ISO 8000-62:2018

INTERNATIONAL ISO
STANDARD 8000-62
First edition
2018-09
Data quality —
Part 62:
Data quality management:
Organizational process maturity
assessment: Application of standards
relating to process assessment
Qualité des données —
Partie 62: Gestion de la qualité des données: Évaluation de la
maturité organisationnelle des processus: Application des normes
relatives à l'évaluation des processus
Reference number
ISO 8000-62:2018(E)
©
ISO 2018

---------------------- Page: 1 ----------------------
ISO 8000-62:2018(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2018 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 8000-62:2018(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Assessing organizational data quality management maturity . 2
4.1 Purpose of organizational process maturity levels . 2
4.2 Process capability levels and process attributes . 2
4.3 Rating process attributes and process capability . 3
4.4 Scale of organizational data quality management maturity . 4
4.4.1 General. 4
4.4.2 Maturity Level 0: Immature . 4
4.4.3 Maturity Level 1: Basic . 4
4.4.4 Maturity Level 2: Managed. 5
4.4.5 Maturity Level 3: Established . 5
4.4.6 Maturity Level 4: Predictable . 5
4.4.7 Maturity Level 5: Innovating . 6
4.5 Deriving organizational process maturity level rating from process profiles . 6
4.5.1 Rules for deriving organizational process maturity level ratings . 6
4.5.2 Maturity Level 1: Basic . 7
4.5.3 Maturity Level 2: Managed. 8
4.5.4 Maturity Level 3: Established . 8
4.5.5 Maturity Level 4: Predictable . 9
4.5.6 Maturity Level 5: Innovating .10
4.6 Assessment activities .11
4.7 Roles, responsibilities and competence .11
4.8 Assessment inputs .12
4.9 Assessment outputs .12
Annex A (informative) Document identification .13
Annex B (informative) Abbreviated labels for the processes in the process reference model .14
Annex C (informative) Example of assessing organizational data quality management
maturity level .15
Bibliography .19
© ISO 2018 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 8000-62:2018(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso
.org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 184, Automation systems and integration,
Subcommittee SC 4, Industrial data.
ISO 8000 is organized as a series of parts, each published separately. The structure of ISO 8000 is
described by ISO 8000-1.
Each part of ISO 8000 is a member of one of the following series: general data quality, master data
quality and product data quality. This document is a member of the general data quality series but
applicable to all of the three data quality series.
A list of all parts in the ISO 8000 series, published under the general title Data quality, can be found on
the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2018 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 8000-62:2018(E)

Introduction
The ability to create, collect, store, maintain, transfer, process and present information and data to
support business processes in a timely and cost effective manner requires both an understanding of
the characteristics of the information and data that determine its quality, and an ability to measure,
manage and report on information and data quality.
ISO 8000 defines characteristics of information and data that determine its quality, and provides
methods to manage, measure and improve the quality of information and data.
When assessing the quality of data, it is useful to perform the assessment in accordance with
documented methods. It is also important to document the tailoring of standardized methods with
respect to the expectation and requirements pertinent to the business case at hand.
ISO 8000 includes parts applicable to all types of data and parts applicable to specific types of data.
ISO 8000 can be used independently or in conjunction with quality management systems.
There is a limit to data quality improvement when only the nonconformity in data is corrected, since the
nonconformity can recur in other data. However, when the root causes of the data nonconformity and
their related data are traced and corrected through data quality management processes, recurrence of
the same type of data nonconformity can be prevented. Therefore, a framework for process-centric data
quality management is required to improve data quality more effectively and efficiently. Furthermore,
data quality can be improved by assessing processes and changing underperforming processes found
during that assessment.
This document specifies how organizations can use a maturity model in assessing their process
maturity with respect to data quality management as specified in ISO 8000-61.
NOTE Future editions of this document will specify appropriate assessment indicators and, therefore,
provide a complete maturity model.
This assessment requires the use of assessment indicators and can use the measurement stack specified
by ISO 8000-63 to determine these indicators.
This document can be used on its own or in conjunction with other parts of ISO 8000.
This document is intended for use by those actors that have a vested interest in information or data
quality, with a focus on one or more information systems both inter- and intra-organization views,
throughout all data life cycle phases.
Annex A contains an identifier that unambiguously identifies this document in an open information
system.
© ISO 2018 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 8000-62:2018(E)
Data quality —
Part 62:
Data quality management: Organizational process
maturity assessment: Application of standards relating to
process assessment
1 Scope
This document specifies particular elements of a maturity model. These elements conform to ISO/
IEC 33004.
Organizations can use these elements in combination with their own assessment indicators to
determine the maturity level of processes for data quality management as specified by ISO 8000-61.
The following are within the scope of this document:
— some of the elements of a model for assessing organizational process maturity;
— identifying those elements that exist in other standards (process capability levels, process attributes,
ordinal scale for measuring process attributes and the scheme for derivation of process capability
levels from process attribute rating);
— specifying six maturity levels and process profiles to indicate when organizations have achieved
each of the maturity levels;
— providing guidance on how to assess the maturity level of an organization.
Methods or procedures to improve organizational maturity are outside the scope of this document.
This document can be used by the organization itself or by another party (including certification
bodies) to perform assessment of the maturity.
This document can be used in conjunction with, or independently of, quality management systems
standards.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 8000-2, Data quality — Part 2: Vocabulary
ISO 8000-61, Data quality — Part 61: Data quality management: Process reference model
ISO/IEC 33001, Information technology — Process assessment — Concepts and terminology
ISO/IEC 33002:2015, Information technology — Process assessment — Requirements for performing
process assessment
ISO/IEC 33004:2015, Information technology — Process assessment — Requirements for process
reference, process assessment and maturity models
© ISO 2018 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO 8000-62:2018(E)

ISO/IEC 33020:2015, Information technology — Process assessment — Process measurement framework
for assessment of process capability
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 8000-2 and ISO/IEC 33001 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online Browsing Platform: available at http: //www .iso .org/obp;
— IEC Electropedia: available at http: //www .electropedia .org/.
4 Assessing organizational data quality management maturity
4.1 Purpose of organizational process maturity levels
The purpose of assessing the organizational process maturity level for data quality management is to
understand how well the organization is fulfilling the requirements identified by the process reference
model for data quality management specified by ISO 8000-61.
This document specifies the steps by which to assess organizational process maturity levels, as
illustrated in Figure 1.
NOTE ISO/IEC/IEEE 31320-1 provides details on the notation used in this figure, which is an IDEF0 A0
diagram.
Figure 1 — Assessing organizational data quality management maturity using ISO 8000-62
4.2 Process capability levels and process attributes
Process capability shall be measured by a six-point ordinal scale that enables capability to be assessed
from incomplete (the bottom end of the scale) through innovating (the top end of the scale), as specified
in ISO/IEC 33020. This scale represents increasing capability of the implemented process, from failing
to achieve the process purpose through to the process being the subject of continual improvement.
Within the process measurement framework specified by ISO/IEC 33020, a process attribute is a
measurable property of process capability. A process attribute rating is a judgement of the degree of
achievement of the process attribute for the assessed process.
2 © ISO 2018 – All rights reserved

---------------------- Page: 7 ----------------------
ISO 8000-62:2018(E)

Computing the process capability level requires observation and assessment of the evidence of
achieving individual process attributes. Table 1 summarizes these levels and the corresponding process
attributes. ISO/IEC 33020:2015, 5.2, provides a full explanation of the process capability levels and
process attributes.
Table 1 — Process capability levels and process attributes
Process capability level Process attribute
Incomplete process Not applicable
Performed process PA.1.1 Process performance
PA.2.1 Performance management
Managed process
PA.2.2 Work product management
PA.3.1 Process definition
Established process
PA.3.2 Process deployment
PA.4.1 Quantitative analysis
Predictable process
PA.4.2 Quantitative control
PA.5.1 Process innovation
Innovating process
PA.5.2 Process innovation implementation
4.3 Rating process attributes and process capability
Each process attribute shall be measured using an ordinal scale, as specified in ISO/IEC 33020:2015,
5.3, and summarized in Table 2.
Table 2 — Ordinal scale for measuring process attributes
Degree of achievement of
Ordinal Meaning
the process attribute
N -
There is little or no evidence of the defined process attribute
0 to ≤15 %
in the assessed process.
Not achieved
There is some evidence of an approach to, and some achieve-
P -
ment of, the defined process attribute in the assessed pro-
>15 % to ≤50 %
cess. Some aspects of achievement of the process attribute
Partially achieved
can be unpredictable.
There is evidence of a systematic approach to, and significant
L -
achievement of, the defined process attribute in the assessed
>50 % to ≤85 %
process. Some weaknesses related to this process attribute
Largely achieved
can exist in the assessed process.
There is evidence of a complete and systematic approach to,
F -
and full achievement of, the defined process attribute in the
>85 % to ≤100 %
assessed process. No significant weaknesses related to this
Fully achieved
process attribute exist in the assessed process.
Assessment indicators are the means by which to gather the evidence that determines the degree of
achievement of each process attribute.
Assessors shall identify a set of assessment indicators that are suitable for the data quality management
processes from the process reference model specified by ISO 8000-61.
EXAMPLE The assessor uses the measurement stack from ISO 8000-63 to create an appropriate set of
assessment indicators.
The process capability level of each process shall be derived from the determined process attribute
ratings, as specified in ISO/IEC 33020:2015, 5.6, and summarized in Table 3.
© ISO 2018 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO 8000-62:2018(E)

Table 3 — Derivation of process capability levels from process attribute ratings
Process capability level Process attribute Process attribute rating
Level 1 PA.1.1. Process performance Largely or fully
PA.1.1. Process performance Fully
Level 2 PA.2.1. Performance management Largely or fully
PA.2.2. Work product management Largely or fully
PA.1.1. Process performance Fully
PA.2.1. Performance management Fully
Level 3 PA.2.2. Work product management Fully
PA.3.1. Process definition Largely or fully
PA.3.2. Process deployment Largely or fully
PA.1.1. Process performance Fully
PA.2.1. Performance management Fully
PA.2.2. Work product management Fully
Level 4 PA.3.1. Process definition Fully
PA.3.2. Process deployment Fully
PA.4.1. Quantitative analysis measurement Largely or fully
PA.4.2. Quantitative control Largely or fully
PA.1.1. Process performance Fully
PA.2.1. Performance management Fully
PA.2.2. Work product management Fully
PA.3.1. Process definition Fully
Level 5 PA.3.2. Process deployment Fully
PA.4.1. Quantitative analysis measurement Fully
PA.4.2. Quantitative control Fully
PA.5.1. Process innovation Largely or fully
PA.5.2. Process innovation implementation Largely or fully
4.4 Scale of organizational data quality management maturity
4.4.1 General
This document specifies maturity levels that shall conform to the requirements of ISO/IEC 33004:2015,
Clause 7, each of which identifies a combination of a set of processes for data quality management and
the capability level at which the organization is performing those processes. Each set of processes
includes all the processes from the lower levels of maturity.
Maturity shall be assessed on a six-point ordinal scale from immature (Level 0) to innovating (Level 5)
as outlined in 4.4.2 to 4.4.6.
4.4.2 Maturity Level 0: Immature
The organization cannot demonstrate effective use of any of the basic processes for data quality
management (as specified by ISO 8000-61) that is supporting operational processes. The organization
has not provided evidence that data meet requirements.
4.4.3 Maturity Level 1: Basic
The organization can demonstrate that operational processes have access to data that meet
requirements. These data are subject to appropriate security considerations. The organization has
4 © ISO 2018 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 8000-62:2018(E)

not provided evidence of managing requirements and data processing activity. The organization is
performing the following data quality management processes specified by ISO 8000-61:
— DQC.2. Data Processing;
— DRS.4. Data Security Management.
4.4.4 Maturity Level 2: Managed
The organization can demonstrate that operational processes make use of data for which the
organization is managing requirements and managing the methods by which to perform data
processing. The organization can provide evidence that data meet requirements. The organization is
performing, in addition to all of those for maturity of Level 1, the following data quality management
processes specified by ISO 8000-61:
— DQP.1. Requirements Management;
— DQC.1. Provision of Data Specifications and Work Instructions;
— DQC.3. Data Quality Monitoring and Control.
4.4.5 Maturity Level 3: Established
The organization can demonstrate that operational processes make use of data for which the
organization has implemented common, repeatable processes for performing data quality management.
The organization is performing, in addition to all of those for maturity of Level 2, the following data
quality management processes specified by ISO 8000-61:
— DQP.2. Data Quality Strategy Management;
— DQP.3. Data Quality Policy/Standards/Procedures Management;
— DQP.4. Data Quality Implementation Planning;
— DRS.1. Data Architecture Management;
— DRS.3. Data Operations Management;
— RPV.1. Data Quality Organization Management.
4.4.6 Maturity Level 4: Predictable
The organization can demonstrate that operational processes make use of data for which the
organization has implemented predictable processes for performing data quality management. This
predictability involves measuring the performance of data quality management. The organization is
performing, in addition to all of those for maturity of Level 3, the following data quality management
processes specified by ISO 8000-61:
— DQA.1. Review of Data Quality Issues;
— DQA.2. Provision of Measurement Criteria;
— DQA.3. Measurement of Data Quality and Process Performance;
— DQA.4. Evaluation of Measurement Results;
— DRS.2. Data Transfer Management;
— RPV.2. Human Resource management.
© ISO 2018 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO 8000-62:2018(E)

4.4.7 Maturity Level 5: Innovating
The organization can demonstrate that operational processes make use of data for which the
organization has implemented processes for performing data quality management that is sustainable
in meeting organizational goals. This sustainability involves applying appropriate innovation. The
organization is performing, in addition to all of those for maturity of Level 4, the following data quality
management processes specified by ISO 8000-61:
— DQI.1. Root Cause Analysis and Solution Development;
— DQI.2. Data Cleansing;
— DQI.3. Process Improvement for Data Nonconformity Prevention.
4.5 Deriving organizational process maturity level rating from process profiles
4.5.1 Rules for deriving organizational process maturity level ratings
This document specifies rules for deriving an organizational process maturity level rating from the
set of process profiles that result from an assessment. These rules shall conform to the requirements
specified by ISO/IEC 33004.
The maturity level is determined by the process capability level (see 4.3) of the data quality management
processes (as specified by ISO 8000-61). When all the processes necessary for a given maturity level
(see 4.4) are achieving a specified process capability level then the organization has achieved that
maturity level.
Figure 2 provides a summary of how each maturity level corresponds to a specific process profile.
These levels are:
— Level 1: Basic (see 4.5.2);
— Level 2: Managed (see 4.5.3);
— Level 3: Established (see 4.5.4);
— Level 4: Predictable (see 4.5.5);
— Level 5: Innovating (see 4.5.6).
6 © ISO 2018 – All rights reserved

---------------------- Page: 11 ----------------------
ISO 8000-62:2018(E)

NOTE The abbreviated labels for the data quality management processes are given in Annex B.
Figure 2 — Organizational process maturity level derived from process profiles
4.5.2 Maturity Level 1: Basic
A maturity of Level 1 is achieved by an organization when the assessed process profile consists of the
following processes:
— DQC.2. Data Processing;
— DRS.4. Data Security Management;
© ISO 2018 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO 8000-62:2018(E)

each of which has achieved the following process attribute ratings (corresponding to a process
capability of Level 1):
— PA.1.1. Process performance = largely or fully.
4.5.3 Maturity Level 2: Managed
A maturity of Level 2 is achieved by an organization when the assessed process profile consists of the
following processes:
— DQC.2. Data Processing;
— DRS.4. Data Security Management;
— DQP.1. Requirements Management;
— DQC.1. Provision of Data Specifications and Work Instructions;
— DQC.3. Data Quality Monitoring and Control;
each of which has achieved the following process attribute ratings (corresponding to a process
capability of Level 2):
— PA.1.1. Process performance = fully;
— PA.2.1. Performance management = largely or fully;
— PA.2.2. Work product management = largely or fully.
4.5.4 Maturity Level 3: Established
A maturity of Level 3 is achieved by an organization when the assessed process profile consists of the
following processes:
— DQC.2. Data Processing;
— DRS.4. Data Security Management;
— DQP.1. Requirements Management;
— DQC.1. Provision of Data Specifications and Work Instructions;
— DQC.3. Data Quality Monitoring and Control;
— DQP.2. Data Quality Strategy Management;
— DQP.3. Data Quality Policy/Standards/Procedures Management;
— DQP.4. Data Quality Implementation Planning;
— DRS.1. Data Architecture Management;
— DRS.3. Data Operations Management;
— RPV.1. Data Quality Organization Management;
each of which has achieved the following process attribute ratings (corresponding to a process
capability of Level 3):
— PA.1.1. Process performance = fully;
— PA.2.1. Performance management = fully;
— PA.2.2. Work product management = fully;
8 © ISO 2018 – All rights reserved

---------------------- Page: 13 ----------------------
ISO 8000-62:2018(E)

— PA.3.1. Process definition = largely or fully;
— PA.3.2. Process deployment = largely or fully.
4.5.5 Maturity Level 4: Predictable
A maturity of Level 4 is achieved by an organization when the assessed process profile consists of the
following processes:
— DQC.2. Data Processing;
— DRS.4. Data Security Management;
— DQP.1. Requirements Management;
— DQC.1. Provision of Data Specifications and Work Instructions;
— DQC.3. Data Quality Monitoring and Control;
— DQP.2. Data Quality Strategy Management;
— DQP.3. Data Quality Policy/Standards/Procedures Management;
— DQP.4. Data Quality Implementation Planning;
— DRS.1. Data Architecture Management;
— DRS.3. Data Operations Management;
— RPV.1. Data Quality Organization Management;
— DQA.1. Review of Data Quality Issues;
— DQA.2. Provision of Measurement Criteria;
— DQA.3. Measurement of Data Quality and Process Performance;
— DQA.4. Evaluation of Measurement Results;
— DRS.2. Data Transfer Management;
— RPV.2. Human Resource management;
each of which has achieved the following process attribute ratings (corresponding to a process
capability of Level 4):
— PA.1.1. Process performance = fully;
— PA.2.1. Performance management = fully;
— PA.2.2. Work product management = fully;
— PA.3.1. Process definition = fully;
— PA.3.2. Process deployment = fully;
— PA.4.1. Quantitative analysis measurement = largely or fully;
— PA.4.2. Quantitat
...