Information technology -- Process assessment

ISO/IEC TS 15504-8:2012 provides an example of an IT Service Management Process Assessment Model (PAM) for use in performing a conformance assessment in accordance with the requirements of ISO/IEC 15504-2. It enables implemented processes of ISO/IEC 20000-1 to be assessed according to the requirements of ISO/IEC 15504-2. An integral part of conducting an assessment is to use a PAM that is constructed for that purpose. A PAM is related to a Process Reference Model (PRM) and is conformant with ISO/IEC 15504-2.

Technologies de l'information -- Évaluation des procédés

General Information

Status
Withdrawn
Publication Date
04-Sep-2012
Withdrawal Date
04-Sep-2012
Current Stage
9599 - Withdrawal of International Standard
Completion Date
05-Sep-2012
Ref Project

RELATIONS

Buy Standard

Technical specification
ISO/IEC TS 15504-8:2012 - Information technology -- Process assessment
English language
204 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

TECHNICAL ISO/IEC
SPECIFICATION TS
15504-8
First edition
2012-09-15
Information technology — Process
assessment —
Part 8:
An exemplar process assessment model
for IT service management
Technologies de l'information — Évaluation des procédés —
Partie 8: Un modèle d'évaluation des procédés exemplaire pour le
management des services IT
Reference number
ISO/IEC TS 15504-8:2012(E)
ISO/IEC 2012
---------------------- Page: 1 ----------------------
ISO/IEC TS 15504-8:2012(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2012

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,

electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or

ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2012 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TS 15504-8:2012(E)
Contents Page

Foreword ............................................................................................................................................................. v

Introduction ........................................................................................................................................................ vi

1  Scope ...................................................................................................................................................... 1

2  Normative references ............................................................................................................................ 2

3  Terms and definitions ........................................................................................................................... 2

4  Overview of the exemplar Process Assessment Model .................................................................... 2

4.1  Introduction to Overview ...................................................................................................................... 2

4.2  Structure of the exemplar Process Assessment Model .................................................................... 3

4.2.1  Processes ............................................................................................................................................... 4

4.2.2  Process dimension ................................................................................................................................ 5

4.2.3  Capability dimension ............................................................................................................................ 5

4.3  Assessment Indicators ......................................................................................................................... 6

4.3.1  Process Capability Indicators .............................................................................................................. 8

4.3.2  Process Performance Indicators ......................................................................................................... 9

4.4  Measuring process capability ............................................................................................................ 10

5  The process dimension and process performance indicators (Level 1) ....................................... 11

5.1  General ................................................................................................................................................. 11

5.2  CON.1 Change management .............................................................................................................. 12

5.3  CON.2 Configuration management .................................................................................................... 13

5.4  CON.3 Release and deployment management ................................................................................. 14

5.5  DTR.1 Service requirements .............................................................................................................. 15

5.6  DTR.2 Service design .......................................................................................................................... 16

5.7  DTR.3 Service transition ..................................................................................................................... 16

5.8  DTR.4 Service planning ...................................................................................................................... 17

5.9  REL.1 Business relationship management....................................................................................... 18

5.10  REL.2 Supplier management .............................................................................................................. 20

5.11  RES.1 Incident management .............................................................................................................. 21

5.12  RES.2 Service request management ................................................................................................. 21

5.13  RES.3 Problem management ............................................................................................................. 22

5.14  SDE.1 Budgeting and accounting for IT services ............................................................................ 23

5.15  SDE.2 Capacity management ............................................................................................................. 24

5.16  SDE.3 Information security management ......................................................................................... 25

5.17  SDE.4 Service availability management ............................................................................................ 26

5.18  SDE.5 Service continuity management ............................................................................................. 27

5.19  SDE.6 Service level management ...................................................................................................... 28

5.20  SDE.7 Service reporting...................................................................................................................... 28

5.21  SMS.1 Audit .......................................................................................................................................... 29

5.22  SMS.2 Improvement ............................................................................................................................ 30

5.23  SMS.3 Information item management ............................................................................................... 31

5.24  SMS.4 Management review................................................................................................................. 32

5.25  SMS.5 Resource management ........................................................................................................... 34

5.26  SMS.6 Risk management .................................................................................................................... 34

5.27  SMS.7 Service measurement ............................................................................................................. 35

5.28  SMS.8 SMS Establishment and improvement .................................................................................. 36

5.29  SMS.9 SMS Implementation and operation ...................................................................................... 37

6  Process capability indicators (Level 1 to 5) ..................................................................................... 38

6.1  Level 1: Performed process ............................................................................................................... 39

6.1.1  PA 1.1 Process performance attribute. ............................................................................................. 39

6.2  Level 2: Managed process .................................................................................................................. 39

© ISO/IEC 2012 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC TS 15504-8:2012(E)

6.2.1  PA 2.1 Performance management attribute ......................................................................................39

6.2.2  PA 2.2 Work product management attribute .....................................................................................42

6.3  Level 3: Established process .............................................................................................................44

6.3.1  PA 3.1 Process definition attribute ....................................................................................................44

6.3.2  PA 3.2 Process deployment attribute ................................................................................................46

6.4  Level 4: Predictable process ..............................................................................................................48

6.4.1  PA 4.1 Process measurement attribute .............................................................................................49

6.4.2  PA 4.2 Process control attribute ........................................................................................................51

6.5  Level 5: Optimizing process ...............................................................................................................53

6.5.1  PA 5.1 Process innovation attribute ..................................................................................................53

6.5.2  PA 5.2 Process optimization attribute ...............................................................................................55

6.6  Related Processes for Process Attributes ........................................................................................57

Annex A (informative) Conformity of the exemplar Process Assessment Model .....................................58

Annex B (informative) Input and output characteristics ...............................................................................65

Annex C (informative) Process Capability for ISO/IEC 20000-1 requirements......................................... 101

Bibliography ................................................................................................................................................... 204

iv © ISO/IEC 2012 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC TS 15504-8:2012(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are members of

ISO or IEC participate in the development of International Standards through technical committees

established by the respective organization to deal with particular fields of technical activity. ISO and IEC

technical committees collaborate in fields of mutual interest. Other international organizations, governmental

and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information

technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of the joint technical committee is to prepare International Standards. Draft International

Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as

an International Standard requires approval by at least 75 % of the national bodies casting a vote.

In other circumstances, particularly when there is an urgent market requirement for such documents, the joint

technical committee may decide to publish an ISO/IEC Technical Specification (ISO/IEC TS), which

represents an agreement between the members of the joint technical committee and is accepted for

publication if it is approved by 2/3 of the members of the committee casting a vote.

An ISO/IEC TS is reviewed after three years in order to decide whether it will be confirmed for a further three

years, revised to become an International Standard, or withdrawn. If the ISO/IEC TS is confirmed, it is

reviewed again after a further three years, at which time it must either be transformed into an International

Standard or be withdrawn.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO shall not be held responsible for identifying any or all such patent rights.

ISO/IEC TS 15504-8:2012 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information

technology, Subcommittee SC 7, Software and systems engineering.

ISO/IEC TS 15504-8 consists of the following parts, under the general title Information technology — Process

assessment:
 Part 1: Concepts and vocabulary
 Part 2: Performing an assessment
 Part 3: Guidance on performing an assessment

 Part 4: Guidance on use for process improvement and process capability determination

 Part 5: An exemplar software life cycle process assessment model
 Part 6: An exemplar system life cycle process assessment model
 Part 7: Assessment of organizational maturity [Technical Report]

 Part 8: An exemplar process assessment model for IT service management [Technical Specification]

 Part 9: Target process profiles [Technical Specification]
 Part 10: Safety extension [Technical Specification]
© ISO/IEC 2012 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC TS 15504-8:2012(E)
Introduction

This part of ISO/IEC 15504 provides an example of an IT Service Management Process Assessment Model

(PAM) for use in performing a conformant assessment in accordance with the requirements of

ISO/IEC 15504-2. It enables implemented processes of ISO/IEC 20000-4 to be assessed according to the

requirements of ISO/IEC 15504-2.

An integral part of conducting an assessment is to use a Process Assessment Model (PAM) that is

constructed for that purpose. A PAM is related to a Process Reference Model (PRM) and is conformant with

ISO/IEC 15504-2. ISO/IEC 15504-2 sets out the minimum requirements for performing an assessment in

order to ensure consistency and repeatability of the ratings. ISO/IEC 15504-2 addresses the assessment of

process and the application of process assessment for improvement and capability determination. Results of

conformant process assessments may be compared when the scopes of the assessments are considered to

be similar. The requirements for process assessment defined in ISO/IEC 15504-2 form a structure which:

a) facilitates self-assessment;
b) provides a basis for use in process improvement and capability determination;
c) takes into account the context in which the assessed process is implemented;
d) produces a process rating;
e) addresses the ability of the process to achieve its purpose;
f) is applicable across all application domains and sizes of organization;
g) may provide an objective benchmark between organizations.

The PRM defined in ISO/IEC TR 20000-4 has been used as the basis for the PAM in this part of

ISO/IEC 15504. The relationship between ISO/IEC 20000-1, ISO/IEC TR 20000-4 and ISO/IEC 15504-2 is

shown in Figure 1.
ISO/IEC 20000-1 – Service ISO/IEC TR 24774 - Guidelines for
Management System Requirements process definition
informs
Provides processes to support
ISO/IEC TR 20000-4 Service
Management – Process Reference
Model
Capability of processes is
assessed by
ISO/IEC 15504-2 – Performing an Assessment
ISO/IEC TS 15504-8 – An exemplar process assessment
model for IT service management

Figure 1 —Relationship between ISO/IEC 20000-1, ISO/IEC TR 20000-4 and ISO/IEC 15504-2

vi © ISO/IEC 2012 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/IEC TS 15504-8:2012(E)

Any organisation may use processes with additional elements in order to suit it to the environment and

circumstances. The Process Reference Model (PRM) that is the basis for this Process Assessment Model is

ISO/IEC 20000-4:2010. This PRM may not be fully aligned with ISO/IEC 20000-1:2011 as it was developed to

align to ISO/IEC 20000-1:2005. A revised PRM aligned to ISO/IEC 20000-1:2011 is being developed and it is

expected that this revised PRM will address and resolve these identified incompatibilities. Due to the

development status of this PRM, it is known to be unverified and subject to change in the future.

This PAM contains a set of indicators to be considered when interpreting the intent of its PRM. It provides

greater detail to indicate process performance and capability. The indicators may also be used when

implementing a process improvement program or to help evaluate and select an assessment model, method,

methodology or tools.

As an exemplar, this PAM embodies the core characteristics that could be expected of any PAM consistent

with ISO/IEC 15504-2. Nevertheless any other PAMs meeting the requirements of ISO/IEC 15504-2 may be

used in a conformant assessment.

This Part of ISO/IEC 15504 has a similar structure to ISO/IEC 15504 Parts 5 and 6. It may be used in

conjunction with them for joint assessment of service management processes and system/software life cycle

processes.
Within this part of ISO/IEC 15504:

 clause 4 provides a detailed description of the structure and key components of a PAM, which

includes two dimensions: a process dimension and a capability dimension. Assessment indicators

are introduced in this clause;

 clause 5 addresses the process dimension. It uses process definitions from ISO/IEC TR 20000-4 to

designate the PRM. The processes of the PRM are described in the PAM in terms of purpose and

outcomes. The PAM expands the PRM process definitions by including a set of process performance

indicators called base practices for each process. The PAM also defines a second set of indicators of

process performance by associating inputs and outputs with each process. Clause 5 is also linked

directly to Annex B, which defines the inputs/outputs characteristics;

 clause 6 addresses the capability dimension. It duplicates the definitions of the capability levels and

process attributes from ISO/IEC 15504-2, and expands each of the nine attributes through the

inclusion of a set of generic practices. These generic practices belong to a set of indicators of

process capability, in association with generic resource indicators, and generic inputs/outputs

indicators. Annex B is also linked directly to Clause 6 as it defines the inputs/outputs characteristics;

 Annex A provides a statement of conformance of the PAM to the requirements defined in

ISO/IEC 15504-2;

 Annexes B provides selected characteristics for typical inputs/outputs to assist the assessor in

evaluating the capability level of processes;

 Annex C contains a capability process profile linking the requirements of ISO/IEC 20000-1 to base

practices and information items;
 the Bibliography contains a list of informative references.
© ISO/IEC 2012 – All rights reserved vii
---------------------- Page: 7 ----------------------
TECHNICAL SPECIFICATION ISO/IEC TS 15504-8:2012(E)
Information technology — Process assessment —
Part 8:
An exemplar process assessment model for IT service
management
1 Scope
This part of ISO/IEC 15504:

 defines an exemplar PAM that meets the requirements of ISO/IEC 15504-2 and that supports the

performance of an assessment by providing indicators for guidance on the interpretation of the process

purposes and outcomes as defined in ISO/IEC TR 20000-4 and the process attributes as defined in

ISO/IEC 15504-2;

 provides guidance, by example, on the definition, selection and use of assessment indicators.

A PAM comprises a set of indicators of process performance and process capability. The indicators are used

as a basis for collecting the objective evidence that enables an assessor to assign ratings. The set of

indicators included in this part of ISO/IEC 15504 is not intended to be an all-inclusive set nor is it intended to

be applicable in its entirety. Subsets that are appropriate to the context and scope of the assessment should

be selected, and possibly augmented with additional indicators (see Annex C).

The PAM in this part of ISO/IEC 15504 is directed at assessment sponsors and competent assessors who

wish to select a model, and associated documented process method, for assessment (for either capability

determination or process improvement). Additionally it may be of use to developers of assessment models in

the construction of their own model, by providing examples of good service management practices. It can be

used by:

a) service providers to assess and improve a Service Management System (SMS), including processes,

for the design, development, transition and delivery of services that fulfil service requirements;

b) organizations that are seeking services from service providers and requiring assurance that their

service requirements will be fulfilled;

c) service providers to demonstrate their capability for the design, development, transition and delivery

of services that fulfil service requirements.

Any PAM meeting the requirements defined in ISO/IEC 15504-2 concerning models for process assessment

may be used for assessment. Different models and methods may be needed to address differing business

needs. The assessment model in this part of ISO/IEC 15504 is provided as an exemplar of a model meeting

all the requirements expressed in ISO/IEC 15504-2.

The scope of this Part of ISO/IEC 15504 is consistent with the scope of Part 5 and 6 of ISO/IEC 15504 in

order to assist situations where assessment is being made of both service management and system/software

life cycle processes.
© ISO/IEC 2012 – All rights reserved 1
---------------------- Page: 8 ----------------------
ISO/IEC TS 15504-8:2012(E)

NOTE: Copyright release for the Exemplar PAM: Users of this part of ISO/IEC 15504 may freely reproduce the

detailed descriptions contained in the exemplar assessment model as part of any tool or other material to support the

performance of process assessments, so that it can be used for its intended purpose.

2 Normative references

The following normative documents contain provisions which, through reference in this text, constitute

provisions of this part of ISO/IEC 15504. For dated references, subsequent amendments to, or revisions of,

any of these publications do not apply. However, parties to agreements based on this part of ISO/IEC 15504

are encouraged to investigate the possibility of applying the most recent editions of the normative documents

indicated below. For undated references, the latest edition of the normative document referred to applies.

Members of ISO and IEC maintain registers of currently valid International Standards.

ISO/IEC 20000-1:2011, Information technology — Service management — Part 1: Service management

system requirements

ISO/IEC TR 20000-4:2010, Information technology — Service management — Part 4: Process Reference

Model

ISO/IEC 15504-1:2004, Information technology — Process assessment — Part 1: Concepts and Vocabulary

ISO/IEC 15504-2:2003, Information technology — Process assessment — Part 2: Performing an Assessment

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 15504-1 and ISO/IEC 20000-1

apply.
4 Overview of the exemplar Process Assessment Model
4.1 Introduction to Overview

This part of ISO/IEC 15504 provides an exemplar PAM that includes examples of assessment indicators.

The PRM defined in ISO/IEC TR 20000-4, associated with the process attributes defined in ISO/IEC 15504-2,

establish a PAM used as a common basis for performing assessments of service management system

process capability, allowing for the reporting of results using a common rating scale.

The PAM is a two-dimensional model of process capability. In one dimension, the process dimension, the

processes are defined. In the other dimension, the capability dimension, a set of process attributes grouped

into capability levels is defined. The process attributes provide the measurable characteristics of process

capability.
2 © ISO/IEC 2012 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC TS 15504-8:2012(E)
CAPABILITCAPABILITYY
DimensionDimension
ISO/IEC 15504-2
---- 55 OptimOptimiizingzing (2 at(2 attributributteses))
LeLevveel l : :
---- 44 PredictaPredictable (2 attributeble (2 attributess))
LeLevveel l : :
ISO/IEC TR 20000-4
---- 33 EstablisheEstablished (2 atd (2 attributributteses))
LeLevveel l : :
---- 22 ManagManageed (2 attributed (2 attributess))
LeLevveel l : :
---- 11 PerformePerformed (1 attributed (1 attribute))
Level : : ProcessProcess ReferenceReference
Model (PRM)Model (PRM)
Level
---- 00 IncompleteIncomplete
: :
SMS General
PROCESSPROCESS
processes
DimensionDimension
ProcessesProcesses
Design and transition
of new or changed
ProcesseProcessess
Service delivery
services processes
Control
processes
Resolution
processes
Relationship
processes
processes
Figure 2 — Relationship between the Process Assessment Model and its inputs

Figure 2 shows the relationship between the general structure of the PAM, ISO/IEC 15504-2 and ISO/IEC TR

20000-4.

A PRM and a capability dimension defined in ISO/IEC 15504-2 cannot be used alone as the basis for

conducting reliable and consistent assessments of process capability since the level of detail provided is not

sufficient. The descriptions of process purpose and outcomes in a PRM, and the process attribute definitions

in ISO/IEC 15504-2, need to be supported with a comprehensive set of indicators of process performance and

process capability that are used for assessment performance.

The exemplar PAM defined in this part of ISO/IEC 15504 is conformant with the ISO/IEC 15504-2

requirements for a PAM, and can be used as the basis for conducting an assessment of IT service

management process capability.

In order to meet the PAM requirements of ISO/IEC 15504-2, a documented process supporting other

requirements of ISO/IEC 15504-2 is also required. This need may be met, for example, by the adoption of a

supporting method for conducting assessments.
4.2 Structure of the exemplar Process Assessment Model
This clause describes the detailed structure of the PAM and its key components.

This PAM expands upon the PRM by including a defined set of assessment indicators. Assessment indicators

comprise indicators of process performance and process capability and are defined to support an assessor’s

judgment of the performance and capability of an implemented process.
© ISO/IEC 2012 – All rights reserved 3
---------------------- Page: 10 ----------------------
ISO/IEC TS 15504-8:2012(E)

Clause 5, together with its associated Annex B, describes the components of the process dimension, and

clause 6 describes the components of the capability dimension. Annex A provides a statement of

conformance of the PAM to the requirements defined in ISO/IEC 15504-2.
ISO/IEC 15504-2 requires that processes included in a PRM satisfy the following:

"The fundamental elements of a Process Reference Model are the set of descriptions of the processes within

the scope of the model. These process descriptions shall meet the following requirements:

a) A process shall be described in terms of its Purpose and Outcomes.

b) In any description the set of process outcomes shall be necessary and sufficient to achieve the purpose of

the process.

c) Process descriptions shall be such that no aspects of the measurement framework as described in clause 5

of this International Standard beyond level 1 are contained or implied."

As processes are derived directly from ISO/IEC TR 20000-4, these requirements are satisfied.

4.2.1 Processes

Figure 3 shows the processes from ISO/IEC TR 20000-4, which are included in the process dimension of the

exemplar PAM for service management.
SMS General Processes Design and Transition of New or Changed
Services Processes
SMS.1 Audit
DTR.1 Service requirements
SMS.2 Improvement
DTR.2 Service design
SMS.3 Information item management
DTR.3 Service transition
SMS.4 Management review
DTR.4 Service planning
SMS.5 Resource management
SMS.6 Risk management
SMS.7 Service measurement
Service Delivery Processes
SMS.8 Establishment and improvement
SDE.1 Budgeting and accounting for services
SMS.9 Implementation and operation
SDE.2 Capacity management
SDE.3 Information security management
SDE.4 Service availability management
Control Processes
SDE.5 Service continuity management
CON.1 Change management
SDE.6 Service level management
CON.2 Configuration management
SDE.7 Service reporting
CON.3 Release and deployment management
Resolution Processes
RES.1 Incident management
Relationship Processes
RES.2 Service request management
REL.1 Business relationship management
RES.3 Problem management
REL.2 Supplier management
Figure 3 — Processes in the Process Reference Model
4 © ISO/IEC 2012 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/IEC TS 15504-8:2012(E)
4.2.2 Process dimension

The process dimension of the PAM includes all processes from the PRM contained in ISO/IEC TR 20000-4

and shown in Figure 3. Each proce
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.