ISO/IEC 15504-1:2004

INTERNATIONAL ISO/IEC
STANDARD 15504-1
First edition
2004-11-01


Information technology — Process
assessment —
Part 1:
Concepts and vocabulary
Technologies de l'information — Évaluation des procédés —
Partie 1: Concepts et vocabulaire





Reference number
ISO/IEC 15504-1:2004(E)
©
ISO/IEC 2004

---------------------- Page: 1 ----------------------
ISO/IEC 15504-1:2004(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


©  ISO/IEC 2004
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2004 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 15504-1:2004(E)
Contents Page
Foreword. iv
Introduction . v
1 Scope. 1
2 Normative references. 1
3 Terms and definitions. 1
4 Concept. 7
4.1 General. 7
4.1.1 Purpose and benefits. 7
4.1.2 Field of application . 8
4.1.3 Components of ISO/IEC 15504. 9
4.1.4 Relationship to other International Standards. 12
4.2 The assessment framework. 13
4.2.1 The context of assessment process . 13
4.2.2 Assessment indicators. 14
4.3 Competency of assessors. 14
4.4 Process improvement context. 15
4.5 Process capability determination context. 16
5 Conformance. 17
Annex A (informative) Classified terms and definitions. 18
A.1 Model architecture terms . 18
A.2 Process terms. 18
A.3 Measurement framework terms. 18
A.4 Assessment process terms . 19
A.5 Assessor terms. 19
A.6 Process improvement terms. 19
A.7 Process capability determination terms. 19

Figures and Tables
Figure 1 — Process Assessment Relationship. 8
Figure 2 — Components of ISO/IEC 15504. 10
Figure 3 — Overview of relationship of elements of ISO/IEC 15504. 12
Figure 4 — The major elements of the assessment process . 13
Figure 5 — Process Assessment Model relationships . 14
Figure 6 — Process improvement. 15
Figure 7 — Process capability determination. 16

Table 1 — Readership of ISO/IEC 15504. 10

© ISO/IEC 2004 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 15504-1:2004(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 15504-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and system engineering.
This edition cancels and replaces ISO/IEC TR 15504-1:1998 and ISO/IEC TR 15504-9:1998, which have
been technically revised.
ISO/IEC 15504 consists of the following parts, under the general title Information technology — Process
assessment:
— Part 1: Concepts and vocabulary
— Part 2: Performing an assessment
— Part 3: Guidance on performing an assessment
— Part 4: Guidance on use for process improvement and process capability determination
The following part is in preparation:
— Part 5: An exemplar Process Assessment Model
The complete series will replace ISO/IEC TR 15504-1 to ISO/IEC TR 15504-9.
iv © ISO/IEC 2004 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 15504-1:2004(E)
Introduction
This part of ISO/IEC 15504 provides a general introduction to the concepts of process assessment and a
glossary for assessment related terms.
ISO/IEC 15504-2 sets out the minimum requirements for performing an assessment that ensure consistency
and repeatability of the ratings. The requirements help to ensure that the assessment output is self-consistent
and provides evidence to substantiate the ratings and to verify compliance with the requirements.
ISO/IEC 15504-3 provides guidance for interpreting the requirements for performing an assessment.
ISO/IEC 15504-4 identifies process assessment as an activity that can be performed either as part of a
process improvement initiative or as part of a capability determination approach. The purpose of process
improvement is to continually improve the organization’s effectiveness and efficiency. The purpose of process
capability determination is to identify the strengths, weaknesses and risks of selected processes with respect
to a particular specified requirement through the processes used and their alignment with the business need.
ISO/IEC 15504-5 contains an exemplar Process Assessment Model that is based upon the Process
Reference Model defined in ISO/IEC 12207 Amd 1 Annex F and Amd 2. An assessment is carried out utilizing
conformant Process Assessment Model(s) related to one or more conformant or compliant Process Reference
Models.

© ISO/IEC 2004 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO/IEC 15504-1:2004(E)

Information technology — Process assessment —
Part 1:
Concepts and vocabulary
1 Scope
This part of ISO/IEC 15504 provides overall information on the concepts of process assessment and its use in
the two contexts of process improvement and process capability determination. It describes how the parts of
the suite fit together, and provides guidance for their selection and use. It explains the requirements contained
within ISO/IEC 15504, and their applicability to performing assessments.
Readers of this guide should familiarize themselves with the terminology and structure of the document suite,
and then reference the appropriate parts of the suite for the context in which they propose to conduct an
assessment. A more detailed description of the use of ISO/IEC 15504 is given in clause 4.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 9000:2000, Quality management systems — Fundamentals and vocabulary
ISO/IEC 2382-1:1993, Information technology — Vocabulary — Part 1: Fundamental terms
ISO/IEC 2382-20:1990, Information technology — Vocabulary — Part 20: System development
ISO/IEC 12207:1995, Amd 1:2002, Amd 2:2004. Information technology — Software life cycle processes
ISO/IEC 15288:2002, Systems engineering — System life cycle processes
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 9000, ISO/IEC 2382-1,
ISO/IEC 2382-20, ISO/IEC 12207 and ISO/IEC 15288 and the following apply.
3.1
acquirer
the stakeholder that acquires or procures a product or service from a supplier
[ISO/IEC 15288]
NOTE Other terms commonly used for an acquirer are buyer, customer, purchaser. The acquirer may at the same
time be the owner, user or operating organization.
© ISO/IEC 2004 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/IEC 15504-1:2004(E)
3.2
assessed capability
the output of one or more relevant process assessments conducted in accordance with the provisions of
ISO/IEC 15504
3.3
assessment constraints
restrictions placed on the use of the assessment outputs and on the assessment team's freedom of choice
regarding the conduct of the assessment
3.4
assessment indicator
sources of objective evidence used to support the assessors’ judgement in rating process attributes
EXAMPLE Work products, practice, or resource
3.5
assessment input
information required before a process assessment can commence
3.6
assessment instrument
a tool or set of tools that is used throughout an assessment to assist the assessor in evaluating the
performance or capability of processes, in handling assessment data and in recording the assessment results
3.7
assessment output
all of the tangible results from an assessment (see assessment record)
3.8
assessment participant
an individual who has responsibilities within the scope of the assessment
NOTE Examples include but are not limited to the assessment sponsor, assessors, and organizational unit members.
3.9
assessment process
a determination of the extent to which the organization's standard processes contribute to the achievement of
its business goals and to help the organization focus on the need for continuous process improvement
[ISO/IEC 12207 Amd 1]
3.10
assessment purpose
a statement, provided as part of the assessment input, which defines the reasons for performing the
assessment
3.11
assessment record
an orderly, documented collection of information which is pertinent to the assessment and adds to the
understanding and verification of the process profiles generated by the assessment
3.12
assessment scope
a definition of the boundaries of the assessment, provided as part of the assessment input, encompassing the
organizational limits of the assessment, the processes to be included, and the context within which the
processes operate (see process context)
2 © ISO/IEC 2004 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC 15504-1:2004(E)
3.13
assessment sponsor
the individual or entity, internal or external to the organizational unit being assessed, who requires the
assessment to be performed, and provides financial or other resources to carry it out
3.14
assessment team
one or more individuals who jointly perform a process assessment
3.15
assessor
an individual who participates in the rating of process attributes
NOTE An assessor is either a competent assessor or a provisional assessor.
3.16
attribute indicator
an assessment indicator that supports the judgement of the extent of achievement of a specific process
attribute
3.17
base practice
an activity that, when consistently performed, contributes to achieving a specific process purpose
3.18
capability dimension
the set of elements in a Process Assessment Model explicitly related to the Measurement Framework for
Process Capability
NOTE The attributes are organized into capability levels, comprising an ordinal scale of process capability.
3.19
capability indicator
an assessment indicator that supports the judgement of the process capability of a specific process
NOTE An attribute indicator is a specific instance of a capability indicator.
3.20
competent assessor
an assessor who has demonstrated the competencies to conduct an assessment and to monitor and verify the
conformance of a process assessment
3.21
defined process
a process that is managed (planned, monitored and adjusted), and tailored from the organization’s set of
standard processes according to the organization’s tailoring guidelines
NOTE A defined process has a maintained process description; and contributes work products, measures, and other
process improvement information to the organization’s process assets. A project’s defined process provides a basis for
planning, performing, and improving the project’s tasks and activities of the project.
3.22
generic practice
an activity that, when consistently performed, contributes to the achievement of a specific process attribute
3.23
indicator
(see assessment indicator)
© ISO/IEC 2004 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/IEC 15504-1:2004(E)
3.24
objective evidence
data supporting the existence or verity of something
NOTE Objective evidence may be obtained through observation, measurement, test, or other means.
[ISO 9000:2000]
3.25
organizational unit
that part of an organization that is assessed
NOTE 1 An organizational unit deploys one or more processes that have a coherent process context and operates
within a coherent set of business goals.
NOTE 2 An organizational unit is typically part of a larger organization, although in a small organization, the
organizational unit may be the whole organization. An organizational unit may be, for example:
 a specific project or set of (related) projects;
 a unit within an organization focused on a specific lifecycle phase (or phases) such as acquisition, development,
maintenance or support;
 a part of an organization responsible for all aspects of a particular product or product set.
3.26
performance indicator
an assessment indicator that supports the judgement of the process performance of a specific process
NOTE A performance indicator is an attribute indicator for Process Attribute 1.1 for a specific process. (See
ISO/IEC 15504-2.)
3.27
practice
an activity that contributes to the purpose or outcomes of a process or enhances the capability of a process
3.28
process
set of interrelated or interacting activities which transforms inputs into outputs
[ISO 9000]
3.29
process assessment
a disciplined evaluation of an organizational unit’s processes against a Process Assessment Model
3.30
Process Assessment Model
a model suitable for the purpose of assessing process capability, based on one or more Process Reference
Models
3.31
process attribute
a measurable characteristic of process capability applicable to any process
3.32
process attribute rating
a judgement of the degree of achievement of the process attribute for the assessed process
3.33
process capability
a characterization of the ability of a process to meet current or projected business goals
4 © ISO/IEC 2004 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC 15504-1:2004(E)
3.34
process capability determination
a systematic assessment and analysis of selected processes within an organization against a target capability,
carried out with the aim of identifying the strengths, weaknesses and risks associated with deploying the
processes to meet a particular specified requirement
3.35
process capability determination sponsor
the individual or entity, internal or external to the organizational unit being assessed, who requires the process
capability determination to be performed, and provides financial or other resources to carry it out
3.36
process capability level
a point on the six-point ordinal scale (of process capability) that represents the capability of the process; each
level builds on the capability of the level below
3.37
process capability level rating
a representation of the achieved process capability level derived from the process attribute ratings for an
assessed process
3.38
process context
the set of factors, documented in the assessment input, that influence the judgment, comprehension and
comparability of process attribute ratings
3.39
process dimension
the set of elements in a Process Assessment Model explicitly related to the processes defined in the relevant
Process Reference Model(s)
NOTE The processes may be grouped based on different criteria. For example in 15504-5 they are grouped into
categories of related activities
3.40
process improvement
actions taken to change an organization's processes so that they more effectively and/or efficiently meet the
organization's business goals
3.41
process improvement programme
all the strategies, policies, goals, responsibilities and activities concerned with the achievement of specified
improvement goals
NOTE A process improvement programme can span more than one complete cycle of process improvement.
3.42
process improvement project
any subset of the process improvement programme that forms a coherent set of actions to achieve a specific
improvement
3.43
process improvement sponsor
the individual or entity, internal or external to the organizational unit being assessed, who requires the process
improvement to be performed, and provides financial or other resources to carry it out
3.44
process outcome
an observable result of a process
NOTE An outcome is an artefact, a significant change of state or the meeting of specified constraints.
© ISO/IEC 2004 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO/IEC 15504-1:2004(E)
3.45
process performance
the extent to which the execution of a process achieves its purpose
3.46
process profile
the set of process attribute ratings for an assessed process
3.47
process purpose
the high level measurable objectives of performing the process and the likely outcomes of effective
implementation of the process
3.48
Process Reference Model
a model comprising definitions of processes in a life cycle described in terms of process purpose and
outcomes, together with an architecture describing the relationships between the processes
3.49
provisional assessor
a person who has the skills and competencies to carry out assessments under the guidance and supervision
of a competent assessor
3.50
standard process
the set of definitions of the basic processes that guide all processes in an organization
NOTE 1 These process definitions cover the fundamental process elements (and their relationships to each other) that
must be incorporated into the defined processes that are implemented in projects across the organization. A standard
process establishes consistent activities across the organization and is desirable for long-term stability and improvement.
NOTE 2 The organization’s set of standard processes describes the fundamental process elements that will be part of
the projects’ defined processes. It also describes the relationships (for example, ordering and interfaces) between these
process elements.
3.51
supplier
an organization or an individual that enters into an agreement with the acquirer for the supply of a product or
service
[ISO/IEC 15288]
3.52
tailoring guideline
instructions that enable an organization to adapt the process description of standard processes appropriately
to meet specific needs
NOTE 1 Tailoring a process adapts the process description for a particular end. For example, a project creates its
defined process by tailoring the organization’s set of standard processes to meet the objectives, constraints, and
environment of the project. The organization’s set of standard processes is described at a general level that may not be
directly usable to perform a process. Tailoring guidelines aid those who establish the defined processes for specific needs.
NOTE 2 Tailoring guidelines describe what can and cannot be modified and identify process components that are
candidates for modification.
3.53
tailored process
a defined process developed by tailoring a standard process definition
6 © ISO/IEC 2004 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC 15504-1:2004(E)
3.54
target capability
the process capability which the process capability determination sponsor judges will represent an acceptable
process risk to the successful implementation of the specified requirement
3.55
work product
an artefact associated with the execution of a process
[ISO 9000]
NOTE There are four generic product categories, as follows: services (e.g. operation); software (e.g. computer
program, documents, information, contents); hardware (e.g. computer, device); processed materials.
4 Concept
4.1 General
4.1.1 Purpose and benefits
ISO/IEC 15504 provides a structured approach for the assessment of processes for the following purposes:
 by or on behalf of an organization with the objective of understanding the state of its own processes for
process improvement;
 by or on behalf of an organization with the objective of determining the suitability of its own processes for
a particular requirement or set of requirements;
 by or on behalf of one organization with the objective of determining the suitability of another
organization's processes for a particular contract or set of contracts.
The framework for process assessment:
 facilitates self-assessment;
 provides a basis for use in process improvement and capability determination;
 takes into account the context in which the assessed process is implemented;
 produces a process rating;
 addresses the ability of the process to achieve its purpose;
 is appropriate across all application domains and sizes of organization;
 may provide an objective benchmark between organizations.
One method for an organization to improve product quality is through the use of a proven, consistent and
reliable method for assessing the state of its processes and using the results as part of a coherent
improvement programme.
The use of process assessment within an organization should encourage:
 the culture of continuous improvement and the establishment of the proper mechanisms to support and
maintain that culture;
 the engineering of processes to meet business requirements;
 the optimisation of resources.
© ISO/IEC 2004 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO/IEC 15504-1:2004(E)
Through this, the organization is expected to become a capable organization that maximizes their
responsiveness to customer and market requirements, minimizes the full life-cycle costs of their products and
as a result maximize end-user satisfaction.
Acquirers may benefit from the use of process assessment. Its use in capability determination can:
 reduce uncertainties in selecting suppliers by enabling the risks associated with the contractor's capability
to be identified before award of contract;
 enable appropriate controls to be put in place for risk containment;
 provide a quantified basis for choice in balancing business needs, requirements and estimated project
cost against the capability of competing suppliers.
The major benefits of a standardized approach to process assessment, are, that it will:
 provide a public, shared approach for process assessment;
 lead to a common understanding of the use of process assessment for process improvement and process
capability determination;
 facilitate capability determination in procurement;
 be controlled and regularly reviewed in the light of experience of use;
 be changed only by international consensus;
 encourage harmonization of existing schemes.
The approach to process assessment defined in ISO/IEC 15504 is designed to provide a basis for a common
approach to describing the results of process assessment, allowing for some degree of comparison of
assessments based upon different but compatible models and methods. The sophistication and complexity
required of a process is dependent upon its context. For instance, the planning required for a five person
project team is much less than for a fifty person team. This context affects how a competent assessor judges
a practice when assessing its adequacy and influences the degree of comparability between process profiles.
4.1.2 Field of application
Process assessment has two principal contexts for its use, as shown diagrammatically in Figure 1.
Process
Assessment
leads to leads to
can invoke
Process
Process
Capability
Improvement
motivates
Determination

Figure 1 — Process assessment relationship
8 © ISO/IEC 2004 – All rights reserved

---------------------- Page: 13 ----------------------
ISO/IEC 15504-1:2004(E)
Within a process improvement context, process assessment provides the means of characterizing the current
practice within an organizational unit in terms of the capability of the selected processes. Analysis of the
results identifies strengths, weaknesses and risks inherent in the processes. These provide the drivers for
prioritizing improvements to processes.
Process capability determination is concerned with analysing the proposed capability of selected processes
against a target process capability profile in order to identify some of the risks involved in undertaking a
project using the selected processes. The proposed capability may be based on the results of relevant
previous process assessments, or may be based on an assessm
...