ISO/IEC JTC 1/SC 7/WG 10 - Process assessment

This document defines a process assessment model for software life cycle processes, conformant with the requirements of ISO/IEC 33004, for use in performing a conformant assessment in accordance with the requirements of ISO/IEC 33002.

This document defines a process reference model for the domain of service management. The model specifies a process architecture for the domain and comprises a set of processes. Each process is described in terms of process purpose and outcomes. The process reference model in this document is directed at assessment sponsors and competent assessors who wish to select a model, and associated documented process method, for assessment (for either capability determination or process improvement).

This document: — defines a process assessment model that relies on the process reference model published as ISO/IEC TS 33054 that meets the requirements of ISO/IEC 33004 and that supports the performance of an assessment by providing indicators for guidance on the interpretation of the process purposes and outcomes and the process attributes as defined in ISO/IEC 33020; — provides guidance, by example, on the definition, selection and use of assessment indicators. A process assessment model comprises a set of indicators of process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to assign ratings. The set of indicators included in this document is not intended to be an all-inclusive set. The process assessment model in this document is directed at assessment sponsors and competent assessors who wish to select a model, and associated documented process method, for assessment (for either capability determination or process improvement). Additionally, it can be of use to developers of assessment models in the construction of their own model, by providing examples of good service management practices. It can be used by: a) service providers to assess and improve a service management system (SMS); b) service providers to demonstrate their capability for the planning, design, development, transition and delivery of services that meet agreed service management requirements. Any process assessment model meeting the requirements defined in ISO/IEC 33004 concerning models for process assessment can be used for assessment. Different models and methods can be needed to address differing business needs. The assessment model in ISO/IEC TS 33074 is provided as an assessment model meeting all the requirements expressed in ISO/IEC 33004.

This document defines a process assessment model for system life cycle processes, conformant with the requirements of ISO/IEC 33004, for use in performing a conformant assessment in accordance with the requirements of ISO/IEC 33002.

This document defines a process reference model for the domain of quality management. The model specifies a process architecture for the domain and comprises a set of processes. Each process is described in terms of process purpose and outcomes. NOTE Users of this document can freely reproduce the detailed descriptions contained in this process reference model as part of any tool or other material to support the performance of process assessments, so that it can be used for its intended purpose.

This document defines a process measurement framework that supports the assessment of process capability, in accordance with the requirements of ISO/IEC 33003. The process measurement framework provides a schema that can be used to construct a process assessment model conformant with ISO/IEC 33004 which can be used in the performance of assessment of process capability according to the requirements of ISO/IEC 33002. In the context of this document and related standards, process capability is a process quality characteristic related to the ability of a process to consistently meet current or projected business goals. The process measurement framework defined in this document forms a structure which a) facilitates self-assessment, b) provides a basis for use in process improvement and process quality determination, c) is applicable across all application domains and sizes of organization, d) produces a set of process (capability) attribute ratings (process profile), and e) derives a process capability level. This document also includes as informative annexes a set of assessment indicators of process capability that can be used in the construction of a process assessment model using this process measurement framework, and guidance on the meaning of the process capability levels and the achievement of the process attributes.

This document provides guidance on the application of the results of a process assessment for process risk determination. The guidance provided does not presume specific organizational structures, management philosophies, life cycle models or development methods. In relation to process risk determination, this guidance is applicable within any customer?supplier relationship, and to any organization wishing to perform a process risk determination of its processes.

This document provides general and specific guidance for the competency of assessors performing assessments in accordance with the ISO/IEC 330xx family of standards.

ISO/IEC TS 33073:2017: - defines an integrated PRM and PAM that meets the requirements of ISO/IEC 33004 and that supports the performance of an assessment by providing indicators for guidance on the interpretation of the process purposes and outcomes and the process attributes as defined in ISO/IEC 33020; - provides guidance, by example, on the definition, selection and use of assessment indicators. A PAM comprises a set of indicators of process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to assign ratings. The set of indicators included in ISO/IEC TS 33073:2017 is not intended to be an all-inclusive set nor is it intended to be applicable in its entirety. The PAM in ISO/IEC TS 33073:2017 is directed at assessment sponsors and competent assessors who wish to select a model and associated documented process method for assessment (for either capability determination or process improvement). Additionally, it can be of use to developers of assessment models in the construction of their own model, by providing examples of good service management practices. It can be used by: a) service providers to assess and improve a Quality Management System (QMS); b) service providers to demonstrate their capability for the design, development, transition and delivery of services that fulfil Quality Management requirements. Any PAM meeting the requirements defined in ISO/IEC 33004 concerning models for process assessment may be used for assessment. Different models and methods can be needed to address differing business needs. The assessment model in ISO/IEC TS 33073:2017 is provided as an assessment model meeting all the requirements expressed in ISO/IEC 33004. NOTE Copyright release for the PAM: Users of ISO/IEC TS 33073:2017 can freely reproduce the detailed descriptions contained in the assessment model as part of any tool or other material to support the performance of process assessments, so that it can be used for its intended purpose.

ISO/IEC TS 33030:2017 contains an exemplar documented assessment process, and serves as guidance on the nature of activities required by this document. The content of this exemplar contains the minimum elements of a documented assessment process applicable for performing all classes of assessments as defined in ISO/IEC 33002. See also Annex B. ISO/IEC TS 33030:2017 is suitable for all classes of assessments defined in ISO/IEC 33002. This exemplar includes the activities by describing the tasks, inputs, outputs and the assessment-related roles and responsibilities. This description implicitly contains other elements that could comprise the process, like purpose, initial/end conditions, additional supporting roles/responsibilities or necessary resources. While this exemplar contains all of the activities that are considered to be required for a process assessment, it is the case that variation exists in individual process assessments, and therefore, some degree of tailoring of this assessment process could be required. Tailoring of the assessment process is permitted, though it is the responsibility of the Lead Assessor and it would need to be conformant to the requirements of ISO/IEC 33002. ISO/IEC TS 33030:2017 is not intended for use in performing organizational maturity assessments.

ISO/IEC TS 33072:2016: - defines a process assessment model (PAM) that meets the requirements of ISO/IEC 33004 and that supports the performance of an assessment of process capability by providing indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC TS 33052 and the process attributes as defined in ISO/IEC 33020; - provides guidance, by example, on the definition, selection and use of assessment indicators.

ISO/IEC 33002:2015 defines the minimum set of requirements for performing an assessment that will ensure assessment results are objective, consistent, repeatable, and representative of the assessed processes. The requirements defined in ISO/IEC 33002:2015 can be used by or on behalf of an organization to a) facilitate self-assessment, b) provide a basis for improving process performance and mitigating process-related risk, c) produce a rating of the achievement of the relevant process quality characteristic, and d) provide an objective benchmark between organizations. ISO/IEC 33002:2015 is applicable across all application domains and sizes of organization.

ISO/IEC 33004:2015 sets out the requirements for process reference models, process assessment models, and maturity models. The requirements defined in this International Standard form a structure which specifies a) the relationship between the classes of process model associated with the performance of process assessment, b) the relationship between process reference models and prescriptive/normative models of process performance, as constituted by, for example, the activities and tasks defined in ISO/IEC 12207 and ISO/IEC 15288, c) the integration of process reference models and process measurement frameworks to establish process assessment models, d) the use of common sets of assessment indicators of process performance and process quality in process assessment models, and e) the relationship between maturity models and process assessment models and the extent to which a maturity model can be constructed using elements from different process assessment models.

ISO/IEC 33001:2015 provides a repository for key terminology relating to process assessment. It gives overall information on the concepts of process assessment, the application of process assessment for evaluating the achievement of process quality characteristics, and the application of the results of process assessment to the conduct of process management. ISO/IEC 33001:2015 provides an introduction to the ISO/IEC 330xx family of standards for process assessment; it describes how the parts of the family of standards for process assessment fit together and provides guidance for their selection and use. It explains the requirements contained within the suite and their applicability to performing assessments.

ISO/IEC 33003:2015 sets out the requirements for process measurement frameworks for use in process assessment. The requirements defined in ISO/IEC 33003:2015 form a structure which a) establish the requirements for process measurement frameworks in the context of process assessment, b) establish the requirements for the validation of process measurement frameworks for use in process assessment, and c) establish requirements that are applicable to any process measurement frameworks to develop composite measures across domains. ISO/IEC 33003:2015 is applicable to the development of process measurement frameworks for any process quality characteristic across all application domains.

ISO/IEC TR 33014:2013 provides informative guidance on using process assessment as part of a complete framework and method for performing process improvement as part of a continual improvement activity. It also provides guidance on how to strengthen and maintain the abilities to ensure success with continual process improvement - improvability. Improvability is addressed both at the organizational perspective and at the project perspective. In the case of process improvement, the concepts and principles are appropriate for the full range of different business goals, application domains and sizes of organization, so that all types of organizations may use them. It is the same in the case of process improvability. ISO/IEC TR 33014:2013 deals with process improvement on three levels. Strategic: what goals to achieve, the motivation and direction. Tactical: how to achieve the goals of process improvement. Operational: how to perform the process improvement. ISO/IEC TR 33014:2013 has three improvement perspectives. Process perspective: Process improvement as a programme or project. Organizational perspective: Improvement of organizational improvability in order to ensure success with improvement projects. Project perspective: Improve a project´s improvability and reach improvement success. ISO/IEC TR 33014:2013 includes topics such as: utilising the results of a process assessment; principles of continual process improvement; roles in process improvement; principles of enhancing improvability; process improvement support elements; overall change strategies; scope of change; Although the focus for ISO/IEC TR 33014:2013 is continual process improvement based on using process assessment as part of a complete framework and method for performing and ensuring success with continual process improvement, it can also be used in related areas.

ISO/IEC 33020:2015 defines a process measurement framework that supports the assessment of process capability, in accordance with the requirements of ISO/IEC 33003. The process measurement framework provides a schema that can be used to construct a process assessment model conformant with ISO/IEC 33004 which can be used in the performance of assessment of process capability according to the requirements of ISO/IEC 33002. In the context of this and related standards, process capability is a process quality characteristic related to the ability of a process to consistently meet current or projected business goals. The process measurement frameworks defined in ISO/IEC 33020:2015 form a structure which a) facilitates self-assessment, b) provides a basis for use in process improvement and process quality determination, c) is applicable across all application domains and sizes of organization, d) produces a set of process (capability) attribute ratings (process profile), and e) derives a process capability level.

ISO/IEC 15504-6:2013 constitutes a Process Assessment Model, conformant with the requirements of ISO/IEC 15504-2, for the assessment of process capability of system life cycle processes. The Process Dimension of this Process Assessment Model is based upon the Process Reference Model contained in ISO/IEC 15288. ISO/IEC 15504-6:2013 provides a new Process Dimension for the Process Assessment Model derived from the revised Process Reference Model contained in ISO/IEC 15288:2008. The scope of ISO/IEC 15504-6:2013 is consistent with the scope of ISO/IEC 15504-5 in order to assist situations where assessment is being made of both system and software life cycle processes. Users of ISO/IEC 15504-6:2013 may freely reproduce the detailed descriptions contained in the exemplar assessment model as part of any tool or other material to support the performance of process assessments, so that it can be used for its intended purpose.

ISO/IEC 15504-5:2012 provides an example of a Process Assessment Model for use in performing a conformant assessment in accordance with the requirements of ISO/IEC 15504-2. ISO/IEC 15504-5:2012 provides a detailed description of the structure and key components of the Process Assessment Model, which includes two dimensions: a process dimension and a capability dimension. It also introduces assessment indicators. ISO/IEC 15504-5:2012 uses process definitions from ISO/IEC 12207:2008 to identify a Process Reference Model. The processes of the Process Reference Model are described in the Process Assessment Model in terms of purpose and outcomes and are grouped in three process categories. The Process Assessment Model expands the Process Reference Model process definitions by including a set of process performance indicators called base practices for each process. The Process Assessment Model also defines a second set of indicators of process performance by associating work products with each process. ISO/IEC 15504-5:2012 duplicates the definitions of the capability levels and process attributes from ISO/IEC 15504-2, and expands each of the nine attributes through the inclusion of a set of generic practices. These generic practices belong to a set of indicators of process capability, in association with generic resource indicators, and generic work product indicators. ISO/IEC 15504-5:2012 also provides the following: a statement of conformance of the Process Assessment Model to the requirements defined in ISO/IEC 15504-2; selected characteristics for typical work products to assist the assessor in evaluating the capability level of processes; style guides for defining base practices, work products and generic practices for adjusting the Process Assessment Model, and guidance explaining how to expand or adapt the model; some processes supplementary to the Process Assessment Model.

The purpose of ISO/IEC TR 20000-4:2010 is to facilitate the development of a process assessment model according to ISO/IEC 15504 process assessment principles. ISO/IEC 15504-1 describes the concepts and terminology used for process assessment. ISO/IEC 15504-2 describes the requirements for the conduct of an assessment and a measurement scale for assessing process capability. The process reference model provided in ISO/IEC TR 20000-4:2010 is a logical representation of the elements of the processes within service management that can be performed at a basic level. Using the reference model in a practical application might require additional elements suited to the environment and circumstances. The process reference model specified in ISO/IEC TR 20000-4:2010 describes at an abstract level the processes including the general service management system processes implied by ISO/IEC 20000-1. Each process of this process reference model is described in terms of a purpose and outcomes. The process reference model does not attempt to place the processes in any specific environment nor does it predetermine any level of process capability required to achieve the ISO/IEC 20000-1 requirements. The process reference model is not intended to be used for a conformity assessment audit or process implementation reference guide. Any organization can define processes with additional elements in order to suit it to its specific environment and circumstances. The purpose and outcomes described in ISO/IEC TR 20000-4:2010 are, however, considered to be the minimum necessary to meet ISO/IEC 20000-1 requirements. Some processes address general strategic aspects of an organization. These processes have been identified in order to give coverage to all the requirements of ISO/IEC 20000-1. The process reference model does not provide the evidence required by ISO/IEC 20000-1. The process reference model does not specify the interfaces between the processes.

ISO/IEC 15504 provides a framework for the assessment of processes. This framework can be used by organizations involved in planning, managing, monitoring, controlling, and improving the acquisition, supply, development, operation, evolution and support of products and services. ISO/IEC TR 15504-7:2008 defines the conditions for an assessment of organizational maturity; it defines a framework for determining organizational maturity, based upon profiles of process capability derived from process assessment, and defines the conditions under which such assessments are valid. ISO/IEC TR 15504-7:2008, organizational maturity is an expression of the extent to which an organization consistently implements processes within a defined scope that contributes to the achievement of its business goals (current or projected). An Organizational Maturity Model is based upon one or more specified Process Assessment Model(s), and addresses the domains and contexts for use of the Process Reference Model(s) from which the Process Assessment Model(s) are derived. The assessment of organizational maturity is undertaken through the performance of process assessment as specified in ISO/IEC 15504-2. Specific conditions are defined in ISO/IEC TR 15504-7:2008 relating to the process scope of the organizational maturity assessment, the organizational scope of the assessment (which has to be specified as representing the elements characterised by the organizational maturity rating), and the data collection strategy (which needs to ensure that the results of the assessment are representative of the organizational scope). On completion of the assessment, the set of process profiles established for the organization determine the rating of the level of organizational maturity based on the framework defined in ISO/IEC 15504-7, as specified in the relevant Organizational Maturity Model. ISO/IEC TR 15504-7:2008 also contains guidance on implementing the requirements for constructing an Organizational Maturity Model; on performing assessments of organizational maturity; and on the application of organizational maturity ratings for process improvement and capability determination.

ISO/IEC 15504 provides a framework for the assessment of process capability. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services. ISO/IEC TR 15504-6:2008 describes an exemplar Process Assessment Model (PAM) for system life cycle processes, conformant with the ISO/IEC 15504-2 requirements for a PAM. The ISO/IEC TR 15504-6:2008 exemplar PAM is derived from the Process Reference Model (PRM) defined in ISO/IEC 15288, associated with the process attributes defined in ISO/IEC 15504-2. The resulting PAM is a two-dimensional PAM which provides indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC 15288, and the process attributes as defined in ISO/IEC 15504‑2. It can be used to perform a process assessment conformant with ISO/IEC 15504-2, either in the context of a process improvement programme or for process capability determination. ISO/IEC TR 15504-6:2008 describes the overall structure of the PAM with its process dimension (derived from ISO/IEC 15288) and capability dimension (derived from the measurement framework defined in ISO/IEC 15504-2); process performance indicators (base practices and work products) for 26 processes drawn from ISO/IEC 15288; process capability indicators (generic practices, generic resources and generic work products) which characterize, for any process attribute of the capability dimension, what are the expected characteristics that demonstrate achievement of that process attribute. ISO/IEC TR 15504-6:2008 also includes the demonstration of conformity of the PAM with the requirements of ISO/IEC 15504-2; the detailed characteristics of the work products and the generic work products; guidance for adapting the PAM and defining additional assessment indicators.

ISO/IEC 15504-5:2006 describes an exemplar Process Assessment Model (PAM), conformant with the ISO/IEC 15504-2 requirements for PAMs. It provides guidance, by way of example, on the nature and structure of PAMs, and on the variety and function of different indicators of process performance and capability. It also provides guidance, through example, on the requirements for conformance of PAMs, and on the approaches for demonstration of conformance. ISO/IEC 15504 provides a framework for the assessment of process capability. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services. It is also intended for use by assessors in the performance of process assessment, and by organizations involved in the development of process reference models, process assessment models or process assessment processes.

This part of ISO/IEC 15504:2004 provides overall information on the concepts of process assessment and its use in the two contexts of process improvement and process capability determination. It describes how the parts of the suite fit together, and provides guidance for their selection and use. It explains the requirements contained within ISO/IEC 15504, and their applicability to performing assessments. Readers of this guide should familiarize themselves with the terminology and structure of the document suite, and then reference the appropriate parts of the suite for the context in which they propose to conduct an assessment. A more detailed description of the use of ISO/IEC 15504 is given in clause 4.

ISO/IEC 15504 provides a framework for the assessment of processes. This framework can be used by organizations involved in planning, managing, monitoring, controlling, and improving the acquisition, supply, development, operation, evolution and support of products and services. ISO/IEC 15504-4:2004 provides guidance on how to utilize a conformant process assessment within a process improvement programme or for process capability determination. Within a process improvement (PI) context, process assessment provides a means of characterizing an organizational unit in terms of the capability of selected processes. Analysis of the output of a conformant process assessment against an organizational unit's business goals identifies strengths, weaknesses and risks related to the processes. This, in turn, can help determine whether the processes are effective in achieving business goals, and provide the drivers for making improvements. Process capability determination (PCD) is concerned with analysing the output of one or more conformant process assessments to identify the strengths, weaknesses and risks involved in undertaking a specific project using the selected processes within a given organizational unit. A process capability determination can provide a fundamental input to supplier selection, in which case it is often termed a "supplier capability determination". ISO/IEC 15504-4:2004 describes the PI and PCD processes and how to deploy them, and provides guidance on utilizing process assessment, selecting Process Reference Model(s), setting target capability, defining the assessment input, inferring process-related risk from assessment output, steps of process improvement, steps of process capability determination, comparability of assessment output analysis.

ISO/IEC 15504 (all parts) provides a framework for the assessment of processes. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services. ISO/IEC 15504-3:2004 provides guidance on meeting the minimum set of requirements for performing an assessment contained in ISO/IEC 15504-2. It provides an overview of process assessment and interprets the requirements through the provision of guidance on: performing an assessment; the measurement framework for process capability; process reference models and process assessment models; selecting and using assessment tools; competency of assessors; verification of conformity. ISO/IEC 15504-3:2004 also provides an exemplar documented assessment process that conforms to the requirements of 4.2 in ISO/IEC 15504-2.

ISO/IEC 15504-2:2003 defines the requirements for performing process assessment as a basis for use in process improvement and capability determination. Process assessment is based on a two dimensional model containing a process dimension and a capability dimension. The process dimension is provided by an external process reference model, which defines a set of processes characterized by statements of process purpose and process outcomes. The capability dimension consists of a measurement framework comprising six process capability levels and their associated process attributes. The assessment output consists of a set of process attribute ratings for each process assessed, termed the process profile, and may also include the capability level achieved by that process. ISO/IEC 15504-2:2003 identifies the measurement framework for process capability and the requirements for: performing an assessment; process reference models; process assessment models; verifying conformity of process assessment. The requirements for process assessment defined in ISO/IEC 15504-2:2003 form a structure which: facilitates self-assessment; provides a basis for use in process improvement and capability determination; takes into account the context in which the assessed process is implemented; produces a process rating; addresses the ability of the process to achieve its purpose; is applicable across all application domains and sizes of organization; and may provide an objective benchmark between organizations. The minimum set of requirements defined in ISO/IEC 15504-2:2003 ensures that assessment results are objective, impartial, consistent, repeatable and representative of the assessed processes. Results of conformant process assessments may be compared when the scopes of the assessments are considered to be similar; for guidance on this matter, refer to ISO/IEC 15504-4.