ISO/IEC TS 33064:2025

Technical
Specification
ISO/IEC TS 33064
First edition
Information technology — Process
2025-10
assessment — Process assessment
model for safety processes
Technologies de l'information — Évaluation des processus —
Modèle d'évaluation des processus pour les processus de sécurité
Reference number
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 The process assessment model . 2
4.1 General .2
4.2 Structure of the process assessment model .3
4.2.1 General .3
4.2.2 Process dimension .3
4.2.3 Quality dimension .4
4.3 Assessment indicators .4
5 The process dimension . 5
5.1 General .5
5.2 Safety processes (SAF) .5
6 The quality dimension . 9
Annex A (informative) Process outputs .11
Annex B (informative) Life cycle guidance .15
Bibliography .21

© ISO/IEC 2025 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
This document cancels and replaces ISO/IEC TS 15504-10:2011, which has been technically revised.
The main changes are as follows:
— all processes, outcomes, base practices and related process outputs and their descriptions are revised;
— this process assessment model includes a process quality attribute of process performance and can be
used with other models of process quality, for instance capability as described in ISO/IEC 33020.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2025 – All rights reserved
iv
Introduction
The documents on process assessment developed by JTC 1/SC 7 (ISO/IEC 33001 to ISO/IEC 33099) define
the requirements and resources needed for process assessment. The overall architecture and content of
these documents is described in ISO/IEC 33001. Several documents on process assessment developed by
JTC 1/SC 7 are intended to replace and extend parts of the ISO/IEC 15504 series.
The published documents on process assessment by JTC 1/SC 7 for systems and software life cycle processes
do not provide a sufficient basis for performing a process quality assessment with respect to the development
of complex safety-related systems.
Developing safety-related systems requires specialized processes, techniques, skills, and experience.
Additional processes are needed in the area of safety management, safety engineering and external resource
qualification. This document presents three process descriptions: safety management, safety engineering
and external resource qualification processes.
A process assessment model is related to one or more process reference models. The extended safety process
reference model is included in this document as descriptions of process purposes and outcomes.
A process assessment model incorporates a process measurement framework conforming to the
requirements of ISO/IEC 33003 and is expressed as a process quality characteristic with a defined set of
process attributes.
A process assessment model includes a set of assessment indicators. Process performance indicators
address the process purpose and outcomes of each process in the process assessment model. Process
quality indicators demonstrate the achievement of the process attributes in the process measurement
framework. These indicators may also provide a reference source of practices when implementing a process
improvement program.
The assessment indicators are used as a basis for collecting objective evidence to support an assessor’s
judgement in assigning ratings of the performance and quality of an implemented process. The set of
indicators defined in this document are not intended to be an all-inclusive set and applicable in its entirety.
Subsets appropriate to the context and scope of the assessment should be selected and potentially augmented
with additional indicators.
A process assessment is conducted according to a documented assessment process. A documented
assessment process identifies the rating method to be used in rating process attributes and identifies or
defines the aggregation method to be used in determining ratings.
ISO/IEC 33020 provides a process measurement framework for the assessment of process capability
which may be incorporated as a process measurement framework in this document. ISO/IEC 33020:2019,
Annex B includes a set of process quality indicators for each process attribute in the process measurement
framework.
© ISO/IEC 2025 – All rights reserved
v
Technical Specification ISO/IEC TS 33064:2025(en)
Information technology — Process assessment — Process
assessment model for safety processes
1 Scope
This document defines a process assessment model for safety processes, conforming to the requirements
of ISO/IEC 33004, for use in performing a process assessment in accordance with the requirements of
ISO/IEC 33002.
This document supports the use of the process assessment models for system and software life cycle
processes (ISO/IEC TS 33060 and ISO/IEC TS 33061) when applied to assessment of processes in the
development of (functional or non-functional) safety related systems in order to make consistent judgment
regarding either process quality or improvement priorities, or both.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 33001, Information technology — Process assessment — Concepts and terminology
ISO/IEC 33003:2015, Information technology — Process assessment — Requirements for process measurement
frameworks
ISO/IEC 33004:2015, Information technology — Process assessment — Requirements for process reference,
process assessment and maturity models
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 33001 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
external resource
resource not developed under project control
Note 1 to entry: External resources include tools, libraries, commercial off-the-shelf (COTS), re-use components.
3.2
hazard
potential source of harm
[SOURCE: ISO/IEC Guide 51:2014, 3.2]

© ISO/IEC 2025 – All rights reserved
3.3
safety criteria
limits of acceptable risk associated with a hazard (3.2)
Note 1 to entry: These limits may be defined as imposed safety targets or developed from analysis or development policy.
3.4
safety demonstration
body of evidence and rationale that shows an item is justified as being safe within allowed limits on risk
Note 1 to entry: For example, this can include that an item was designed and integrated correctly to approved standards
by competent people in accordance with approved procedures with sufficient mitigation and tested sufficiently.
Note 2 to entry: For more information about safety case and assurance case in general, see the ISO/IEC/IEEE 15026 series.
3.5
safety integrity requirement
likelihood of a safety-related system satisfactorily performing the required safety functions under stated
conditions
3.6
safety life cycle
project or product life cycle in which safety processes are performed
3.7
safety requirement
requirement that is needed to ensure the safety of the product
3.8
safety-related incident
incident having an impact on safety
4 The process assessment model
4.1 General
This document provides a basis for a process assessment model (PAM
...