ISO/IEC TS 33010:2023

TECHNICAL ISO/IEC TS
SPECIFICATION 33010
First edition
2023-04
Information technology — Process
assessment — Guidance for
performing process assessments
Technologies de l'information — Évaluation des processus —
Recommandations pour la réalisation des évaluations de processus
Reference number
© ISO/IEC 2023
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2023 – All rights reserved

Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative reference .1
3 Terms and definitions . 1
4 Overview of process assessment .1
4.1 Process assessment . 1
4.2 Process attribute rating scheme . 2
4.3 Process assessment classes. 3
4.4 Process assessment approaches . 3
4.5 Assessment process . 3
4.6 Process assessment model . 4
4.7 Supporting instruments and tools . 4
4.8 Success factors for process assessment . 5
4.8.1 General . 5
4.8.2 Commitment . 5
4.8.3 Motivation . 5
4.8.4 Confidentiality . 5
4.8.5 Relevance . 5
4.8.6 Credibility . 5
5 Selection and use of a process assessment model . 5
5.1 General . 5
5.2 Compatibility with the process reference model . 6
5.2.1 General . 6
5.2.2 Process assessment model purpose . 6
5.2.3 Process assessment model scope . 6
5.2.4 Model elements and indicators . 7
5.2.5 Mapping . 7
5.2.6 Conversion . 7
5.3 Criteria for selecting a process assessment model . 8
5.4 Using a process assessment model . 8
6 Selection and use of a documented assessment process. 9
6.1 General . 9
6.2 Compatibility with the requirements . 9
6.3 Process assessment input . 9
6.3.1 Process assessment purpose including alignment with business goals . 9
6.3.2 The process assessment scope . 9
6.3.3 The process assessment constraints . 10
6.4 The process assessment process . 10
6.4.1 General . 10
6.4.2 Planning . 10
6.4.3 Data collection . 11
6.4.4 Data validation .12
6.4.5 Process attribute rating .12
6.4.6 Reporting . 14
6.4.7 Roles and responsibilities . 14
6.5 Selecting a documented assessment process . 15
7 Selection of instruments and tools .15
7.1 The purpose and use of instruments and tools . 15
7.2 Selecting instruments and tools . 16
Annex A (informative) Guidance on indicators .18
iii
© ISO/IEC 2023 – All rights reserved

Bibliography .22
iv
© ISO/IEC 2023 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC
list of patent declarations received (see https://patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC1, Information technology,
Subcommittee SC 7, Software and systems engineering.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.
v
© ISO/IEC 2023 – All rights reserved

Introduction
Process assessment is a disciplined evaluation of an organizational unit’s processes against a process
assessment model. It is initiated as a result of a desire to determine and/or improve the performance of
these processes.
The guidance in this document is primarily aimed at the lead assessor who has the responsibility for
conducting the assessment, selection and use of models, documented assessment process and tools for
the assessment.
The guidance may also be of use to the developers of assessment models, documented assessment
processes and tools as an aid to understanding the requirements.
The assessors and other participants in an assessment may use the guidance to gain an understanding
of process assessment.
vi
© ISO/IEC 2023 – All rights reserved

TECHNICAL SPECIFICATION ISO/IEC TS 33010:2023(E)
Information technology — Process assessment — Guidance
for performing process assessments
1 Scope
This document provides an overview of process assessment and interprets the requirements of
ISO/IEC 33002 and ISO/IEC 33004 through the provision of guidance on the selection and use of
assessment models, documented assessment processes, and instruments or tools for assessment.
Process assessment is applicable in the following circumstances:
a) by or on behalf of an organization with the objective of understanding the state of its own processes
for process improvement;
b) by or on behalf of an organization with the objective of determining the suitability of its own
processes for a particular requirement or class of requirements;
c) by or on behalf of one organization with the objective of determining the suitability of another
organization's processes for a particular contract or class of contracts.
2 Normative reference
The following referenced documents, in whole or in part, are normatively referenced in this document
and are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 33001, Information technology — Process assessment — Concepts and terminology
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 33001 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
4 Overview of process assessment
4.1 Process assessment
Process assessment is undertaken to understand the process quality characteristic of an organizational
unit's current processes.
Process assessment deals with the processes (e.g. management, development, maintenance, support)
used by an organization. This is accomplished by assessing the organizational unit's processes against a
process assessment model conformant with the requirements for processes described in ISO/IEC 33004.
A process reference model defines the set of processes that are fundamental to good business practices
in a selected domain. Building upon the foundation of a process reference model, a process assessment
model includes a set of process attributes, applicable to any processes, that characterize the selected
process quality characteristic of a measurement framework.
© ISO/IEC 2023 – All rights reserved

Processes in a process reference model are grouped according to the type of activity they address. Each
process has a defined purpose describing the high-level objectives that the process should achieve.
The purpose statements describe what to do, but do not prescribe how the process should achieve its
objectives.
Each process attribute in a measurement framework, as described in ISO/IEC 33003, enables the
process quality characteristic to effectively achieve its purpose and contribute to meeting the business
goals of the organizational unit.
Although a process reference model selected according to the requirements in ISO/IEC 33004 may
cover a range of processes, in many cases a subset of these processes may be selected for assessment.
For instance, the sponsor may wish to focus attention on one or more critical processes or on processes
which are candidates for improvement actions.
The sophistication and complexity of the implemented process depend upon the context of that process
within the organizational unit. For instance, the planning required for a five-person project team is
likely to be much less than for a fifty-person team. This process context, recorded in the assessment
input, influences how a lead assessor should judge and rate the process attributes for an implemented
process. The process context also influences the degree of comparability between process attribute
and/or process quality level ratings.
In some circumstances, it may be desirable to compare the outputs of the assessment of two or more
organizational units, or for the same organizational unit at different times. A number of factors should
be taken into account when comparing assessment results. These include but are not limited to:
— the sample size used to generate the ratings which influences the precision with which results may
be compared;
— the purposes of the assessments that generated the assessment outputs - it may not be meaningful,
for example, to compare an assessment whose purpose was to identify best (or worst) practice with
one whose purpose was to identify representative practice;
— the documented assessment process or model(s) used;
— the competency of the assessors;
— the candour of the participants;
— the time spent on the assessment;
— the motivation of the assessor (i.e. internal assessor with incentives based on the assessment results
or a consultant with a long-term relationship with the organization);
— the motivation of the assessment participants to be frank and forthcoming.
4.2 Process attribute rating scheme
A process assessment measurement framework is based on assessing processes. The guidance in
Clause 6 on information collection helps to increase the level of repeatability by different assessors.
Each process has a set of process attribute ratings that constitute the process profile.
For the assessment of process capability, process attribute ratings may be expressed using a process
attribute rating scale as defined in ISO/IEC 33020.
NOTE The process capability level model defined in ISO/IEC 33020 defines a six-point ordinal scale of
increasing process capability ranging from a process which is not capable of achieving its purpose (process
capability level zero) to a process which optimizes its performance (process capability level 5). The process
capability level model is described in terms of the process attribute ratings associated with a particular process
capability level.
© ISO/IEC 2023 – All rights reserved

When more than one instance of a process is assessed, the assessor should use the recorded assessment
information collected on all of the instances to make a judgment on the rating of each of the process
attributes assessed for that process.
If there is a need for aggregation of ratings, the approach to the aggregation of ratings should be
specified.
4.3 Process assessment classes
Three classes of assessment are identified, resulting in different level of confidence in the ratings of the
selected organizational process quality characteristic. Specific requirements relating to each class are
described in ISO/IEC 33002:2015, 4.6.
The classes of assessment are:
— Class 1 assessment: The goal of this class is to provide a level of confidence in the results of the
assessment such that the results are suited for comparisons across different organizations.
— Class 2 assessment: The goal of this class is to provide a level of confidence in the assessment results
that may indicate the overall level of performance of the key processes in the organization unit,
which are suitable for comparisons of the results of an assessment across an organizational or
product line scope.
— Class 3 assessment: The goal of this class is to generate results that may indicate critical opportunities
for improvement and key areas of process related risk.
4.4 Process assessment approaches
As described in ISO/IEC 33002:2015, Annex A, the degree of independence of different types of bodies
and the make-up of the assessment team performing an assessment can be categorised as follows.
— Category A: This typically represents an organization providing fully independent 3rd party
services.
— Category B: This typically represents an organization providing 2nd or 3rd party services where the
assessment team is led by a lead assessor from the independent organization and where the other
assessment team members may be from the organization being assessed. Such an approach may be
used where data is collected by internal team members and then verified by the lead assessor.
— Category C: This typically represents an internal but independent process group or quality assurance
group within the organization being assessed but where there is a separate reporting line. This
approach may be used in a large organization that has a separate functional group responsible for
performing assessments.
— Category D: This typically represents an internal consultant that is assisting an organization in
implementing process improvement which then assesses their capabilities. Many small organizations
may follow such an approach where there is no customer pressure for an independent assessment
to be performed. This may also be a team internal to the organization conducting a self-assessment
to identify opportunities for improvement. There is no pressure to provide the result to any group
outside the organization.
4.5 Assessment process
Irrespective of the type of assessment or the approach adopted, an assessment should be conducted
according to a documented process. Some of the key elements of a documented assessment process
are briefly described below. Note, however, that the guidance provided does not constitute a complete,
documented process. Its role is to provide help in interpreting the requirements in ISO/IEC 33002 and
ISO/IEC 33004, and to provide a starting point for selecting or creating a documented process.
NOTE An exemplar document assessment process is described in ISO/IEC TS 33030.
© ISO/IEC 2023 – All rights reserved

Depending upon the approach, a documented assessment process provides guidance on the following
topics:
— assessment activities, including:
— assessment planning;
— data collection;
— data validation;
— determination of results;
— assessment reporting;
— roles, responsibilities and competence;
— tools and instruments;
— aggregation approach;
— assessment inputs;
— assessment record.
4.6 Process assessment model
A process assessment model is one that meets the requirements specified in ISO/IEC 33004. In
summary, a process assessment model is one:
— that is suitable for the purpose of process assessment;
— whose fundamental elements can be mapped to a process reference model;
— that is equipped with sets of indicators for use during an assessment to gather the information
about processes and process attributes;
— that has a formal mechanism for translating the information gathered using the model into process
attribute ratings as defined in ISO/IEC 33004.
Clause 5 provides guidance on the selection and use of a process assessment model.
NOTE The model in ISO/IEC TS 33061 is an example of the process assessment model applicable to the
domain of software engineering.
4.7 Supporting instruments and tools
In all assessments, information needs to be collected, recorded, stored, collated, processed, analysed,
retrieved and presented. In general, a documented assessment process should be supported by various
instruments and tools for information gathering, processing and presentation. For some assessments,
the support tools and instruments may be manual, i.e. paper-based (forms, questionnaires, checklists,
etc.). In some cases, the volume and complexity of the assessment information is likely to be considerable,
resulting in the need for automated support tools.
Regardless of the form of the supporting instruments and tools, their objectives are to help an assessor
perform an assessment in a consistent and reliable manner, reducing assessor subjectivity and helping
to ensure the validity, usability and comparability of assessment results. In order to achieve these
objectives, the instruments and tools need to make the assessment model and its indicators accessible
to the assessors.
© ISO/IEC 2023 – All rights reserved

4.8 Success factors for process assessment
4.8.1 General
The following factors should be considered essential to a successful process assessment.
4.8.2 Commitment
The sponsor should commit to the objectives established for an assessment to provide the authority
to undertake the assessment within an organization. This commitment requires that the necessary
resources, time and personnel are available to undertake the assessment. The commitment of the
sponsor and the assessors is fundamentally important to ensuring that the objectives are met.
4.8.3 Motivation
The attitude of the organization's management, and the documented assessment process by which the
information is collected, has a significant influence on the outcome of an assessment. The organizational
unit's management, therefore, needs to motivate participants to be open and constructive. Process
assessments focus on the process, not on the behaviour of organizational unit members implementing
the process. The intent is to make the processes more effective in supporting the defined business
goals, not to allocate blame to individuals.
Providing feedback and maintaining an atmosphere that encourages open discussion about preliminary
findings during the assessment helps to ensure that the assessment output is meaningful to the
organizational unit. The organization needs to recognise that the participants are a principal source of
knowledge and experience about the process and that they are in a good position to identify potential
weaknesses.
4.8.4 Confidentiality
Respect for the confidentiality of the sources of information and documentation gathered during
assessment is essential in order to secure that information. If discussion techniques are utilized,
consideration should be given to ensuring that participants do not feel threatened or have any concerns
regarding confidentiality. Some of the information provided can be proprietary to the organization. It is
therefore important that adequate controls are in place to handle such information.
4.8.5 Relevance
The organizational unit members should believe that the assessment will result in some benefits that
will accrue to them directly or indirectly.
4.8.6 Credibility
The sponsor and the management and staff of the organizational unit should all believe that the
assessment will deliver a result which is objective and is representative of the assessment scope. It is
important that all parties can be confident that the assessors have adequate experience of assessment,
are sufficiently impartial and have an adequate understanding of the organizational unit and its
business to conduct the assessment.
5 Selection and use of a process assessment model
5.1 General
This clause provides guidance on the selection and use of a process assessment model as the basis for
performing a processes assessment. The guidance is intended for use by the assessors and sponsors of
assessments. It is not directed specifically at the developers of process assessment models, though it
may be of use to them.
© ISO/IEC 2023 – All rights reserved

In performing a process assessment, the practices observed in the organization unit being assessed
are compared against those defined in an assessment model of good practice, to determine the extent
to which the performance of the practices results in achievement of the selected process quality
characteristic representing the attributes of a process and its performance at a specific level of
capability.
In order to achieve this, the model should contain descriptions of the practices to be observed, and
indicators of the performance of these practices, so that the judgments of the selected process quality
characteristic may be made reliably and consistently.
5.2 Compatibility with the process reference model
5.2.1 General
The identity of the process assessment model used within the assessment should be a process
assessment model of good practice that meet the requirements defined in ISO/IEC 33004:2015, 6.3.
An important criterion for selecting a process assessment model is the ability to verify its conformance
to the provisions of ISO/IEC 33004:2015, 6.4.
Conformance is essential in order to provide a degree of comparability between the results of different
assessments by maximizing the reliability of different approaches and achieving a greater degree of
uniformity in the reporting of results.
5.2.2 Process assessment model purpose
A process assessment model should be based on good practices and be suitable for the purpose of
assessing the selected process quality characteristic.
There are many different types of modelling techniques available for describing, specifying and
enacting processes.
Models that have not been specifically developed for the purpose of process assessment may not yield
reliable results, and their suitability for purpose should be validated before selection.
5.2.3 Process assessment model scope
A process assessment model should encompass all, or a non-empty subset, of the set of processes in the
selected process reference model.
A process assessment model should address all or a continuous subset of the levels (starting at level 1)
of the chosen quality characteristic for all of the processes within its scope.
The process reference model should define a set of processes that cover best practices. Any assessment
model, to be compatible with the process reference model, should contain at least a part of this scope.
The scope of the model is normally directly equivalent to the process reference model. Alternatively,
the model may be a sub-set, or a superset of the process reference model, covering all of the defined
processes together with additional process descriptions outside the standard scope. A process
assessment model may also include processes outside the process reference model providing it, such
that the process assessment model encompasses at least one process from it.
For the dimension of the chosen process quality characteristic, a model should cover all of the processes
in its scope, as indicated in ISO/IEC 33004:2015, 6.3.5.
In selecting a process assessment model, the assessor should ensure that the scope of the model covers
the intended area of interest for the process assessment.
© ISO/IEC 2023 – All rights reserved

5.2.4 Model elements and indicators
A process assessment model should be based on a set of elements that explicitly address the purposes,
as defined in the selected reference model, of all the processes within the scope of the model, and that
demonstrate the achievement of the process attributes within the scope of the model.
A process assessment model should address the purposes of the processes as defined in the process
reference model, and the achievement of the process attributes that constitute the vertical (or quality)
dimension. In order to meet the requirements of ISO/IEC 33004, it should also document a set of
indicators of process performance and process quality that enable judgements of the selected process
quality characteristic to be soundly based on objective evidence.
The assessment indicators generally fall into three types:
a) practices that support achievement of either the process purpose or the specific process attribute;
b) information items and their characteristics that demonstrate the respective achievements;
c) resources and infrastructure that support the respective achievements.
In selecting a process assessment model, careful attention should be paid to the use of indicators in the
model, and the comprehensiveness, and applicability of the indicator set.
NOTE 1 ISO/IEC 33020 comprises a model with a comprehensive set of indicators that can serve as a guide to
the extent of coverage to be expected, for the quality dimension of process capability.
NOTE 2 This clause and Clause 6 quote requirements from ISO/IEC 33002 and ISO/IEC 33004 and provide
guidance for satisfying these requirements in the text following the quotations.
5.2.5 Mapping
"A process assessment model shall provide explicit mapping from the relevant elements of the process
assessment model to the processes of the selected process reference model(s), and to the relevant
process attributes of the selected process measurement framework. The mappings shall be complete,
clear and unambiguous." [ISO/IEC 33004:2015,6.3.9]
NOTE A figure showing a mapping of process model relationships can be found in ISO/IEC 33004:2015,
Figure 1.
It is essential that the assessor have access to the details of the mapping of the elements of the process
assessment model to the process reference model. The mapping may be simple, as is the case in the
measurement framework defined in ISO/IEC 33020. Where the structure of the process assessment
model is significantly different from the process reference model, however, the mapping may be quite
complex.
An assessor should confirm that the mapping is meaningful, for example by sampling some of the
lowest level components in the process assessment model, and locating them in the process reference
model, either as elements of a process or as contributors to a process attribute. Mappings that result
in elements being identified as components of more than one process attribute may indicate problems
with the model structure, which can result in ambiguous translation of results.
5.2.6 Conversion
A process assessment model should provide a formal and verifiable mechanism for converting data
collected against the process assessment model into a set of process attribute ratings for each process
reference model process directly or indirectly assessed.
The output from a process assessment is a set of process profiles. A process profile is a set of ratings, one
for each process attribute. Assessment results from any process assessment model should be converted
into this form to provide a common basis for comparisons.
© ISO/IEC 2023 – All rights reserved

The mechanism for translation may be manual, or computer based. It may require the inclusion of
additional information collected during the assessment and may involve further judgement on the part
of the assessor. The rules for translating the results however, should be clear and unambiguous, and
should be provided by either the model developer or method provider.
5.3 Criteria for selecting a process assessment model
The process assessment model may be selected by the assessor or may be stipulated by the sponsor
of the assessment (in which case, this should be documented as a constraint). In either case, there are
criteria that help ensure that the selection is appropriate for the use envisaged.
The major consideration in selecting a model, given that any process assessment model selected is
compatible with the process reference model, is its suitability for the context of the assessment. The
principal factors affecting the selection of a model are:
— the planned scope of the process assessment;
— the industry sector of the organization being assessed;
— the application domain of the product/service components that are the focus of the process
assessment;
— the inclusion of an improvement path for increasing the process quality level of an organization;
— specific requirements for strong comparability with other assessments or organizations.
Where models exist that have been specifically developed for use in particular industry sectors (e.g.
telecommunications, defence, aerospace) or for particular application domains (e.g. high security
systems, safety critical systems, real time embedded software) then, when applicable, these should be
considered.
When an organization wishes to conduct a process assessment in an area that is not representative
of its normal domain, it should take care that the model chosen is suitable. For example, it is possible
that an aerospace organization that wishes to assess the processes responsible for maintenance of its
internal management systems finds that an industry specific model is not the most suitable for the task.
NOTE The measurement framework provided in ISO/IEC 33020 is a generic measurement framework for the
process quality characteristic of process capability. It is designed to be applicable across all industry sectors and
application domains.
5.4 Using a process assessment model
A process assessment model provides the basic definitions of processes and process measurement
framework that are the reference points against which judgements of process quality characteristics
in the organizational unit are made. As such, the use of a single process assessment model throughout a
process assessment is essential.
It therefore follows that a lead assessor should be highly knowledgeable about the specific process
assessment model being used for the assessment - its structure, the basic elements of the model, and its
relationship to the process reference model.
Because the process assessment model also embeds a comprehensive set of indicators of process
performance and the selected process quality characteristic, it is also an important reference point for
the assessor in meeting the requirement to document the indicators referenced, and the justification
for the ratings. Clause 7 gives guidance on the selection and use of process assessment instruments.
© ISO/IEC 2023 – All rights reserved

6 Selection and use of a documented assessment process
6.1 General
This clause provides guidance on the selection and use of a suitable documented assessment process
as the basis for performing a processes assessment. This guidance is intended for use by the assessors
and sponsors of assessments. It is not directed specifically at the developers of documented assessment
processes, though it may be of use to them.
In performing a process assessment, the documented assessment process used should ensure
that the requirements defined in ISO/IEC 33002 are met. In order to achieve this, the documented
assessment process should contain descriptions of the activities to be performed, the responsibilities
of key individuals and the documentary evidence that should be recorded. It may also define specific
assessment models and tools that should be used with the documented assessment process.
NOTE A documented assessment process is described in ISO/IEC TS 33030.
6.2 Compatibility with the requirements
To achieve a greater degree of uniformity in the approach to process assessment, any documented
assessment process used should ensure that assessments performed are conformant with the
requirements defined in ISO/IEC 33002. This maximizes the reliability of different approaches and
provides a degree of comparability between the results of different assessments.
It can make sense to verify the requirements prior to and during the course of the process assessment
so that corrective actions can occur.
The documented assessment process should define the process for all required supporting activities,
such as document control, quality assurance, project management, as well as for the key activities
associated with the documented assessment process itself. This can be in the form of guidance
material, procedures, standards etc. on how lead assessors are to attain the required competencies
to use the documented assessment process correctly, for example by specifying the training courses
and experience levels. The documented assessment process should provide all the necessary guidance
including guidance on all activities to be performed in conducting an assessment as described in
ISO/IEC 33002.
NOTE A documented assessment process is described in ISO/IEC TS 33030.
6.3 Process assessment input
6.3.1 Process assessment purpose including alignment with business goals
Different types of process assessments have different purposes. The purposes may vary depending
upon the business needs such as facilitating internal process improvement and for the selection of
suppliers (either internal or external).
6.3.2 The process assessment scope
"At minimum, the assessment inputs shall specify the: d) assessment scope as it applies to the business,
including a defined and declared organization scope." [ISO/IEC 33002:2015, 4.4 d)].
The process assessment process scope may include one or more processes together with those process
attributes which are to be included in the assessment. Limiting the number of processes and process
attributes used in the assessment has the effect of focussing the investigation. The factors that should
be included in the assessment scope are the relationship between the assessment scope and the ability
to provide ratings, the current process quality level and constraints of a process assessment duration.
The selection of the organisational unit should reflect the sponsor’s intended use of the assessment
output. For example, if the output is to be used for process improvement then the organisational unit
© ISO/IEC 2023 – All rights reserved

scope should match that of the intended improvement effort. An organisational unit scope can be
anything from one project to the entire organisation.
6.3.3 The process assessment constraints
"At minimum, the assessment inputs shall specify the: g) assessment constraints." [ISO/IEC 33002:2015,
4.4 g)].
The success of the assessment may be affected if the key resources are not available. Consideration
needs to be given to minimise the disruption of assessees who may be constrained through project
pressures.
The process and scope may be tailored to accommodate the available time.
It may be necessary to exclude certain parts of an organisational unit due to the life cycle phase, etc.
"At minimum, the assessment inputs shall specify the: e) identity of the model(s) and process
measur
...