ISO/IEC TR 15504-7:2008

TECHNICAL ISO/IEC
REPORT TR
15504-7
First edition
2008-12-15
Information technology — Process
assessment —
Part 7:
Assessment of organizational maturity
Technologies de l'information — Évaluation des procédés —
Partie 7: Évaluation de maturité d'organisation

Reference number
©
ISO/IEC 2008
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO/IEC 2008
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2008 — All rights reserved

Contents Page
Foreword. v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions. 1
4 A measurement framework for organizational maturity. 2
4.1 Introduction . 2
4.2 A scale for organizational maturity. 3
4.2.1 Level 0 Organization- Immature . 3
4.2.2 Level 1 Organization - Basic. 3
4.2.3 Level 2 Organization – Managed . 3
4.2.4 Level 3 Organization – Established . 4
4.2.5 Level 4 Organization – Predictable . 4
4.2.6 Level 5 Organization – Innovating . 5
4.3 Architecture of an Organizational Maturity Model . 6
4.3.1 Relationship between assessment of process capability and determination of
organizational maturity . 6
4.3.2 Rules for deriving maturity levels from capability levels . 7
4.4 Requirements for an Organizational Maturity Model . 8
4.4.1 Model characteristics . 8
4.4.2 Basic process set . 9
4.4.3 Extended process sets. 9
4.5 Interpreting the requirements for an Organizational Maturity Model. 9
4.6 Guidance on selecting an Organizational Maturity Model. 11
5 Assessing organizational maturity . 12
5.1 Introduction . 12
5.1.1 Class 1 assessment. 12
5.1.2 Class 2 assessment. 12
5.1.3 Class 3 assessment. 12
5.2 The assessment process . 13
5.2.1 General. 13
5.2.2 Planning. 13
5.2.3 Data collection . 13
5.2.4 Data validation . 14
5.2.5 Process attribute and maturity level rating. 14
5.2.6 Reporting . 15
5.3 Roles and responsibilities . 15
5.4 Defining the initial assessment input . 16
5.4.1 General requirements. 16
5.4.2 Assessment purpose. 16
5.4.3 Assessment scope . 16
5.4.4 Class of assessment . 16
5.4.5 Organizational Maturity Model . 16
5.4.6 Roles and responsibilities . 17
5.5 Recording the assessment output. 17
5.5.1 General requirements. 17
5.5.2 Specific requirements – Class 1 and Class 2 assessments. 17
5.6 Guidance on the assessment of organizational maturity. 17
5.6.1 Assessment scope . 17
5.6.2 Assessment sample . 18
© ISO/IEC 2008 — All rights reserved iii

6 Guidance in the use of organizational maturity assessment results . 18
6.1 Introduction . 18
6.2 Validity and comparability of results . 19
6.2.1 Class of assessment. 19
6.2.2 Scope of assessment . 19
6.2.3 Independence of the assessment body and assessment team . 19
6.2.4 Assessor qualification. 21
6.2.5 Information available to qualify the assessment result . 21
7 Mechanisms for verification of conformity . 22
7.1 Introduction . 22
7.2 Verifying conformity of Organizational Maturity Models . 22
7.3 Verifying conformity of assessments of organizational maturity. 22
Annex A (informative) An exemplar Organizational Maturity Model . 23
A.1 Introduction . 23
A.2 Content of the exemplar Organizational Maturity Model . 23
A.3 Conformity of the exemplar Organizational Maturity Model. 25
A.3.1 Introduction . 25
A.3.2 Requirements for Organizational Maturity Models (from Clause 4.4) . 25
Annex B (informative) Extensions to Process Reference Model. 27
B.1 Introduction . 27
B.2 Quantitative Performance Management process . 27
B.2.1 Purpose . 27
B.2.2 Outcomes. 27
B.3 Quantitative Process Improvement process. 27
B.3.1 Purpose . 27
B.3.2 Outcomes. 28
Annex C (informative) Extensions to Process Assessment Model. 29
C.1 Introduction . 29
C.2 The Quantitative Management Process Group (QNT). 29
C.2.1 QNT.1 Quantitative Performance Management. 29
C.2.2 QNT.2 Quantitative Process Improvement . 32
C.2.3 Description of additional specific work products. 34
Bibliography . 36

iv © ISO/IEC 2008 — All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
In exceptional circumstances, the joint technical committee may propose the publication of a Technical Report
of one of the following types:
— type 1, when the required support cannot be obtained for the publication of an International Standard,
despite repeated efforts;
— type 2, when the subject is still under technical development or where for any other reason there is the
future but not immediate possibility of an agreement on an International Standard;
— type 3, when the joint technical committee has collected data of a different kind from that which is
normally published as an International Standard (“state of the art”, for example).
Technical Reports of types 1 and 2 are subject to review within three years of publication, to decide whether
they can be transformed into International Standards. Technical Reports of type 3 do not necessarily have to
be reviewed until the data they provide are considered to be no longer valid or useful.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC TR 15504-7, which is a Technical Report type 2, was prepared by Joint Technical Committee
ISO/IEC JTC 1, Information technology, Subcommittee SC 7, Software and systems engineering.
ISO/IEC 15504 consists of the following parts, under the general title Information technology — Process
assessment:
⎯ Part 1: Concepts and vocabulary
⎯ Part 2: Performing an assessment
⎯ Part 3: Guidance on performing an assessment
⎯ Part 4: Guidance on use for process improvement and process capability determination
⎯ Part 5: An exemplar Process Assessment Model
⎯ Part 6: An exemplar system life cycle process assessment model [Technical Report]
⎯ Part 7: Assessment of organizational maturity [Technical Report]
© ISO/IEC 2008 — All rights reserved v

Introduction
This part of ISO/IEC 15504 defines the conditions for an assessment of organizational maturity; it defines a
framework for determining organizational maturity, based upon profiles of process capability derived from
process assessment, and defines the conditions under which such assessments are valid. Other parts of this
International Standard define and provide guidance on the assessment of process capability.
ISO/IEC 15504-2 sets out the minimum requirements for performing a process assessment that ensure
consistency and repeatability of the ratings. The requirements help to ensure that the assessment output is
self-consistent and provides evidence to substantiate the ratings and to verify compliance with the
requirements.
This part of ISO/IEC 15504 identifies a measurement framework for the assessment of organizational maturity
and the requirements for:
a) constructing Organizational Maturity Models;
b) performing an assessment of organizational maturity;
c) verifying conformity of organizational maturity assessments.
The scope of reference for an assessment of organizational maturity is determined by the Organizational
Maturity Model employed for the assessment.
As defined in this part of ISO/IEC 15504, organizational maturity is an expression of the extent to which an
organization consistently implements processes within a defined scope that contributes to the achievement of
its business goals (current or projected). An Organizational Maturity Model is based upon one or more
specified Process Assessment Model(s), and addresses the domains and contexts for use of the Process
Reference Model(s) from which the Process Assessment Model(s) are derived.
The assessment of organizational maturity is undertaken through the performance of process assessment as
specified in ISO/IEC 15504-2. Specific conditions are defined in this part of ISO/IEC 15504 relating to the
process scope of the organizational maturity assessment, the organizational scope of the assessment (which
has to be specified as representing the elements characterised by the organizational maturity rating), and the
data collection strategy (which needs to ensure that the results of the assessment are representative of the
organizational scope). On completion of the assessment, the set of process profiles established for the
organization determine the rating of the level of organizational maturity based on the framework defined in this
part of ISO/IEC 15504, as specified in the relevant Organizational Maturity Model.
This part of ISO/IEC 15504 also contains guidance on implementing the requirements for constructing an
Organizational Maturity Model; on performing assessments of organizational maturity; and on the application
of organizational maturity ratings for process improvement and capability determination.
This part of ISO/IEC 15504 is published as a Technical Report Type 2, to enable experience in the use of the
approach to assessment of organizational maturity to be gained. In future revisions of this International
Standard, it is likely that the content of this part will be distributed across the complete document set.

vi © ISO/IEC 2008 — All rights reserved

TECHNICAL REPORT ISO/IEC TR 15504-7:2008(E)

Information technology — Process assessment —
Part 7:
Assessment of organizational maturity
1 Scope
This part of ISO/IEC 15504 addresses the expression of the results of assessment of processes in terms of
the overall maturity of an organizational unit, and the application of the results of assessment of organizational
maturity for process improvement and capability determination. It defines the conditions under which the
results of conformant assessments of process capability determine the expressions of organizational maturity,
ensuring that the results are objective, impartial, consistent, repeatable, comparable and representative of the
assessed organizational units.
This part of ISO/IEC 15504 provides a structured approach for the assessment of organizational maturity for
the following purposes:
⎯ by or on behalf of an organization with the objective of understanding the status of its organizational
maturity for process improvement;
⎯ by or on behalf of an organization with the objective of determining the suitability of its organizational
maturity for a particular requirement or class of requirements;
⎯ by or on behalf of one organization with the objective of determining the suitability of another
organization's processes for a particular contract or class of contracts.
NOTE Copyright release: Users of this part of ISO/IEC 15504 may freely reproduce relevant material as part of any
Organizational Maturity Model, or as part of any demonstration of conformance with this International Standard, so that it
can be used for its intended purpose.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 15504-1:2004, Information technology — Process assessment — Part 1: Concepts and vocabulary
ISO/IEC 15504-2:2003, Information technology — Process assessment — Part 2: Performing an assessment
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 15504-1 and the following apply.
© ISO/IEC 2008 — All rights reserved 1

3.1
Organizational Maturity Model
model, derived from one or more specified Process Assessment Model(s), that identifies the process sets
associated with each of the levels in the scale of organizational maturity
3.2
organizational maturity
extent to which an organization consistently implements processes within a defined scope that contributes to
the achievement of its business goals (current or projected)
NOTE The defined scope is that of the specified Organizational Maturity Model.
3.3
(organizational) maturity level
point on the ordinal scale of organizational maturity that characterises the maturity of the organization in the
scope of the organizational maturity model used; each level builds on the maturity of the level below
NOTE The organizational maturity level is determined from the organization's set of Process Profiles.
3.4
basic process set
set of processes that ensure the achievement of maturity level 1
NOTE A basic process set will include a minimum set of processes, together with additional and optional processes
determined by the organizational context for the assessment.
3.5
extended process set
set of processes specific to a maturity level higher than maturity level 1 that ensures the achievement of the
relevant process attributes
NOTE An extended process set will include a minimum set of processes, together with additional and optional
processes determined by the organizational context for the assessment.
3.6
process instance
single specific and identifiable implementation of a process
3.7
assessment body
body that performs an assessment
NOTE 1 A body may be an organization, or part of an organization.
NOTE 2 Adapted from ISO/IEC 17020:1998.
4 A measurement framework for organizational maturity
4.1 Introduction
This clause of ISO/IEC 15504-7 defines a measurement framework for the assessment of organizational
maturity. Organizational maturity is defined on a six point ordinal scale that enables maturity to be assessed
from the bottom of the scale, Level 0 Organization - the Immature Organization, through to the top end of the
scale, Level 5 Organization - the Innovating Organization. The scale represents the extent to which the
organization has explicitly and consistently performed, managed and established its processes with predicable
performance and demonstrated the ability to change and adapt the performance of the processes
fundamental to achieving the organization’s business goals.
2 © ISO/IEC 2008 — All rights reserved

The scale for organizational maturity retains the semantic intent of the process capability levels that are
defined in ISO/IEC 15504-2. The scale for process capability characterises the ability of a process to meet
current or projected business goals; the scale of organizational maturity characterises the extent to which an
organization consistently implements sets of processes within a defined scope that contribute to the
achievement of its business goals. Thus, the two scales, while consistent, characterise different attributes of
separate entities – the process and the organization. The measurement framework provides a schema for use
in characterising the maturity of an organization with respect to specified Process Assessment Model(s).
Within this measurement framework, each level of organizational maturity is characterised by the
demonstration of achievement of specified levels of process capability in process sets drawn from the
specified Process Assessment Model(s).
Processes can be categorized into 5 process sets based on their contributions to the business goals of the
organization. The set of fundamental processes that support the business is called the basic process set.
Each organizational maturity level beyond level 1 maturity is characterized by the implementation, at an
appropriate level of process capability, of a further set of processes that drive the achievement of the
capabilities relevant to each maturity level. These are called extended process sets.
4.2 A scale for organizational maturity
Organizational maturity is expressed on a scale from maturity level 0 through maturity level 5 as follows.
4.2.1 Level 0 Organization – Immature
The organization does not demonstrate effective implementation of its processes that are fundamental to
support the organization’s business.
At least one process in the basic process set is assessed at capability level 0.
4.2.2 Level 1 Organization – Basic
The organization demonstrates achievement of the purpose of the processes that are fundamental to support
the organization’s business.
As a result of achieving this level of maturity, the organization:
a) implements the processes required to support the organization’s business;
b) performs sets of activities and tasks that achieve the purposes of these processes.
All processes in the basic process set are assessed at capability level 1 or higher.
4.2.3 Level 2 Organization – Managed
The organization demonstrates management of the processes that are fundamental to support the
organization’s business.
As a result of achieving this level of maturity, the organization:
a) establishes plans for the performance of the processes that are fundamental to support the organization’s
business;
b) acts to ensure effective communication regarding the performance of the processes, through clear
assignment of responsibilities and authorities to involved parties;
c) allocates adequate resources and information to ensure implementation of the plans;
d) monitors performance of the processes against plans in the individual instances;
© ISO/IEC 2008 — All rights reserved 3

e) takes action to address deviation from planned performance of the process;
f) identifies requirements for the management of work products developed by the processes;
g) takes action through appropriate reviews and control mechanisms to ensure that the requirements for
work product management are satisfied.
All processes in the basic process set are assessed at capability level 2 or higher.
The extended process set for maturity level 2 incorporates additional processes that ensure management of
process performance and work product integrity. The processes in the extended process set are assessed at
capability level 2 or higher.
4.2.4 Level 3 Organization – Established
The organization demonstrates effective definition and deployment of the processes that are fundamental to
support the organization’s business.
As a result of achieving this level of maturity, the organization:
a) establishes standard process descriptions covering all of the basic and extended sets of processes
employed on a routine basis in the organization;
b) ensures that individual implementations of the processes are performed as defined processes with
appropriately tailored standard processes;
c) collects and analyses data and information from the performance of the defined processes and stores this
data for use across the organization;
d) uses the collected data and information to improve both the standard and defined processes.
All processes in the basic process set are assessed at capability level 3 or higher.
The extended process set for maturity level 3 incorporates additional processes that ensure that processes
are established and deployed using a defined process that is capable of achieving its process outcomes. The
processes in the extended process set are assessed at capability level 3 or higher.
4.2.5 Level 4 Organization – Predictable
The organization demonstrates a quantitative understanding of relevant processes that are fundamental to
support the organization’s business goals, in order to establish consistent and predictable performance.
As a result of achieving this level of maturity, the organization:
a) establishes quantitative objectives for process performance, based upon business goals;
b) selects processes for process performance analyses, covering at a minimum the basic process set, on
the basis of their relevance and significance to the achievement of business goals;
c) employs effective measurement to collect, store and analyse data on the performance of the selected
processes;
d) identifies special causes of variation in the performance of the selected processes and takes appropriate
corrective and preventive action to address them;
e) establishes stable, capable and predictable performance of the selected processes within defined control
limits.
4 © ISO/IEC 2008 — All rights reserved

At least one of the processes in the basic process set, selected on the basis of their relevance and
significance to support the organization’s business goals, is assessed at capability level 4 or higher.
The extended process set for maturity level 4 incorporates an additional process that supports the
achievement of a quantitative understanding of the performance of relevant processes in the overall process
profile of the organization. The processes in the extended process set are assessed at capability level 3 or
higher; one or more of the processes in the extended process set may be assessed at capability level 4 or
higher.
4.2.6 Level 5 Organization – Innovating
The organization demonstrates the ability to change and adapt the performance of the processes that are
fundamental to support the organization’s business goals in a systematically planned and predictable manner.
As a result of achieving this level of maturity, the organization:
a) identifies common causes of variation in process performance, based on results of process performance
analysis, and identifies candidate improvements to address these, in the light of the business goals;
b) identifies innovations with the potential to improve process performance and business success;
c) identifies opportunities for piloting potential innovative and incremental improvements with control of
associated risk;
d) collects and analyses data from the pilot implementations, and uses the results of analysis to select
improvements for organizational deployment based on their impact on process performance and business
success;
e) deploys the improvements, monitors performance of the improved processes and compares the results of
improvement to expected values.
At least one of the processes in the basic process set, selected on the basis of their relevance and
significance to support the organization’s business goals, is assessed at capability level 5.
The extended process set for maturity level 5 incorporates an additional process that supports the continuous
and predictable improvement of process performance. The processes in the extended process set are
assessed at capability level 3 or higher; one or more of the processes in the extended process set may be
assessed at capability level 5.
© ISO/IEC 2008 — All rights reserved 5

4.3 Architecture of an Organizational Maturity Model
4.3.1 Relationship between assessment of process capability and determination of organizational
maturity
Part 2 Performing an Assessment
Part 7 Assessment of Organizational Maturity
Select,
Organizational Process Process
Structure
Maturity Assessment
Reference
Model Model (s)
Model Model (s)
Scope
Process
Basic Process Set
(minimum, additional,
optional)
Extended Process
Sets (minimum,
Measurement
additional,
Framework
optional)
Capability
Measurement
Levels
Framework
Process
Attributes
Maturity
Levels
Assessment of
Assessment of
Organizational
Process
Capability
Maturity
process scope
Set of Process
Profiles
Maturity
Set of Process
Level
Capability
Ratings
Levels
determines
Figure 1 — Relationship between assessment of process capability and derivation of organization
maturity
Figure 1 shows the relationship between the Organizational Maturity Model and the specified Process
Assessment Model(s) when an assessment of organizational maturity is conducted. The key elements are the
defined components of the relevant Process Reference Model(s) and the measurement frameworks, shown in
the Figure as nested boxes. These components are used to construct models supporting the assessment of
process capability and organizational maturity. The definition of the Organizational Maturity Model scope and
the selection of the basic and extended process sets are made in the context of the Organizational Maturity
Model. Once the assessment has been planned employing an Organizational Maturity Model based upon one
or more conformant Process Assessment Model(s), an assessment of process capability is performed using
the specified Process Assessment Model(s) to obtain the set of process profiles. The process capability levels,
derived from the process profiles, determine the organizational maturity level rating according to the rules in
clause 4.4.
6 © ISO/IEC 2008 — All rights reserved

4.3.2 Rules for deriving maturity levels from capability levels
A rating of organizational maturity shall be derived from a set of process profiles in the following manner:
a) An assessment of process capability, compliant to the requirements of ISO/IEC 15504-2 and meeting the
requirements of Clause 5 of this part of ISO/IEC 15504 shall be conducted.
b) The process scope of the assessment shall embrace at minimum all of the processes in the Basic and
extended process sets defined in the selected Organizational Maturity Model for the maturity level to be
assessed.
c) All process attributes up to and including the highest relevant capability level shall be rated for all
processes in the scope of the assessment.
d) Process capability level ratings shall be derived for all processes in the scope of the assessment
according to Clause 5.8 of ISO/IEC 15504-2.
e) The maturity level achieved by an organization shall be determined from the set of process capability
level ratings according to the following rules:
1) To achieve maturity level 1, all processes assigned to maturity level 1 shall achieve process
capability level 1 or higher.
2) To achieve maturity level 2, all processes assigned to maturity level 1 and 2 shall achieve process
capability level 2 or higher.
3) To achieve maturity level 3, all processes assigned to maturity levels 1, 2 and 3 shall achieve
process capability level 3 or higher.
4) To achieve maturity level 4, all processes assigned to maturity levels 1, 2, 3, and 4 shall achieve
process capability level 3 or higher. One or more of the processes in the basic process set shall
achieve process capability level 4 or higher.
5) To achieve maturity level 5, all processes shall achieve process capability level 3 or higher. One or
more of the processes in the basic process set shall achieve process capability level 5.
© ISO/IEC 2008 — All rights reserved 7

Optional
At least one basic process required
MLn : Maturity Level n
ML5
ML4
ML3
ML2
ML1
1A 1B 1C 2D 2E 2F 3D 3E 3F 4F 4D 4E 5D 5E 5F
Processes
Process Categories
Basic Process set
1A : Level 1 Maturity minimum set of processes
1B : Level 1 Maturity Additional processes that are required
1C : Level 1 Maturity Additional processes that are optional
Extended Process sets
nD : Level n Maturity minimum set of processes
nE : Level n Maturity Additional processes that are required
nF : Level n Maturity Additional processes that are optional

Figure 2 — Rules for deriving maturity levels from capability levels
Figure 2 shows the rules for deriving maturity levels from capability levels. The figure illustrates the
relationship between capability levels and processes, overlaid with the boundaries that characterize maturity
levels. The different process sets (basic and extended) are indicated in the process dimension of the graph.
The nomenclature (or identifiers) of the processes correspond to the identifiers in the Process Categories, just
below the figure. For full details, refer to Clauses 4.4.2 and 4.4.3.
4.4 Requirements for an Organizational Maturity Model
4.4.1 Model characteristics
An Organizational Maturity Model relates to one or more specified related domains of application. The domain
of application of the Organizational Maturity Model shall be specified clearly and unambiguously.
The Organizational Maturity Model shall document the community of interest of the Organizational Maturity
Model and the actions taken to achieve consensus within that community of interest:
⎯ the relevant community of interest shall be characterized or specified;
8 © ISO/IEC 2008 — All rights reserved

Capability Level
⎯ the extent of achievement of consensus shall be documented;
⎯ if no actions are taken to achieve consensus, a statement to this effect shall be documented.
An Organizational Maturity Model shall be based upon one or more specified Process Assessment Model(s).
The Organizational Maturity Model shall specify the elements, drawn from the specified Process Assessment
Model(s) that constitute the elements of the Organizational Maturity Model, and the relationships between
these elements and the organizational maturity levels specified in Clause 4.1.
NOTE "Elements" is used in the same context as in Clause 6.3.4 of ISO/IEC 15504-2.
An Organizational Maturity Model shall specify a continuous subset of maturity levels defined in the
measurement framework for the assessment of organizational maturity, starting with maturity level 1 (through
the basic process set), for each of the maturity levels within its scope.
NOTE Annex A contains an exemplar Organizational Maturity Model, based upon ISO/IEC 15504-5 as the specified
Process Assessment Model.
4.4.2 Basic process set
An Organizational Maturity Model shall include a set of elements from the Process Assessment Model(s)
constituting the basic process set for the model. The basic process set shall include:
⎯ A minimum set of elements that define Level 1 maturity for all assessments based on the model;
⎯ Additional elements that are required for assessments in particular domains or scope of application; and
⎯ Additional elements that are optional depending on the particular circumstances of the organization.
The Organizational Maturity Model shall include justification for the inclusion of the additional processes in the
basic process set, and an indication of how the use of additional processes is to be reflected in the published
assessment record. The Organizational Maturity Model shall define, through reference to the established
mapping of the Process Assessment Model(s), the processes from relevant Process Reference Model(s) that
constitute the basic process set.
4.4.3 Extended process sets
An Organizational Maturity Model shall include sets of elements constituting the extended process sets for
each maturity level addressed by the model. The extended process sets shall include:
⎯ A minimum set of elements that define the specified level of Maturity for all assessments based on the
model;
⎯ Additional elements that are required for assessments with particular scope of application; and
⎯ Additional elements that are optional depending on the particular circumstances of the organization.
The Organizational Maturity Model shall include justification for the inclusion of the additional processes in the
extended process set, and an indication of how the use of additional processes is to be reflected in the
published assessment record. The Organizational Maturity Model shall define, through reference to the
established mapping of the Process Assessment Model(s), the processes from relevant Process Reference
Model(s) that constitute each extended process set.
4.5 Interpreting the requirements for an Organizational Maturity Model
This guidance assumes that the elements of the Process Assessment Model(s) are strongly related to the
corresponding elements of the Process Reference Model(s); if this is not the case, the situation may be more
complex.
© ISO/IEC 2008 — All rights reserved 9

The scope of application of an Organizational Maturity Model is dependent on the existence of one or more
Process Assessment Model(s) that include candidate basic and extended processes appropriate to the target
businesses and organizations. When considering the establishment of an Organizational Maturity Model, the
target businesses and processes of interest should be identified, and the candidate Process Assessment
Model(s) determined. If appropriate Process Assessment Model(s) (and Process Reference Model(s)) are not
available, these need to be constructed or adapted from those identified, prior to completing the
Organizational Maturity Model.
The declaration of scope for an Organizational Maturity Model may take the form of a description of the
domain of application and the specific aspects of that domain that are addressed. For example, an
Organizational Maturity Model might be developed for use in the software industry and might address, in
general, software life cycle processes defined in ISO/IEC 12207:1995/Amd.1:2002; Amd.2:2004. In addition
the Organizational M
...