of complex systems because we cannot comprehend any such system in its entirety. As the complexity of systems increase, so does the importance of good modelling techniques. There are many additional factors of a project s success, but having a rigorous modelling language standard is one essential factor. UML defi nes the following graphical diagrams for softwareintensive systems: use case diagrams class diagrams behaviour diagrams statecharts, activity diagrams, sequence and collaboration interaction diagrams, and component and deployment implementation diagrams UML has some shortcomings in relation to systems modelling, which have led to the development of extensions to its language by the SysML language being developed by the SysML Partners forum (Open Source Specifi cation Project, 2006). BPMN (Object Management Group, 2007) 9 is a graphical notation for business process modelling aimed at business users. It is gaining widespread industry acceptance as a process-centric (as opposed to UML s object-centric) approach that is more intuitive for business analysts. BPMN focuses on modelling control and message fl ows. BPMN also offers the option of explicitly modelling business objects that may be exposed through business services. BPMN and UML complement each other. Business analysts will likely use BPMN as a front-end modelling language and software developers will use UML for subsequent technically-oriented systems development. 12 UML is a graphical notation for visualising, specifying, constructing and documenting the artefacts of a softwareintensive system. UML offers a standard way to write a system s planning documents, including conceptual things such as business processes and system functions, as well as concrete things such as programming language statements, database schemas, and reusable software components. It provides a commonly understood notation set for use by developers of object-oriented software-intensive systems from architecture 8 Unifi ed Modelling Language (UML) is undergoing enhancement with the latest specifi cation (version 2.0) being available for free download from http://www.omg.org/technology/documents/formal/uml.htm The UML specifi cation version 1.4.2 adopted by ISO/IEC is available for free download from http://www.omg.org/cgi-bin/doc?formal/05-04-01 9 Business Process Modelling Notation (BPMN) Version 1.0 Specifi cation was adopted by the Object Management Group on 6 February 2006.

HOW CAN STANDARDS HELP SOFTWARE-INTENSIVE SYSTEM OPERATIONS? Software-intensive systems operations is an area of increasing focus as typically some 80 per cent of total cost of ownership relates to ongoing service management costs. Standards for software systems operations are important because: they embody good practices for service management of software-intensive systems management of software-intensive systems is often critical to the success of business and government organisations they can help defi ne and manage the organisation s policies, internal controls and business practices in respect to software intensive systems in cost-effective ways because they represent codifi ed good practices available for reuse they can provide effi ciency gains; reduce reliance on experts; reduce errors; and they can provide documentation for auditable procedures Internationally, two sets of standards and one framework have become increasingly accepted as normative prescriptions and measures of good practices for software engineering operations processes: the ISO/IEC 20000 standards ISO/IEC 17799-1 Code of Practice for Information Security Management and ISO/IEC 27001 (an update to ISO/IEC 17799-2) Control Objectives for Information and related Technology (COBIT) framework ISO/IEC 20000 In 2005, the ISO/IEC released: ISO/IEC 20000-1: Information technology Service management Specifi cation ISO/IEC 20000-2: Information technology Service management Code of practice The ISO/IEC 20000 standards cover good practices for service delivery and service support. They address the following aspects: service delivery processes service level management service reporting service continuity and availability management sudgeting and accounting for IT services capacity management information security management relationship processes business relationship management supplier management 10 Refer to Offi ce of Government Commerce Web site at http://www.itil.co.uk/ resolution processes incident management problem management control processes confi guration management change management release process release process management The UK Offi ce of Government Commerce s IT Infrastructure Library (ITIL) publications 10 are becoming generally accepted as a standard source of good practices in process management for software assets, service support, service delivery, IT infrastructure management and security management in support of the ISO/IEC 20000 standards. ISO/IEC 17799-1 and ISO/IEC 27001 ISO/IEC 17799-1 provides a framework for information security management and management practices to improve the reliability of information security in inter-organisational relationships. ISO/IEC 17799-1 documents good practice in information security management systems as a Code of Practice. ISO/IEC 27001 is a specifi cation for information security management systems. Areas addressed include: organisational security asset classifi cation and control personnel security physical and environmental security communications and operations management access control systems development and maintenance business continuity management compliance A related security standard ISO/IEC 15408 Security Techniques Evaluation Criteria for IT Security (also known as the Common Criteria for IT Security Evaluation 11 ) defi nes criteria for a common and comparable evaluation of IT security, focusing on the security of systems and products. Another source of information about good information security practices is the Standard of Good Practice (SoGP) (2005) published biannually by the Information Security Forum (ISF). It is available free of charge from the ISF. The SoGP is developed based on the practices of and incidents experienced by large organisations around the world. The SoGP can be used as a governing document for information security by itself or in conjunction with other standards such as ISO/IEC 17799-1, ISO/IEC 27001 and COBIT. 13 11 Unoffi cial versions of the Common Criteria and Common Evaluation Methodology released for public consultation can be downloaded from http://www.commoncriteriaportal.org/public/expert/index.php?menu=3

COBIT COBIT (Information Systems Audit and Control Association, 2005) is a comprehensive framework for software-intensive systems governance, providing management tools such as metrics and maturity models to complement a governance control framework. COBIT defi nes 34 software-intensive systems operations processes grouped along the lines of the classic four-phase plan-do-check-act quality management cycle. Each process is described in terms of: process description, metrics, practices and mapping of the process to process domains, information criteria, required resources and governance areas detailed control objectives for the process management guidelines including process inputs and outputs, a RACI (Responsible, Accountable, Consulted Informed) chart a maturity model for the process The processes defi ned in COBIT 4.0 are outlined in Table 3. The COBIT framework addresses governance of software service management processes within organisations by linking together: business requirements a generally accepted service delivery process model the major resources involved in service delivery management control objectives To establish the control objectives for software-intensive systems operations and monitor performance levels COBIT defi nes specifi c: benchmarking of process capabilities expressed as maturity models, derived from the SEI s Capability Maturity Models balanced scorecard goals and metrics for process performance and outcome measurement goals for getting software-intensive systems processes under control 14 TABLE 3: COBIT 4.0 PROCESSES Plan and Organize: Defi ne a strategic IT plan Defi ne the information architecture Determine technological direction Defi ne the IT processes, organisation and relationships Manage the IT investment Communicate management aims and direction Manage IT human resources Manage quality Assess and manage IT risks Manage projects Monitor and Evaluate: Monitor and evaluate IT performance Monitor and evaluate internal control Ensure regulatory compliance Provide IT governance Acquire and Implement: Identify automated solutions Acquire and maintain application software Acquire and maintain technology infrastructure Enable operation and use Procure IT resources Manage changes Install and accredit solutions and changes Deliver and Support: Defi ne and manage service levels Manage third-party services Manage performance and capacity Ensure continuous service Ensure systems security Identify and allocate costs Educate and train users Manage service desk and incidents Manage the confi guration Manage problems Manage data Manage the physical environment Manage operations

CONCLUSION In early 2007 it is planned that a fi ne-tuned COBIT 4.1 will be released along with several other revised publications to create an aligned COBIT 4 series of publications (Information Systems Audit and Control Association, 2006). An alternative top-down approach to defi ning governance for software-intensive systems operations is Australian Standard AS 8015 Corporate governance of information and communications technology. This standard provides guiding principles for owners, board members, directors, partners, senior executives, or similar on the effective, effi cient, and acceptable use of information and communication technology. AS 8015 is quite brief the substantive content is less than fi ve pages. It defi nes six high-level principles with application guidance expected to be released in subsequent handbooks to accompany the standard. The AS 8015 governance principles are: establish clearly understood responsibilities for information and communications technology plan information and communications technology to best support the organisation acquire information and communications technology validly ensure information and communications technology performs well whenever required ensure information and communications technology conforms with formal rules ensure information and communications technology use respects human factors Software engineering is still a rapidly developing discipline. There remain many challenges in addressing the persistent software crisis. Yet there are also many proven software engineering-specifi c techniques and approaches derived from traditional professional engineering disciplines that have been codifi ed as good practices in internationally generally accepted software engineering standards. These standards are being harmonised into a corpus of consistent standards that the international professional software engineering community can refer to as generally accepted knowledge, good practices and measures to guide responsible professional conduct in software engineering. Ethically, it behoves practicing professional software engineers in New Zealand to be aware of the good professional practices described in the standards outlined in this paper. Consistent with the practices of other professional engineering disciplines, New Zealand professional software engineers should endeavour to apply these good practices to solving their client s problems using processes that demonstrably address: client needs timeliness cost-effectiveness ethical requirements including sustainability risk awareness and management ACKNOWLEDGEMENTS These guidelines were developed by Duncan Hall. Many individuals provided support and review during the preparation of this document. They include: A Holt B Durdle C Skinner D Montgomery E Tempero J Moore J Dietrich M Milner N Procter New Zealand Computer Society anonymous reviewer(s) P Croll 15

REFERENCES 16 Association for Computer Machinery Committee on Guidelines for Implementation of Voter Registration Databases 2006, Study of Accuracy, Privacy, Usability, Security, and Reliability Issues. Retrieved 8 December 2006 from http://www.acm.org/usacm/ VRD_report.pdf Baragry, J & Reed, K 2001, Why We Need A Different View of Software Architecture, Proceedings of the Working IEEE/IFIP Conference on Software Architecture, pp125 134. Bass, L, Clements, P & Kazman, R 2003, Software Architecture in Practice, (Second Edition), Addison-Wesley & Pearson Education. Brooks, F 2003, A Handbook of Software and Systems Engineering Empirical Observations, Laws and Theories, Fraunhofer Institut Experimentelles Software Engineering, Pearson. Brooks, F 2003, Three Great Challenges for Half-Century-Old Computer Science, Journal of the ACM, 50(1), pp25 26. Brotbeck, G, Miller, T & Statz, J 1999, A Survey Of Current Best Practices And Utilization Of Standards In The Public And Private Sectors, State of Texas Department of Information Resources. Carnegie Mellon University Software Engineering Institute 2007, Capability Maturity Model Integration. Retrieved 11 February 2006 from http://www.sei.cmu.edu/cmmi Carnegie Mellon University Software Engineering Institute 2007, Software Architecture Life-Cycle Integration. Retrieved 26 August 2006 from http://www.sei.cmu.edu/activities/architecture/ arch_lci.html Cater-Steel, A 2004, Low-rigour, Rapid Software Process Assessments for Small Software Development Firms, Australian Software Engineering Conference Proceedings, pp368 377. Clements, P et al 2002, Documenting Software Architectures: Views and Beyond, Addison-Wesley & Pearson Education. Common Criteria 2007, The Common Criteria Project. Retrieved 4 March 2006 from http://www.commoncriteriaportal.org/ Doran, T 2006, IEEE 1220: For Practical Systems Engineering. IEEE Computer, May 2006, pp92 94. Durdle, B 2006, Best Practice Guidelines for Risk Management of Software-based Systems, IPENZ. Eastwood, A 1993, It s a Hard Sell and Hard Work Too, Computing Canada, 18(22), p35. Endres, A & Rombach, D 2003, A Handbook of Software and Systems Engineering Empirical Observations, Laws and Theories, Fraunhofer Institut Experimentelles Software Engineering. Pearson. Federal Enterprise Architecture 2006, Reference Models. Retrieved 1 September 2006 from http://www.whitehouse. gov/omb/egov/a-2-eamodelsnew2.html Garcia, S 2005, How Standards Enable Adoption of Project Management Practice, IEEE Software, September October 2005, pp22 29. Glass, R 2003, Facts and Fallacies of Software Engineering, Addison-Wesley & Pearson Education. Goertzel, K M et al 2006, Security in the Software Lifecycle: Making Software Development Processes - and the Software Produced by Them - More Secure, Draft Version 1.2 (August 2006), US Department of Homeland Security. Retrieved 20 February 2007 from https://buildsecurityin.us-cert.gov/daisy/ bsi/resources/dhs/87.html Hunter, R 2001, Software Process Improvement, in The Project Manager s Guide to Software Engineering s Best Practices, Christensen, M & Thayer, R eds, IEEE Computer Society Press. IEEE Computer Society Software Engineering Coordinating Committee 2004, A Guide to the Software Engineering Body of Knowledge. Retrieved 11 February 2006 from http://www. swebok.org Information Security Forum 2005, Standard of Good Practice for Information Security, January 2005. Retrieved 20 March 2006 from http://www.isfsecuritystandard.com/index_ie.htm Information Systems Audit and Control Association 2005, COBIT 4.0 Control Objectives, Management Guidelines, Maturity Models. Retrieved 11 February 2006 from http://www.isaca. org/ Information Systems Audit and Control Association 2006, COBIT Focus Newsletter, vol.2. Retrieved 15 December 2006 from http://www.isaca.org/cobitnewsletter International Organization for Standardization 2005, ISO/IEC 19759:2005. Retrieved 5 March 2006 from http://webstore.ansi.org/ansidocstore/subscriptions/dept. asp?dept_id=3107&pagenum=74 IPENZ 2004, Practice Note 04 Safety and Engineers. Retrieved from http://www.ipenz.org.nz/ipenz/forms/pdfs/pn04_safety. pdf Kruchten, P 2004, An Ontology of Architectural Design Decisions in Software-Intensive Systems, in Second Groningen Workshop on Software Variability, pp54 61. Land, S 2005, IEEE Software Engineering Standards Support for the CMMI Project Planning Process Area, IEEE Computer Society ReadyNote. Lawthers, I 1999, Software Process Improvement in Regions of Europe, European Analysis Report. Retrieved 5 March 2006 from http://www.cse.dcu.ie/spire/spire.html

Magee, S & Thiele, D 2004, Engineering Process Standards: State of the Art and Challenges, IEEE IT Professional, September October 2004, pp38 44. Ministry of Education 2005, E-Admin Programme Accredited Student Management System. Retrieved 8 December 2006 from http://www.minedu.govt.nz/index.cfm?layout=document& documentid=10428&indexid=11255&indexparentid=5646&got o=00#topofpage Moore, J 1998, Software Engineering Standards A User s Road Map, IEEE Computer Society Press. Moore, J 2006, The Road Map to Software Engineering: A Standards-based Guide, IEEE Computer Society Press, p205. National Association of Chief Information Offi cers 2006, Enterprise Architecture Toolkit, Retrieved 1 September 2006 from http://www.nascio.org/ New Zealand Government 2007, E-Government Standards. Retrieved 11 February 2006 from http://www.e.govt.nz/ standards New Zealand Government Communications Security Bureau 2005, NZ Government Information Technology Security Manual: NZSIT 400. Retrieved December 2006 from http://www.gcsb. govt.nz/publications/nzsit/index.html Object Management Group 2007, Business Process Modelling Notation. Retrieved 20 March 2006 from http://www.bpmn.org/ Object Management Group 2007, Unifi ed Modelling Language. Retrieved 14 December 2006 from http://www.omg.org/ technology/documents/modeling_spec_catalog.htm#uml O Brien, L, Stoermer, C & Verhoef, C 2002, Software Architecture Reconstruction: Practice Needs and Current Approaches: Technical Report CMU/SEI-2002-TR-024, Carnegie Mellon Software Engineering Institute, Pittsburgh. Open Source Specifi cation Project 2006, Systems Modelling Language. Retrieved 20 March 2006 from http://www.sysml.org/ Payment Card Industry Security Standard Council 2006, Data Security Standard, Version 1.1. Retrieved 8 December 2006 from https://www.pcisecuritystandards.org/tech/download_the_ pci_dss.htm Redwine, S T et al 2006, Software Assurance, A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software, Draft Version 1.1 (September 2006) US Department of Homeland Security. Retrieved 20 February 2007 from https://buildsecurityin.us-cert.gov/daisy/bsi/resources/ dhs/95.html Rout, T, Tuffl ey, A & Cahill, B 2000, CMMI Evaluation Capability Maturity Model Integration Mapping to ISO/IEC 15504-2, Defence Materiel Organisation (Australia). Retrieved 5 March 2006 from http://www.sqi.gu.edu.au/cmmi/report/top.html Sheard, S 2000, Software Productivity Consortium, The Frameworks Quagmire, A Brief Look. Retrieved 11 February 2006 from http://www.software.org/quagmire/frampapr.doc Spafford, E 2006 (8 November), ACM experts say more required to improve e-voting, [Press Release], Washington: The Association for Computing Machinery. Retrieved 8 December 2006 from http://campus.acm.org/public/pressroom/press_ releases/11_2006/election.cfm State Services Commission and the Treasury 2001, Guidelines for Managing and Monitoring Major IT Projects. Retrieved 11 February 2006 from http://www.ssc.govt.nz/display/document. asp?docid=2726 Sung, P & Paynter, J 2006, Software Testing Practices in New Zealand, in 19th Annual Conference of the National Advisory Committee on Computing Qualifi cations. The Open Group 2006, The Open Group Architecture Framework Version 8.1. Retrieved 1 September 2006 from http://www. opengroup.org/togaf The Royal Academy of Engineering 2004, The Challenges of Complex IT Projects. Retrieved 4 March 2006 from http://www. raeng.org.uk/news/publications/list/reports/complex_it_ Projects.pdf TickIT 2005, TickIT Guide. Retrieved 4 March 2006 from http:// www.tickit.org/index.htm von Wangenheim, C, Anacleto, A & Alviano, C 2006, Helping Small Companies Assess Software Processes, IEEE Software, January-February 2006, pp91-98. Yourdon, E 2004, Death March, (Second Edition), Yourdon Press/Prentice Hall Professional Technical Reference. 17

APPENDIX 1: EXAMPLES OF KEY SOFTWARE DEVELOPMENT AND OPERATIONS ENGINEERING PROCESS STANDARDS Source ISO/IEC Title 9126, Product Quality 12207, Software Lifecycle Processes; 15271, Guide to use of ISO/IEC 12207 14143, Functional Size Measurement 14598, Product Evaluation 14764, Software Maintenance 15026, Software Integrity Levels 15288, System Lifecycle Processes 15408, Security Techniques Evaluation Criteria for IT Security 15504, Software Process Assessment 15939, Software Measurement Process 16085, Risk Management 17799-1, Code of Practice for Information Security Management 19501, Unifi ed Modelling Language (UML) Version 1.4.2 19759, Guide to the Software Engineering Body of Knowledge (SWEBOK) (Technical Report) 20926, IFPUG 4.1 Unadjusted Functional Size Measurement Method 27001, Specifi cation for Information Security Management Systems IEC IEEEE 61508, Functional Safety Of Electrical/Electronic/Programmable Electronic Safety-Related Systems 610.12 Standard Glossary of Software Engineering Terminology 730 Standard for Software Quality Assurance Plans 828 Standard for Software Confi guration Management Plans 829 Standard for Software Test Documentation 830 Recommended Practice for Software Requirements Specifi cations 982.1 Standard Dictionary of Measures to Produce Reliable Software 1008 Standard for Software Unit Testing 18

Source IEEE cont. SEI Title 1012 and 1012 Standard for Software Verifi cation and Validation 1016 Recommended Practice for Software Design Descriptions 1028 Standard for Software Reviews 1042 Standard for Software Confi guration Management 1044 Standard Classifi cation for Software Anomalies 1045 Standard for Software Productivity Metrics 1058 Standard for Software Project Management Plans 12 1061 Standard for a Software Quality Metrics Methodology 1062 Recommended Practice for Software Acquisition 1063 Standard for Software User Documentation 1074 Standard for Developing Software Lifecycle Processes 1220 Application and Management of the Systems Engineering Process 13 1228 Standard for Software Safety Plans 1233 Guide for Developing System Requirements Specifi cations 1362 Guide for Information Technology-System Defi nition Concept of Operations 1471 Recommended Practice for Architectural Description of Software-Intensive Systems 1490 A Guide to the Project Management Body of Knowledge 1517 Software Lifecycle Processes Reuse Processes 2001 Recommended Practice for Internet Practices Web Page Engineering 14 Capability Maturity Models for example CMM Integrated: CMMI Standards New Zealand NZMP 6653 APEC-TEL Information Systems Security Standards Handbook (contains references to a wide range of IT security standards) Standards Australia HB 90.9 Software Development Guide to ISO 9001 HB 231 Information Security Risk Management Guidelines AS 8015 Corporate Governance of Information and Communications Technology 12 IEEE Std 1058 is being merged with ISO/IEC TR 16326 on the same subject. The result will be published by both IEEE and ISO/IEC with the number 16326 (J Moore, personal communication). 19 13 IEEE Std 1220 has been fast-tracked into JTC 1. The ISO/IEC number is not yet known (J Moore, personal communication). 14 IEEE Std 2001 has been fast-tracked into JTC 1 as ISO/IEC/IEEE 23026 (J Moore, personal communication).

20

21

22 For more information, contact: ID= 573 <CLASSDEF AFII10020 /> GLYPH= GLYPH1061 <CLASSDEF ID= 620 YPH GLYPH= AFII62841 ID= 856 AFII63896 /> ID= 574 <CLASSDEF AFII10021 /> GLYPH= GLYPH1062 ID= 743 <CLASSDEF ALEFLAMED /> GLYPH= AFII62843 ID= 857 AFII63897 /> ID= 575 ID= 621 AFII10022 /> ID= 1257 UHOOKABOVE /> ID= 744 <CLASSDEF ZEROWIDTHNONJOINER /> GLYPH= AFII62844 ID= 858 AFII63898 /> ID= 576 ID= 622 AFII10024 /> ID= 1258 UHORNACUTE /> ID= 745 <CLASSDEF ZEROWIDTHJOINER /> GLYPH= AFII62845 ID= 859 AFII63899 /> ID= 577 ID= 623 AFII10025 /> ID= 1259 UHORNACUTE /> ID= 746 <CLASSDEF LEFTTORIGHTMARK /> GLYPH= AFII62881 ID= 860 AFII63900 /> ID= 578 ID= 624 AFII10026 /> ID= 1260 UHORNGRAVE /> ID= 747 <CLASSDEF RIGHTTOLEFTMARK /> GLYPH= AFII62881-2 ID= 861 AFII63901 /> ID= 579 ID= 625 AFII10027 /> ID= 1261 <EBLC> <EBDT> UHORNGRAVE /> ID= 748 <CLASSDEF AFII57388 /> GLYPH= AFII62881-3 ID= 862 AFII63902 /> ID= 580 ID= 626 AFII10028 /> ID= 1262 44286329 <HEXDATA> 3938313E <HEXDATA> 303C0603 UHORNHOOKABOVE /> ID= 749 <CLASSDEF 55040B13 AFII57403 /> GLYPH= AFII62881-4 ID= 863 AFII63903 /> ID= 581 ID= 627 AFII10029 /> ID= 1263 35446967 00020000 6974616C 00000012 20494420 UHORNHOOKABOVE /> ID= 750 <CLASSDEF 00020000 00000368 436C6173 03010103 AFII57407 /> GLYPH= AFII62882 00000018 02A00402 00030266 ID= 864 AFII63904 /> ID= 582 ID= 628 AFII10030 /> ID= 1264 73203320 00000001 2D204D69 00000000 63726F73 UHORNTILDE /> ID= 751 <CLASSDEF 04020003 03010200 6F667420 02770501 AFII57409 /> GLYPH= AFII62882-2 00000000 010403A8 06030004 ID= 865 AFII63905 /> ID= 583 ID= 629 AFII10031 /> ID= 1265 536F6674 03FF0000 77617265 03010000 2056616C UHORNTILDE /> ID= 752 <CLASSDEF 03555540 00000000 69646174 06030004 AFII57440 /> GLYPH= AFII62882-3 00000000 035D75C0 06030105 ID= 866 AFII63906 /> ID= 584 ID= 630 AFII10032 /> ID= 1266 696F6E20 01730175 7632310B 04040101 30090603 UHORNDOTBELOW /> ID= 753 <CLASSDEF 0480C040 00000380 55040613 07030105 AFII57451 /> GLYPH= AFII62882-4 00000018 0430C308 07040005 ID= 867 AFII63908 /> ID= 585 ID= 631 AFII10033 /> ID= 1267 02555331 00000001 13301106 00000000 03550408 UHORNDOTBELOW /> ID= 754 <CLASSDEF 045A5A5A 04020300 130A5761 50080301 AFII57452 /> GLYPH= AFII62883 00000000 060430C3 0C080400 ID= 868 AFII63910 /> ID= 586 ID= 632 AFII10034 /> ID= 1268 7368696E 04FE0000 67746F6E 04020000 3110300E YDOTBELOW /> ID= 755 <CLASSDEF 06045A5A 00000000 06035504 5A5A0804 AFII57453 /> GLYPH= AFII62883-2 00000000 0006045F 5F5F5F89 ID= 869 AFII63912 /> ID= 587 ID= 633 AFII10035 /> ID= 1269 07130752 01730175 65646D6F 05050101 6E64311E YDOTBELOW /> ID= 756 <CLASSDEF 22489224 00000398 301C0603 AAAAAAAA AFII57454 /> GLYPH= AFII62883-3 00000018 AA2FCBF2 FCBF8922 ID= 870 AFII62927 /> ID= 588 ID= 634 AFII10036 /> ID= 1270 55040314 00000001 154D6963 00000000 726F736F YHOOKABOVE /> ID= 757 <CLASSDEF 48922489 05020400 66742043 2240AAAA AFII57455 /> GLYPH= AFII62883-4 00000000 AAAAAAAA AAA057D5 ID= 871 AFII63941 /> ID= 589 ID= 635 AFII10037 /> ID= 1271 6F72706F 05FE0000 72617469 05020000 6F6E311E F57D5F57 00000000 D5F00B04 00000000 01090690 90909090 YHOOKABOVE /> ID= 872 AFII62939 /> ID= 414 ID= 758 AFII57456 /> ID= 636 01730175 EBREVE /> <CLASSDEF 301C0603 GLYPH= AFII62884 ID= 590 AFII10038 /> ID= 1272 55040B14 154D6963 06060101 726F736F 900C0600 000003B0 090656A5 00000018 6A56A56A 56A56A0C YTILDE /> ID= 873 AFII63943 /> ID= 415 ID= 759 AFII57457 /> ID= 637 00000001 EBREVE /> <CLASSDEF 66742043 GLYPH= AFII62884-2 ID= 591 AFII10039 /> ID= 1273 6F72706F 72617469 00000000 6F6E3081 06000906 06020400 57F57F57 00000000 F57F57F5 7F5402A8 YTILDE /> ID= 874 AFII62943 /> ID= 416 ID= 760 AFII57458 /> ID= 638 06FE0000 EDOT /> <CLASSDEF 9D300D06 GLYPH= AFII62884-3 ID= 592 AFII10040 /> ID= 1274 092A8648 86F70D01 06020000 01010500 05402A80 00000000 5402A805 00000000 40005555 55555555 UNI01CD /> ID= 875 AFII62946 /> ID= 417 ID= 761 AFII57392 /> ID= 639 01730175 EDOT /> <CLASSDEF 03818B00 GLYPH= AFII62884-4 ID= 593 AFII10041 /> ID= 1275 30818702 818100D5 07070101 49E9FFBE 55555555 000003C8 55554055 0000001C FD57F55F D57F55FD UNI01CE /> ID= 876 AFII63946 /> ID= 418 ID= 762 AFII57393 /> ID= 640 00000001 GCIRCUMFLEX /> <CLASSDEF 06992638 GLYPH= AFII62885 ID= 594 AFII10042 /> ID= 1276 62ACAB55 9295BBC2 00000000 52A21AA1 57F55FC0 06020500 0D07000B 00000000 07540005 50001500 UNI01CF /> ID= 877 AFII62951 /> ID= 419 ID= 763 AFII57394 /> ID= 641 06FE0000 GCIRCUMFLEX /> <CLASSDEF FDAB4446 GLYPH= AFII62885-2 ID= 595 AFII10043 /> ID= 1277 E312DC33 9B61D1B2 06020000 BC67400C 01540005 00000000 400F0700 00000000 0B0754AA AAAAAAAA UNI01D0 /> ID= 878 AFII63948 /> <CLASSDEF ID= 420 ID= 764 AFII57395 /> ID= 642 01730175 GLYPH= AFII57471-2 GDOT /> <CLASSDEF 3C5077B8 GLYPH= AFII62885-3 08080101 AAAAAAAA 000003E4 AAAAAA80 ID= 596 AFII10044 /> ID= 1278 B30EEEB9 A70F7344 55B5EEC4 0000001C 0F07000B 072A57F9 UNI01D1 /> ID= 879 AFII62953 /> <CLASSDEF ID= 421 ID= 765 AFII57396 /> ID= 643 00000001 GLYPH= AFII57471-3 GDOT /> <CLASSDEF 24F8B39D GLYPH= AFII62885-4 00000000 5FE57F95 09030500 FE57F95F ID= 597 AFII10045 /> ID= 1279 22E4F858 949F6753 08740ECE 00000000 E57F8010 07010C08 UNI01D2 /> ID= 880 AFII63950 /> <CLASSDEF ID= 422 ID= 766 AFII57397 /> ID= 644 09FD0000 GLYPH= AFII57471-4 GCEDILLA /> <CLASSDEF 32F37380 GLYPH= AFII62886 09030000 23108C42 00000000 3108C423 ID= 598 AFII10046 /> ID= 1280 251BDFBB FA14C027 74C31F8F 00000000 108C4231 08C41008 UNI01D3 /> ID= 881 AFII63951 /> <CLASSDEF ID= 423 ID= 767 AFII57398 /> ID= 645 01730175 GLYPH= AFII57494 GCEDILLA /> <CLASSDEF 11D1A8C4 GLYPH= AFII62886-2 09090101 000C0855 00000400 AA55AA55 ID= 599 AFII10047 /> ID= 1281 0C482D5D B2393E36 4093AD8C 00000018 AA55AA55 AA55AA55 UNI01D4 /> ID= 882 AFII63952 /> <CLASSDEF ID= 424 ID= 768 AFII57399 /> ID= 646 00000001 GLYPH= AFII57494-2 HCIRCUMFLEX /> <CLASSDEF DCD05951 GLYPH= AFII62886-3 00000000 AA55AA10 09030600 08000C08 ID= 600 AFII10048 /> ID= 1282 A96DC408 51742B6E A95D106E 00000000 55FF55FF 55FF55FF UNI01D5 /> ID= 883 AFII63953 /> <CLASSDEF ID= 425 ID= 769 AFII57400 /> ID= 601 AFII10049 /> ID= 647 09FD0000 GLYPH= AFII57494-3 HCIRCUMFLEX /> <CLASSDEF FC3A09A8 GLYPH= AFII62886-4 09030000 55FF55FF 00000000 55FF55FF ID= 1283 EB3B8351 5D4EAB02 0103A382 00000000 1107010D 0823108C UNI01D6 /> ID= 884 AFII63956 /> <CLASSDEF ID= 426 ID= 770 AFII57401 /> ID= 602 AFII10065 /> ID= 648 01730175 GLYPH= AFII57494-4 HBAR /> <CLASSDEF 075A3082 GLYPH= AFII62887 0A0A0101 423108C4 00000418 23108C42 ID= 1284 07563009 0603551D 13040230 0000001C 3108C422 1108000D UNI01D7 /> ID= 885 AFII63958 /> <CLASSDEF ID= 427 ID= 771 AFII57381 /> ID= 603 AFII10066 /> ID= 649 00000001 GLYPH= AFII57504 HBAR /> <CLASSDEF 00300B06 GLYPH= AFII62888 00000000 0855AA55 0B030700 AA55AA55 ID= 1285 03551D0F 04040302 05A03081 00000000 AA55AA55 AA55AA55 UNI01D8 /> ID= 886 AFII63959 /> <CLASSDEF ID= 428 ID= 772 AFII57461 /> ID= 604 AFII10067 /> ID= 650 0BFD0000 GLYPH= AFII57504-2 ITILDE /> <CLASSDEF 94060355 GLYPH= AFII62889 0B030000 AA551108 00000000 000D0855 ID= 1286 1D010481 8C308189 80107B96 00000000 55FF55FF 55FF55FF UNI01D9 /> ID= 887 AFII63960 /> <CLASSDEF ID= 429 ID= 773 AFII63167 /> ID= 605 AFII10068 /> ID= 651 01730175 GLYPH= AFII57504-3 ITILDE /> <CLASSDEF E4D143FD GLYPH= AFII62891 0B0B0101 55FF55FF 00000434 55FF55FF ID= 1287 6898F338 CC6E3BF2 0B82A163 00000018 88912224 48891222 UNI01DA /> ID= 888 AFII63961 /> <CLASSDEF ID= 430 ID= 774 AFII57459 /> ID= 652 00000001 GLYPH= AFII57504-4 IMACRON /> <CLASSDEF 30613111 GLYPH= AFII62927 00000000 44889122 0B040700 24488912 ID= 1288 300F0603 55040713 08496E74 00000000 22448880 55555555 UNI01DB /> ID= 889 AFII64046 /> <CLASSDEF ID= 431 ID= 775 AFII57543 /> ID= 653 0BFC0000 GLYPH= AFII57505 IMACRON /> <CLASSDEF 65726E65 GLYPH= AFII62938 0B040000 55555555 00000000 55555555 ID= 1289 74311730 15060355 040A130E 00000000 55555555 55555500 UNI01DC /> ID= 890 AFII64058 /> <CLASSDEF ID= 432 ID= 776 AFII57534 /> ID= 654 01730175 GLYPH= AFII57506 IBREVE /> <CLASSDEF 56657269 GLYPH= AFII62939 0C0C0101 2A957FE5 0000044C 5FF957FE ID= 1290 5369676E 2C20496E 632E3133 00000018 55FF957F E55FF957.NOTDEF#8 /> ID= 891 AFII64059 /> <CLASSDEF ID= 433 ID= 777 AFII57494 /> ID= 655 00000001 GLYPH= AFII57507 IBREVE /> <CLASSDEF 30310603 GLYPH= AFII62942 00000000 FE55FF80 0C040800 1209010D ID= 1291 55040B13 2A566572 69536967 00000000 0A224448 91122444.NOTDEF#9 /> ID= 892 AFII64060 /> <CLASSDEF ID= 434 ID= 778 AFII62843 /> ID= 656 0CFC0000 GLYPH= AFII57508 IOGONEK /> <CLASSDEF 6E20436F GLYPH= AFII62943 0C040000 89112244 00000000 48911224 ID= 1292 6D6D6572 6369616C 20536F66 00000000 44891122 4440120A.NOTDEF#10 /> ID= 893 AFII64061 /> <CLASSDEF ID= 435 ID= 779 AFII62844 /> ID= 657 01730175 GLYPH= AFII57509 IOGONEK /> <CLASSDEF 74776172 GLYPH= AFII62945 0D0D0101 000D0AAA 00000464 955AA955 ID= 1293 65205075 626C6973 68657273 00000018 AA955AA9 55AA955A.NOTDEF#11 /> ID= 894 AFII62945 /> <CLASSDEF ID= 436 ID= 780 AFII62845 /> ID= 658 00000001 GLYPH= AFII57534 JCIRCUMFLEX /> <CLASSDEF 20434182 GLYPH= AFII62946 00000000 A955AA95 0D040800 5AA955AA ID= 1294 1003C78F 37DB9228 DF3CBB1A 00000000 9550120A 000D0A55 UNI0492 /> ID= 895 AFII64184 /> <CLASSDEF ID= 437 ID= 781 AFII64240 /> ID= 659 0DFC0000 GLYPH= AFII57543 JCIRCUMFLEX /> <CLASSDEF AD82FA67 GLYPH= AFII62947 0D040000 7FF557FF 00000000 557FF557 ID= 1295 10302106 03551D04 0101FF04 00000000 FF557FF5 57FF557F UNI0493 /> ID= 896 AFII52399 /> <CLASSDEF ID= 438 ID= 782 AFII64241 /> ID= 660 01730175 GLYPH= AFII57543-2 KCEDILLA /> <CLASSDEF 17301430 GLYPH= AFII62951 0E0E0101 F557FF55 0000047C 7FF01409 ID= 1296 0E300C06 0A2B0601 04018237 0000001C 010F0A88 91222448 UNI0496 /> ID= 897 AFII52400 /> <CLASSDEF ID= 439 ID= 783 AFII63954 /> ID= 661 00000001 GLYPH= AFII57543-3 KCEDILLA /> <CLASSDEF 02011603 GLYPH= AFII62953 00000000 89122244 0C050900 88912224 ID= 1297 02078000 300D0603 551D0A04 00000000 48891222 44889122 UNI0497 /> ID= 898 AFII62753 /> <CLASSDEF ID= 440 ID= 784 AFII57382 /> ID= 662 0CFB0000 GLYPH= AFII57543-4 KGREENLANDIC /> <CLASSDEF 06300403 GLYPH= AFII62956 0C050000 2440140A 00000000 000F0A55 ID= 1298 02064030 82043606 0A2B0601 00000000 6AA556AA 556AA556 UNI049A /> ID= 899 AFII57411 /> <CLASSDEF ID= 441 ID= 785 AFII64242 /> ID= 663 01730175 GLYPH= AFII57555 LCEDILLA /> <CLASSDEF 04018237 GLYPH= AFII62958 0F0F0101 AA556AA5 00000498 56AA556A ID= 1299 02010A01 01FF0482 04233082 00000018 A556AA55 6AA556AA UNI049B /> ID= 900 AFII62754 /> <CLASSDEF ID= 442 ID= 786 AFII62881 /> ID= 664 00000001 GLYPH= AFII57567 LCEDILLA /> <CLASSDEF 041FA029 GLYPH= AFII62959 00000000 140A000F 0D050A00 0A557FF5 ID= 1300 80276874 7470733A 2F2F7777 00000000 57FF557F F557FF55 UNI049C /> ID= 901 AFII57412 /> <CLASSDEF ID= 787 AFII57504 /> ID= 665 0DFB0000 GLYPH= AFII62753 <CLASSDEF 772E7665 GLYPH= AFII62960 0D050000 7FF557FF 00000000 557FF557 ID= 1301 72697369 676E2E63 6F6D2F72 00000000 FF557FF5 57FF8884 UNI049D /> ID= 902 AFII62755 /> <CLASSDEF ID= 788 AFII57369 /> ID= 666 01730175 GLYPH= AFII62754 <CLASSDEF 65706F73 GLYPH= AFII62961 10100101 46221118 000004B0 88446221 ID= 1302 69746F72 792F4350 53A18203 00000018 11888446 22111888 UNI04A2 /> ID= 903 AFII57413 /> <CLASSDEF ID= 789 AFII57370 /> ID= 667 00000001 GLYPH= AFII62755 <CLASSDEF B8818203 GLYPH= AFII62962 00000000 44622111 0F050A00 88844622 ID= 1303 B4546869 73206365 72746966 00000000 11105555 55555555 UNI04A3 /> ID= 904 AFII62756 /> <CLASSDEF ID= 790 AFII57371 /> ID= 668 0FFB0000 GLYPH= AFII62756 <CLASSDEF 69636174 GLYPH= AFII62964 0F050000 55555555 00000000 55555555 ID= 1304 6520696E 636F7270 6F726174 00000000 55555555 55555555 UNI04AE /> ID= 905 AFII57414 /> <CLASSDEF ID= 791 AFII57372 /> ID= 669 01730175 GLYPH= AFII62757 <CLASSDEF 65732062 GLYPH= AFII62965 11110101 55555555 000004C8 55502ABF ID= 1305 79207265 66657265 6E63652C 0000001C FCAAFFF2 ABFFCAAF UNI04AF /> ID= 906 AFII62759 /> <CLASSDEF ID= 792 AFII57373 /> ID= 670 00000001 GLYPH= AFII62758 <CLASSDEF 20616E64 GLYPH= AFII62966 00000000 FF2ABFFC 0F050B00 AAFFF2AB ID= 1306 20697473 20757365 20697320 00000000 FFCAAFFF 2ABFFCAA UNI04B0 /> ID= 907 AFII62757 /> <CLASSDEF ID= 793 AFII57374 /> ID= 671 0FFB0000 GLYPH= AFII62759 <CLASSDEF 73747269 GLYPH= AFII62967 0F050000 FFF08884 00000000 46221118 ID= 1307 63746C79 0A737562 6A656374 00000000 88446221 11888446 UNI04B1 /> ID= 908 AFII62758 /> <CLASSDEF ID= 794 AFII57375 /> ID= 672 01730175 GLYPH= AFII62760 <CLASSDEF 20746F2C GLYPH= AFII63167 12120101 22111888 000004E4 44622111 ID= 1308 20746865 20566572 69536967 0000001C 88844622 11105555 UNI04B2 /> ID= 909 AFII57415 /> 54696D65 <CLASSDEF ID= 795 AFII57391 /> ID= 673 00000001 20537461 GLYPH= AFII62761 00000000 6D70696E <CLASSDEF 6E204365 55555555 0E060B00 67205365 GLYPH= AFII63753 55555555 ID= 1309 72746966 69636174 696F6E20 00000000 55555555 55555555 UNI04B3 /> ID= 910 AFII62760 /> 72766963 <CLASSDEF ID= 796 AFII57471 /> ID= 674 0EFA0000 6520526F GLYPH= AFII62762 0E060000 6F743134 <CLASSDEF 50726163 55555555 00000000 30320603 GLYPH= AFII63754 55555555 ID= 1310 74696365 20537461 74656D65 00000000 55502ABF FCAAFFF2 UNI04B8 /> ID= 911 AFII57416 /> 55040B13 <CLASSDEF ID= 797 AFII57460 /> ID= 675 01730175 2B4E4F20 GLYPH= AFII62763 13130101 4C494142 <CLASSDEF 6E742028 ABFFCAAF 00000500 494C4954 GLYPH= AFII63759 FF2ABFFC ID= 1311 43505329 0A766572 73696F6E 00000018 AAFFF2AB FFCAAFFF UNI04B9 /> ID= 912 AFII62763 /> 59204143 <CLASSDEF ID= 798 AFII52258 /> ID= 676 00000001 43455054 GLYPH= AFII62764 00000000 45442C20 <CLASSDEF 20312E30 2ABFFCAA 10060C00 28632939 GLYPH= AFII63761 FFF0150A ID= 1312 2C206176 61696C61 626C6520 00000000 01100C92 40092400 UNI04BA /> ID= 913 AFII62761 /> 37205665 <CLASSDEF ID= 799 AFII57506 /> ID= 677 10FA0000 72695369 GLYPH= AFII62765 10060000 676E2C20 <CLASSDEF 696E2074 92400924 00000000 496E632E GLYPH= AFII63763 00924009 24009240 ID= 1313 68652056 65726953 69676E20 00000000 09240092 UNI04BB /> ID= 914 AFII62762 /> 301E170D <CLASSDEF ID= 800 AFII62958 /> ID= 678 01730175 39393131 GLYPH= AFII62766 14140101 31363030 <CLASSDEF 7265706F 40092400 00000518 30303030 GLYPH= AFII63795 9240160C 00100C55 ID= 1314 7369746F 72792061 743A0A68 0000001C 5AAA555A UNI018F /> ID= 915 AFII57417 /> 5A170D30 <CLASSDEF ID= 801 AFII62956 /> ID= 679 00000001 34303130 GLYPH= AFII62767 00000000 36323335 <CLASSDEF 74747073 AA555AAA 11060D00 3935395A GLYPH= AFII63808 555AAA55 5AAA555A ID= 1315 3A2F2F77 77772E76 65726973 00000000 AA555AAA UNI0259 /> ID= 916 AFII62764 /> 3081B231 <CLASSDEF ID= 802 AFII52957 /> ID= 680 11FA0000 17301506 GLYPH= AFII62768 11060000 0355040A <CLASSDEF 69676E2E 555AAA55 00000000 130E5665 GLYPH= AFII63810 5AAA555A AA555AAA ID= 1316 636F6D3B 20627920 452D6D61 00000000 160C0010 UNI04E8 /> ID= 917 AFII57418 /> 72695369 <CLASSDEF ID= 803 AFII57505 /> ID= 681 01730175 676E2C20 GLYPH= AFII62769 15150101 496E632E <CLASSDEF 696C2061 0C555FFF 01730175 311F301D GLYPH= AFII63813 555FFF55 5FFF555F ID= 1317 74204350 532D7265 71756573 00000008 FF555FFF UNI04E9 /> ID= 918 AFII62767 /> 06035504 <CLASSDEF ID= 804 AFII62889 /> ID= 682 00030002 0B131656 GLYPH= AFII62770 00000004 65726953 <CLASSDEF 74734076 555FFF55 00000006 69676E20 GLYPH= AFII63823 5FFF555F </GLYPHORDER> 65726973 69676E2E 636F6D3B 000C0012 FF555FFF 555FFF55 ID= 919 AFII62765 /> 54727573 <CLASSDEF ID= 805 AFII62887 /> ID= 683 01730175 74204E65 GLYPH= AFII62771 00000008 74776F72 <CLASSDEF 206F720A 5FFF8889 00030002 6B314630 GLYPH= AFII63824 11222244 6279206D 61696C20 61742056 00000016 48889112 22244488 ID= 920 AFII62766 /> 44060355 <CLASSDEF ID= 806 AFII62888 /> ID= 684 00000006 040B133D GLYPH= AFII62772 000E0016 7777772E <CLASSDEF 65726953 89112222 01730175 76657269 GLYPH= AFII63825 44488891 <DSIG> 69676E2C 20496E63 2E2C2032 00000008 12222444 88891122 ID= 921 AFII57419 /> 7369676E <CLASSDEF ID= 807 AFII57507 /> ID= 685 00030002 2E636F6D GLYPH= AFII62773 0000002C 2F726570 <CLASSDEF 35393320 22444888 00000008 6F736974 GLYPH= AFII63833 91122220 <!-- NOTE 55555555 THAT 436F6173 74204176 652E2C20 00100019 55555555 THE DIGITAL SIGNATURE ID= 922 WILL BE AFII62770 /> ID= 808 AFII62961 /> INVALID AFTER ID= 686 RECOMPILA 6F72792F <CLASSDEF 01730175 52504120 GLYPH= AFII62774 00000008 496E636F <CLASSDEF 4D6F756E 55555555 00030002 72702E20 GLYPH= AFII63844 55555555 <HEXDATA> 7461696E 20566965 772C2043 00000045 55555555 55555555 ID= 923 AFII62768 /> 62792052 <CLASSDEF ID= 809 AFII62959 /> ID= 687 00000008 65662E2C GLYPH= AFII62775 0011001A 4C494142 <CLASSDEF 41203934 55555555 01730175 2E4C5444 GLYPH= AFII63846 55555555 00000008 00000001 55555555 00010001 3034330A 55534120 436F7079 55402AA9 00000001 00001593 ID= 924 AFII62769 /> 28632939 <CLASSDEF ID= 810 AFII62960 /> ID= 688 00020005 38312E30 GLYPH= AFII62776 0000005F 2C060355 <CLASSDEF 72696768 557FFE55 00000005 04031325 GLYPH= AFII63849 5FFF9557 08050006 00000014 FFE555FF 00000000 74202863 29313939 36205665 F9557FFE 0000158B 30821587 ID= 925 AFII57420 /> 56657269 <CLASSDEF ID= 811 AFII57508 /> ID= 689 05FEFC00 5369676E GLYPH= AFII62777 01730175 2054696D <CLASSDEF 72695369 555FFF95 00000008 65205374 GLYPH= AFII63850 57FFE555 00020005 06092A86 FFF9557F 4886F70D 676E2C20 496E632E 2020416C FE555FFF 010702A0 82157830 ID= 926 AFII62773 /> 616D7069 <CLASSDEF ID= 812 AFII62962 /> ID= 690 0000006E 6E672053 GLYPH= AFII62778 00000008 65727669 <CLASSDEF 6C205269 9557FFE0 0C050009 63652043 GLYPH= AFII63851 05FEFA00 82157402 0101310E 67687473 20526573 65727665 300C0608 2A864886 ID= 927 AFII62771 /> 41205357 <CLASSDEF ID= 813 AFII57567 /> ID= 691 01730175 31308201 GLYPH= AFII62779 00000008 22300D06 <CLASSDEF 642E2043 </HEXDATA> 00030002 092A8648 GLYPH= AFII63852 00000086 F70D0205 05003060 45525441 494E0A57 41525241 060A2B06 01040182 ID= 928 AFII62772 /> 86F70D01 <CLASSDEF ID= 814 AFII62964 /> ID= 692 0000000B 01010500 GLYPH= AFII62780 00190027 0382010F <CLASSDEF 4E544945 </EBDT> 01730175 00308201 GLYPH= AFII63855 00000008 37020104 A0523050 53204449 53434C41 494D4544 302C060A 2B060104 ID= 929 AFII57421 /> 0A028201 <CLASSDEF ID= 815 AFII52305 /> ID= 693 00020005 0100D498 GLYPH= AFII62781 000000AD E86792C1 <CLASSDEF 20414E44 0000000D 6D11B3AA GLYPH= AFII63856 0E07000B 01823702 011CA21E 204C4941 42494C49 5459204C 801C003C 003C003C ID= 930 AFII62776 /> F8A7CFC8 <CLASSDEF ID= 816 AFII52306 /> ID= 694 07FDF900 2A32C6EA GLYPH= AFII62782 01730175 F2CC2CA6 <CLASSDEF 494D4954 00000008 D2059F1A GLYPH= AFII63882 00030002 004F0062 0073006F 45442E0A 0A574152 4E494E47 006C0065 00740065 ID= 931 AFII62774 /> 7FA0E7BE <CLASSDEF ID= 817 AFII57509 /> ID= 695 000000D4 2F4F5FE0 GLYPH= AFII62783 GLYPH= AFII57432 00000011 D01BB872 <CLASSDEF 3A205448 00240037 18CFA945 GLYPH= AFII63885 01730175 003E003E 003E3020 45205553 45204F46 20544849 300C0608 2A864886 ID= 932 AFII62775 /> 1341EC19 <CLASSDEF ID= 818 AFII62967 /> ID= 696 00000008 2FC340CB GLYPH= AFII62784 GLYPH= AFII57433 00030002 92E6112D <CLASSDEF 53204345 0000010B 8F964D62 GLYPH= AFII63888 00000013 F70D0205 05000410 52544946 49434154 45204953 DAE11E8F FB7550D3 ID= 933 AFII57422 /> 97A5AF1C <CLASSDEF ID= 819 AFII62965 /> ID= 697 0028003D 062F3305 GLYPH= AFII62785 GLYPH= AFII57434 01730175 D440A5DD <CLASSDEF 20535452 00000008 1D1AD5B0 GLYPH= AFII63896 00030002 05A62278 7440239F 4943544C 59205355 424A4543 A08210CF 30820240 ID= 934 AFII62779 /> F4B8036D <CLASSDEF ID= 820 AFII62966 /> ID= 698 00000148 D586FB4F GLYPH= AFII62786 GLYPH= AFII57440 00000014 D65F1049 <CLASSDEF 5420544F 002A0040 DEB7E40A GLYPH= AFII63897 01730175 308201A9 021003C7 20544845 0A564552 49534947 8F37DB92 28DF3CBB ID= 935 AFII62777 /> 164E650C <CLASSDEF ID= 821 AFII57555 /> ID= 699 00000008 45230AC7 GLYPH= AFII62787 GLYPH= AFII57441 00020005 FF9F9229 <CLASSDEF 4E204345 00000188 113B8137 GLYPH= AFII63898 00000014 1AAD82FA 6710300D 52544946 49434154 494F4E20 06092A86 4886F70D ID= 936 AFII62778 /> 9246D0B4 <CLASSDEF ID= 822 AFII52364 /> ID= 700 1109000C 9B582360 GLYPH= AFII62788 GLYPH= AFII57442 09FCF700 52CDF7B3 <CLASSDEF 50524143 01730175 0FB2CF76 GLYPH= AFII63899 00000008 01010205 00306131 54494345 20535441 54454D45 11300F06 03550407 ID= 937 AFII57423 /> 0A708823 <CLASSDEF ID= 823 AFII63753 /> ID= 701 00030002 61B987CD GLYPH= AFII62789 GLYPH= AFII57443 000001C4 C2DCB2CE <CLASSDEF 4E542E20 0000001A 70B106E3 GLYPH= AFII63900 00360052 1308496E 7465726E 20544845 20495353 55494E47 65743117 30150603 ID= 938 AFII62780 /> 62B2F511 <CLASSDEF ID= 824 AFII63754 /> ID= 702 01730175 0AE84872 GLYPH= AFII62790 GLYPH= AFII57444 00000008 C987B237 <CLASSDEF 20415554 00030002 09C6532C GLYPH= AFII63901 00000216 55040A13 0E566572 484F5249 54590A44 4953434C 69536967 6E2C2049 ID= 939 AFII57424 /> 0529959B <CLASSDEF ID= 825 AFII63759 /> ID= 703 0000001C BF8C4818 GLYPH= AFII62791 GLYPH= AFII57445 003A0058 32052605 <CLASSDEF 41494D53 01730175 AFAC2C34 GLYPH= AFII63902 00000008 6E632E31 33303106 20434552 5441494E 20494D50 0355040B 132A5665 ID= 940 AFII62781 /> 83504E4A <CLASSDEF ID= 826 AFII63763 /> ID= 704 00020005 4A308F62 GLYPH= AFII62792 GLYPH= AFII57446 0000026E A59E0215 <CLASSDEF 4C494544 0000001C 851EEA2B GLYPH= AFII63903 140B000F 72695369 676E2043 20414E44 20455850 52455353 6F6D6D65 72636961 ID= 941 AFII57425 /> 477199EE <CLASSDEF ID= 827 AFII63795 /> ID= 705 0BFBF600 531ADE0D GLYPH= AFII62793 GLYPH= AFII57447 01730175 4551CDF4 <CLASSDEF 20574152 00000008 32A5EFE6 GLYPH= AFII63904 00020005 6C20536F 66747761 52414E54 4945532C 20494E43 72652050 75626C69 ID= 942 AFII62782 /> 9EFCF1CB <CLASSDEF ID= 828 AFII62891 /> ID= 706 000002C2 F8D93293 GLYPH= AFII62794 GLYPH= AFII57448 0000001C 9F77F630 <CLASSDEF 4C554449 140B000E F2B98592 GLYPH= AFII63905 0BFBF600 73686572 73204341 4E472057 41525241 4E544945 301E170D <CLASSDEF 39363034 ID= 943 GLYPH= AFII57407 AFII57426 /> ID= 829 AFII63808 /> ID= 707 52D7A049 <CLASSDEF 01730175 39EAE7B4 GLYPH= AFII62795 GLYPH= AFII57449 00000008 158EC28F <CLASSDEF 530A4F46 00030002 33E6898D GLYPH= AFII63906 00000316 30393030 30303030 204D4552 4348414E 54414249 5A170D30 <CLASSDEF 34303130 ID= 944 GLYPH= AFII57409 AFII62783 /> ID= 830 AFII62938 /> ID= 708 94609959 <CLASSDEF 00000020 A2025611 GLYPH= AFII62796 GLYPH= AFII57450 0046006C 42F825EC <CLASSDEF 4C495459 01730175 E71198FE GLYPH= AFII63908 00000008 37323335 3935395A 204F5220 4649544E 45535320 30613111 <CLASSDEF 300F0603 ID= 945 GLYPH= AFII57410 AFII57427 /> ID= 831 AFII63810 /> ID= 709 818F9888 <CLASSDEF 00020005 9B150203 GLYPH= AFII62797 GLYPH= AFII57451 00000382 010001A3 <CLASSDEF 464F5220 00000026 81873081 GLYPH= AFII63910 170D0011 55040713 08496E74 41205041 52544943 554C4152 65726E65 <CLASSDEF 74311730 ID= 946 GLYPH= AFII57411 AFII62786 /> ID= 832 AFII62942 /> ID= 710 84301306 <CLASSDEF 0DFAF400 03551D25 GLYPH= AFII62798 GLYPH= AFII57451-2 040C300A <CLASSDEF 20505552 06082B06 GLYPH= AFII63912 15060355 040A130E 504F5345 2C20414E 44205749 56657269 <CLASSDEF 5369676E ID= 947 GLYPH= AFII57412 AFII62784 /> ID= 833 AFII62947 /> ID= 711 01050507 <CLASSDEF </HEXDATA> 0308304F GLYPH= AFII62799 GLYPH= AFII57451-3 0603551D <CLASSDEF 4C4C204E 20044830 GLYPH= AFII63941 2C20496E 632E3133 4F540A42 45204C49 41424C45 30310603 <CLASSDEF 55040B13 ID= 948 GLYPH= AFII57413 AFII62785 /> ID= 834 AFII63813 /> ID= 712 46304406 </EBLC> <CLASSDEF 0B608648 GLYPH= AFII62800 GLYPH= AFII57451-4 0186F845 <CLASSDEF 20464F52 01070101 GLYPH= AFII63943 2A566572 69536967 20434F4E 53455155 454E5449 6E20436F <CLASSDEF 6D6D6572 ID= 949 GLYPH= AFII57414 AFII57428 /> ID= 835 AFII63823 /> ID= 713 30353033 <CLASSDEF 06082B06 GLYPH= AFII62801 GLYPH= AFII57452 01050507 <CLASSDEF 414C2C20 02011627 GLYPH= AFII63946 6369616C 20536F66 50554E49 54495645 2C20414E 74776172 <CLASSDEF 65205075 ID= 950 GLYPH= AFII57415 AFII62789 /> ID= 836 AFII63824 /> ID= 714 68747470 <GDEF> <CLASSDEF 733A2F2F GLYPH= AFII62802 GLYPH= AFII57452-2 7777772E <CLASSDEF 44204345 76657269 GLYPH= AFII63948 626C6973 68657273 52544149 4E204F54 48455220 20434130 <CLASSDEF 819F300D ID= 951 GLYPH= AFII57416 AFII62787 /> ID= 837 AFII63833 /> ID= 715 7369676E <CLASSDEF <VERSION 2E636F6D GLYPH= AFII62803 VALUE= 1.0 /> GLYPH= AFII57452-3 2F726570 <CLASSDEF 44414D41 6F736974 GLYPH= AFII63950 06092A86 4886F70D 4745532E 20534545 0A544845 01010105 <CLASSDEF 0003818D ID= 952 GLYPH= AFII57417 AFII62788 /> ID= 838 AFII63844 /> ID= 716 6F72792F <CLASSDEF <GLYPHCLASSDEF 52504130 GLYPH= AFII62804 GLYPH= AFII57452-4 0F060355 <CLASSDEF 20435053 FORMAT= 2 > 1D130408 GLYPH= AFII63951 00308189 02818100 20464F52 20444554 41494C53 C3D36965 <CLASSDEF 52019454 ID= 953 GLYPH= AFII57418 AFII57429 /> ID= 839 AFII62882 /> ID= 717 30060101 <CLASSDEF <CLASSDEF FF020100 GLYPH= AFII62805 GLYPH= AFII57453 300B0603 <CLASSDEF 2E0A0A43 GLYPH= AFII52258 551D0F04 GLYPH= AFII63952 AB28C662 18B35455 6F6E7465 6E747320 6F662074 C5448745 <CLASSDEF 4A3BC27E ID= 954 GLYPH= AFII57419 AFII62792 /> ID= 840 AFII62883 /> ID= 718 04030206 <CLASSDEF <CLASSDEF C0300D06 GLYPH= AFII62806 GLYPH= AFII57453-2 092A8648 <CLASSDEF 68652056 GLYPH= AFII52305 86F70D01 GLYPH= AFII63953 D8D3D7C8 80868DD8 65726953 69676E20 72656769 0CF1169C <CLASSDEF CC6BA929 ID= 955 GLYPH= AFII57420 AFII62790 /> ID= 841 AFII62884 /> ID= 719 01040500 <CLASSDEF <CLASSDEF 03818100 GLYPH= AFII62807 GLYPH= AFII57453-3 7CEA9DF3 <CLASSDEF 73746572 GLYPH= AFII52306 949143A3 GLYPH= AFII63954 B28F7673 92C8C562 6564206E 6F6E7665 72696669 A63CED1E <CLASSDEF 0575F013 ID= 956 GLYPH= AFII57421 AFII62791 /> ID= 842 AFII62885 /> ID= 720 21BADBF3 <CLASSDEF <CLASSDEF 86F37B58 GLYPH= AFII62808 GLYPH= AFII57453-4 04798818 <CLASSDEF 65645375 GLYPH= AFII52364 FAB24B6C GLYPH= AFII63956 006C144D D4989007 626A6563 74417474 72696275 BE697381 <CLASSDEF B8624E31 ID= 957 GLYPH= AFII57422 AFII57430 /> ID= 843 AFII62886 /> ID= 721 3FCC0721 <CLASSDEF <CLASSDEF 5ED7C335 GLYPH= AFII62809 GLYPH= AFII57454 CB9388F4 <CLASSDEF 7465730A GLYPH= AFII52399 5143ED2D GLYPH= AFII63958 1ED1FCC9 0CEB7D90 65787465 6E73696F 6E207661 BFAEB447 <CLASSDEF 51EC6FCE ID= 958 GLYPH= AFII57423 AFII62795 /> ID= 844 AFII63846 /> ID= 722 A92CA171 <CLASSDEF <CLASSDEF C7C7B503 GLYPH= AFII62810 GLYPH= AFII57454-2 3125E9C9 <CLASSDEF 6C756520 GLYPH= AFII52400 11FB2415 GLYPH= AFII63959 643502D6 7D670577 7368616C 6C206E6F 74206265 E28FD951 <CLASSDEF D7FB9719 ID= 959 GLYPH= AFII57424 AFII62793 /> ID= 845 AFII63849 /> ID= 723 8A73E2D9 <CLASSDEF <CLASSDEF 4CC347FB GLYPH= AFII62811 GLYPH= AFII57454-3 75820C1E <CLASSDEF 20636F6E GLYPH= AFII52957 003BEDEB GLYPH= AFII63960 BC3ED777 81C643DD 73696465 72656420 61732061 F2DDDFCA <CLASSDEF A3838BCB ID= 960 GLYPH= AFII57425 AFII62794 /> ID= 846 AFII63850 /> ID= 724 A7954F60 <CLASSDEF <CLASSDEF 66638648 GLYPH= AFII62812 GLYPH= AFII57454-4 64DE281B <CLASSDEF 63637572 GLYPH= AFII57369 72AE5F58 GLYPH= AFII63961 41C13D22 4848A619 61746520 696E666F 726D6174 02030100 <CLASSDEF 01300D06 ID= 961 GLYPH= AFII57426 AFII57431 /> ID= 847 AFII63851 /> ID= 725 8E11E4C0 <CLASSDEF <CLASSDEF 028B6955 GLYPH= AFII62813 GLYPH= AFII57455 B7192834 <CLASSDEF 696F6E0A GLYPH= AFII57370 AB18AF32 GLYPH= AFII64046 092A8648 86F70D01 76616C69 64617465 64206279 01020500 <CLASSDEF 03818100 ID= 962 GLYPH= AFII57427 AFII62798 /> ID= 848 AFII63852 /> ID= 726 50D45B3C <CLASSDEF <CLASSDEF 45F42B8C GLYPH= AFII62815 GLYPH= AFII57455-2 544689CC <CLASSDEF 20746865 GLYPH= AFII57371 C8A8A4A5 GLYPH= AFII64058 B5BCB075 6A89A286 2049412E 0AA33680 34687474 BD6478C3 <CLASSDEF A7327572 ID= 963 GLYPH= AFII57428 AFII62796 /> ID= 849 AFII63855 /> ID= 727 A518CC73 <CLASSDEF <CLASSDEF 4E260574 GLYPH= AFII62816 GLYPH= AFII57455-3 30820A9F <CLASSDEF 70733A2F GLYPH= AFII57372 30820A08 GLYPH= AFII64059 11AA2602 1760304C 2F777777 2E766572 69736967 E3483419 <CLASSDEF B9524A51 ID= 964 GLYPH= AFII57429 AFII62797 /> ID= 850 AFII63856 /> ID= 728 A0030201 <CLASSDEF <CLASSDEF 02021075 GLYPH= AFII62817 GLYPH= AFII57455-4 F28EF8A8 <CLASSDEF 6E2E636F GLYPH= AFII57373 FBEA6D11 GLYPH= AFII64060 1880FE53 2D7BD531 6D2F7265 706F7369 746F7279 8CC56599 <CLASSDEF 41412FF2 ID= 965 GLYPH= AFII57430 AFII57432 /> ID= 851 AFII63761 /> ID= 729 52971495 <CLASSDEF <CLASSDEF 4B655C30 GLYPH= AFII62818 GLYPH= AFII57456 0D06092A <CLASSDEF 2F766572 GLYPH= AFII57374 864886F7 GLYPH= AFII64061 AE637AE8 73991590 69736967 6E6C6F67 6F2E6769 1A1F7A8B <CLASSDEF 41D08E3A ID= 966 GLYPH= AFII57431 AFII62801 /> ID= 852 AFII63882 /> ID= 730 0D010104 <CLASSDEF <CLASSDEF 05003061 GLYPH= AFII62819 GLYPH= AFII57456-2 3111300F <CLASSDEF 66308202 GLYPH= AFII57375 06035504 GLYPH= AFII64184 D0CD3834 44D075F8 1F060355 1D030482 02163082 EA71C481 19381735 ID= 967 AFII62799 /> 07130849 <CLASSDEF ID= 853 AFII63825 /> ID= 731 <CLASSDEF 6E746572 GLYPH= AFII62820 GLYPH= AFII57456-3 6E657431 <CLASSDEF 02123082 GLYPH= AFII57381 17301506 GLYPH= AFII64240 4AAEC53E 32E621B8 020E3082 020A060B 60864801 05C093E1 C7385CD8 ID= 968 AFII62800 /> 0355040A <CLASSDEF ID= 732 <CLASSDEF 130E5665 GLYPH= AFII62821 GLYPH= AFII57456-4 72695369 <CLASSDEF 86F84501 GLYPH= AFII57382 676E2C20 GLYPH= AFII64241 F7933864 90ED54CE 07010130 8201F916 8201A754 CAD3D3D0 5FEF049B ID= 969 AFII57433 /> 496E632E <CLASSDEF ID= 733 <CLASSDEF 31333031 GLYPH= AFII62822 GLYPH= AFII57457 06035504 <CLASSDEF 68697320 GLYPH= AFII57388 0B132A56 GLYPH= AFII64242 DE0282DD 8829B1C3 63657274 69666963 61746520 4FA5CD71 64313C3C ID= 970 AFII62804 /> 65726953 <CLASSDEF ID= 734 <CLASSDEF 69676E20 GLYPH= AFII62823 GLYPH= AFII57457-2 436F6D6D <CLASSDEF 696E636F GLYPH= AFII57391 65726369 GLYPH= GLYPH1021 308203E4 3082034D 72706F72 61746573 20627920 A0030201 02021100 ID= 971 AFII62802 /> 616C2053 <CLASSDEF ID= 735 <CLASSDEF 6F667477 GLYPH= AFII62824 GLYPH= AFII57457-3 61726520 <CLASSDEF 72656665 GLYPH= AFII57392 5075626C GLYPH= GLYPH1025 FCA4A59F 2C0FC0B9 72656E63 652C2061 6E642069 0398331B 7B54541D ID= 972 AFII62803 /> 69736865 <CLASSDEF ID= 736 <CLASSDEF 72732043 GLYPH= AFII62825 GLYPH= AFII57457-4 41301E17 <CLASSDEF 74732075 GLYPH= AFII57393 0D303030 GLYPH= GLYPH1026 300D0609 2A864886 73652069 73207374 72696374 F70D0101 04050030 ID= 973 AFII57434 /> 34303430 <CLASSDEF ID= 737 <CLASSDEF 30303030 GLYPH= AFII62827 GLYPH= AFII57458 305A170D <CLASSDEF 6C792073 GLYPH= AFII57394 30313034 GLYPH= GLYPH1034 819E311F 301D0603 75626A65 63742074 6F2C2074 55040A13 16566572 ID= 974 AFII62807 /> 31373233 <CLASSDEF ID= 738 <CLASSDEF 35393539 GLYPH= AFII62828 GLYPH= AFII57458-2 5A308201 <CLASSDEF 68652056 GLYPH= AFII57395 5D311130 GLYPH= GLYPH1035 69536967 6E205472 65726953 69676E20 43657274 69666963 75737420 4E657477 ID= 975 AFII62805 /> 0F060355 <CLASSDEF ID= 739 6174696F <CLASSDEF 04071308 6E205072 GLYPH= AFII62829 GLYPH= AFII57458-3 496E7465 GLYPH= AFII57396 61637469 726E6574 63652053 6F726B31 17301506 0355040B 130E5665 ID= 976 AFII62806 /> 31173015 <CLASSDEF ID= 740 74617465 <CLASSDEF 06035504 6D656E74 GLYPH= AFII62830 GLYPH= AFII57458-4 0A130E56 GLYPH= AFII57397 20284350 65726953 53292C20 72695369 676E2C20 496E632E 312C302A ID= 977 AFII57441 /> 69676E2C <CLASSDEF ID= 741 61766169 <CLASSDEF 20496E63 6C61626C GLYPH= AFII62831 GLYPH= AFII57459 2E313330 GLYPH= AFII57398 65206174 31060355 3A206874 06035504 0B132356 65726953 69676E20 ID= 978 AFII62810 /> 040B132A <CLASSDEF ID= 742 7470733A <CLASSDEF 56657269 2F2F7777 GLYPH= AFII62832 GLYPH= AFII57459-2 5369676E GLYPH= AFII57399 772E7665 20436F6D 72697369 6D657263 676E2E63 <CLASSDEF <CLASSDEF 69616C20 6F6D2F43 GLYPH= AFII62833 GLYPH= AFII57459-3 536F6674 GLYPH= AFII57400 50533B20 77617265 62792045 National Offi ce PO Box 12 241 Wellington 6144 New Zealand T 64 4 473 9444 F 64 4 474 8933 E ipenz@ipenz.org.nz W www.ipenz.org.nz