Information technology -- Process assessment

ISO/IEC 15504 provides a framework for the assessment of processes. This framework can be used by organizations involved in planning, managing, monitoring, controlling, and improving the acquisition, supply, development, operation, evolution and support of products and services. ISO/IEC 15504-4:2004 provides guidance on how to utilize a conformant process assessment within a process improvement programme or for process capability determination. Within a process improvement (PI) context, process assessment provides a means of characterizing an organizational unit in terms of the capability of selected processes. Analysis of the output of a conformant process assessment against an organizational unit's business goals identifies strengths, weaknesses and risks related to the processes. This, in turn, can help determine whether the processes are effective in achieving business goals, and provide the drivers for making improvements. Process capability determination (PCD) is concerned with analysing the output of one or more conformant process assessments to identify the strengths, weaknesses and risks involved in undertaking a specific project using the selected processes within a given organizational unit. A process capability determination can provide a fundamental input to supplier selection, in which case it is often termed a "supplier capability determination". ISO/IEC 15504-4:2004 describes the PI and PCD processes and how to deploy them, and provides guidance on utilizing process assessment, selecting Process Reference Model(s), setting target capability, defining the assessment input, inferring process-related risk from assessment output, steps of process improvement, steps of process capability determination, comparability of assessment output analysis.

Technologies de l'information -- Évaluation des procédés

General Information

Status
Withdrawn
Publication Date
01-Jul-2004
Withdrawal Date
01-Jul-2004
Current Stage
6060 - International Standard published
Start Date
24-May-2004
Completion Date
02-Jul-2004
Ref Project

RELATIONS

Buy Standard

Standard
ISO/IEC 15504-4:2004 - Information technology -- Process assessment
English language
33 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO/IEC
STANDARD 15504-4
First edition
2004-07-01
Information technology — Process
assessment —
Part 4:
Guidance on use for process
improvement and process capability
determination
Technologies de l'information — Procédés d'évaluation —
Partie 4: Conseils sur l'utilisation pour l'amélioration de processus et la
détermination de capacité de processus
Reference number
ISO/IEC 15504-4:2004(E)
ISO/IEC 2004
---------------------- Page: 1 ----------------------
ISO/IEC 15504-4:2004(E)
PDF disclaimer

This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but

shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In

downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat

accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.

Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation

parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In

the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

© ISO/IEC 2004

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,

electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or

ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2004 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 15504-4:2004(E)
Contents Page

Foreword............................................................................................................................................................. v

Introduction ....................................................................................................................................................... vi

1 Scope...................................................................................................................................................... 1

2 Normative references........................................................................................................................... 1

3 Terms and definitions........................................................................................................................... 1

4 Introduction........................................................................................................................................... 1

4.1 Process improvement and process capability determination.......................................................... 1

4.2 PI and PCD sponsors and teams......................................................................................................... 2

4.3 Process, guidance and method........................................................................................................... 2

4.4 Process improvement – purpose and outcomes............................................................................... 2

4.5 Process capability determination — purpose and outcomes .......................................................... 3

4.6 Process assessment output................................................................................................................ 3

5 Utilizing process assessment.............................................................................................................. 4

5.1 General................................................................................................................................................... 4

5.2 Selecting Process Reference Model(s)............................................................................................... 4

5.3 Setting target capability....................................................................................................................... 4

5.4 Defining the assessment input............................................................................................................ 6

5.5 Evaluating process-related risk........................................................................................................... 7

5.5.1 Inferring process-related risk from assessment output ................................................................... 7

5.5.2 Analysing weaknesses......................................................................................................................... 9

6 Process improvement......................................................................................................................... 10

6.1 Overview.............................................................................................................................................. 10

6.2 Steps of process improvement ......................................................................................................... 10

6.2.1 Step 1 – Examine organization’s business goals............................................................................10

6.2.2 Step 2 – Initiate process improvement cycle ................................................................................... 11

6.2.3 Step 3 – Assess current capability.................................................................................................... 12

6.2.4 Step 4 – Develop action plan ............................................................................................................. 12

6.2.5 Step 5 – Implement improvements.................................................................................................... 15

6.2.6 Step 6 – Confirm improvements........................................................................................................ 16

6.2.7 Step 7 – Sustain improvements......................................................................................................... 17

6.2.8 Step 8 – Monitor performance ........................................................................................................... 17

7 Process capability determination...................................................................................................... 18

7.1 Overview.............................................................................................................................................. 18

7.2 Steps of process capability determination....................................................................................... 19

7.2.1 Step 1 – Initiate process capability determination .......................................................................... 19

7.2.2 Step 2 – Set target capability ............................................................................................................. 20

7.2.3 Step 3 – Assess current capability.................................................................................................... 20

7.2.4 Step 4 – Determine proposed capability........................................................................................... 20

7.2.5 Step 5 – Verify proposed capability .................................................................................................. 21

7.2.6 Step 6 – Analyse process-related risk .............................................................................................. 21

7.2.7 Step 7 – Act on results ....................................................................................................................... 21

7.3 Comparability of assessment output analysis ................................................................................ 21

Annex A (informative) Analysing process-related risk................................................................................. 23

A.1 Introduction......................................................................................................................................... 23

A.2 Probability............................................................................................................................................ 23

A.3 Consequence....................................................................................................................................... 24

A.4 Process-related risk............................................................................................................................ 24

A.5 Determining which processes represent greatest risk................................................................... 25

© ISO/IEC 2004 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 15504-4:2004(E)

A.6 Analysis approach...............................................................................................................................25

A.7 Example risk analysis.........................................................................................................................25

A.7.1 F.1.3.3 System and Architectural Design.........................................................................................26

A.7.2 F.2.2 Configuration Management......................................................................................................27

A.7.3 F.3.1.4 Risk Management...................................................................................................................27

Annex B (informative) Subcontractors and consortia ..................................................................................28

B.1 Overview...............................................................................................................................................28

B.1.1 Combining uniquely deployed processes ........................................................................................28

B.1.2 Combining processes deployed by more than one organizational unit........................................29

B.2 Enterprise reference architectures....................................................................................................29

Annex C (informative) Process improvement and organizational culture..................................................30

C.1 Introduction..........................................................................................................................................30

C.2 Management responsibility and leadership .....................................................................................30

C.3 Values, attitudes and behaviour ........................................................................................................30

C.4 Process improvement objectives and motivation ...........................................................................31

C.5 Communication and teamwork..........................................................................................................31

C.6 Recognition..........................................................................................................................................31

C.7 Education and training .......................................................................................................................31

Bibliography......................................................................................................................................................33

iv © ISO/IEC 2004 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 15504-4:2004(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are members of

ISO or IEC participate in the development of International Standards through technical committees

established by the respective organization to deal with particular fields of technical activity. ISO and IEC

technical committees collaborate in fields of mutual interest. Other international organizations, governmental

and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information

technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of the joint technical committee is to prepare International Standards. Draft International

Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as

an International Standard requires approval by at least 75 % of the national bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.

ISO/IEC 15504-4 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,

Subcommittee SC 7, Software and system engineering.

This first edition cancels and replaces ISO/IEC TR 15504-7:1998 and ISO/IEC TR 15504-8:1998, which have

been technically revised.

ISO/IEC 15504 consists of the following parts, under the general title Information technology — Process

assessment:
 Part 1: Concepts and vocabulary
 Part 2: Performing an assessment
 Part 3: Guidance on performing an assessment

 Part 4: Guidance on use for process improvement and process capability determination

The following part is in preparation:
 Part 5: An exemplar Process Assessment Model
The complete series will replace ISO/IEC TR 15504-1 to ISO/IEC TR 15504-9.
© ISO/IEC 2004 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC 15504-4:2004(E)
Introduction

ISO/IEC 15504 provides a framework for process assessment and sets out the minimum requirements for

performing an assessment in order to ensure consistency and repeatability of assessment ratings. Process

assessment is applicable in the following circumstances:

 by or on behalf of an organization with the objective of understanding the state of its own processes for

process improvement;

 by or on behalf of an organization with the objective of determining the capability of another organization's

processes for a particular contract or class of contracts, or to determine the capability of its own

processes for a particular requirement or class of requirements.

This informative part of ISO/IEC 15504 provides guidance on how to utilize a conformant process assessment

within a process improvement programme or within either type of process capability determination.

ISO/IEC 15504-1 provides a general introduction to the concepts of process assessment and a glossary for

assessment related terms.

ISO/IEC 15504-2 sets requirements for performing an assessment that ensure consistency and repeatability

of the ratings. The requirements help to ensure that the assessment output is self-consistent and provides

evidence to substantiate the ratings and to verify compliance with the requirements.

ISO/IEC 15504-3 provides guidance for interpreting the requirements for performing an assessment.

ISO/IEC 15504-5 contains an exemplar Process Assessment Model that is mapped to
ISO/IEC 12207:1995/Amd.1:2002 as a Process Reference Model.
vi © ISO/IEC 2004 – All rights reserved
---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO/IEC 15504-4:2004(E)
Information technology — Process assessment —
Part 4:
Guidance on use for process improvement and process
capability determination
1 Scope

This part of ISO/IEC 15504 provides guidance on how to utilize a conformant process assessment within a

process improvement programme or a process capability determination. This part of ISO/IEC 15504 is for

information only.

The guidance provided does not presume specific organizational structures, management philosophies, life

cycle models or development methods, although some of the examples and tables within the text are based

upon processes from ISO/IEC 12207.

In the case of process improvement, the concepts and principles are appropriate for the full range of different

business goals, application domains and sizes of organization, so that all types of organizations may use them.

In the case of process capability determination, this guidance is applicable within any customer–supplier

relationship, and to any organization wishing to determine the process capability of its own processes.

2 Normative references

The following referenced documents are indispensable for the application of this document. For dated

references, only the edition cited applies. For undated references, the latest edition of the referenced

document (including any amendments) applies.
ISO/IEC 12207, Information technology — Software life cycle processes

ISO/IEC 15504-1, Information technology — Process assessment — Part 1: Concepts and vocabulary

ISO/IEC 15504-2, Information technology — Process assessment — Part 2: Performing an assessment

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 15504-1 apply.

4 Introduction
4.1 Process improvement and process capability determination
Within ISO/IEC 15504, process assessment can be utilized:

 by or on behalf of an organization with the objective of understanding its own processes for process

improvement;
1) To be published.
© ISO/IEC 2004 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO/IEC 15504-4:2004(E)

 by or on behalf of an organization with the objective of determining the capability of another organization's

processes for a particular contract or class of contracts, or determining the capability of its own processes

for a particular requirement or class of requirements.

Within a process improvement (PI) context, process assessment provides a means of characterizing an

organizational unit in terms of the capability of selected processes. Analysis of the output of a conformant

process assessment against an organizational unit's business goals identifies strengths, weaknesses and

risks related to the processes. This, in turn, can help determine whether the processes are effective in

achieving business goals, and provide the drivers for making improvements.

Process capability determination (PCD) is concerned with analysing the output of one or more conformant

process assessments to identify the strengths, weaknesses and risks involved in undertaking a specific

project using the selected processes within a given organizational unit. A process capability determination can

provide a fundamental input to supplier selection, in which case it is often termed a ‘supplier capability

determination’.
4.2 PI and PCD sponsors and teams

Process improvement programmes and process capability determinations will usually be required and

resourced by a sponsor – as described in ISO/IEC 15504-1. The sponsor has the authority to ensure that the

programme is carried out effectively, and takes ownership of the results. The sponsor may have one or more

staff working within a team – a PI Team or PCD Team – whose task is to plan and implement the actions

required to achieve the objectives identified by the sponsor.

Sponsorship may be implemented in a variety of ways, according to the culture of the organization. In non-

hierarchical or higher maturity organizations for example, both sponsorship and project management of

process improvement activities may be delegated to working level, although authorities, roles and

responsibilities should always be clearly defined.
4.3 Process, guidance and method

In order to achieve improvements to selected processes, PI Sponsors should deploy a PI process as outlined

in 4.4. In order to determine the capability of selected processes, PCD Teams should deploy a PCD process,

as outlined in 4.5. This part of ISO/IEC 15504 provides guidance on how to deploy such processes. In either

case, organizations should deploy a suitably capable process, and either acquire or develop a suitable

method — setting out appropriate roles, techniques and specific activities — with which to implement the

process. Such a method should:
 take account of the guidance contained within this part of ISO/IEC 15504;

 include or reference an assessment process which satisfies the requirements set out within

ISO/IEC 15504-2 and accords with the guidance set out in ISO/IEC 15504-3.
4.4 Process improvement – purpose and outcomes

The purpose of process improvement is to continually improve the organization’s effectiveness and efficiency

through the processes used and maintained aligned with the business need.
As a result of successful implementation of process improvement:
 commitment is established to provide resources to sustain improvement actions;

 issues arising from the organization's internal/external environment are identified as improvement

opportunities and justified as reasons for change;

 analysis of the current status of the existing process is performed, focusing on those processes from

which improvement stimuli arise;

 improvement goals are identified and prioritized, and consequent changes to the process are defined and

implemented;
2 © ISO/IEC 2004 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/IEC 15504-4:2004(E)

 the effects of process implementation are monitored and confirmed against the defined improvement

goals;

 knowledge gained from the improvements is communicated within the organization; and

 the improvements made are evaluated and consideration given for using solutions elsewhere within the

organization.
[ISO/IEC 12207:1995/Amd.2 , F.3.3.3]

NOTE 1 Information sources providing input for change may include: process assessment results, audits, customer's

satisfaction reports, organizational effectiveness / efficiency, cost of quality.

NOTE 2 The current status of processes may be determined by process assessment.
4.5 Process capability determination — purpose and outcomes

The purpose of process capability determination is to identify the strengths, weaknesses and process-related

risks associated with selected processes with respect to a particular specified requirement.

As a result of successful implementation of process capability determination:

 a target capability appropriate to the particular specified requirement is identified;

 reviews of the organization's processes are carried out to determine their suitability for the particular

specified requirement in the light of process assessment results;
 strengths and weaknesses within the assessed processes are identified;
 any gaps between target and assessed capabilities are analysed;
 overall process-related risk is determined.
NOTE 1 The selected processes are chosen by the PCD Team as described in 7.2.2.

NOTE 2 The specified requirement may involve deploying an organization's processes for a new or an existing task, a

contract or an internal undertaking, a product or a service, or any other business requirement.

NOTE 3 Reviews of the organization's standard processes are generally carried out following a process assessment of

the organization’s implemented processes, as described in ISO/IEC 15504-3.

NOTE 4 Process capability determination does not address all aspects of risk, which may include strategic,

organizational, financial, personnel and many other factors. The output from a process capability determination feeds into

an organization’s risk management process, but only with respect to process-related risk – as outlined in 5.5.

4.6 Process assessment output

The output of a conformant process assessment includes a set of process profiles, which express the process

attribute ratings assigned for each process selected from the specified Process Reference Model(s) – as

described in ISO/IEC 15504-2.

An example set of process profiles, with ISO/IEC 12207 as the Process Reference Model, might be presented

as illustrated in Figure 1. The processes (F.1.3.1, etc.) are from ISO/IEC 12207, while the process attributes

(PA 1.1, etc.) and ratings (Fully achieved, etc.) are defined in ISO/IEC 15504-2.

2) To be published.
© ISO/IEC 2004 – All rights reserved 3
---------------------- Page: 9 ----------------------
ISO/IEC 15504-4:2004(E)
Process Process Attributes
Performed Managed Established Predictable Optimizing
PA 1.1 PA 2.1 PA 2.2 PA 3.1 PA 3.2 PA 4.1 PA 4.2 PA 5.1 PA 5.2
F F L
F.1.3.1 Requirements Elicitation
F.1.3.3 System and Architectural
F F F F L L L
Design
F.2.2 Configuration Management F P L F L
F.3.1.4 Risk Management
P N N N N
F.1.1.2 Supplier Selection
L L L L L
Key (as defined in Part 2)
Not rated F Fully achieved L Largely achieved
Partially achieved
P N Not achieved
Figure 1 — Example assessment output set of process profiles

The guidance contained in this part of ISO/IEC 15504 is intended to apply to the output from a conformant

process assessment.
5 Utilizing process assessment
5.1 General

This clause provides guidance upon issues common to both process improvement and process capability

determination.
5.2 Selecting Process Reference Model(s)

Both process improvement and process capability determination require that the sponsor select a suitable

Process Reference Model or Models.

A Process Reference Model describes a set of processes in terms of purpose and outcomes as defined in

ISO/IEC 15504-2. A Process Reference Model is generally a recognized domain standard. ISO/IEC 12207,

Annex F, and ISO/IEC 15288:2002 are Process Reference Models within the domains of software engineering

and systems engineering, respectively.

The sponsor should determine which Process Reference Model(s) will best suit the specified requirement (for

PCD) or business goals (for PI), following the guidance in ISO/IEC 15504-3 on the selection of suitable

Process Reference Models.

Where improvements are planned for processes that do not align with any recognized domain standard,

appropriate process models can still be defined and used, but this could not then be considered to be based

upon a conformant process assessment.
5.3 Setting target capability

The sponsor should determine which processes from the chosen Process Reference Model(s) are most

important to meeting the specified requirement (for PCD) or business goals (for PI).

The sponsor should then specify, for each selected process, a target process profile showing which process

attributes are required, and – for each process attribute – what rating is judged necessary. Only process

4 © ISO/IEC 2004 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/IEC 15504-4:2004(E)

attribute ratings of Fully achieved or Largely achieved should be set; Not required should be noted for any

process attributes deemed not necessary. Partially achieved should not be set since this would indicate that

some aspects of achievement would be unpredictable – as defined in ISO/IEC 15504-2.

The set of target process profiles expresses the target capability which the sponsor judges to be adequate,

subject to an acceptable process risk, for meeting the specified requirement (for PCD) or business goals

(for PI).
Table 1 — Example target capability
Selected process from Process attributes Required process
Process Reference Model attribute rating
F.1.3.1 Requirements
PA 1.1 Fully achieved
elicitation
PA 2.1, PA 2.2 Largely achieved
F.1.3.3 System and
PA 1.1, PA 2.1, PA 2.2, PA 3.1, PA 3.2 Fully achieved
Architectural Design
PA 4.1, PA 4.2 Largely achieved
F.2.2 Configuration
PA 1.1, PA 2.1, PA 2.2 Fully achieved
management
PA 3.1, PA 3.2 Largely achieved
F.3.1.4 Risk Management
PA 1.1, PA 2.1, PA 2.2, PA 3.1, PA 3.2 Fully achieved
F.1.1.2 Supplier Selection
PA 1.1, PA 2.1 Fully achieved
PA 2.2 Not required
PA 3.1, PA 3.2 Largely achieved
Process Process Attributes
Performed Managed Established Predictable Optimizing
PA 1.1 PA 2.1 PA 2.2 PA 3.1 PA 3.2 PA 4.1 PA 4.2 PA 5.1 PA 5.2
F L L
F.1.3.1 Requirements Elicitation
F.1.3.3 System and Architectural
F F F F L L
Design
F F F L L
F.2.2 Configuration Management
F F F F F
F.3.1.4 Risk Management
F F L L
F.1.1.2 Supplier Selection
Key (as defined in Part 2)
Not required F Fully achieved Largely achieved
Partially achieved
Not achieved
P N

Figure 2 — Example target capability presented as a set of target process profiles

Table 1 and Figure 2 illustrate an example target capability. The processes shown (F.1.3.1, etc.) are from

ISO/IEC 12207, while the process attributes (PA 1.1, etc.) and ratings (Fully achieved, etc.) are defined in

ISO/IEC 15504-2. Figure 2 illustrates a target capability where required ratings have been specified for

individual process attributes.
© ISO/IEC 2004 – All rights reserved 5
---------------------- Page: 11 ----------------------
ISO/IEC 15504-4:2004(E)

Target capability can also be expressed by specifying a required capability level rating for each selected

process, using the required process attribute ratings shown in ISO/IEC 15504-2, Ta

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.