Information technology — Process assessment — An integrated process capability assessment model for Enterprise processes

ISO/IEC 33071:2016 defines an integrated process assessment model for enterprise processes (process assessment model) for use in performing a conformant assessment of process capability in accordance with the requirements of ISO/IEC 33002. The process assessment model integrates and harmonizes existing standards, as determined by stakeholders, and provides in a single document a process reference model and process assessment model that addresses broad enterprise processes and which provide an efficient and effective mechanism for assessing and improving processes deployed across an enterprise. NOTE: Copyright release: Users of ISO/IEC 33071:2016 may reproduce subclauses 6.1 to 6.5 and 7.1 to 7.2 as part of any tool or other material to support the performance of process assessments, so that it can be used for its intended purpose.

Technologies de l'information — Évaluation des processus — Modèle d'évaluation de la capacité des processus intégrés pour les processus d'entreprise

General Information

Status
Published
Publication Date
19-Oct-2016
Current Stage
9060 - Close of review
Start Date
04-Jun-2027
Ref Project

Buy Standard

Standard
ISO/IEC 33071:2016 - Information technology -- Process assessment -- An integrated process capability assessment model for Enterprise processes
English language
162 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 33071
First edition
2016-10-15
Information technology — Process
assessment — An integrated process
capability assessment model for
Enterprise processes
Technologies de l’information — Évaluation des processus — Modèle
d’évaluation de la capacité des processus intégrés pour les processus
d’entreprise
Reference number
ISO/IEC 33071:2016(E)
©
ISO/IEC 2016

---------------------- Page: 1 ----------------------
ISO/IEC 33071:2016(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 33071:2016(E)
Contents Page
Foreword . v
About Enterprise SPICE . vi
Introduction . vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 General . 1
5 Process assessment model architecture . 2
5.1 Two dimensional model . 2
5.2 Assessment indicators . 3
6 The process dimension and process performance indicators . 4
6.1 General . 4
6.2 Governance/Management Category . 6
6.2.1 Enterprise Governance . 6
6.2.2 Investment Management. 9
6.2.3 Human Resource Management . 11
6.2.4 Enterprise Architecture . 14
6.2.5 Business Relationship Management . 16
6.2.6 Supplier Agreement Management . 17
6.2.7 Tendering . 20
6.2.8 Project Management . 23
6.2.9 Risk Management . 27
6.3 Life Cycle Category . 30
6.3.1 Needs . 30
6.3.2 Requirements . 33
6.3.3 Design . 35
6.3.4 Design Implementation . 37
6.3.5 Integration . 38
6.3.6 Evaluation . 40
6.3.7 Deployment and Disposal. 43
6.3.8 Operation and Support . 45
6.4 Support Category . 47
6.4.1 Alternatives Analysis . 47
6.4.2 Measurement and Analysis . 49
6.4.3 Quality Assurance and Management . 52
6.4.4 Change and Configuration Management . 55
6.4.5 Information Management . 58
6.4.6 Knowledge Management . 61
6.4.7 Training. 63
6.4.8 Research and Innovation . 66
6.4.9 Work Environment . 69
6.4.10 Process Definition . 71
6.4.11 Process Improvement . 74
6.5 Special Applications . 77
6.5.1 Safety and Security . 77
7 The capability dimension and process capability indicators . 81
7.1 Process capability Level 0: Incomplete process . 82
7.2 Process capability Level 1: Performed process . 82
© ISO/IEC 2016 — All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 33071:2016(E)
Annex A (informative) Conformity of the process reference model and process assessment
model with ISO/IEC 33004 requirements .83
A.1 Introduction .83
A.2 Conformance of the process reference model with ISO/IEC 33004 Clause 5 .83
A.3 Conformance of the process assessment model with ISO/IEC 33004 Clause 6 .86
Annex B (informative) Application and use of the process assessment model .90
B.1 Relationship to other standards and models .90
B.2 Contexts of Use .91
B.3 Support for Assessment and Process Improvement .92
Annex C (informative) Relationship Tables .95
Annex D (informative) High-level Mapping Tables . 108
Annex E (informative) Project Participants . 145
E.1 Sponsor . 145
E.2 Advisory Board . 145
E.2.1 Current Advisory Board Members . 145
E.2.2 Previous Advisory Board Members (other than those on current Advisory Board) . 145
E.3 Project Leader . 146
E.4 Architecture Team . 146
E.4.1 Current Members . 146
E.4.2 Previous Members (other than those on current team) . 146
E.5 Author Team . 146
E.6 Buddies and Key Early Reviewers . 147
E.7 Editorial Team . 147
E.8 General Reviewers . 148
E.9 Project Stakeholders . 148
Bibliography . 153
1 Enterprise SPICE Sources . 153
2 Enterprise SPICE References . 155
3 [iCMM] Sources and References . 156
4 [iCMM-SS] Sources and References . 158
4.1 Safety Source Standards . 158
4.2 Security Source Standards . 158
4.3 Other Safety and Security References . 158
4.3 Work Environment Sources and References . 159
5 [iCMM] Source Change Annotations . 159
6 Enterprise SPICE post publication references . 160
iv © ISO/IEC 2016 — All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 33071:2016(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of
document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on the ISO
list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
®
Enterprise SPICE is a Registered Trademark.
The following trademarks are referenced in this document.
®
 ITIL is a Registered Trade Mark of AXELOS.
®
 COBIT is a Registered Trade Mark of the Information Systems Audit and Control Association (ISACA)
and the IT Governance Institute (ITGI).
®
 CMMI, CMM, P-CMM, and Capability Maturity Model are registered in the U.S. Patent and Trademark
Office by Carnegie Mellon University.
TM
  ,
 Val IT IT Governance Institute (ITGI) and Information Systems Audit and Control Association (ISACA).
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
ISO/IEC 33071 was prepared by SPICE User Group and was adopted, under the PAS procedure, by Joint
Technical Committee ISO/IEC JTC 1, Information technology, in parallel with its approval by national bodies of
ISO and IEC.
© ISO/IEC 2016 — All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 33071:2016(E)
About Enterprise SPICE
The process community recognized the need for an integrated standards-based enterprise process
assessment model and requested an international activity to develop such a model. The initiative was first
proposed and discussed at SPICE 2006 conference in Luxembourg and formally launched at SPICE 2007
conference in Seoul, Korea.
A call for participation resulted in the community signing up to support the project in various roles (e.g.
advisory board member, author, reviewer, and assessor). Over 120 project team members from 31 different
countries participated in developing the Enterprise SPICE integrated process assessment model for enterprise
processes (Enterprise SPICE process assessment model).
The Enterprise SPICE project is hosted by the SPICE User Group, and it is governed by a 15 member
Advisory Board voted in by the project stakeholders every two years. The Advisory Board has reserved seats
for representatives from various geographical regions, for the SPICE User Group, and for the SPICE
Academy. The Enterprise SPICE project is guided by the Enterprise SPICE strategy, which identifies goals,
objectives and activities, and is led by an International Project Leader who coordinates several authoring
teams. A charter governs the working of the Advisory Board.
The Enterprise SPICE process assessment model was developed and released in review cycles. In 2008, the
project team developed the draft process reference model, providing a description of the proposed
architecture/high-level relationship of processes, the names, purposes, and outcomes for those processes,
and a list of the sources and references integrated to develop each process. All process reference model
review comments were adjudicated, and accepted comments were included in the next major review cycle
which provided a draft process assessment model. This 2009 release of the process assessment model
elaborated the process reference model with indicators (base practices and work products), a new section on
relationship notes, plus a detailed mapping table for all processes indicating the sources and references
integrated at the purpose, outcome, and base practice level. All comments were adjudicated by the project
team and approved comments are reflected in Enterprise SPICE® An Integrated Model for Enterprise-wide
Assessment and Improvement, Technical Report – Issue 1, The Enterprise SPICE Project Team, September
2010. This document which provides an integrated process capability assessment model for enterprise
processes is based on that Technical Report.
The public website for information about the Enterprise SPICE project is: www.enterprisespice.com.
vi © ISO/IEC 2016 — All rights reserved

---------------------- Page: 6 ----------------------
ISO/IEC 33071:2016(E)
Introduction
This document provides an integrated process capability assessment model for enterprise processes (process
assessment model) that integrates and harmonizes selected process models and standards into a single
enterprise improvement model. By bringing together best practices from several disciplines and several
models and standards into a comprehensive improvement model, this document provides an efficient effective
mechanism for assessing and improving processes deployed across a typical, large or small, enterprise.
This document provides the following benefits to stakeholders:
 Single Unified Model: the model integrates practices from the widely recognized standards and sources
of best practice; no need to use many separate standards and models concurrently - they are
consolidated into a single unified model
 Pick and Choose: select from the model those areas relevant to your business needs
 Authoritative: provides best guidance available drawn from widely recognized standards and sources,
with detailed mapping tables tracing each practice to sources if further information is desired/required
 Comprehensive: addresses a broad, and expanding, range of disciplines
 Synergized: the sources are integrated, harmonized, and synergized; each source contributes important
perspectives
 Reduced Costs:
 Training on one model, not several
 Improvement using one model, not several, leading to simultaneous improvement vs. all sources;
compliant processes address best practice from multiple standards concurrently
 Avoids duplication of effort
 Appraisals vs. one model, not several, leading to simultaneous multiple ratings/ certification if desired,
assuming required assessment practices are followed
 Enhanced Effectiveness via Integrated Guidance:
 For all levels from enterprise to team processes
 For large or small business units
 Across disciplines for multidisciplinary teams
 Aligns business and technical processes
 Across all product and service life cycle phases/activities
 Improvement initiatives can be aligned across the enterprise
 Conformity Assessment: conformity assessment services from accredited bodies.
© ISO/IEC 2016 — All rights reserved vii

---------------------- Page: 7 ----------------------
ISO/IEC 33071:2016(E)
This document can be used by any enterprise or organization that seeks to improve its business performance
in an integrated way. Both large and small enterprises can use the model and reap the benefits outlined
above. Individuals can use the model to get an overview of best practices and to understand how various
standards and models fit together.
viii © ISO/IEC 2016 — All rights reserved

---------------------- Page: 8 ----------------------
INTERNATIONAL STANDARD ISO/IEC 33071:2016(E)
Information technology — Process assessment — An
integrated process capability assessment model for Enterprise
processes
1 Scope
This document defines an integrated process assessment model for enterprise processes (process
assessment model) for use in performing a conformant assessment of process capability in accordance with
the requirements of ISO/IEC 33002.
The process assessment model integrates and harmonizes existing standards, as determined by stakeholders,
and provides in a single document a process reference model and process assessment model that addresses
broad enterprise processes and which provide an efficient and effective mechanism for assessing and
improving processes deployed across an enterprise.
NOTE: Copyright release: Users of this document may reproduce subclauses 6.1 to 6.5 and 7.1 to 7.2 as part of any tool
or other material to support the performance of process assessments, so that it can be used for its intended purpose.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 33001:2014, Information technology — Process assessment — Concepts and terminology
ISO/IEC 33004:2014, Information technology — Process assessment — Requirements for process reference,
process assessment and maturity models
ISO/IEC 33020:2014, Information technology — Process assessment — Process measurement framework for
assessment of process capability
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 33001 and ISO/IEC 33020
apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
4 General
The Enterprise SPICE process assessment model which forms the basis for this integrated process capability
assessment model for enterprise processes (process assessment model) was built on an existing baseline
® ®
enterprise model, the Federal Aviation Administration (FAA) integrated Capability Maturity Model (iCMM )
© ISO/IEC 2016 — All rights reserved 1

---------------------- Page: 9 ----------------------
ISO/IEC 33071:2016(E)
v2.0, which integrated a set of disciplines and source standards/models. Additional disciplines and sources
were identified via a formal survey of stakeholders. These were then vetted against a set of criteria and a
smaller set chosen for integration into the Enterprise SPICE process assessment model.
Criteria for discipline selection
 Priority criticality, importance or urgency for inclusion (should this be in first release (high), next set of
disciplines (medium), sometime in future (low)?)
 Relevance to enterprise operations and success (how relevant is this to your business?)
 Perceived need, value or risk reduction for including this discipline in enterprise assessments (does
this discipline need to be assessed? will risks to enterprise success be reduced by including this
discipline? how valuable to the enterprise will assessments be with respect to this discipline?)
 Existence/maturity of process standards and best practices in the discipline (does this discipline have
mature best practices?)
 Compliance requirements regarding these disciplines in stakeholder enterprises (do you need to comply
with requirements regarding this discipline?)
Criteria for source material selection
 Only major, essential, widely-recognized process standards/models/documents should be selected as
source* documents (others may be useful reference** documents).
 The number of sources for a discipline should be limited to 3 to 5 for a given area.
 Process source documents should be generic rather than method specific improvement approaches (i.e.
sources indicate what, not how).
* Source documents are documents from which the process descriptions are derived. Mapping of the
processes to source practices is required, along with coverage of source documents, at an appropriate level of
detail.
** Reference documents are documents identified as useful in developing best practice in certain areas, but
full coverage and detailed mapping are not required.
The Enterprise SPICE process assessment model addresses the following disciplines by integrating the
following sources.
Disciplines: enterprise management, investment management, general management, service management,
human resource management, acquisition, quality management systems, full lifecycle engineering for
products and services, knowledge management, environment, safety and security, and core supporting
disciplines
Sources: FAA-iCMM (baseline model, integrating ISO 9001, ISO/IEC 12207, ISO/IEC 15288, ISO/IEC 15504,
®
Malcolm Baldrige National Quality Award, CMMI , EIA 731, previous CMMs, MIL-STD-882C, MIL-STD-882D,
®
IEC 61508: DEF STAN 00-56, ISO 17799, ISO 15408, ISO/IEC 21827, NIST 800-30); plus: ITIL ; ISO/IEC
®
20000; CobIT ; People-CMM (P-CMM®); ITIM, ISO 14000. Additional references include ISO 31000, eSCM-
CL, eSCM-SP, PMI Standard for Portfolio Management, PMBOK, and FEA Practice Guidance.
See Bibliography for a full description of all the above sources and references.
5 Process assessment model architecture
5.1 Two dimensional model
This process assessment model is structured as a two-dimensional model of process capability containing a
process dimension and a capability dimension.
The process dimension includes the process descriptions, purpose and outcomes of the processes from a
process reference model. This process assessment model provides the defined process reference model as
an integral part the process dimension in the process assessment model.
2 © ISO/IEC 2016 — All rights reserved

---------------------- Page: 10 ----------------------
ISO/IEC 33071:2016(E)
The capability dimension includes a set of process capability levels and process attributes. A process attribute
is a feature of a process that can be evaluated on a scale of achievement, providing a measure of the
capability of any process. The capability dimension of this process assessment model incorporates the
measurement framework for process capability as defined in ISO/IEC 33020 for process Capability Levels 0
and 1.
Note that this process assessment model is a process capability model, not an maturity model, and does not
describe staging or ordering of processes or practices.
This process assessment model expands upon the process reference model and process measurement
framework for assessing process by including a defined set of assessment indicators. Assessment indicators
comprise indicators of process performance and process capability and are defined to support an assessor’s
judgment of the performance and capability of an implemented process.
ISO/IEC 33004 specifies requirements for conformance of process reference models and process assessment
models. Statements of conformance of the process reference model and the process assessment model to
ISO/IEC 33004 requirements are provided in Annex A: Conformity of the process reference model and
process assessment model with ISO/IEC 33004 Requirements.
There are 29 processes in the model which are grouped into three Process Categories and one Special
Applications Area. The process categories and special application area are described below.
Governance/Management The governance/management category
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.