ISO/IEC TR 15504-2:1998

TECHNICAL ISO/IEC
REPORT TR 15504-2
First edition
1998-08-15
Information technology — Software process
assessment —
Part 2:
A reference model for processes and process
capability
Technologies de l’information — Évaluation des procédés du logiciel —
Partie 2: Un modèle de référence pour les procédés et l’aptitude de procédé
Reference number
B C
ISO/IEC TR 15504-2:1998(E)

---------------------- Page: 1 ----------------------
ISO/IEC TR 15504-2:1998(E)
Contents
1 Scope .1
2 Normative references .1
3 Terms and definitions.2
4 Structure of the reference model .3
4.1 Process dimension .3
4.2 Process capability dimension.3
5 The process dimension.5
5.1 Primary life cycle processes.7
5.1.1 Customer-Supplier process category (CUS).7
5.1.2 Engineering process category (ENG) .10
5.2 Supporting life cycle processes.14
5.2.1 Support process category (SUP).14
5.3 Organizational life cycle processes .17
5.3.1 Management process category (MAN).17
5.3.2 Organization process category (ORG).19
6 The capability dimension .23
6.1 Level 0: Incomplete process.24
6.2 Level 1: Performed process.24
6.2.1 PA 1.1 Process performance attribute.24
6.3 Level 2: Managed process .24
6.3.1 PA 2.1 Performance management attribute .24
6.3.2 PA 2.2 Work product management attribute.24
© ISO/IEC 1998
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or
utilized in any form or by any means, electronic or mechanical, including photocopying and micro-
film, without permission in writing from the publisher.
ISO/IEC Copyright Office • Case postale 56 • CH-1211 Genève 20 • Switzerland
Printed in Switzerland
ii

---------------------- Page: 2 ----------------------
© ISO/IEC
ISO/IEC TR 15504-2:1998(E)
6.4 Level 3: Established process. 24
6.4.1 PA 3.1 Process definition attribute . 25
6.4.2 PA 3.2 Process resource attribute . 25
6.5 Level 4: Predictable process . 25
6.5.1 PA 4.1 Measurement attribute . 25
6.5.2 PA 4.2 Process control attribute . 25
6.6 Level 5: Optimizing process . 26
6.6.1 PA 5.1 Process change attribute. 26
6.6.2 PA 5.2 Continuous improvement attribute. 26
6.7 Rating process attributes. 26
6.7.1 Process attribute rating scale. 26
6.7.2 Process attribute rating scale calibration . 26
6.7.3 Process attribute ratings. 27
6.7.4 Referencing of process attribute ratings . 27
6.8 Process capability level model. 27
6.8.1 Achievement of process capability levels. 27
7 Compatibility with the reference model. 28
7.1 Introduction. 28
7.2 Model purpose . 28
7.3 Model scope . 28
7.4 Model elements and indicators . 29
7.5 Mapping . 29
7.6 Translation. 29
Annex A (informative) Mapping of ISO/IEC 12207 to the reference model. 30
Annex B (informative) Process and process attribute tables . 34
Annex C (informative) Style guide for defining processes . 37
iii

---------------------- Page: 3 ----------------------
© ISO/IEC
ISO/IEC TR 15504-2:1998(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)
form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC
participate in the development of International Standards through technical committees established by the
respective organization to deal with particular fields of technical activity. ISO and IEC technical committees
collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in
liaison with ISO and IEC, also take part in the work.
In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
The main task of technical committees is to prepare International Standards, but in exceptional circumstances a
technical committee may propose the publication of a Technical Report of one of the following types:
— type 1, when the required support cannot be obtained for the publication of an International Standard, despite
repeated efforts;
— type 2, when the subject is still under technical development or where for any other reason there is the future
but not immediate possibility of an agreement on an International Standard;
— type 3, when a technical committee has collected data of a different kind from that which is normally published
as an International Standard (“state of the art”, for example).
Technical Reports of types 1 and 2 are subject to review within three years of publication, to decide whether they
can be transformed into International Standards. Technical Reports of type 3 do not necessarily have to be
reviewed until the data they provide are considered to be no longer valid or useful.
ISO/IEC TR 15504-2, which is a Technical Report of type 2, was prepared by Joint Technical Committee ISO/IEC
JTC 1, Information technology, Subcommittee SC 7, Software engineering.
ISO/IEC TR 15504 consists of the following parts, under the general title Information technology — Software
process assessment :
 Part 1: Concepts and introductory guide
 Part 2: A reference model for processes and process capability
 Part 3: Performing an assessment

Part 4: Guide to performing assessments
 Part 5: An assessment model and indicator guidance
 Part 6: Guide to competency of assessors
 Part 7: Guide for use in process improvement
 Part 8: Guide for use in determining supplier process capability
 Part 9: Vocabulary
Annexes A to C of this part of ISO/IEC TR 15504 are for information only.
iv

---------------------- Page: 4 ----------------------
© ISO/IEC
ISO/IEC TR 15504-2:1998(E)
Introduction
This part of ISO/IEC TR 15504 documents the set of universal software engineering processes that are
fundamental to good software engineering and that cover best practice activities, providing a reference model which
can be used by the other parts of ISO/IEC TR 15504. The reference model describes processes that an
organization may perform to acquire, supply, develop, operate, evolve and support software, and the process
attributes that characterize the capability of those processes. In performing a process assessment, an assessor
uses a model(s) of the processes being assessed that is compatible with this reference model, so that a common
basis for judgment is employed. This document also describes the requirements that an assessment model(s)
needs to address to be compatible with the reference model.
The purpose of the reference model is to provide a common basis for different models and methods for software
process assessment, ensuring that results of assessments can be reported in a common context. The use of
models compatible with the reference model will ensure a common context for the reporting of assessment ratings.
The use of a common reference model forms a basis on which assessments can be compared.
The reference model architecture is two dimensional. The first dimension is the process dimension which is
characterized by a set of purpose statements. The process purpose statements describe in measurable terms what
has to be achieved in order to attain the defined purpose of the process. The processes have been defined in
alignment with ISO/IEC 12207:1995, Information technology - Software life cycle processes. The second dimension
is the process capability dimension which characterizes the level of capability that an organization unit has attained
for a particular process, or which may be used by the organization unit as a target to be attained.
Within this part of the ISO/IEC TR 15504:
 clause 4, titled “Structure of the reference model”, provides a detailed description of the structure and key
components of the reference model;
 clause 5, titled “The process dimension”, categorizes life cycle processes into groups of process categories
and then describes each process in terms of its purpose;
 clause 6, titled “The capability dimension”, defines the capability levels and process attributes that describe the
capability of the processes listed in clause 5;
 clause 7, titled “Compatibility with the reference model”, contains the requirements for demonstrating that a
model of software processes and process capability is compatible with this reference model;
 annex A contains a detailed mapping of the ISO/IEC 12207 to ISO/IEC TR 15504 processes;
 annex B contains summary lists of the processes and the process attributes that comprise the reference model;
 annex C contains a style guide for defining additional processes.
v

---------------------- Page: 5 ----------------------
©
TECHNICAL REPORT  ISO/IEC ISO/IEC TR 15504-2:1998(E)
Information technology — Software process assessment —
Part 2:
A reference model for processes and process capability
1 Scope
This part of ISO/IEC TR 15504 defines a reference model for software processes and process capability that forms
the basis for software process assessment. The reference model defines at a high level, the fundamental
objectives that are essential to good software engineering. The high-level objectives describe what is to be
achieved, not how to achieve them.
This reference model is applicable to any software organization wishing to establish and subsequently improve its
capabilities in the acquisition, supply, development, operation, evolution and support of software. The model does
not presume particular organizational structures, management philosophies, software life cycle models, software
technologies, or development methodologies.
The architecture of this reference model organizes the processes to help software personnel understand and use
them for continuous improvement of the management of software processes.
For software process assessment, an assessor uses a more detailed model(s) compatible with this reference
model, containing a comprehensive set of indicators of process performance and process capability, to make
judgments about the capability of the organization’s processes. This part of ISO/IEC TR 15504 specifies the
requirements to be met in order for a model(s) to be compatible with the reference model.
ISO/IEC TR 15504 is not intended to be used in any scheme for the certification/registration of the process
capability of an organization.
Table 1 shows the main audiences for this part of ISO/IEC TR 15504, why each group needs the reference model,
and how and when it will be used.
NOTE Copyright release for the Reference Model: Users of this part of ISO/IEC TR 15504 may freely reproduce the
detailed descriptions contained in the reference model as part of any Assessment Model based upon the reference model, or
as part of any demonstration of compatibility with this reference model, so that it can be used for its intended purpose.
2 Normative references
The following normative documents contain provisions which, through reference in this text, constitute provisions of
this part of ISO/IEC TR 15504. For dated references, subsequent amendments to, or revisions of, any of these
publications do not apply. However, parties to agreements based on this part of ISO/IEC TR 15504 are encouraged
to investigate the possibility of applying the most recent editions of the normative documents indicated below. For
undated references, the latest edition of the normative document referred to applies. Members of ISO and IEC
maintain registers of currently valid International Standards.
ISO 9001:1994, Quality systems — Model for quality assurance in design, development, production, installation and
servicing.
ISO/IEC 12207:1995, Information technology — Software life cycle processes.
ISO/IEC TR 15504-9:1998, Information technology — Software process assessment — Part 9: Vocabulary.
1

---------------------- Page: 6 ----------------------
© ISO/IEC
ISO/IEC TR 15504-2:1998(E)
Table 1 — Use of this reference model
Who Why How When
Assessment
Develop models compatible As a reference for the structure of During the development of a
Model with the reference model the model model
Developers
Demonstrate compatibility of As a set of criteria for demonstration Following development, and prior
a developed model with the of capability to use in conducting assessments
reference model
Software
Understand what to do to As a working guide to management During the implementation of the
organization
improve software processes about software processes and organization’s software processes
capabilities to implement
As a reference guide to highlight During the development/review of
process and process capability the organization’s software
considerations processes and as a part of
continuous improvement activities
As a training document During the development/review of
the organization’s software
processes and as a part of
continuous improvement activities
Determine the capability of As a reference framework to permit As an internal initiative for
its processes for a valid basis for comparison marketing actions
demonstration to customers
During response to call for
proposal
Understand which As a process and process capability Prior to an assessment
processes and capabilities checklist
an assessor may evaluate
Software Conduct a conformant As a process and process capability Prior to and during a software
process software process checklist & develop the knowledge process assessment
assessors assessment of an of the reference model
organization
Establish compatibility of an As a reference for the purpose of Prior to an assessment or
assessment model performing model compatibility assessment program
Tool Develop a software process As a reference for and requirements Prior to and during the
Developers assessment tool of an assessment tool development of an assessment
tool
3 Terms and definitions
For the purposes of this part of ISO/IEC TR 15504, the terms and definitions given in ISO/IEC TR 15504-9 apply.
2

---------------------- Page: 7 ----------------------
© ISO/IEC
ISO/IEC TR 15504-2:1998(E)
4 Structure of the reference model
The reference model architecture is made up of two dimensions:
 the process dimension, which is characterized by process purpose statements which are the essential
measurable objectives of a process;
 the process capability dimension, which is characterized by a series of process attributes, applicable to any
process, which represent measurable characteristics necessary to manage a process and improve its
capability to perform.
4.1 Process dimension
The reference model groups the processes in the process dimension into three life cycle process groupings which
contain five process categories, according to the type of activity they address.
The Primary life cycle processes consist of the process categories Customer-Supplier and Engineering and are
described as follows:
The Customer-Supplier process category consists of processes that directly impact the customer, support
development and transition of the software to the customer, and provide for the correct operation and use of
the software product and/or service.
The Engineering process category consists of processes that directly specify, implement, or maintain the
software product, its relation to the system and its customer documentation.
The Supporting life cycle processes consist of the process category Support and this category is described as
follows:
The Support process category consists of processes which may be employed by any of the other
processes (including other supporting processes) at various points in the software life cycle.
The Organizational life cycle processes consist of the process categories Management and Organization and
are described as follows:
The Management process category consists of processes which contain practices of a generic nature
which may be used by anyone who manages any type of project or process within a software life cycle.
The Organization process category consists of processes that establish the business goals of the
organization and develop process, product, and resource assets which, when used by the projects in the
organization, will help the organization achieve its business goals.
Process categories and processes provide a grouping by type of activity. Each process in the reference model is
described in terms of a purpose statement. These statements comprise the unique functional objectives of the
process when instantiated in a particular environment. The purpose statement includes additional material
identifying the outcomes of successful implementation of the process. Satisfying the purpose of a process
represents the first step in building process capability.
The reference model does not define how, or in what order, the elements of the process purpose statements are to
be achieved. The process purposes will be achieved in an organization through various detailed activities, tasks
and practices being carried out to produce work products. These performed tasks, activities and practices, and the
characteristics of the work products produced, are the indicators that demonstrate whether the specific process
purpose is being achieved.
4.2 Process capability dimension
Evolving process capability is expressed in terms of process attributes grouped into capability levels. Process
attributes are features of a process that can be evaluated on a scale of achievement, providing a measure of the
capability of the process. They are applicable to all processes. Each process attribute describes a facet of the
3

---------------------- Page: 8 ----------------------
© ISO/IEC
ISO/IEC TR 15504-2:1998(E)
overall capability of managing and improving the effectiveness of a process in achieving its purpose and
contributing to the business goals of the organization.
A capability level is characterized by a set of attribute(s) that work together to provide a major enhancement in the
capability to perform a process. Each level provides a major enhancement of capability in the performance of a
process. The levels constitute a rational way of progressing through improvement of the capability of any process.
There are six capability levels in the reference model.
Level 0: Incomplete.
There is general failure to attain the purpose of the process. There are few or no easily identifiable work
products or outputs of the process.
Level 1: Performed.
The purpose of the process is generally achieved. The achievement may not be rigorously planned and
tracked. Individuals within the organization recognize that an action should be performed, and there is
general agreement that this action is performed as and when required. There are identifiable work products
for the process, and these testify to the achievement of the purpose.
Level 2: Managed.
The process delivers work products according to specified procedures and is planned and tracked. Work
products conform to specified standards and requirements. The primary distinction from the Performed
Level is that the performance of the process now delivers work products that fulfil expressed quality
requirements within defined timescales and resource needs.
Level 3: Established.
The process is performed and managed using a defined process based upon good software engineering
principles. Individual implementations of the process use approved, tailored versions of standard,
documented processes to achieve the process outcomes. The resources necessary to establish the
process definition are also in place. The primary distinction from the Managed Level is that the process of
the Established Level is using a defined process that is capable of achieving its process outcomes.
Level 4: Predictable.
The defined process is performed consistently in practice within defined control limits, to achieve its defined
process goals. Detailed measures of performance are collected and analyzed. This leads to a quantitative
understanding of process capability and an improved ability to predict and manage performance.
Performance is quantitatively managed. The quality of work products is quantitatively known. The primary
distinction from the Established Level is that the defined process is now performed consistently within
defined limits to achieve its process outcomes.
Level 5: Optimizing.
Performance of the process is optimized to meet current and future business needs, and the process
achieves repeatability in meeting its defined business goals. Quantitative process effectiveness and
efficiency goals (targets) for performance are established, based on the business goals of the organization.
Continuous process monitoring against these goals is enabled by obtaining quantitative feedback and
improvement is achieved by analysis of the results. Optimizing a process involves piloting innovative ideas
and technologies and changing non-effective processes to meet defined goals or objectives. The primary
distinction from the Predictable Level is that the defined and standard processes now dynamically change
and adapt to effectively meet current and future business goals.
The reference model alone cannot be used as the basis for conducting reliable and consistent assessments of
process capability since the level of detail is not sufficient. The descriptions of process purpose and capability
attributes in the reference model need to be supported with a comprehensive set of indicators of process
4

---------------------- Page: 9 ----------------------
© ISO/IEC
ISO/IEC TR 15504-2:1998(E)
performance and capability. In this way, consistent ratings of process capability will be possible. An exemplar
model that incorporates such a set of indicators is provided as ISO/IEC TR 15504-5. Clause 7 of this part of
ISO/IEC TR 15504 sets out the requirements to be met by other process assessment models to be compatible with
this reference model.
5 The process dimension
This clause provides a classification of the processes normally undertaken by organizations concerned with the
development, maintenance, acquisition, supply and operation of software. The classification recognizes five
process categories each of which contains a number of processes. The process categories and processes are
strongly aligned with those defined in ISO/IEC 12207, Information technology - Software life cycle processes (refer
to Annex A for a mapping of 15504 to ISO/IEC 12207) but some additional processes not included in
ISO/IEC 12207 are introduced.
Figure 1 provides an overview of the structure of the process dimension. It shows the three principal groupings of
life cycle processes - primary, supporting and organizational - as defined in ISO/IEC 12207, and shows the process
categories and processes within each grouping. Figure 1 is designed in a similar fashion to Figure 1 in
ISO/IEC 12207, so that the similarities and differences between the two models are apparent. In particular, the
linkage between the Supporting Processes concerned with Quality Assurance and Quality Control can be seen.
Primary life cycle processes Supporting life cycle processes
SUP.1 Documentation
CUS.1 Acquisition CUS.2 Supply
Acquisition preparation
SUP.2 Configuration management
Supplier selection
Supplier monitoring
CUS.4 Operation
Customer acceptance
SUP.3 Quality assurance
Operational use
Customer support
CUS.3
SUP.4 Verification
Requirements elicitation
SUP.5 Validation
ENG.1 Development
System requirements Software construction SUP.6 Joint review
analysis and design
Software integration
Software requirements
Software testing
SUP.7 Audit
analysis
System integration and
Software design
testing
SUP.8 Problem resolution
ENG.2 System and softw are maintenance
Organizational life cycle processes
ORG.1 Organizational alignment
MAN.1 Management
ORG.2 Improvement
Process establishment
Process assessment
MAN.2 Project management
Process improvement
MAN.3 Quality management
ORG.3 Human resource management
MAN.4 Risk management
ORG.4 Infrastructure
ORG.5 Measurement
ORG.6 Reuse
Figure 1 — The processes in the Process Dimension
5

---------------------- Page: 10 ----------------------
© ISO/IEC
ISO/IEC TR 15504-2:1998(E)
The principal difference evident from Figure 1 is the presence in this reference model of a number of additional
processes and the definition of two levels of process definition. The details of the differences are further described
later in this clause. A complete list of the process categories and processes in the model is provided in Annex B.
The three life cycle process groupings are:
The Primary life cycle processes consisting of the process categories Engineering and Customer-
Supplier.
The Supporting life cycle processes consisting of the process category Support.
The Organization life cycle processes consisting of the process categories Management and
Organization.
The five process categories are:
CUS Customer-Supplier MAN Management
ENG Engineering ORG Organization
SUP Support
The description of each process category includes a characterization of the processes it contains, followed by a list
of the process names.
The
...