ISO/IEC TR 15504-3:1998

TECHNICAL ISO/IEC
REPORT TR 15504-3
First edition
1998-08-15
Information technology — Software process
assessment —
Part 3:
Performing an assessment
Technologies de l’information — Évaluation des procédés du logiciel —
Partie 3: Exécution d’une évaluation
Reference number
B C
ISO/IEC TR 15504-3:1998(E)

---------------------- Page: 1 ----------------------
ISO/IEC TR 15504-3:1998(E)
Contents
1 Scope .1
2 Normative references .1
3 Terms and definitions.1
4 Requirements .2
4.1 General.2
4.2 Defining the assessment input.2
4.3 Responsibilities.3
4.4 The assessment process .3
4.5 Recording the assessment output.4
© ISO/IEC 1998
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or
utilized in any form or by any means, electronic or mechanical, including photocopying and micro-
film, without permission in writing from the publisher.
ISO/IEC Copyright Office • Case postale 56 • CH-1211 Genève 20 • Switzerland
Printed in Switzerland
ii

---------------------- Page: 2 ----------------------
© ISO/IEC
ISO/IEC TR 15504-3:1998(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)
form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC
participate in the development of International Standards through technical committees established by the
respective organization to deal with particular fields of technical activity. ISO and IEC technical committees
collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in
liaison with ISO and IEC, also take part in the work.
In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
The main task of technical committees is to prepare International Standards, but in exceptional circumstances a
technical committee may propose the publication of a Technical Report of one of the following types:
— type 1, when the required support cannot be obtained for the publication of an International Standard, despite
repeated efforts;
— type 2, when the subject is still under technical development or where for any other reason there is the future
but not immediate possibility of an agreement on an International Standard;
— type 3, when a technical committee has collected data of a different kind from that which is normally published
as an International Standard (“state of the art”, for example).
Technical Reports of types 1 and 2 are subject to review within three years of publication, to decide whether they
can be transformed into International Standards. Technical Reports of type 3 do not necessarily have to be
reviewed until the data they provide are considered to be no longer valid or useful.
ISO/IEC TR 15504-3, which is a Technical Report of type 2, was prepared by Joint Technical Committee ISO/IEC
JTC 1, Information technology, Subcommittee SC 7, Software engineering.
ISO/IEC TR 15504 consists of the following parts, under the general title Information technology — Software
process assessment :
 Part 1: Concepts and introductory guide
 Part 2: A reference model for processes and process capability
 Part 3: Performing an assessment
 Part 4: Guide to performing assessments
 Part 5: An assessment model and indicator guidance
 Part 6: Guide to competency of assessors
 Part 7: Guide for use in process improvement
 Part 8: Guide for use in determining supplier process capability
 Part 9: Vocabulary
iii

---------------------- Page: 3 ----------------------
© ISO/IEC
ISO/IEC TR 15504-3:1998(E)
Introduction
ISO/IEC TR 15504 provides a framework for software process assessment and sets out the minimum requirements
for performing an assessment in order to ensure consistency and repeatability of the ratings. The requirements
help to ensure that the assessment output is self-consistent, and provide evidence to substantiate the ratings and to
verify compliance with the requirements.
Process assessment is applicable in the following circumstances:
a) by or on behalf of an organization with the objective of understanding the state of its own processes for process
improvement;
b) by or on behalf of an organization with the objective of determining the suitability of its own processes for a
particular requirement or class of requirements;
c) by or on behalf of one organization with the objective of determining the suitability of another organization’s
processes for a particular contract or class of contracts.
Assessors may be from within the organization, external to the organization or a combination of both.
Process assessment is an activity that is performed either during a process improvement initiative as described in
ISO/IEC TR 15504-7, or as part of a capability determination procedure as described in ISO/IEC TR 15504-8. In
either case, the formal entry to the assessment process occurs with the compilation of the assessment input which
defines the purpose of the assessment (why it is being carried out), the scope of the assessment (which processes
are being assessed), what constraints, if any, apply to the assessment, and any additional information that needs to
be gathered. The assessment input also defines the responsibility for carrying out the assessment.
An assessment is carried out against a defined scope utilizing a compatible model(s) of good software engineering
practice created from, or mapped to, the reference model defined in ISO/IEC TR 15504-2. ISO/IEC TR 15504-5
contains an exemplar compatible model. The reference model defines a set of processes, characterized by
statements of process purpose, and a set of process attributes that apply across all processes. The process
attributes are grouped into six process capability levels that define an ordinal scale of capability. The assessment
output consists of a set of process attribute ratings for each process assessed, and may also include the capability
level achieved by that process.
An assessment is typically carried out by a team with or without the aid of tool support. The assessment is overseen
by a competent assessor who has the necessary competence and skills, guidance for which is provided in
ISO/IEC TR 15504-6. ISO/IEC TR 15504-4 provides guidance for interpreting the minimum requirements for
performing an assessment.
This part of ISO/IEC TR 15504 assumes familiarity with the relevant guidance parts of ISO/IEC TR 15504. It is
primarily addressed to the competent assessor and other people, such as the sponsor of the assessment, who
need to assure themselves that the requirements have been met. It will also be of value to developers of
assessment methods and of tools to support an assessment.
iv

---------------------- Page: 4 ----------------------
©
TECHNICAL REPORT  ISO/IEC ISO/IEC TR 15504-3:1998(E)
Information technology — Software process assessment —
Part 3:
Performing an assessment
1 Scope
This part of ISO/IEC TR 15504 defines the minimum set of requirements for performing an assessment. These will
increase the likelihood that results are objective, impartial, consistent, repeatable and representative of the
processes assessed. Assessments may be compared when their assessment scopes are considered to be
comparable.
The requirements form part of a process assessment framework which;
a) encourages self-assessment;
b) takes into account the context in which the assessed processes operate;
c) produces sets of process ratings (process profiles);
d) through process attributes applicable to all processes, addresses the ability of processes to achieve their
purpose;
e) is appropriate across all application domains and sizes of organization.
ISO/IEC TR 15504 is not intended to be used in any scheme for the certification/registration of the process
capability of an organization.
2 Normative references
The following normative documents contain pro
...