ISO/IEC TS 33010:2023

/SC /N8959 ISO/IEC JTC1/SC 7/N8959
Date: 082022-10-25
ISO/IEC DTS.2 33010:2022(E)
ISO/IEC TC /JTC1/SC /7/WG 10
Secretariat: BIS
Information technology — Process assessment — Guidance for performing process
assessments
Technologies de l'information — Évaluation du processus — Guide pour effectuer des évaluations
de processus
Document type:
Document subtype:
Document stage:
Document language:

---------------------- Page: 1 ----------------------
ISO/IEC DTS 33010 DTS.2 :2022(E)
Copyright notice
This ISO document is a Draft International Standard and is copyright-protected by ISO. Except as
permitted under the applicable laws of the user's country, neither this ISO draft nor any extract
from it may be reproduced, stored in a retrieval system or transmitted in any form or by any
means, electronic, photocopying, recording or otherwise, without prior written permission being
secured.
Requests for permission to reproduce should be addressed to either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 •• CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org www.iso.org
Reproduction may be subject to royalty payments or a licensing agreement.
Violators may be prosecuted.
ii © ISO 2022 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC DTS 33010 DTS.2 :2022(E)
Contents Page
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative reference . 1
3 Terms and definitions . 1
4 Overview of process assessment . 1
4.1 Process assessment . 1
4.2 Process attribute rating scheme . 2
4.3 Process assessment classes . 3
4.4 Process assessment approaches . 3
4.5 Assessment process . 4
4.6 Process assessment model . 4
4.7 Supporting instruments and tools . 4
4.8 Success factors for process assessment . 5
4.8.1 General . 5
4.8.2 Commitment . 5
4.8.3 Motivation . 5
4.8.4 Confidentiality . 5
4.8.5 Relevance . 5
4.8.6 Credibility . 5
5 Selection and use of a process assessment model . 6
5.1 General . 6
5.2 Compatibility with the process reference model . 6
5.2.1 General . 6
5.2.2 Process assessment model purpose . 6
5.2.3 Process assessment model scope . 6
5.2.4 Model elements and indicators . 7
5.2.5 Mapping . 7
5.2.6 Conversion . 8
5.3 Criteria for selecting a process assessment model . 8
5.4 Using a process assessment model . 8
6 Selection and use of a documented assessment process . 9
6.1 General . 9
© ISO 2022 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC DTS 33010 DTS.2 :2022(E)
6.2 Compatibility with the requirements . 9
6.3 Process assessment input . 9
6.3.1 Process assessment purpose including alignment with business goals . 9
6.3.2 The process assessment scope . 9
6.3.3 The process assessment constraints . 10
6.4 The process assessment process . 10
6.4.1 General . 10
6.4.2 Planning . 11
6.4.3 Data collection . 11
6.4.4 Data validation . 13
6.4.5 Process attribute rating . 13
6.4.6 Reporting . 14
6.4.7 Roles and responsibilities . 15
6.5 Selecting a documented assessment process . 15
7 Selection of instruments and tools . 16
7.1 The purpose and use of instruments and tools . 16
7.2 Selecting instruments and tools . 17
Annex A (informative) Guidance on indicators . 19
A.1 Introduction . 19
A.1.1 General . 19
A.1.2 Indicators of process performance . 19
A.1.3 Indicators of the selected process quality characteristic . 20
A.1.4 Relationship of indicators to ratings . 20
A.2 Indicators and information gathering . 21
A.3 Rating support and presentation of results . 21
A.4 Tailoring features of the indicators . 21
Bibliography . 23

iv © ISO 2022 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC DTS 33010 DTS.2 :2022(E)
Foreword
ISO (the International Organization for Standardization) is a and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide federation of national
standardsstandardization. National bodies (that are members of ISO member bodies). The workor IEC
participate in the development of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. Internationalby the respective
organization to deal with particular fields of technical activity. ISO and IEC technical committees
collaborate in fields of mutual interest. Other international organizations, governmental and non-
governmental, in liaison with ISO and IEC, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are The procedures used to develop this document and those intended for its
further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval
criteria needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules given inof the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International
Standards adopted by the technical committees are circulated to the member bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the member bodies
casting a vote.
In other circumstances, particularly when there is an urgent market requirement for such documents, a
technical committee may decide to publish other types of normative document:
— an ISO/IEC Publicly Available Specification (ISO/IEC PAS) represents an agreement between
technical experts in an ISO working group and is accepted for publication if it is approved by more
than 50 % of the members of the parent committee casting a vote;
— an ISO/IEC Technical Specification (ISO/IEC TS) represents an agreement between the members of
a technical committee and is accepted for publication if it is approved by 2/3 of the members of the
committee casting a vote.
An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed for a
further three years, revised to become an International Standard, (see www.iso.org/directives or
www.iec.ch/members_experts/refdocswithdrawn. If the ISO/PAS or ISO/TS is confirmed, it is reviewed
again after a further three years, at which time it must either be transformed into an International
Standard or be withdrawn.).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents) or the
IEC list of patent declarations received (see https://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html/. In the IEC, see www.iec.ch/understanding-standards TS 33010.
© ISO 2022 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC DTS 33010 DTS.2 :2022(E)
This document was prepared by Joint Technical Committee ISO/IEC/TC JTC1, Information technology,
Subcommittee SC 7, Systems and Software Engineeringand systems engineering.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html and www.iec.ch/national-
committeesThis first edition cancels and replaces the guidance provided in ISO/IEC TR 15504-4: 2004.
.
vi © ISO 2022 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/IEC DTS 33010 DTS.2 :2022(E)
Introduction
Process assessment is a disciplined evaluation of an organizational unit’s processes against a process
assessment model. It is initiated as a result of a desire to determine and/or improve the performance of
these processes. This document provides an overview of process assessment and interprets the
requirements of ISO/IEC 33002 and ISO/IEC 33004 through the provision of guidance on the selection
and use of process assessment models, documented assessment processes, and instruments or tools for
assessment.
The guidance in this document is primarily aimed at the lead assessor who has the responsibility for the
selection and use of models, documented assessment process and tools for the assessment.
The guidance in this document is primarily aimed at the lead assessor who has the responsibility for
conducting the assessment, selection and use of models, documented assessment process and tools for
the assessment.
The guidance may also be of use to the developers of assessment models, documented assessment
processes and tools as an aid to understanding the requirements.
The assessors and other participants in an assessment may use the guidance to gain an understanding
of process assessment.
© ISO 2022 – All rights reserved vii

---------------------- Page: 7 ----------------------
TECHNICAL SPECIFICATION ISO/IEC DTS 33010 DTS.2 :2022(E)

Information technology — Process assessment — Guidance for
performing process assessments
1 Scope
This document provides an overview of process assessment and interprets the requirements of ISO/IEC
33002 and ISO/IEC 33004 through the provision of guidance on the selection and use of assessment
models, documented assessment processes, and instruments or tools for assessment.
Process assessment is applicable in the following circumstances:
a) by or on behalf of an organization with the objective of understanding the state of its own processes
for process improvement;
b) by or on behalf of an organization with the objective of determining the suitability of its own
processes for a particular requirement or class of requirements;
c) by or on behalf of one organization with the objective of determining the suitability of another
organization's processes for a particular contract or class of contracts.
2 Normative reference
The following referenced documents, in whole or in part, are normatively referenced in this document
and are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 33001:—;, Information technology — Process assessment — Concepts and terminology
ISO/IEC 33002:—;:2015, Information Technology — Process Assessment — Requirements for performing
process assessment
ISO/IEC 33004:—;:2015, Information technology — Process assessment — Requirements for process
reference, process assessment and maturity models
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 33001 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org/
© ISO 2022 – All rights reserved 1

---------------------- Page: 8 ----------------------
ISO/IEC DTS 33010:2022(E)
4 Overview of process assessment
4.1 Process assessment
Process assessment is undertaken to understand the process quality characteristic of an organizational
unit's current processes.
Process assessment deals with the processes (e.g. management, development, maintenance, support)
used by an organization. This is accomplished by assessing the organizational unit's processes against a
process assessment model conformant with the requirements for process sprocesses described in
ISO/IEC 33004.
A process reference model defines the set of processes that are fundamental to good business practices
in a selected domain. Building upon the foundation of a process reference mode, a process assessment
model includes a set of process attributes, applicable to any processprocesses, that characterize the
selected process quality characteristic of a measurement framework.
Processes in a process reference model are grouped according to the type of activity they address. Each
process has a defined purpose describing the high-level objectives that the process should achieve. The
purpose statements describe what to do, but do not prescribe how the process should achieve its
objectives.
Each process attribute in a measurement framework, as described in ISO/IEC 33003, enables the
process quality characteristic to effectively achieve its purpose and contribute to meeting the business
goals of the organizational unit.
Although a process reference model selected according to the requirements in ISO/IEC 33004 may
cover a range of processes, in many cases a subset of these processes may be selected for assessment.
For instance, the sponsor may wish to focus attention on one or more critical processes or on processes
which are candidates for improvement actions.
The sophistication and complexity of the implemented process will depend upon the context of that
process within the organizational unit. For instance, the planning required for a five-person project
team is likely to be much less than for a fifty-person team. This process context, recorded in the
assessment input, influences how a lead assessor should judge and rate the process attributes for an
implemented process. The process context also influences the degree of comparability between process
attribute and/or process quality level ratings.
In some circumstances, it may be desirable to compare the outputs of the assessment of two or more
organizational units, or for the same organizational unit at different times. A number of factors should
be taken into account when comparing assessment results. These include but are not limited to:
— the sample size used to generate the ratings which will influenceinfluences the precision with
which results may be compared;
— the purposes of the assessments that generated the assessment outputs - it may not be meaningful,
for example, to compare an assessment whose purpose was to identify best (or worst) practice with
one whose purpose was to identify representative practice;
— the documented assessment process or model(s) used;
— the competency of the assessors;
— the candour of the participants;
— the time spent on the assessment;
— the motivation of the assessor (i.e,. internal assessor with incentives based on the assessment
results or a consultant with a long-term relationship with the organization);
2 © ISO 2022 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC DTS 33010:2022(E)
— the motivation of the assessment participants to be frank and forthcoming.
4.2 Process attribute rating scheme
A process assessment measurement framework is based on assessing processes. The guidance in
Clause 6 on information collection will helphelps to increase the level of repeatability by different
assessors.
Each process has a set of process attribute ratings that constitute the process profile.
NOTE 1 For the assessment of process capability, process attribute ratings may be expressed using a
process attribute rating scale as defined in ISO/IEC 33020.
NOTE 2 The process capability level model defined in ISO/IEC 33020 defines a six-point ordinal scale of
increasing process capability ranging from a process which is not capable of achieving its purpose (process
capability level zero) to a process which optimizes its performance (process capability level 5). The process
capability level model is described in terms of the process attribute ratings that must be achieved in order to
achieve a particular level.
When more than one instance of a process is assessed, the assessor should use the recorded assessment
information collected on all of the instances to make a judgment on the rating of each of the process
attributes assessed for that process.
If there is a need for aggregation of ratings, the approach to the aggregation of ratings should be
specified.
4.3 Process assessment classes
Three classes of assessment are identified, resulting in different level of confidence in the ratings of the
selected organizational process quality characteristic. Specific requirements relating to each class are
described in ISO/IEC 33002 Clause:2015, 4.6.
The classes of assessment are:
— Class 1 assessment: The goal of this class is to to provide a level of confidence in the results of the
assessment such that the results are suited for comparisons across different organizations.
— Class 2 assessment: The goal of this class is to provide a level of confidence in the assessment
results that may indicate the overall level of performance of the key processes in the organization
unit, which are suitable for comparisons of the results of an assessment across an organizational or
product line scope.
— Class 3 assessment: The goal of this class is to generate results that may indicate critical
opportunities for improvement and key areas of process related risk.
4.4 Process assessment approaches
As described in ISO/IEC 33002:2015, Annex A, the degree of independence of different types of bodies
and the make-up of the assessment team performing an assessment can be categorised as follows:.
— Category A: This might typically berepresents an organization providing fully independent 3rd
party services.
— Category B: This might typically berepresents an organization providing 2nd or 3rd party services
where the assessment team is led by a lead assessor from the independent organization and where
the other assessment team members may be from the organization being assessed. Such an
approach may be used where data is collected by internal team members and then verified by the
lead assessor.
© ISO 2022 – All rights reserved 3

---------------------- Page: 10 ----------------------
ISO/IEC DTS 33010:2022(E)
— Category C: This might typically berepresents an internal but independent process group or quality
assurance group within the organization being assessed but where there is a separate reporting
line. This approach may be used in a large organization that has a separate functional group
responsible for performing assessments.
— Category D: This might typically berepresents an internal consultant that is assisting an
organization in implementing process improvement which then assesses their capabilities. Many
small organizations may follow such an approach where there is no customer pressure for an
independent assessment to be performed. This mightmay also be a team internal to the
organization conducting a self-assessment to identify opportunities for improvement. There is no
pressure to provide the result to any group outside the organization.
4.5 Assessment process
Irrespective of the type of assessment or the approach adopted, an assessment should be conducted
according to a documented process. Some of the key elements of a documented assessment process are
briefly described below. Note, however, that the guidance provided does not constitute a complete,
documented process. Its role is to provide help in interpreting the requirements in ISO/IEC 33002 and
ISO/IEC 33004, and to provide a starting point for selecting or creating a documented process.
NOTE An exemplar document assessment process is described in ISO/IEC TS 33030.
Depending upon the approach, a documented assessment process provides guidance on the following
topics:
Assessment— assessment activities, including:
— assessment planning;
— data collection;
— data validation;
— determination of results;
— assessment reporting;
— roles, responsibilities and competence;
— tools and instruments;
— aggregation approach;
— assessment inputs;
— assessment record.
4.6 Process assessment model
A process assessment model is one that meets the requirements specified in ISO/IEC 33004. In
summary, a process assessment model is one:
— that is suitable for the purpose of process assessment;
— whose fundamental elements can be mapped to a process reference model;
4 © ISO 2022 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC DTS 33010:2022(E)
— that is equipped with sets of indicators for use during an assessment to gather the information
about processes and process attributes;
— that has a formal mechanism for translating the information gathered using the model into process
attribute ratings as defined in ISO/IEC 33004.
Clause 5 provides guidance on the selection and use of a process assessment model.
NOTE The model in ISO/IEC TS 33061 is an example of anthe process assessment model applicable to the
domain of software engineering.
4.7 Supporting instruments and tools
In all assessments, information needs to be collected, recorded, stored, collated, processed, analysed,
retrieved and presented. In general, a documented assessment process should be supported by various
instruments and tools for information gathering, processing and presentation. For some assessments,
the support tools and instruments may be manual, i.e. paper-based (forms, questionnaires, checklists,
etc.). In some cases, the volume and complexity of the assessment information is likely to be
considerable, resulting in the need for automated support tools.
Regardless of the form of the supporting instruments and tools, their objectives isare to help an
assessor perform an assessment in a consistent and reliable manner, reducing assessor subjectivity and
helping to ensure the validity, usability and comparability of assessment results. In order to achieve
these objectives, the instruments and tools need to make the assessment model and its indicators
accessible to the assessors.
4.8 Success factors for process assessment
4.8.1 General
The following factors should be considered essential to a successful process assessment.
4.8.2 Commitment
The spo
...

FINAL
TECHNICAL ISO/IEC DTS
DRAFT
SPECIFICATION 33010
ISO/IEC JTC 1/SC 7
Information technology — Process
Secretariat: BIS
assessment — Guidance for
Voting begins on:
2022-11-09 performing process assessments
Voting terminates on:
2023-01-04
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC DTS 33010:2022(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO/IEC TS 2022

---------------------- Page: 1 ----------------------
ISO/IEC DTS 33010:2022(E)
FINAL
TECHNICAL ISO/IEC DTS
DRAFT
SPECIFICATION 33010
ISO/IEC JTC 1/SC 7
Information technology — Process
Secretariat: BIS
assessment — Guidance for
Voting begins on:
performing process assessments
Voting terminates on:
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/IEC DTS 33010:2022(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
  © ISO/IEC 2022 – All rights reserved
NATIONAL REGULATIONS. © ISO/IEC 2022

---------------------- Page: 2 ----------------------
ISO/IEC DTS 33010:2022(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative reference .1
3 Terms and definitions . 1
4 Overview of process assessment .1
4.1 Process assessment . 1
4.2 Process attribute rating scheme . 2
4.3 Process assessment classes. 3
4.4 Process assessment approaches . 3
4.5 Assessment process . 4
4.6 Process assessment model . 4
4.7 Supporting instruments and tools . 4
4.8 Success factors for process assessment . 5
4.8.1 General . 5
4.8.2 Commitment . 5
4.8.3 Motivation . 5
4.8.4 Confidentiality . 5
4.8.5 Relevance . 5
4.8.6 Credibility . 5
5 Selection and use of a process assessment model . 6
5.1 General . 6
5.2 Compatibility with the process reference model . 6
5.2.1 General . 6
5.2.2 Process assessment model purpose . 6
5.2.3 Process assessment model scope . 6
5.2.4 Model elements and indicators . 7
5.2.5 Mapping . 7
5.2.6 Conversion . 8
5.3 Criteria for selecting a process assessment model . 8
5.4 Using a process assessment model . 8
6 Selection and use of a documented assessment process. 9
6.1 General . 9
6.2 Compatibility with the requirements . 9
6.3 Process assessment input . 9
6.3.1 Process assessment purpose including alignment with business goals . 9
6.3.2 The process assessment scope . 9
6.3.3 The process assessment constraints . 10
6.4 The process assessment process . 10
6.4.1 General . 10
6.4.2 Planning . 11
6.4.3 Data collection . 11
6.4.4 Data validation .12
6.4.5 Process attribute rating .13
6.4.6 Reporting . 14
6.4.7 Roles and responsibilities . 14
6.5 Selecting a documented assessment process . 15
7 Selection of instruments and tools .15
7.1 The purpose and use of instruments and tools . 15
7.2 Selecting instruments and tools . 16
Annex A (informative) Guidance on indicators .18
iii
© ISO/IEC 2022 – All rights reserved

---------------------- Page: 3 ----------------------
ISO/IEC DTS 33010:2022(E)
Bibliography .22
iv
  © ISO/IEC 2022 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC DTS 33010:2022(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non­governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC
list of patent declarations received (see https://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding­standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC1, Information technology,
Subcommittee SC 7, Software and systems engineering.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national­committees.
v
© ISO/IEC 2022 – All rights reserved

---------------------- Page: 5 ----------------------
ISO/IEC DTS 33010:2022(E)
Introduction
Process assessment is a disciplined evaluation of an organizational unit’s processes against a process
assessment model. It is initiated as a result of a desire to determine and/or improve the performance of
these processes.
The guidance in this document is primarily aimed at the lead assessor who has the responsibility for
conducting the assessment, selection and use of models, documented assessment process and tools for
the assessment.
The guidance may also be of use to the developers of assessment models, documented assessment
processes and tools as an aid to understanding the requirements.
The assessors and other participants in an assessment may use the guidance to gain an understanding
of process assessment.
vi
  © ISO/IEC 2022 – All rights reserved

---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/IEC DTS 33010:2022(E)
Information technology — Process assessment — Guidance
for performing process assessments
1 Scope
This document provides an overview of process assessment and interprets the requirements of
ISO/IEC 33002 and ISO/IEC 33004 through the provision of guidance on the selection and use of
assessment models, documented assessment processes, and instruments or tools for assessment.
Process assessment is applicable in the following circumstances:
a) by or on behalf of an organization with the objective of understanding the state of its own processes
for process improvement;
b) by or on behalf of an organization with the objective of determining the suitability of its own
processes for a particular requirement or class of requirements;
c) by or on behalf of one organization with the objective of determining the suitability of another
organization's processes for a particular contract or class of contracts.
2 Normative reference
The following referenced documents, in whole or in part, are normatively referenced in this document
and are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 33001, Information technology — Process assessment — Concepts and terminology
ISO/IEC 33002:2015, Information Technology — Process Assessment — Requirements for performing
process assessment
ISO/IEC 33004:2015, Information technology — Process assessment — Requirements for process reference,
process assessment and maturity models
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 33001 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
4 Overview of process assessment
4.1 Process assessment
Process assessment is undertaken to understand the process quality characteristic of an organizational
unit's current processes.
Process assessment deals with the processes (e.g. management, development, maintenance, support)
used by an organization. This is accomplished by assessing the organizational unit's processes against a
process assessment model conformant with the requirements for processes described in ISO/IEC 33004.
1
© ISO/IEC 2022 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC DTS 33010:2022(E)
A process reference model defines the set of processes that are fundamental to good business practices
in a selected domain. Building upon the foundation of a process reference mode, a process assessment
model includes a set of process attributes, applicable to any processes, that characterize the selected
process quality characteristic of a measurement framework.
Processes in a process reference model are grouped according to the type of activity they address. Each
process has a defined purpose describing the high-level objectives that the process should achieve.
The purpose statements describe what to do, but do not prescribe how the process should achieve its
objectives.
Each process attribute in a measurement framework, as described in ISO/IEC 33003, enables the
process quality characteristic to effectively achieve its purpose and contribute to meeting the business
goals of the organizational unit.
Although a process reference model selected according to the requirements in ISO/IEC 33004 may
cover a range of processes, in many cases a subset of these processes may be selected for assessment.
For instance, the sponsor may wish to focus attention on one or more critical processes or on processes
which are candidates for improvement actions.
The sophistication and complexity of the implemented process depend upon the context of that process
within the organizational unit. For instance, the planning required for a five-person project team is
likely to be much less than for a fifty-person team. This process context, recorded in the assessment
input, influences how a lead assessor should judge and rate the process attributes for an implemented
process. The process context also influences the degree of comparability between process attribute
and/or process quality level ratings.
In some circumstances, it may be desirable to compare the outputs of the assessment of two or more
organizational units, or for the same organizational unit at different times. A number of factors should
be taken into account when comparing assessment results. These include but are not limited to:
— the sample size used to generate the ratings which influences the precision with which results may
be compared;
— the purposes of the assessments that generated the assessment outputs - it may not be meaningful,
for example, to compare an assessment whose purpose was to identify best (or worst) practice with
one whose purpose was to identify representative practice;
— the documented assessment process or model(s) used;
— the competency of the assessors;
— the candour of the participants;
— the time spent on the assessment;
— the motivation of the assessor (i.e. internal assessor with incentives based on the assessment results
or a consultant with a long­term relationship with the organization);
— the motivation of the assessment participants to be frank and forthcoming.
4.2 Process attribute rating scheme
A process assessment measurement framework is based on assessing processes. The guidance in
Clause 6 on information collection helps to increase the level of repeatability by different assessors.
Each process has a set of process attribute ratings that constitute the process profile.
2
  © ISO/IEC 2022 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/IEC DTS 33010:2022(E)
For the assessment of process capability, process attribute ratings may be expressed using a process
attribute rating scale as defined in ISO/IEC 33020.
NOTE The process capability level model defined in ISO/IEC 33020 defines a six-point ordinal scale of
increasing process capability ranging from a process which is not capable of achieving its purpose (process
capability level zero) to a process which optimizes its performance (process capability level 5). The process
capability level model is described in terms of the process attribute ratings that must be achieved in order to
achieve a particular level.
When more than one instance of a process is assessed, the assessor should use the recorded assessment
information collected on all of the instances to make a judgment on the rating of each of the process
attributes assessed for that process.
If there is a need for aggregation of ratings, the approach to the aggregation of ratings should be
specified.
4.3 Process assessment classes
Three classes of assessment are identified, resulting in different level of confidence in the ratings of the
selected organizational process quality characteristic. Specific requirements relating to each class are
described in ISO/IEC 33002:2015, 4.6.
The classes of assessment are:
— Class 1 assessment: The goal of this class is to provide a level of confidence in the results of the
assessment such that the results are suited for comparisons across different organizations.
— Class 2 assessment: The goal of this class is to provide a level of confidence in the assessment results
that may indicate the overall level of performance of the key processes in the organization unit,
which are suitable for comparisons of the results of an assessment across an organizational or
product line scope.
— Class 3 assessment: The goal of this class is to generate results that may indicate critical opportunities
for improvement and key areas of process related risk.
4.4 Process assessment approaches
As described in ISO/IEC 33002:2015, Annex A, the degree of independence of different types of bodies
and the make­up of the assessment team performing an assessment can be categorised as follows.
— Category A: This typically represents an organization providing fully independent 3rd party
services.
— Category B: This typically represents an organization providing 2nd or 3rd party services where the
assessment team is led by a lead assessor from the independent organization and where the other
assessment team members may be from the organization being assessed. Such an approach may be
used where data is collected by internal team members and then verified by the lead assessor.
— Category C: This typically represents an internal but independent process group or quality assurance
group within the organization being assessed but where there is a separate reporting line. This
approach may be used in a large organization that has a separate functional group responsible for
performing assessments.
— Category D: This typically represents an internal consultant that is assisting an organization in
implementing process improvement which then assesses their capabilities. Many small organizations
may follow such an approach where there is no customer pressure for an independent assessment
to be performed. This may also be a team internal to the organization conducting a self-assessment
to identify opportunities for improvement. There is no pressure to provide the result to any group
outside the organization.
3
© ISO/IEC 2022 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC DTS 33010:2022(E)
4.5 Assessment process
Irrespective of the type of assessment or the approach adopted, an assessment should be conducted
according to a documented process. Some of the key elements of a documented assessment process
are briefly described below. Note, however, that the guidance provided does not constitute a complete,
documented process. Its role is to provide help in interpreting the requirements in ISO/IEC 33002 and
ISO/IEC 33004, and to provide a starting point for selecting or creating a documented process.
NOTE An exemplar document assessment process is described in ISO/IEC TS 33030.
Depending upon the approach, a documented assessment process provides guidance on the following
topics:
— assessment activities, including:
— assessment planning;
— data collection;
— data validation;
— determination of results;
— assessment reporting;
— roles, responsibilities and competence;
— tools and instruments;
— aggregation approach;
— assessment inputs;
— assessment record.
4.6 Process assessment model
A process assessment model is one that meets the requirements specified in ISO/IEC 33004. In
summary, a process assessment model is one:
— that is suitable for the purpose of process assessment;
— whose fundamental elements can be mapped to a process reference model;
— that is equipped with sets of indicators for use during an assessment to gather the information
about processes and process attributes;
— that has a formal mechanism for translating the information gathered using the model into process
attribute ratings as defined in ISO/IEC 33004.
Clause 5 provides guidance on the selection and use of a process assessment model.
NOTE The model in ISO/IEC TS 33061 is an example of the process assessment model applicable to the
domain of software engineering.
4.7 Supporting instruments and tools
In all assessments, information needs to be collected, recorded, stored, collated, processed, analysed,
retrieved and presented. In general, a documented assessment process should be supported by various
instruments and tools for information gathering, processing and presentation. For some assessments,
the support tools and instruments may be manual, i.e. paper-based (forms, questionnaires, checklists,
etc.). In some cases, the volume and complexity of the assessment information is likely to be considerable,
resulting in the need for automated support tools.
4
  © ISO/IEC 2022 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/IEC DTS 33010:2022(E)
Regardless of the form of the supporting instruments and tools, their objectives are to help an assessor
perform an assessment in a consistent and reliable manner, reducing assessor subjectivity and helping
to ensure the validity, usability and comparability of assessment results. In order to achieve these
objectives, the instruments and tools need to make the assessment model and its indicators accessible
to the assessors.
4.8 Success factors for process assessment
4.8.1 General
The following factors should be considered essential to a successful process assessment.
4.8.2 Commitment
The sponsor should commit to the objectives established for an assessment to provide the authority
to undertake the assessment within an organization. This commitment requires that the necessary
resources, time and personnel are available to undertake the assessment. The commitment of the
sponsor and the assessors is fundamentally important to ensuring that the objectives are met.
4.8.3 Motivation
The attitude of the organization's management, and the documented assessment process by which the
information is collected, has a significant influence on the outcome of an assessment. The organizational
unit's management, therefore, needs to motivate participants to be open and constructive. Process
assessments focus on the process, not on the behaviour of organizational unit members implementing
the process. The intent is to make the processes more effective in supporting the defined business
goals, not to allocate blame to individuals.
Providing feedback and maintaining an atmosphere that encourages open discussion about preliminary
findings during the assessment helps to ensure that the assessment output is meaningful to the
organizational unit. The organization needs to recognise that the participants are a principal source of
knowledge and experience about the process and that they are in a good position to identify potential
weaknesses.
4.8.4 Confidentiality
Respect for the confidentiality of the sources of information and documentation gathered during
assessment is essential in order to secure that information. If discussion techniques are uti
...