ISO/IEC 33001:2015

INTERNATIONAL ISO/IEC
STANDARD 33001
Second edition
2015-03-01
Information technology — Process
assessment — Concepts and
terminology
Technologies de l’information — Évaluation du processus — Concepts
et terminologie
Reference number
©
ISO/IEC 2015
© ISO/IEC 2015
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2015 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms relating to processes and process management . 1
3.2 Terms relating to process assessment . 3
3.3 Terms relating to process models . 5
3.4 Terms relating to process measurement . 6
4 Structure of the set of Standards . 7
5 Concepts .10
5.1 General .10
5.2 Concepts of “process” .10
5.3 The assessment framework .11
5.3.1 Measuring process quality characteristics .11
5.3.2 Process reference models .11
5.3.3 Process assessment models .12
5.3.4 The process assessment process .12
5.4 Organizational process maturity .13
5.5 Competency of assessors .14
5.6 Application of Assessment Results .14
5.6.1 Improving performance.14
5.6.2 Evaluating process-related risk .14
5.6.3 Benchmarking performance .15
6 Assessment of process capability .15
7 Conformance .15
8 Conformity assessment .16
Annex A (informative) Cross Referencing ISO/IEC 330xx to ISO/IEC 15504 .17
Bibliography .18
© ISO/IEC 2015 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
Details of any patent rights identified during the development of the document will be in the Introduction
and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 7, Software
and systems engineering.
This second edition cancels and replaces ISO/IEC 15504-1:2004, which has been technically revised.
iv © ISO/IEC 2015 – All rights reserved

Introduction
This International Standard provides a glossary of terms related to the performance of process
assessment, together with an overall introduction to the concepts and standards framework for
process assessment. This International Standard identifies the principal components supporting the
performance of process assessment, describes the results of process assessment, and gives an overview
of the ways in which the results of assessment can be applied.
This International Standard is part of a set of International Standards designed to provide a consistent and
coherent framework for the assessment of process quality characteristics, based on objective evidence
resulting from implementation of the processes. The framework for assessment covers processes
employed in the development, maintenance, and use of systems across the information technology
domain and those employed in the design, transition, delivery, and improvement of services. The set of
International Standards, as a whole, addresses process quality characteristics of any type. Results of
assessment can be applied for improving process performance, benchmarking, or for identifying and
addressing risks associated with application of processes.
The set of International Standards ISO/IEC 33001:2015, ISO/IEC 33099, termed the ISO/IEC 330xx
family, defines the requirements and resources needed for process assessment. The overall architecture
and content of the series is described in this International Standard. General issues relating to the
application of conformity assessment to process capability and organizational process maturity are
addressed in ISO/IEC 29169.
Several International Standards in the ISO/IEC 330xx family of standards for process assessment are
[13]
intended to replace and extend parts of the ISO/IEC 15504 series of Standards . Annex A in this
Standard provides a detailed record of the relationship between the ISO/IEC 330xx family and the
ISO/IEC 15504 series.
© ISO/IEC 2015 – All rights reserved v

INTERNATIONAL STANDARD ISO/IEC 33001:2015(E)
Information technology — Process assessment — Concepts
and terminology
1 Scope
This International Standard provides a repository for key terminology relating to process assessment. It
gives overall information on the concepts of process assessment, the application of process assessment
for evaluating the achievement of process quality characteristics, and the application of the results of
process assessment to the conduct of process management. This International Standard provides an
introduction to the ISO/IEC 330xx family of standards for process assessment; it describes how the
parts of the family of standards for process assessment fit together and provides guidance for their
selection and use. It explains the requirements contained within the suite and their applicability to
performing assessments.
Readers of this International Standard should familiarize themselves with the terminology and structure
of the document suite and then reference the appropriate elements of the suite for the context in which
they propose to conduct an assessment.
NOTE This International Standard addresses terms used in ISO/IEC 33001 to ISO/IEC 33019 of the
ISO/IEC 330xx family, as well as key terms used in other documents in the family. Terms specific to documents
from ISO/IEC 33020 to ISO/IEC 33099 are defined in each document.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC/IEEE 24765:2010, Systems and software engineering — Vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC/IEEE 24765 and the
following apply.
3.1 Terms relating to processes and process management
3.1.1
acquirer
stakeholder that acquires or procures a product or service from a supplier
[SOURCE: ISO/IEC 15288:2008, 4.1]
3.1.2
defined process
implemented process that is managed and tailored from the organization’s set of standard processes
according to the organization’s tailoring guidelines
Note 1 to entry: A defined process has a process description that is documented and maintained and contributes
work products, measures, and other process improvement information to the organization’s process assets.
A project’s defined process provides a basis for planning, performing, and improving the project’s tasks and
activities of the project.
© ISO/IEC 2015 – All rights reserved 1

3.1.3
effectiveness
extent to which planned activities are realized and planned results are achieved
[SOURCE: ISO 9000:2005, 3.2.14]
3.1.4
information item
separately identifiable body of information that is produced, stored, and delivered for human use
Note 1 to entry: An information item can be produced in several versions during a system, software, or service
life cycle. Syn: information product.
[SOURCE: ISO/IEC 15289:2011, 5.11; Note has been modified.]
3.1.5
organization
group of people and facilities with an arrangement of responsibilities, authorities, and relationships
[SOURCE: ISO 9000:2005, 3.3.1]
3.1.6
process
set of interrelated or interacting activities which transforms inputs into outputs
[SOURCE: ISO 9000:2005, 3.4.1]
3.1.7
process improvement
actions taken to improve the quality of the organization’s processes aligned with the business needs and
the needs of other concerned parties
3.1.8
standard process
set of definitions of the processes used to guide processes in an organization
Note 1 to entry: These process definitions cover the fundamental process elements (and their relationships to
each other) that must be incorporated into the defined processes that are implemented in projects across the
organization. A standard process establishes consistent activities across the organization and is desirable for
long-term stability and improvement.
Note 2 to entry: The organization’s set of standard processes describe the fundamental process elements that will
be part of the projects’ defined processes. It also describes the relationships (for example, ordering and interfaces)
between these process elements.
Note 3 to entry: Process elements are the entities that are assembled to make up a process. They can be sub-
processes, activities, tasks, etc.
3.1.9
supplier
an organization or an individual that enters into an agreement with the acquirer for the supply of a
product or service
Note 1 to entry: Other terms commonly used for supplier are contractor, producer, seller, or vendor.
Note 2 to entry: The acquirer and the supplier can be part of the same organization.
[SOURCE: ISO/IEC 15288:2008, 4.30]
3.1.10
tailored process
process developed by tailoring a standard process
2 © ISO/IEC 2015 – All rights reserved

3.1.11
tailoring guideline
instructions that enable an organization to adapt standard processes appropriately to meet specific needs
Note 1 to entry: Tailoring a process adapts the process description for a particular end. For example, a project
creates its defined process by tailoring the organization’s set of standard processes to meet the objectives,
constraints, and environment of the project. The organization’s set of standard processes is described in a general
level that might not be directly usable to perform a process. Tailoring guidelines aid those who establish the
defined processes for specific needs.
Note 2 to entry: Tailoring guidelines describe what can and cannot be modified and identify process components
that are candidates for modification.
3.2 Terms relating to process assessment
3.2.1
assessment body
body that performs an assessment
Note 1 to entry: A body can be an organization or part of an organization that performs the assessment.
[SOURCE: ISO/IEC 17020:2000, 2.2]
3.2.2
assessment constraints
restrictions placed on the use of the assessment outputs and on the assessment team’s freedom of choice
regarding the conduct of the assessment
3.2.3
assessment input
information required before a process assessment can commence
Note 1 to entry: The assessment input can change over the course of an assessment.
3.2.4
assessment output
all of the tangible results from an assessment (see assessment record)
3.2.5
assessment participant
individual who has responsibilities within the scope of the assessment
Note 1 to entry: Examples include, but are not limited to, the assessment sponsor, assessors, and/or organization
units and their members.
3.2.6
assessment purpose
statement provided as part of the assessment input, which defines the reasons for performing the assessment
3.2.7
assessment record
orderly documented collection of the information which is pertinent to the assessment and adds to the
understanding and verification of the process profiles generated by the assessment
3.2.8
assessment scope
definition of the boundaries of the assessment, provided as part of the assessment input, encompassing
the boundaries of the organizational unit for the assessment, the processes to be included, the quality level
for each process to be assessed, and the context within which the processes operate (see process context)
© ISO/IEC 2015 – All rights reserved 3

3.2.9
assessment sponsor
individual or entity, internal or external to the organizational unit being assessed, who requires the
assessment to be performed and provides financial or other resources to carry it out
3.2.10
assessment team
one or more individuals who jointly perform a process assessment
3.2.11
assessor
individual who participates in the rating of process attributes
3.2.12
lead assessor
assessor who has demonstrated the competencies to conduct an assessment and to monitor and verify
the conformance of a process assessment
3.2.13
objective evidence
data supporting the existence or verity of something
Note 1 to entry: Objective evidence can be obtained through observation, measurement, test, or other means.
[SOURCE: ISO 9000:2005, 3.8.1]
3.2.14
organizational unit
identified part of an organization that deploys one or more processes that operate within a coherent set
of business goals and which forms the basis for the scope of an assessment
Note 1 to entry: An organizational unit is typically part of a larger organization, although in a small organization,
the organizational unit can be the whole organization.
3.2.15
process assessment
disciplined evaluation of an organizational unit’s processes against a process assessment model
3.2.16
process context
set of factors, documented in the assessment input, that influence the judgment, comprehension, and
comparability of process attribute ratings
3.2.17
process instance
single specific and identifiable execution of a process
3.2.18
process profile
set of process attribute ratings for an assessed process
3.2.19
process quality determination
systematic assessment and analysis of selected processes against a target process profile
3.2.20
target process profile
process profile specifying which process attributes are required and the rating necessary for each
process attribute for a required process
4 © ISO/IEC 2015 – All rights reserved

3.3 Terms relating to process models
3.3.1
assessment indicator
sources of objective evidence used to support the assessor’s judgment in rating process attributes
Note 1 to entry: Examples include practice, information item, or resource.
3.3.2
base practice
activity that, when consistently performed, contributes to achieving a specific process purpose
3.3.3
basic maturity level
lowest level of achievement in a scale of organizational process maturity
3.3.4
basic process set
set of processes that ensure the achievement of the basic maturity level
Note 1 to entry: The set of processes are drawn from specified process assessment models.
Note 2 to entry: A basic process set will include a minimum set of processes, together with additional and optional
processes determined by the organizational context for the assessment.
3.3.5
extended process set
set of processes specific to a maturity level higher than the basic maturity level that ensures the
achievement of the relevant process profile
Note 1 to entry: The set of processes are drawn from specified process assessment models.
Note 2 to entry: An extended process set will include a minimum set of processes, together with additional and
optional processes determined by the organizational context for the assessment.
3.3.6
generic practice
activity that, when consistently performed, contributes to the achievement of a specified process attribute
3.3.7
maturity model
model derived from one or more specified process assessment model(s) that identifies the process sets
associated with the levels in a specified scale of organizational process maturity
3.3.8
practice
specific type of activity that contributes to the execution of a process
th
[SOURCE: PMBOK Guide, 4 Edition]
3.3.9
process assessment model
model suitable for the purpose of assessing a specified process quality characteristic, based on one or
more process reference models
Note 1 to entry: Process assessment models addressing a specific process quality characteristic can include
the identification of the characteristic in the title; for example, a process assessment model addressing process
capability can be termed a “process capability assessment model”.
© ISO/IEC 2015 – All rights reserved 5

3.3.10
process dimension
set of process elements in a process assessment model explicitly related to the processes defined in the
relevant process reference model(s)
Note 1 to entry: For example, in ISO/IEC 33061, the elements of the process dimension include processes, process
purpose statements, process outcomes, and process performance indicators.
3.3.11
process outcome
observable result of the successful achievement of the process purpose
Note 1 to entry: An outcome statement describes one of the following: production of an artefact; a significant
change in state; meeting of specified constraints, e.g., requirements, goals, etc.
[SOURCE: ISO/IEC 12207:2008, 4.27]
3.3.12
process performance indicator
assessment indicator that supports the judgement of the process performance of a specific process
3.3.13
process purpose
high-level objective of performing the process and the likely outcomes of effective implementation
of the process
Note 1 to entry: The implementation of the process should provide tangible benefits to the stakeholders.
[SOURCE: ISO/IEC 12207:2008, 4.26]
3.3.14
process quality dimension
set of elements in a process assessment model explicitly related to the process measurement framework
for the specified process quality characteristic
Note 1 to entry: See Reference [16] for a full description of the elements of process definitions.
3.3.15
process quality indicator
assessment indicator that supports the judgement of the process quality characteristic of a specific process
3.3.16
process reference model
model comprising definitions of processes in a domain of application described in terms of process
purpose and outcomes, together with an architecture describing the relationships between the processes
3.4 Terms relating to process measurement
3.4.1
maturity level
point on an ordinal scale of organizational process maturity that characterizes the maturity of the
organizational unit assessed in the scope of the maturity model used
3.4.2
organizational process maturity
the extent to which an organizational unit consistently implements processes within a defined scope
that contributes to the achievement of its business needs (current or projected)
Note 1 to entry: The defined scope is that of the specified maturity model.
6 © ISO/IEC 2015 – All rights reserved

3.4.3
process attribute
process quality attribute
measurable property of a process quality characteristic
3.4.4
process attribute outcome
observable result of achievement of a specified process attribute
3.4.5
process attribute rating
judgement of the degree of achievement of the process attribute for the assessed process
3.4.6
process measurement framework
schema for use in characterizing a process quality characteristic of an implemented process
3.4.7
process performance
extent to which the execution of a process achieves its purpose
3.4.8
process quality
ability of a process to satisfy stated and implied stakeholder needs when used in a specified context
3.4.9
process quality characteristic
measurable aspect of process quality; category of process attributes that are significant to process quality
Note 1 to entry: In order to simplify terminology, in terms related to process quality characteristics (e.g. 3.2.19,
3.3.14, 3.3.15, 3.4.10), the term “process quality” is used. In specific contexts, an identifier of the specific process
quality characteristic will be used.
Note 2 to entry: Process quality characteristics include properties of processes such as process capability,
efficiency, effectiveness, security, integrity, and sustainability.
3.4.10
process quality level
point on a scale of achievement of a process quality characteristic derived from the process attribute
ratings for an assessed process
4 Structure of the set of Standards
The ISO/IEC 330xx family of Standards covering the domain of process assessment are based on a view
of assessment that establishes an architecture of three components:
— Process models that define processes, the entities that are the subject of assessment;
— Process measurement frameworks that provide scales for evaluating specified process quality
characteristics (for example, capability) of the entities (processes); and
— Documented assessment processes that provide a specification of the process to be followed in
conducting assessments.
For each component, the set of Standards (as a whole) provides a common terminology; a set of normative
requirements defining conformance to the Standard; examples of the entities specified in the standards set
(process models, process measurement frameworks, and documented assessment processes); and guidance
of varying forms on each of the components. The structure of the set of Standards is shown in Figure 1. In
[18]
this Figure, the scheme developed by Moore is used
...