Information technology -- Process assessment

ISO/IEC 15504 (all parts) provides a framework for the assessment of processes. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services. ISO/IEC 15504-3:2004 provides guidance on meeting the minimum set of requirements for performing an assessment contained in ISO/IEC 15504-2. It provides an overview of process assessment and interprets the requirements through the provision of guidance on: performing an assessment; the measurement framework for process capability; process reference models and process assessment models; selecting and using assessment tools; competency of assessors; verification of conformity. ISO/IEC 15504-3:2004 also provides an exemplar documented assessment process that conforms to the requirements of 4.2 in ISO/IEC 15504-2.

Technologies de l'information -- Évaluation des procédés

General Information

Status
Withdrawn
Publication Date
05-Jan-2004
Withdrawal Date
05-Jan-2004
Current Stage
6060 - International Standard published
Start Date
12-Nov-2003
Completion Date
06-Jan-2004
Ref Project

RELATIONS

Buy Standard

Standard
ISO/IEC 15504-3:2004 - Information technology -- Process assessment
English language
54 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO/IEC
STANDARD 15504-3
First edition
2004-01-15
Information technology — Process
assessment —
Part 3:
Guidance on performing an assessment
Technologies de l'information — Évaluation des procédés du logiciel —
Partie 3: Réalisation d'une évaluation
Reference number
ISO/IEC 15504-3:2004(E)
ISO/IEC 2004
---------------------- Page: 1 ----------------------
ISO/IEC 15504-3:2004(E)
PDF disclaimer

This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but

shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In

downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat

accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.

Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation

parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In

the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

© ISO/IEC 2004

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,

electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or

ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2004 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 15504-3:2004(E)
Contents Page

Foreword............................................................................................................................................................. v

Introduction ....................................................................................................................................................... vi

1 Scope...................................................................................................................................................... 1

2 Normative references........................................................................................................................... 1

3 Terms and definitions........................................................................................................................... 1

4 Overview of Process Assessment ...................................................................................................... 2

4.1 Introduction........................................................................................................................................... 2

4.2 Assessment process............................................................................................................................ 2

4.3 Measurement Framework for Process Capability ............................................................................. 3

4.4 Process Reference Model.................................................................................................................... 3

4.5 Process Assessment Model................................................................................................................. 3

4.6 Assessment Tools................................................................................................................................ 3

4.7 Competency of assessment team ....................................................................................................... 4

4.8 Assessment approaches...................................................................................................................... 4

4.9 Success factors for process assessment .......................................................................................... 4

5 Guidance on Requirements for Performing an Assessment............................................................ 5

5.1 General................................................................................................................................................... 5

5.2 The assessment process activities..................................................................................................... 5

5.3 Roles and responsibilities.................................................................................................................... 9

5.4 Defining the initial assessment input ............................................................................................... 10

5.5 Recording the assessment output.................................................................................................... 14

5.6 Selecting a Documented Assessment Process............................................................................... 14

6 Measurement Framework for Process Capability ........................................................................... 15

6.1 Level 0: Incomplete process.............................................................................................................. 16

6.2 Level 1: Performed process............................................................................................................... 16

6.3 Level 2: Managed process ................................................................................................................. 17

6.4 Level 3: Established process............................................................................................................. 20

6.5 Level 4: Predictable process ............................................................................................................. 22

6.6 Level 5: Optimizing process .............................................................................................................. 25

6.7 Rating process attributes................................................................................................................... 27

6.8 Process capability level model.......................................................................................................... 29

7 Process Reference Models................................................................................................................ 30

7.1 Interpreting The Requirements For A Process Reference Model .................................................. 31

7.2 Selecting Process Reference Models ............................................................................................... 33

8 Process Assessment Models............................................................................................................ 34

8.1 Interpreting the requirements for a Process Assessment Model .................................................. 34

8.2 Selection of a Process Assessment Model...................................................................................... 37

9 Selecting and Using Assessment Tools........................................................................................... 39

10 Guidance on Competency of Assessors..........................................................................................42

10.1 Overview.............................................................................................................................................. 42

10.2 Gaining and maintaining competence .............................................................................................. 43

11 Guidance on Verification of Conformity........................................................................................... 43

11.1 Verifying conformity of Process Reference Models........................................................................ 44

11.2 Verifying conformity of Process Assessment Models.................................................................... 44

11.3 Verifying conformity of process assessments ................................................................................45

© ISO/IEC 2004 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 15504-3:2004(E)

Annex A (informative) An Exemplar Documented Assessment Process ...................................................46

Annex B (informative) Guidance on Indicators..............................................................................................52

Bibliography......................................................................................................................................................54

iv © ISO/IEC 2004 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 15504-3:2004(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are members of

ISO or IEC participate in the development of International Standards through technical committees

established by the respective organization to deal with particular fields of technical activity. ISO and IEC

technical committees collaborate in fields of mutual interest. Other international organizations, governmental

and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information

technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of the joint technical committee is to prepare International Standards. Draft International

Standards adopted by the joint technical committee are circulated to the national bodies for voting. Publication

as an International Standard requires approval by at least 75 % of the member bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO shall not be held responsible for identifying any or all such patent rights.

ISO/IEC 15504-3 was prepared by Joint Technical Committee ISO/IEC/TC JTC 1, Information technology,

Subcommittee SC 7, Software and system engineering.

This first edition cancels and replaces ISO/IEC TR 15504-4:1998 and ISO/IEC TR 15504-6:1998, which have

been technically revised.

ISO/IEC 15504 consists of the following parts, under the general title Information technology — Process

assessment:
 Part 2: Performing an assessment
 Part 3: Guidance on performing an assessment

 Part 4: Guidance on use for process improvement and process capability determination

The following parts are in preparation:
 Part 1: Concepts and vocabulary
 Part 5: An exemplar Process Assessment Model
The complete series will replace ISO/IEC TR 15504-1 to ISO/IEC TR 15504-9.
© ISO/IEC 2004 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC 15504-3:2004(E)
Introduction

This part of ISO/IEC 15504 assumes familiarity with the normative part of the standard. It is primarily

addressed to the competent assessor and other people, such as the sponsor of the assessment, who need

guidance on ensuring that the requirements for performing an assessment have been met. It will also be of

value to developers of assessment methods and of tools to support an assessment.

ISO/IEC 15504-1 will provide a general introduction to the concepts of process assessment and a glossary for

assessment related terms.

ISO/IEC 15504-2 sets out the minimum requirements for performing an assessment that ensure consistency

and repeatability of the ratings. The requirements help to ensure that the assessment output is self-consistent

and provides evidence to substantiate the ratings and to verify compliance with the requirements.

ISO/IEC 15504-2 defines the Measurement Framework for process capability and the requirements for:

a) performing an assessment;
b) process reference models;
c) process assessment models;
d) verifying conformity of process assessment.

This part of ISO/IEC 15504 provides guidance for interpreting the minimum requirements for performing an

assessment. It also provides guidance on:
 the nature of the measurement framework;
 the role and function of process reference models;
 the requirements for and selection of a process assessment model;
 the selection and use of assessment tools;
 criteria for assessor competence; and
 verification of conformity of process assessment.

ISO/IEC 15504-3 incorporates, as Annex A, an exemplar documented assessment process.

Process assessment, as defined in this International Standard, is based on a two dimensional model

containing a process dimension and a capability dimension. The process dimension is provided by an external

process reference model, which defines a set of processes characterized by statements of process purpose

and process outcomes. The capability dimension consists of a measurement framework comprising six

process capability levels and their associated process attributes.

The assessment output consists of a set of process attribute ratings for each process assessed, termed the

process profile, and may also include the capability level achieved by that process.

Process assessment is applicable in the following circumstances:

a) by or on behalf of an organization with the objective of understanding the state of its own processes for

process improvement;
vi © ISO/IEC 2004 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/IEC 15504-3:2004(E)

b) by or on behalf of an organization with the objective of determining the adequacy of its own processes for

a particular requirement or class of requirements;

c) by or on behalf of an organization with the objective of determining the adequacy of another

organization’s processes for a particular contract or class of contracts.

As described in ISO/IEC 15504-4, process assessment is an activity that can be performed either as part of a

process improvement initiative or as part of a capability determination approach. The formal entry to the

assessment process occurs with the compilation of the assessment input, which defines the purpose of the

assessment (why it is being carried out), the scope of the assessment, what constraints apply to the

assessment and any additional information that needs to be gathered. The assessment input also defines the

responsibility of the various parties in the performance of an assessment. An assessor who has the necessary

competence and skills oversees the assessment. Assessors may be from within the organization, external to

the organization or a combination of both.

An assessment is carried out against a defined assessment input utilizing conformant process assessment

model(s) related to one or more conformant or compliant process reference models. ISO/IEC 15504-5

contains an exemplar process assessment model that is based upon the process reference model defined in

Annex F of ISO/IEC 12207:1995/Amd 1:2002.
© ISO/IEC 2004 – All rights reserved vii
---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO/IEC 15504-3:2004(E)
Information technology — Process assessment —
Part 3:
Guidance on performing an assessment
1 Scope

This part of ISO/IEC 15504 provides guidance on meeting the minimum set of requirements for performing an

assessment contained in ISO/IEC 15504-2.

It provides an overview of process assessment and interprets the requirements through the provision of

guidance on:
a) performing an assessment;
b) the measurement framework for process capability;
c) process reference models and process assessment models;
d) selecting and using assessment tools;
e) competency of assessors;
f) verification of conformity.

This document uses the following schema: the text inside a box is quoted from the normative ISO/IEC 15504-2

and the text following a box is guidance about the normative text. If the quoted text includes a clause

reference, it is understood that ISO/IEC 15504-2 should be referred to.
2 Normative references

The following referenced documents are indispensable for the application of this document. For dated

references, only the edition cited applies. For undated references, the latest edition of the referenced

document (including any amendments) applies.

ISO/IEC 15504-2:2003, Information technology — Process assessment — Part 2: Performing an assessment

ISO/IEC TR 15504-9, Information technology — Software process assessment — Part 9: Vocabulary

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC TR 15504-9 apply.

1) A revision of this document is in preparation under the following reference: ISO/IEC 15504-1.

© ISO/IEC 2004 – All rights reserved 1
---------------------- Page: 8 ----------------------
ISO/IEC 15504-3:2004(E)
4 Overview of Process Assessment
4.1 Introduction

Process assessment is undertaken to understand the capability of an Organizational Unit's current processes.

Process assessment may encompass all or a subset of the processes (e.g. project management,

development, maintenance, configuration management) used by an organization.

Process assessment is performed by one or more assessor(s), one of them (the competent assessor) being

responsible for assuring conformity of the assessment to the requirements in ISO/IEC 15504-2.

The assessment of the Organizational Unit's processes is made utilizing a Process Assessment Model based

upon a Process Reference Model (e.g. ISO/IEC 12207:1995/Amd 1:2002). A Process Reference Model

describes the processes in terms of purpose and outcomes. A Process Assessment Model provides detailed

indicators necessary to assess the achievement of the process attributes.

There is a set of 9 process attributes applicable to any process and characterizing the capability of an

implemented process. They are defined in ISO/IEC 15504-2.

Process attributes are grouped into capability levels that define an ordinal scale of process capability and

provide a rational route for improvement of each individual process. Each process attribute represents

measurable characteristics which support achievement of the process purpose and contribute to meeting the

business goals of the organization.

The fundamental assessment output consists of up to nine process attribute ratings (referred to as a process

profile) for each process assessed.
4.2 Assessment process

An assessment must be conducted according to a documented process that is capable of meeting the

assessment purpose. The key elements of a documented assessment process are closely tied to the

requirements for performing an assessment, defined in Clause 4 of ISO/IEC 15504-2. A brief overview of

these elements is given in the next section while more details on interpreting the activities for performing an

assessment are given in Clause 5 of this part of the standard. Note, however, that the guidance provided does

not constitute a complete, documented assessment process. Its purpose is to provide help in interpreting the

requirements in ISO/IEC 15504-2 and to provide a starting point for selecting or creating a documented

assessment process.

The documented assessment process is the set of instructions for conducting the assessment. A documented

assessment process addresses the following aspects of the conduct of an assessment:

 defining the inputs to an assessment such as purpose, scope, constraints and the identity of the

conformant Process Assessment Model to be used;
 defining key roles and responsibilities;

 providing guidance for planning, data collection, data validation, process attributes rating and reporting of

assessment results;
 recording of assessment outputs.

Clause 5 provides guidance on requirements for the assessment process and 11.3 provides guidance on

verifying conformity of process assessments. In addition, Annex A provides an exemplar documented

assessment process.
2 © ISO/IEC 2004 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC 15504-3:2004(E)
4.3 Measurement Framework for Process Capability

The Measurement Framework defines a six point ordinal scale of increasing process capability ranging from a

process which is not capable of achieving its purpose (process capability level zero) to a process which

optimizes its performance (process capability level 5). Each process has a set of process attribute ratings that

constitute the process profile. Process attribute ratings are expressed using the process attribute scale as

defined in ISO/IEC 15504-2. The process capability level model is described in terms of the process attribute

ratings that must be achieved in order to achieve a particular level. Clause 6 provides guidance on the

Measurement Framework for process capability.
4.4 Process Reference Model

A Process Reference Model describes a set of one or more processes in terms of purpose and expected

outcomes.

The purpose describes the high-level objectives that the process should achieve while the associated

outcomes are the expected results of a successful enactment of the process. The purpose statements in

conjunction with the outcomes describe what to achieve, but do not prescribe how the process should achieve

its objectives. Clause 7 provides guidance on Process Reference Models and 11.1 provides guidance on

verifying conformity or compliance of Process Reference Models.

Annex F of ISO/IEC 12207:1995/Amd 1:2002, as well as ISO/IEC 15288, provide Process Reference Models.

4.5 Process Assessment Model

A Process Assessment Model as defined in this International Standard is one that meets the requirements

specified in ISO/IEC 15504-2. In summary, a conformant Process Assessment Model is one:

 that is suitable for the purpose of process assessment;

 whose relevant elements are mapped to the processes described in a selected conformant Process

Reference Model(s), and to the relevant process attributes defined in ISO/IEC 15504-2;

 that is base upon a set of indicators for use during an assessment to gather the information about

processes and process attributes;

 that has a formal and verifiable mechanism for expressing the information gathered using the Process

Assessment Model into process attribute ratings as defined in ISO/IEC 15504-2.

Clause 8 provides guidance on Process Assessment Models and 11.2 provides guidance on verifying

conformity of Process Assessment Models. The model in ISO/IEC 15504-5 is an exemplar Process

Assessment Model based on the Process Reference Model defined in ISO/IEC 12207:1995/Amd 1:2002.

4.6 Assessment Tools

In any assessment, data will need to be collected, recorded, stored, collated, processed, analysed, retrieved

and presented. This may be supported by various tools. For some assessments, the support tools may be

paper-based (forms, questionnaires, checklists, etc.). In some cases the volume and complexity of the

assessment information may result in the need for computer-based support tools.
Regardless of the form of the supporting tools, their objectives are:

 to help an assessor perform an assessment in a consistent and reliable manner, reducing subjectivity and

contributing to the achievement of valid, useful and comparable assessment results;

 to perform the assessment more efficiently.
© ISO/IEC 2004 – All rights reserved 3
---------------------- Page: 10 ----------------------
ISO/IEC 15504-3:2004(E)

In order to achieve these objectives, the tools need to make a Process Assessment Model and its indicators

accessible to the assessors.
Clause 9 provides guidance on selecting and using assessment tools.
4.7 Competency of assessment team
Assessments are performed by individuals:

 with an adequate mix of education, training and experience on relevant processes,

 who have access to appropriate documented guidance on how to perform the defined assessment

activities,
 who have the competencies to use the tools chosen to support the assessment.

The competency of team members should be verified by the competent assessor before assigning roles and

responsibilities for performing the assessment.
The competency of the competent assessor will be verified by the sponsor.
Clause 10 provides guidance on competency of assessors.
4.8 Assessment approaches
4.8.1 Self-assessment

A self-assessment is carried out by an organization to assess the capability of its own process. The sponsor of

a self-assessment is normally internal to the Organizational Unit as are the member(s) of the assessment

team.
4.8.2 Independent assessment

An independent assessment is an assessment conducted by an assessment team whose member(s) are

independent of the Organizational Unit being assessed. An independent assessment may be conducted, for

example, by an organization on its own behalf as independent verification that its assessment program is

functioning properly; the assessment sponsor will belong to the same organization but not necessarily to the

Organizational Unit being assessed.

The sponsor of an assessment may be external to the Organizational Unit being assessed, such as an

acquirer who wishes to have an independent determination of process capability. The degree of

independence, however, may vary according to the purpose, scope and context of the assessment.

In the case of an external assessment sponsor, mutual agreement between the assessment sponsor and the

assessed organisation is assumed.
4.9 Success factors for process assessment
The following factors are essential to a successful process assessment.
4.9.1 Commitment

The commitment of the sponsor is essential to ensuring that the assessment objectives are met. This

commitment requires that the necessary resources, time and personnel are available to perform the

assessment. The competent assessor will confirm the sponsor's commitment to proceed with the assessment.

4 © ISO/IEC 2004 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/IEC 15504-3:2004(E)
4.9.2 Motivation

The attitude of the organization's management has a significant influence on the outcome of an assessment.

The organization's management, therefore, needs to motivate participants to be open and constructive.

Process assessments focus on the process, not on the performance of Organizational Unit members

implementing the process. The intent is to make the processes more effective in support of the defined

business goals, not to allocate blame to individuals.

Providing feedback and maintaining an atmosphere that encourages open discussion about preliminary

findings during the assessment helps to ensure that the assessment output is meaningful to the

Organizational Unit. The organization needs to recognize that the participants are a principal source of

knowledge and experience about the process and that they are in a good position to identify potential

weaknesses.
4.9.3 Confidentiality

Respect for the confidentiality of the sources of information and documentation gathered during assessment is

essential in order to secure that information. Where interviews or discussions are employed, consideration

should be given to ensuring that participants do not feel threatened or have any concerns regarding

confidentiality. Some of the information provided might be proprietary to the Organizational Unit. It is therefore

important that adequate controls are in place to handle such information.
4.9.4 Relevance

The Organizational Unit members should believe that the assessment will result in some benefits that will

accrue to them directly or indirectly.
4.9.5 Credibility

The sponsor, the management and the staff of the Organizational Unit should all believe that the assessment

will deliver a result which is objective and is representative of the assessment scope. It is important that all

parties can be confident that the assessors have adequate assessment experience, are sufficiently impartial

and have an adequate understanding of the Organizational Unit and its business to conduct the assessment.

5 Guidance on Requirements for Performing an Assessment
5.1 General

The requirements for performing an assessment defined in ISO/IEC 15504-2 aim at achieving a greater

degree of uniformity in the approach to process assessment, so as to maximize the reliability of different

approaches and provide a degree of comparability between the results of different assessments. It may make

sense to verify the requirements prior to and during the course of the assessment so that corrective actions

can occur.
5.2 The assessment process activities

The assessment shall be conducted according to a documented assessment process that is capable of

meeting the assessment purpose.
[ISO/IEC 15504-2, 4.2.1]
© ISO/IEC 2004 – All rights reserved 5
---------------------- Page: 12 ----------------------
ISO/IEC 15504-3:2004(E)
This clause addresses two different aspects of process assessment:

 The documented assessment process shall be capable of meeting the assessment purpose;

 The assessment shall be conducted in accordance with the documented assessment process.

The assessment purpose is defined as one of the assessment inputs [ISO/IEC 15504-2, 4.4.2 b)]; this

International Standard defines assessment purpose as “a statement, provided as part of

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.