ISO/IEC TR 15504-7:2008
(Main)Information technology — Process assessment — Part 7: Assessment of organizational maturity
Information technology — Process assessment — Part 7: Assessment of organizational maturity
ISO/IEC 15504 provides a framework for the assessment of processes. This framework can be used by organizations involved in planning, managing, monitoring, controlling, and improving the acquisition, supply, development, operation, evolution and support of products and services. ISO/IEC TR 15504-7:2008 defines the conditions for an assessment of organizational maturity; it defines a framework for determining organizational maturity, based upon profiles of process capability derived from process assessment, and defines the conditions under which such assessments are valid. ISO/IEC TR 15504-7:2008, organizational maturity is an expression of the extent to which an organization consistently implements processes within a defined scope that contributes to the achievement of its business goals (current or projected). An Organizational Maturity Model is based upon one or more specified Process Assessment Model(s), and addresses the domains and contexts for use of the Process Reference Model(s) from which the Process Assessment Model(s) are derived. The assessment of organizational maturity is undertaken through the performance of process assessment as specified in ISO/IEC 15504-2. Specific conditions are defined in ISO/IEC TR 15504-7:2008 relating to the process scope of the organizational maturity assessment, the organizational scope of the assessment (which has to be specified as representing the elements characterised by the organizational maturity rating), and the data collection strategy (which needs to ensure that the results of the assessment are representative of the organizational scope). On completion of the assessment, the set of process profiles established for the organization determine the rating of the level of organizational maturity based on the framework defined in ISO/IEC 15504-7, as specified in the relevant Organizational Maturity Model. ISO/IEC TR 15504-7:2008 also contains guidance on implementing the requirements for constructing an Organizational Maturity Model; on performing assessments of organizational maturity; and on the application of organizational maturity ratings for process improvement and capability determination.
Technologies de l'information — Évaluation des procédés — Partie 7: Évaluation de maturité d'organisation
General Information
Relations
Standards Content (Sample)
TECHNICAL ISO/IEC
REPORT TR
15504-7
First edition
2008-12-15
Information technology — Process
assessment —
Part 7:
Assessment of organizational maturity
Technologies de l'information — Évaluation des procédés —
Partie 7: Évaluation de maturité d'organisation
Reference number
ISO/IEC TR 15504-7:2008(E)
©
ISO/IEC 2008
---------------------- Page: 1 ----------------------
ISO/IEC TR 15504-7:2008(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2008
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2008 — All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TR 15504-7:2008(E)
Contents Page
Foreword. v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions. 1
4 A measurement framework for organizational maturity. 2
4.1 Introduction . 2
4.2 A scale for organizational maturity. 3
4.2.1 Level 0 Organization- Immature . 3
4.2.2 Level 1 Organization - Basic. 3
4.2.3 Level 2 Organization – Managed . 3
4.2.4 Level 3 Organization – Established . 4
4.2.5 Level 4 Organization – Predictable . 4
4.2.6 Level 5 Organization – Innovating . 5
4.3 Architecture of an Organizational Maturity Model . 6
4.3.1 Relationship between assessment of process capability and determination of
organizational maturity . 6
4.3.2 Rules for deriving maturity levels from capability levels . 7
4.4 Requirements for an Organizational Maturity Model . 8
4.4.1 Model characteristics . 8
4.4.2 Basic process set . 9
4.4.3 Extended process sets. 9
4.5 Interpreting the requirements for an Organizational Maturity Model. 9
4.6 Guidance on selecting an Organizational Maturity Model. 11
5 Assessing organizational maturity . 12
5.1 Introduction . 12
5.1.1 Class 1 assessment. 12
5.1.2 Class 2 assessment. 12
5.1.3 Class 3 assessment. 12
5.2 The assessment process . 13
5.2.1 General. 13
5.2.2 Planning. 13
5.2.3 Data collection . 13
5.2.4 Data validation . 14
5.2.5 Process attribute and maturity level rating. 14
5.2.6 Reporting . 15
5.3 Roles and responsibilities . 15
5.4 Defining the initial assessment input . 16
5.4.1 General requirements. 16
5.4.2 Assessment purpose. 16
5.4.3 Assessment scope . 16
5.4.4 Class of assessment . 16
5.4.5 Organizational Maturity Model . 16
5.4.6 Roles and responsibilities . 17
5.5 Recording the assessment output. 17
5.5.1 General requirements. 17
5.5.2 Specific requirements – Class 1 and Class 2 assessments. 17
5.6 Guidance on the assessment of organizational maturity. 17
5.6.1 Assessment scope . 17
5.6.2 Assessment sample . 18
© ISO/IEC 2008 — All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC TR 15504-7:2008(E)
6 Guidance in the use of organizational maturity assessment results . 18
6.1 Introduction . 18
6.2 Validity and comparability of results . 19
6.2.1 Class of assessment. 19
6.2.2 Scope of assessment . 19
6.2.3 Independence of the assessment body and assessment team . 19
6.2.4 Assessor qualification. 21
6.2.5 Information available to qualify the assessment result . 21
7 Mechanisms for verification of conformity . 22
7.1 Introduction . 22
7.2 Verifying conformity of Organizational Maturity Models . 22
7.3 Verifying conformity of assessments of organizational maturity. 22
Annex A (informative) An exemplar Organizational Maturity Model . 23
A.1 Introduction . 23
A.2 Content of the exemplar Organizational Maturity Model . 23
A.3 Conformity of the exemplar Organizational Maturity Model. 25
A.3.1 Introduction . 25
A.3.2 Requirements for Organizational Maturity Models (from Clause 4.4) . 25
Annex B (informative) Extensions to Process Reference Model. 27
B.1 Introduction . 27
B.2 Quantitative Performance Management process . 27
B.2.1 Purpose . 27
B.2.2 Outcomes. 27
B.3 Quantitative Process Improvement process. 27
B.3.1 Purpose . 27
B.3.2 Outcomes. 28
Annex C (informative) Extensions to Process Assessment Model. 29
C.1 Introduction . 29
C.2 The Quantitative Management Process Group (QNT). 29
C.2.1 QNT.1 Quantitative Performance Management. 29
C.2.2 QNT.2 Quantitative Process Improvement . 32
C.2.3 Description of additional specific work products. 34
Bibliography . 36
iv © ISO/IEC 2008 — All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC TR 15504-7:2008(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
In exceptional circumstances, the joint technical committee may propose the publication of a Technical Report
of one of the following types:
— type 1, when the required support cannot be obtained for the publication of an International Standard,
despite repeated efforts;
— type 2, when the subject is still under technical development or where for any other reason there is the
future but not immediate possibility of an agreement on an International Standard;
— type 3, when the joint technical committee has collected data of a different kind from that which is
normally published as an International Standard (“state of the art”, for example).
Technical Reports of types 1 and 2 are subject to review within three years of publication, to decide whether
they can be transformed into International Standards. Technical Reports of type 3 do not necessarily have to
be reviewed until the data they provide are considered to be no longer valid or useful.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC TR 15504-7, which is a Technical Report type 2, was prepared by Joint Technical Committee
ISO/IEC JTC 1, Information technology, Subcommittee SC 7, Software and systems engineering.
ISO/IEC 15504 consists of the following parts, under the general title Information technology — Process
assessment:
⎯ Part 1: Concepts and vocabulary
⎯ Part 2: Performing an assessment
⎯ Part 3: Guidance on performing an assessment
⎯ Part 4: Guidance on use for process improvement and process capability determination
⎯ Part 5: An exemplar Process Assessment Model
⎯ Part 6: An exemplar system life cycle process assessment model [Technical Report]
⎯ Part 7: Assessment of organizational maturity [Technical Report]
© ISO/IEC 2008 — All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC TR 15504-7:2008(E)
Introduction
This part of ISO/IEC 15504 defines the conditions for an assessment of organizational maturity; it defines a
framework for determining organizational maturity, based upon profiles of process capability derived from
process assessment, and defines the conditions under which such assessments are valid. Other parts of this
International Standard define and provide guidance on the assessment of process capability.
ISO/IEC 15504-2 sets out the minimum requirements for performing a process assessment that ensure
consistency and repeatability of the ratings. The requirements help to ensure that the assessment output is
self-consistent and provides evidence to substantiate the ratings and to verify compliance with the
requirements.
This part of ISO/IEC 15504 identifies a measurement framework for the assessment of organizational maturity
and the requirements for:
a) constructing Organizational Maturity Models;
b) performing an assessment of organizational maturity;
c) verifying conformity of organizational maturity assessments.
The scope of reference for an assessment of organizational maturity is determined by the Organizational
Maturity Model employed for the assessment.
As defined in this part of ISO/IEC 15504, organizational maturity is an expression of the extent to which an
organization consistently implements processes within a defined scope that contributes to the achievement of
its business goals (current or projected). An Organizational Maturity Model is based upon one or more
specified Process Assessment Model(s), and addresses the domains and contexts for use of the Process
Reference Model(s) from which the Process Assessment Model(s) are derived.
The assessment of organizational maturity is undertaken through the performance of process assessment as
specified in ISO/IEC 15504-2. Specific conditions are defined in this part of ISO/IEC 15504 relating to the
process scope of the organizational maturity assessment, the organizational scope of the assessment (which
has to be specified as representing the elements characterised by the organizational maturity rating), and the
data collection strategy (which needs to ensure that the results of the assessment are representative of the
organizational scope). On completion of the assessment, the set of process profiles established for the
organization determine the rating of the level of organizational maturity based on the framework defined in this
part of ISO/IEC 15504, as specified in the relevant Organizational Maturity Model.
This part of ISO/IEC 15504 also contains guidance on implementing the requirements for constructing an
Organizational Maturity Model; on performing assessments of organizational maturity; and on the application
of organizational maturity ratings for process improvement and capability determination.
This part of ISO/IEC 15504 is published as a Technical Report Type 2, to enable experience in the use of the
approach to assessment of organizational maturity to be gained. In future revisions of this International
Standard, it is likely that the content of this part will be distributed across the complete document set.
vi © ISO/IEC 2008 — All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL REPORT ISO/IEC TR 15504-7:2008(E)
Information technology — Process assessment —
Part 7:
Assessment of organizational maturity
1 Scope
This part of ISO/IEC 15504 addresses the expression of the results of assessment of processes in terms of
the overall maturity of an organizational unit, and the application of the results of assessment of organizational
maturity for process improvement and capability determination. It defines the conditions under which the
results of conformant assessments of process capability determine the expressions of organizational maturity,
ensuring that the results are objective, impartial, consistent, repeatable, comparable and representative of the
assessed organizational units.
This part of ISO/IEC 15504 provides a structured approach for the assessment of organizational maturity for
the following purposes:
⎯ by or on behalf of an organization with the objective of understanding the status of its organizational
maturity for process improvement;
⎯ by or on behalf of an organization with the objective of determining the suitability of its organizational
maturity for a particular requirement or class of requirements;
⎯ by or on behalf of one organization with the objective of determining the suitability of another
organization's processes for a particular contract or class of contracts.
NOTE Copyright release: Users of this part of ISO/IEC 15504 may freely reproduce relevant material as part of any
Organizational Maturity Model, or as part of any demonstration of conformance with this International Standard, so that it
can be used for its intended purpose.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 15504-1:2004, Information technology — Process assessment — Part 1: Concepts and vocabulary
ISO/IEC 15504-2:2003, Information technology — Process assessment — Part 2: Performing an assessment
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 15504-1 and the following apply.
© ISO/IEC 2008 — All rights reserved 1
---------------------- Page: 7 ----------------------
ISO/IEC TR 15504-7:2008(E)
3.1
Organizational Maturity Model
model, derived from one or more specified Process Assessment Model(s), that identifies the process sets
associated with each of the levels in the scale of organizational maturity
3.2
organizational maturity
extent to which an organization consistently implements processes within a defined scope that contributes to
the achievement of its business goals (current or projected)
NOTE The defined scope is that of the specified Organizational Maturity Model.
3.3
(organizational) maturity level
point on the ordinal scale of organizational maturity that characterises the maturity of the organization in the
scope of the organizational maturity model used; each level builds on the maturity of the level below
NOTE The organizational maturity level is determined from the organization's set of Process Profiles.
3.4
basic process set
set of processes that ensure the achievement of maturity level 1
NOTE A basic process set will include a minimum set of processes, together with additional and optional processes
determined by the organizational context for the assessment.
3.5
extended process set
set of processes specific to a maturity level higher than maturity level 1 that ensures the achievement of the
relevant process attributes
NOTE An extended process set will include a minimum set of processes, together with additional and optional
processes determined by the organizational context for the assessment.
3.6
process instance
single specific and identifiable implementation of a process
3.7
assessment body
body that performs an assessment
NOTE 1 A body may be an organization, or part of an organization.
NOTE 2 Adapted from ISO/IEC 17020:1998.
4 A measurement framework for organizational maturity
4.1 Introduction
This clause of ISO/IEC 15504-7 defines a measurement framework for the assessment of organizational
maturity. Organizational maturity is defined on a six point ordinal scale that enables maturity to be assessed
from the bottom of the scale, Level 0 Organization - the Immature Organization, through to the top end of the
scale, Level 5 Organization - the Innovating Organization. The scale represents the extent to which the
organization has explicitly and consistently performed, managed and established its processes with predicable
performance and demonstrated the ability to change and adapt the performance of the processes
fundamental to achieving the organization’s business goals.
2 © ISO/IEC 2008 — All rights reserved
---------------------- Page: 8 ----------------------
ISO/IEC TR 15504-7:2008(E)
The scale for organizational maturity retains the semantic intent of the process capability levels that are
defined in ISO/IEC 15504-2. The scale for process capability characterises the ability of a process to meet
current or projected business goals; the scale of organizational maturity characterises the extent to which an
organization consistently implements sets of processes within a defined scope that contribute to the
achievement of its business goals. Thus, the two scales, while consistent, characterise different attributes of
separate entities – the process and the organization. The measurement framework provides a schema for use
in characterising the maturity of an organization with respect to specified Process Assessment Model(s).
Within this measurement framework, each level of organizational maturity is characterised by the
demonstration of achievement of specified levels of process capability in process sets drawn from the
specified Process Assessment Model(s).
Processes can be categorized into 5 process sets based on their contributions to the business goals of the
organization. The set of fundamental processes that support the business is called the basic process set.
Each organizational maturity level beyond level 1 maturity is characterized by the implementation, at an
appropriate level of process capability, of a further set of processes that drive the achievement of the
capabilities relevant to each maturity level. These are called extended process sets.
4.2 A scale for organizational maturity
Organizational maturity is expressed on a scale from maturity level 0 through maturity level 5 as follows.
4.2.1 Level 0 Organization – Immature
The organization does not demonstrate effective implementation of its processes that are fundamental to
support the organization’s business.
At least one process in the basic process set is assessed at capability level 0.
4.2.2 Level 1 Organization – Basic
The organization demonstrates achievement of the purpose of the processes that are fundamental to support
the organization’s business.
As a result of achieving this level of maturity, the organization:
a) implements the processes required to support the organization’s business;
b) performs sets of activities and tasks that achieve the purposes of these processes.
All processes in the basic process set are assessed at capability level 1 or higher.
4.2.3 Level 2 Organization – Managed
The organization demonstrates management of the processes that are fundamental to support the
organization’s business.
As a result of achieving this level of maturity, the organization:
a) establishes plans for the performance of the processes that are fundamental to support the organization’s
business;
b) acts to ensure effective communication regarding the performance of the processes, through clear
assignment of responsibilities and authorities to involved parties;
c) allocates adequate resources and information to ensure implementation of the plans;
d) monitors performance of the processes against plans in the individual instances;
© ISO/IEC 2008 — All rights reserved 3
---------------------- Page: 9 ----------------------
ISO/IEC TR 15504-7:2008(E)
e) takes action to address deviation from planned performance of the process;
f) identifies requirements for the management of work products developed by the processes;
g) takes action through appropriate reviews and control mechanisms to ensure that the requirements for
work product management are satisfied.
All processes in the basic process set are assessed at capability level 2 or higher.
The extended process set for maturity level 2 incorporates additional processes that ensure management of
process performance and work product integrity. The processes in the extended process set are assessed at
capability level 2 or higher.
4.2.4 Level 3 Organization – Established
The organization demonstrates effective definition and deployment of the processes that are fundamental to
support the organization’s business.
As a result of achieving this level of maturity, the organization:
a) establishes standard process descriptions covering all of the basic and extended s
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.