ISO/IEC TS 15504-8:2012

TECHNICAL ISO/IEC
SPECIFICATION TS
15504-8
First edition
2012-09-15
Information technology — Process
assessment —
Part 8:
An exemplar process assessment model
for IT service management
Technologies de l'information — Évaluation des procédés —
Partie 8: Un modèle d'évaluation des procédés exemplaire pour le
management des services IT
Reference number
©
ISO/IEC 2012
©  ISO/IEC 2012
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2012 – All rights reserved

Contents Page
Foreword . v
Introduction . vi
1  Scope . 1
2  Normative references . 2
3  Terms and definitions . 2
4  Overview of the exemplar Process Assessment Model . 2
4.1  Introduction to Overview . 2
4.2  Structure of the exemplar Process Assessment Model . 3
4.2.1  Processes . 4
4.2.2  Process dimension . 5
4.2.3  Capability dimension . 5
4.3  Assessment Indicators . 6
4.3.1  Process Capability Indicators . 8
4.3.2  Process Performance Indicators . 9
4.4  Measuring process capability . 10
5  The process dimension and process performance indicators (Level 1) . 11
5.1  General . 11
5.2  CON.1 Change management . 12
5.3  CON.2 Configuration management . 13
5.4  CON.3 Release and deployment management . 14
5.5  DTR.1 Service requirements . 15
5.6  DTR.2 Service design . 16
5.7  DTR.3 Service transition . 16
5.8  DTR.4 Service planning . 17
5.9  REL.1 Business relationship management. 18
5.10  REL.2 Supplier management . 20
5.11  RES.1 Incident management . 21
5.12  RES.2 Service request management . 21
5.13  RES.3 Problem management . 22
5.14  SDE.1 Budgeting and accounting for IT services . 23
5.15  SDE.2 Capacity management . 24
5.16  SDE.3 Information security management . 25
5.17  SDE.4 Service availability management . 26
5.18  SDE.5 Service continuity management . 27
5.19  SDE.6 Service level management . 28
5.20  SDE.7 Service reporting. 28
5.21  SMS.1 Audit . 29
5.22  SMS.2 Improvement . 30
5.23  SMS.3 Information item management . 31
5.24  SMS.4 Management review. 32
5.25  SMS.5 Resource management . 34
5.26  SMS.6 Risk management . 34
5.27  SMS.7 Service measurement . 35
5.28  SMS.8 SMS Establishment and improvement . 36
5.29  SMS.9 SMS Implementation and operation . 37
6  Process capability indicators (Level 1 to 5) . 38
6.1  Level 1: Performed process . 39
6.1.1  PA 1.1 Process performance attribute. . 39
6.2  Level 2: Managed process . 39
© ISO/IEC 2012 – All rights reserved iii

6.2.1  PA 2.1 Performance management attribute .39
6.2.2  PA 2.2 Work product management attribute .42
6.3  Level 3: Established process .44
6.3.1  PA 3.1 Process definition attribute .44
6.3.2  PA 3.2 Process deployment attribute .46
6.4  Level 4: Predictable process .48
6.4.1  PA 4.1 Process measurement attribute .49
6.4.2  PA 4.2 Process control attribute .51
6.5  Level 5: Optimizing process .53
6.5.1  PA 5.1 Process innovation attribute .53
6.5.2  PA 5.2 Process optimization attribute .55
6.6  Related Processes for Process Attributes .57
Annex A (informative)  Conformity of the exemplar Process Assessment Model .58
Annex B (informative) Input and output characteristics .65
Annex C (informative) Process Capability for ISO/IEC 20000-1 requirements. 101
Bibliography . 204

iv © ISO/IEC 2012 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
In other circumstances, particularly when there is an urgent market requirement for such documents, the joint
technical committee may decide to publish an ISO/IEC Technical Specification (ISO/IEC TS), which
represents an agreement between the members of the joint technical committee and is accepted for
publication if it is approved by 2/3 of the members of the committee casting a vote.
An ISO/IEC TS is reviewed after three years in order to decide whether it will be confirmed for a further three
years, revised to become an International Standard, or withdrawn. If the ISO/IEC TS is confirmed, it is
reviewed again after a further three years, at which time it must either be transformed into an International
Standard or be withdrawn.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
technology, Subcommittee SC 7, Software and systems engineering.
ISO/IEC TS 15504-8 consists of the following parts, under the general title Information technology — Process
assessment:
 Part 1: Concepts and vocabulary
 Part 2: Performing an assessment
 Part 3: Guidance on performing an assessment
 Part 4: Guidance on use for process improvement and process capability determination
 Part 5: An exemplar software life cycle process assessment model
 Part 6: An exemplar system life cycle process assessment model
 Part 7: Assessment of organizational maturity [Technical Report]
 Part 8: An exemplar process assessment model for IT service management [Technical Specification]
 Part 9: Target process profiles [Technical Specification]
 Part 10: Safety extension [Technical Specification]
© ISO/IEC 2012 – All rights reserved v

Introduction
This part of ISO/IEC 15504 provides an example of an IT Service Management Process Assessment Model
(PAM) for use in performing a conformant assessment in accordance with the requirements of
ISO/IEC 15504-2. It enables implemented processes of ISO/IEC 20000-4 to be assessed according to the
requirements of ISO/IEC 15504-2.
An integral part of conducting an assessment is to use a Process Assessment Model (PAM) that is
constructed for that purpose. A PAM is related to a Process Reference Model (PRM) and is conformant with
ISO/IEC 15504-2. ISO/IEC 15504-2 sets out the minimum requirements for performing an assessment in
order to ensure consistency and repeatability of the ratings. ISO/IEC 15504-2 addresses the assessment of
process and the application of process assessment for improvement and capability determination. Results of
conformant process assessments may be compared when the scopes of the assessments are c
...