INTERNATIONAL ISO/IEC

STANDARD 15504-2

First edition
2003-10-15

Software engineering — Process

assessment —
Part 2:
Performing an assessment
Génie logiciel — Procédés d'évaluation —
Partie 2: Exécution d'une évaluation

Reference number
ISO/IEC 15504-2:2003(E)

© ISO/IEC 2003
ISO/IEC 15504-2:2003(E)

PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

© ISO/IEC 2003
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail [email protected]
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2003 — All rights reserved

 ISO/IEC 15504-2:2003(E)

Contents Page

Foreword ............................................................................................................................................................ iv
Introduction ....................................................................................................................................................... iv
1 Scope...................................................................................................................................................... 1
2 Normative references ........................................................................................................................... 1
3 Terms and definitions........................................................................................................................... 2
4 Performing an assessment .................................................................................................................. 2
4.1 General ................................................................................................................................................... 2
4.2 The assessment process ..................................................................................................................... 2
4.3 Roles and responsibilities.................................................................................................................... 4
4.4 Defining the initial assessment input ................................................................................................. 4
4.5 Recording the assessment output ...................................................................................................... 6
5 Measurement framework for process capability ............................................................................... 6
5.1 Level 0: Incomplete process ................................................................................................................ 6
5.2 Level 1: Performed process ................................................................................................................. 6
5.3 Level 2: Managed process ................................................................................................................... 7
5.4 Level 3: Established process............................................................................................................... 8
5.5 Level 4: Predictable process ............................................................................................................... 9
5.6 Level 5: Optimizing process ................................................................................................................ 9
5.7 Rating process attributes................................................................................................................... 10
5.8 Process capability level model.......................................................................................................... 11
6 Models for process assessment ....................................................................................................... 11
6.1 Introduction ......................................................................................................................................... 11
6.2 Process Reference Models ................................................................................................................ 12
6.3 Process Assessment Models ............................................................................................................ 13
7 Mechanisms for verification of conformity ...................................................................................... 15
7.1 Introduction ......................................................................................................................................... 15
7.2 Verifying conformity of Process Reference Models........................................................................ 16
7.3 Verifying conformity of Process Assessment Models.................................................................... 16
7.4 Verifying conformity of process assessments ................................................................................ 16

© ISO/IEC 2003 — All rights reserved iii

ISO/IEC 15504-2:2003(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.

ISO/IEC 15504-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and system engineering.

This first edition of ISO/IEC 15504-2 cancels and replaces ISO/IEC TR 15504-2:1998 and
ISO/IEC TR 15504-3:1998, which have been technically revised.

ISO/IEC 15504 consists of the following parts, under the general title Software engineering — Process
assessment:

 Part 2: Performing an assessment

 Part 3: Guidance on performing an assessment

 Part 4: Guidance on use for process improvement and process capability determination

The following parts are in preparation:

 Part 1: Concepts and vocabulary

 Part 5: An exemplar Process Assessment Model

The complete series will replace ISO/IEC TR 15504-1 to ISO/IEC TR 15504-9.

iv © ISO/IEC 2003 — All rights reserved

 ISO/IEC 15504-2:2003(E)

Introduction
This part of ISO/IEC 15504 defines the basis for process assessment. Other parts of ISO/IEC 15504 contain
guidance that will provide a more detailed understanding of the subject. It is primarily addressed to the
competent assessor and other stakeholders, such as the sponsor of the assessment, who need to be assured
that the requirements of this International Standard have been met. It will also be of value to developers of
assessment methods and of tools to support an assessment.

ISO/IEC 15504-2 sets out the minimum requirements for performing an assessment that ensure consistency
and repeatability of the ratings. The requirements help to ensure that the assessment output is self-consistent
and provides evidence to substantiate the ratings and to verify compliance with the requirements.

ISO/IEC 15504-1 provides a general introduction to the concepts of process assessment and a glossary for
assessment related terms.

ISO/IEC 15504-3 provides guidance for interpreting the requirements for performing an assessment.

This part of ISO/IEC 15504 identifies the measurement framework for process capability and the requirements
for:

a) performing an assessment;

b) Process Reference Models;

c) Process Assessment Models;

d) verifying conformity of process assessment.

Process assessment, as defined in this International Standard, is based on a two dimensional model
containing a process dimension and a capability dimension. The process dimension is provided by an external
Process Reference Model, which defines a set of processes characterized by statements of process purpose
and process outcomes. The capability dimension consists of a measurement framework comprising six
process capability levels and their associated process attributes.

The assessment output consists of a set of process attribute ratings for each process assessed, termed the
process profile, and may also include the capability level achieved by that process.

Process assessment is applicable in the following circumstances:

a) by or on behalf of an organization with the objective of understanding the state of its own processes for
process improvement;

b) by or on behalf of an organization with the objective of determining the suitability of its own processes for
a particular requirement or class of requirements;

c) by or on behalf of one organization with the objective of determining the suitability of another
organization’s processes for a particular contract or class of contracts.

As described in ISO/IEC 15504-4, process assessment is an activity that can be performed either as part of a
process improvement initiative or as part of a capability determination approach. The formal entry to the
assessment process occurs with the compilation of the assessment input which defines the purpose of the
assessment (why it is being carried out), the scope of the assessment, what constraints apply to the
assessment and any additional information that needs to be gathered. The assessment input also defines the
responsibility of the various parties in the performance of an assessment. An assessor who has the necessary

© ISO/IEC 2003 — All rights reserved v

ISO/IEC 15504-2:2003(E)

competence and skills oversees the assessment. Assessors may be from within the organization, external to
the organization or a combination of both.

An assessment is carried out against a defined assessment input utilizing conformant Process Assessment
Model(s) related to one or more conformant or compliant Process Reference Models. ISO/IEC TR 15504-5
contains an exemplar Process Assessment Model that is based upon the Process Reference Model defined in
ISO/IEC 12207:1995/Amd.1, Annex F.

vi © ISO/IEC 2003 — All rights reserved

INTERNATIONAL STANDARD ISO/IEC 15504-2:2003(E)

Software engineering — Process assessment —

Part 2:
Performing an assessment

1 Scope
This part of ISO/IEC 15504 addresses the assessment of process and the application of process assessment
for improvement and capability determination. It defines the minimum set of requirements for performing an
assessment that will ensure assessment results are objective, impartial, consistent, repeatable and
representative of the assessed processes. Results of conformant process assessments may be compared
when the scopes of the assessments are considered to be similar. For guidance on this matter, refer to
ISO/IEC 15504-4.

The requirements for process assessment defined in this part of ISO/IEC 15504 form a structure which:

a) facilitates self-assessment;

b) provides a basis for use in process improvement and capability determination;

c) takes into account the context in which the assessed process is implemented;

d) produces a process rating;

e) addresses the ability of the process to achieve its purpose;

f) is applicable across all application domains and sizes of organization;

g) may provide an objective benchmark between organizations.

NOTE Copyright release: users of this part of ISO/IEC 15504 may freely reproduce relevant material as part of any
Process Assessment Model, or as part of any demonstration of conformance with this International Standard, so that it can
be used for its intended purpose.

2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.

ISO/IEC 12207:1995/Amd.1:2002, Information technology — Software life cycle processes

ISO/IEC TR 15504-9, Information technology — Software process assessment — Part 9: Vocabulary1)

ISO/IEC 15288:2002, Systems engineering — System life cycle processes

1) A revision of this document is in preparation under the following reference: ISO/IEC 15504-1.

© ISO/IEC 2003 — All rights reserved 1

ISO/IEC 15504-2:2003(E)

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC TR 15504-9 apply.

4 Performing an assessment

4.1 General

The purpose of process assessment is to understand the capability of the processes implemented by an
organization. As a result of successful implementation of process assessment:

a) information and data that characterize the processes assessed is determined;

b) the extent to which the processes achieve the process purpose is determined.

This Clause of ISO/IEC 15504-2 sets out the requirements for an assessment or assessments conformant
with this International Standard. The requirements help to ensure that the assessment output is self-consistent
and provides evidence to substantiate the ratings. Figure 1 shows the logical arrangement of the normative
elements of this International Standard.

NOTE Higher levels of capability may give greater confidence that an organization’s business goals will be met; lower
levels of capability may indicate potential sources of risk.

Process Reference Model Measurement Framework

• Domain and Scope • Capability Levels
• Process Purpose • Process Attributes
• Process Outcomes • Rating Scale
Process
Assessment Model
•i di t
Scope
• Indicators
• Mapping
• Translation

INITIAL INPUT ASSESSMENT PROCESS OUTPUT

• Purpose Planning • Date
• Scope Data Collection • Assessment Input
• Constraints Data Validation • Identification of
• Identities Process Attribute Rating Evidence
• Approach Reporting • Assessment Process used
• Assessor competence • Process Profiles
criteria • Additional information
• Additional information

Roles and Responsibilities

• Sponsor
• Competent Assessor
• Assessor(s)

Figure 1 — The normative elements of this International Standard

4.2 The assessment process

4.2.1 The assessment shall be conducted according to a documented assessment process that is capable
of meeting the assessment purpose.

2 © ISO/IEC 2003 — All rights reserved

 ISO/IEC 15504-2:2003(E)

4.2.2 The documented assessment process shall contain at minimum the following activities:

a) Planning — a plan for the assessment shall be developed and documented, including at minimum:

1) the required inputs specified in this part of ISO/IEC 15504;

2) the activities to be performed in conducting the assessment;

3) the resources and schedule assigned to these activities;

4) the identity and defined responsibilities of the participants in the assessment;

5) the criteria to verify that the requirements of this International Standard have been met;

6) a description of the planned assessment outputs.

b) Data collection — data required for evaluating the processes within the scope of the assessment (see
4.4.2 c)) and additional information (see 4.4.2 j)) shall be collected in a systematic manner, applying at
minimum the following:

1) the strategy and techniques for the selection, collection, analysis of data and justification of the
ratings shall be explicitly identified and shall be demonstrable;

2) correspondence shall be established between the organizational unit’s processes, specified in the
assessment scope, and the elements in the Process Assessment Model;

3) each process identified in the assessment scope shall be assessed on the basis of objective
evidence;

4) the objective evidence gathered for each attribute for each process assessed shall be sufficient to
meet the assessment purpose and scope;

5) the identification of the objective evidence gathered shall be recorded and maintained to provide the
basis for verification of the ratings.

c) Data validation — the data collected shall be validated to:

1) confirm that the evidence collected is objective;

2) ensure that the objective evidence is sufficient and representative to cover the scope and purpose of
the assessment;

3) ensure that the data as a whole is consistent.

d) Process attribute rating — a rating shall be assigned based on validated data for each process attribute:

1) the set of process attribute ratings shall be recorded as the process profile for the defined
organizational unit;

2) during the assessment, the defined set of assessment indicators in the Process Assessment Model
shall be used to support the assessors’ judgement in rating process attributes in order to provide the
basis for repeatability across assessments;

3) the decision-making process that is used to derive rating judgements shall be recorded;

4) traceability shall be maintained between an attribute rating and the objective evidence used in
determining that rating;

© ISO/IEC 2003 — All rights reserved 3

ISO/IEC 15504-2:2003(E)

5) for each process attribute rated, the relationship between the indicators and the objective evidence
shall be recorded.

e) Reporting — the assessment results, including at minimum the outputs specified in 4.5, shall be
documented and reported to the assessment sponsor or to their delegated representative.

4.3 Roles and responsibilities

4.3.1 The sponsor of the assessment shall:

a) verify that the individual who is to take responsibility for conformity of the assessment is a competent
assessor;

b) ensure that resources are made available to conduct the assessment;

c) ensure that the assessment team has access to the relevant resources.

4.3.2 The competent assessor shall:

a) confirm the sponsor's commitment to proceed with the assessment;

b) ensure that the assessment is conducted in accordance with the requirements of this part of
ISO/IEC 15504;

c) ensure that participants in the assessment are briefed on the purpose, scope and approach of the
assessment;

d) ensure that all members of the assessment team have knowledge and skills appropriate to their roles;

e) ensure that all members of the assessment team have access to appropriate documented guidance on
how to perform the defined assessment activities;

f) ensure that the assessment team has the competencies to use the tools chosen to support the
assessment;

g) confirm receipt of the assessment result deliverables by the sponsor;

h) on completion of the assessment, verify and document the extent of conformance of the assessment to
ISO/IEC 15504 (see also 7.4).

4.3.3 The assessor(s) shall:

a) carry out assigned activities associated with the assessment, e.g. detailed planning, data collection, data
validation and reporting;

b) rate the process attributes.

4.4 Defining the initial assessment input

4.4.1 The assessment input shall be defined prior to the data collection phase of an assessment and
approved by the sponsor of the assessment or the sponsor's delegated authority.

4.4.2 At minimum, the assessment input shall specify:

a) the identity of the sponsor of the assessment and the sponsor’s relationship to the organizational unit
being assessed;

b) the assessment purpose;

4 © ISO/IEC 2003 — All rights reserved

 ISO/IEC 15504-2:2003(E)

c) the assessment scope including:

1) the processes to be investigated within the organizational unit;

2) the highest capability level to be investigated for each individual process within the assessment
scope;

3) the organizational unit that deploys the processes;

4) the context which includes:

i) the size of the organizational unit;

ii) the application domain of the products or services of the organizational unit;

iii) key characteristics (e.g. size, criticality, complexity and quality) of the products or services of the
organizational unit;

d) the assessment approach;

e) the assessment constraints considering, at minimum:

1) availability of key resources;

2) the maximum duration of the assessment;

3) specific processes or organizational units to be excluded from the assessment;

4) the quantity and type of objective evidence to be examined in the assessment;

5) the ownership of the assessment outputs and any restrictions on their use;

6) controls on information resulting from a confidentiality agreement;

f) the identity of the Process Assessment Model (including the identity of the Process Reference Model(s)
used) that meets the requirements defined in 6.3;

1) if the Process Reference Model(s) includes system or software engineering processes then the
relationship of these processes with ISO/IEC 15288 or ISO/IEC 12207:1995/Amd.1:2002, Annex F
shall be defined;

g) the identity of the competent assessor;

h) the criteria for competence of the assessor who is responsible for the assessment;

i) the identity and roles of assessees, the assessment team and assessment support staff with specific
responsibilities for the assessment;

j) any additional information to be collected during the assessment to support process improvement or
process capability determination, e.g. specific data (or measurement results) that are needed to quantify
the organization's ability to meet a particular business goal (this may also include information detailed at
6.3.5 and associated note).

4.4.3 Any changes in the assessment input shall be agreed with the sponsor or the sponsor's delegated
authority and documented in the assessment record.

© ISO/IEC 2003 — All rights reserved 5

ISO/IEC 15504-2:2003(E)

4.5 Recording the assessment output

4.5.1 Information which is pertinent to the assessment and will support understanding of the output of the
assessment shall be compiled and included in the assessment record for retention by the sponsor or their
delegated authority.

4.5.2 At minimum, the assessment record shall contain:

a) the date of the assessment;

b) the assessment input;

c) the identification of the objective evidence gathered;

d) identification of the documented assessment process;

e) the set of process profiles resulting from the assessment (i.e. one profile for each process assessed);

f) the identification of any additional information collected during the assessment as specified in 4.4.2 j).

5 Measurement framework for process capability

This Clause of ISO/IEC 15504-2 defines a measurement framework for the assessment of process capability.
Process capability is defined on a six point ordinal scale that enables capability to be assessed from the
bottom of the scale, Incomplete, through to the top end of the scale, Optimizing. The scale represents
increasing capability of the implemented process, from not achieving the process purpose through to meeting
current and projected business goals.

The measurement framework provides a schema for use in characterizing the capability of an implemented
process with respect to a Process Assessment Model.

Within this measurement framework, the measure of capability is based upon a set of process attributes (PA).
Each attribute defines a particular aspect of process capability. The extent of process attribute achievement is
characterized on a defined rating scale. The combination of process attribute achievement and a defined
grouping of process attributes together determine the process capability level.

Although PAs are defined in such a way that they can be rated independently of one another, this does not
imply that there are no other relationships between them, e.g. the achievement of one attribute may be linked
to the achievement of another attribute within the capability dimension.

NOTE The listing of elements within the PAs does not imply any sequencing or priority, but is for identification only.

5.1 Level 0: Incomplete process

The process is not implemented, or fails to achieve its process purpose.

At this level there is little or no evidence of any systematic achievement of the process purpose.

5.2 Level 1: Performed process

The implemented process achieves its process purpose.

The following attribute of the process demonstrates the achievement of this level:

6 © ISO/IEC 2003 — All rights reserved

 ISO/IEC 15504-2:2003(E)

5.2.1 PA 1.1 Process performance attribute

The process performance attribute is a measure of the extent to which the process purpose is achieved. As a
result of full achievement of this attribute:

a) the process achieves its defined outcomes.

5.3 Level 2: Managed process

The previously described Performed process is now implemented in a managed fashion (planned, monitored
and adjusted) and its work products are appropriately established, controlled and maintained.

The following attributes of the process, together with the previously defined attributes, demonstrate the
achievement of this level.

5.3.1 PA 2.1 Performance management attribute

The performance management attribute is a measure of the extent to which the performance of the process is
managed. As a result of full achievement of this attribute:

a) objectives for the performance of the process are identified;

b) performance of the process is planned and monitored;

c) performance of the process is adjusted to meet plans;

d) responsibilities and authorities for performing the process are defined, assigned and communicated;

e) resources and information necessary for performing the process are identified, made available, allocated
and used;

f) interfaces between the involved parties are managed to ensure both effective communication and also
clear assignment of responsibility.

5.3.2 PA 2.2 Work product management attribute

The work product management attribute is a measure of the extent to which the work products produced by
the process are appropriately managed. As a result of full achievement of this attribute:

a) requirements for the work products of the process are defined;

b) requirements for documentation and control of the work products are defined;

c) work products are appropriately identified, documented, and controlled;

d) work products are reviewed in accordance with planned arrangements and adjusted as necessary to meet
requirements.

NOTE 1 Requirements for documentation and control of work products may include requirements for the identification
of changes and revision status, approval and re-approval of work products, and for making relevant versions of applicable
work products available at points of use.

NOTE 2 The work products referred to in this Clause are those that result from the achievement of the process
outcomes.

© ISO/IEC 2003 — All rights reserved 7

ISO/IEC 15504-2:2003(E)

5.4 Level 3: Established process

The previously described Managed process is now implemented using a defined process that is capable of
achieving its process outcomes.

The following attributes of the process, together with the previously defined attributes, demonstrate the
achievement of this level.

5.4.1 PA 3.1 Process definition attribute

The process definition attribute is a measure of the extent to which a standard process is maintained to
support the deployment of the defined process. As a result of full achievement of this attribute:

a) a standard process, including appropriate tailoring guidelines, is defined that describes the fundamental
elements that must be incorporated into a defined process;

b) the sequence and interaction of the standard process with other processes is determined;

c) required competencies and roles for performing a process are identified as part of the standard process;

d) required infrastructure and work environment for performing a process are identified as part of the
standard process;

e) suitable methods for monitoring the effectiveness and suitability of the process are determined.

NOTE A standard process may be used as-is when deploying a defined process, in which case tailoring guidelines
would not be necessary.

5.4.2 PA 3.2 Process deployment attribute

The process deployment attribute is a measure of the extent to which the standard process is effectively
deployed as a defined process to achieve its process outcomes. As a result of full achievement of this
attribute:

a) a defined process is deployed based upon an appropriately selected and/or tailored standard process;

b) required roles, responsibilities and authorities for performing the defined process are assigned and
communicated;

c) personnel performing the defined process are competent on the basis of appropriate education, training,
and experience;

d) required resources and information necessary for performing the defined process are made available,
allocated and used;

e) required infrastructure and work environment for performing the defined process are made available,
managed and maintained;

f) appropriate data are collected and analysed as a basis for understanding the behaviour of, and to
demonstrate the suitability and effectiveness of the process, and to evaluate where continuous
improvement of the process can be made.

NOTE Competency results from a combination of knowledge, skills and personal attributes that are gained through
education, training and experience.

8 © ISO/IEC 2003 — All rights reserved

 ISO/IEC 15504-2:2003(E)

5.5 Level 4: Predictable process

The previously described Established process now operates within defined limits to achieve its process
outcomes.

The following attributes of the process, together with the previously defined attributes, demonstrate the
achievement of this level.

5.5.1 PA 4.1 Process measurement attribute

The process measurement attribute is a measure of the extent to which measurement results are used to
ensure that performance of the process supports the achievement of relevant process performance objectives
in support of defined business goals. As a result of full achievement of this attribute:

a) process information needs in support of relevant defined business goals are established;

b) process measurement objectives are derived from process information needs;

c) quantitative objectives for process performance in support of relevant business goals are established;

d) measures and frequency of measurement are identified and defined in line with process measurement
objectives and quantitative objectives for process performance;

e) results of measurement are collected, analysed and reported in order to monitor the extent to which
the quantitative objectives for process performance are met;

f) measurement results are used to characterize process performance.

NOTE 1 Information needs typically reflect management, technical, project, process or product needs.

NOTE 2 Measures may be either process measures or product measures or both.

5.5.2 PA 4.2 Process control attribute

The process control attribute is a measure of the extent to which the process is quantitatively managed to
produce a process that is stable, capable, and predictable within defined limits. As a result of full achievement
of this attribute:

a) analysis and control techniques are determined and applied where applicable;

b) control limits of variation are established for normal process performance;

c) measurement data are analysed for special causes of variation;

d) corrective actions are taken to address special causes of variation;

e) control limits are re-established (as necessary) following corrective action.

5.6 Level 5: Optimizing process

The previously described Predictable process is continuously improved to meet relevant current and projected
business goals.

The following attributes of the process, together with the previously defined attributes, demonstrate the
achievement of this level.

© ISO/IEC 2003 — All rights reserved 9

ISO/IEC 15504-2:2003(E)

5.6.1 PA 5.1 Process innovation attribute

The process innovation attribute is a measure of the extent to which changes to the process are identified
from analysis of common causes of variation in performance, and from investigations of innovative
approaches to the definition and deployment of the process. As a result of full achievement of this attribute:

a) process improvement objectives for the process are defined that support the relevant business goals;

b) appropriate data are analysed to identify common causes of variations in process performance;

c) appropriate data are analysed to identify opportunities for best practice and innovation;

d) improvement opportunities derived from new technologies and process concepts are identified;

e) an implementation strategy is established to achieve the process improvement objectives.

5.6.2 PA 5.2 Process optimization attribute

The process optimization attribute is a measure of the extent to which changes to the definition, management
and performance of the process result in effective impact that achieves the relevant process improvement
objectives. As a result of full achievement of this attribute:

a) impact of all proposed changes is assessed against the objectives of the defined process and standard
process;

b) implementation of all agreed changes is managed to ensure that any disruption to the process
performance is understood and acted upon;

c) effectiveness of process change on the basis of actual performance is evaluated against the defined
product requirements and process objectives to determine whether results are due to common or special
causes.

5.7 Rating process attributes

5.7.1 Process attribute rating scale

The extent of achievement of a process attribute is measured using an ordinal scale of measurement as
defined below.

5.7.2 Process attribute rating values

The ordinal rating scale defined below shall be used to express the levels of achievement of the process
attributes.

N Not achieved

There is little or no evidence of achievement of the defined attribute in the assessed process.

P Partially achieved

There is some evidence of an approach to, and some achievement of, the defined attribute in the assessed
process. Some aspects of achievement of the attribute may be unpredictable.

L Largely achieved

There is evidence of a systematic approach to, and significant achievement of, the defined attribute in the
assessed process. Some weakness related to this attribute may exist in the assessed process.

10 © ISO/IEC 2003 — All rights reserved

 ISO/IEC 15504-2:2003(E)

F Fully achieved

There is evidence of a complete and systematic approach to, and full achievement of, the defined attribute in
the assessed process. No significant weaknesses related to this attribute exist in the assessed process.

The ordinal points defined above shall be understood in terms of a percentage scale representing extent of
achievement.

The corresponding values shall be:

N Not achieved 0 to 15 % achievement

P Partially achieved > 15 % to 50 % achievement

L Largely achieved > 50 % to 85% achievement

F Fully achieved > 85 % to 100 % achievement

5.7.3 Process attribute ratings

Each process attribute shall be rated using the ordinal rating scale defined above. A process shall be
assessed up to and including the highest capability level defined in the assessment scope.

NOTE The set of process attribute ratings for a process forms the process profile for that process. The output of an
assessment includes the set of process profiles for all assessed processes.

5.7.4 Referencing of process attribute ratings

Each process attribute rating shall be given an identifier that records the process name and the process
attribute assessed.

NOTE The ratings may be represented in any format, such as a matrix or as part of a database, provided that the
representation allows the identification of individual ratings according to this referencing scheme.

5.8 Process capability level model

5.8.1 Achievement of process capability levels

The capability level achieved by a process shall be derived from the process attribute ratings for that process
according to the process capability level model defined in Table 1.

NOTE The purpose of this requirement is to ensure uniformity of meaning when a process capability level is quoted
for a process.

6 Models for process assessment

6.1 Introduction

This Clause of ISO/IEC 15504-2 sets out the requirements that shall be met by process models used to
support process assessment. A Process Assessment Model shall be based upon a suitable reference source
of process definitions — a Process Reference Model as described in 6.2. The requirements to be met by a
Process Assessment Model in order to claim conformance through its relationship with a specific Process
Reference Model or models are defined in 6.3. The requirements for conformance of the Process Assessment
Model enable comparison of outputs from assessments based upon the same Process Reference Model,
using different Process Assessment Models.

© ISO/IEC 2003 — All rights reserved 11

ISO/IEC 15504-2:2003(E)

6.2 Process Reference Models

6.2.1 Introduction

This Clause of ISO/IEC 15504-2 sets out the requirements for a Process Reference Model.

Table 1 — Capability level ratings

Scale Process Attributes Rating

Level 1 Process Performance Largely or fully

Level 2 Process Performance Fully
Performance Management Largely or fully
Work Product Management Largely or fully
Level 3 Process Performance Fully
Performance Management Fully
Work Product Management Fully
Process Definition Largely or fully
Process Deployment Largely or fully
Level 4 Process Performance Fully
Performance Management Fully
Work Product Management Fully
Process Definition Fully
Process Deployment Fully
Process Measurement Largely or fully
Process Control Largely or fully
Level 5 Process Performance Fully
Performance Management Fully
Work Product Management Fully
Process Definition Fully
Process Deployment Fully
Process Measurement Fully
Process Control Fully
Process Innovation Largely or fully
Process Optimization Largely or fully

6.2.2 Process Reference Model purpose and scope

Process Reference Models provide the mechanism whereby defined Process Assessment Models are related
to the measurement framework defined by this part of ISO/IEC 15504 (see Figure 1). A Process Reference
Model is defined external to this part of ISO/IEC 15504 and provides the basis for one or more Process
Assessment Models. Process Assessment Model(s) are based on the process descriptions provided in
Process Reference Models. In order to assure that assessment results are translatable into an ISO/IEC 15504
process profile in a repeatable and reliable manner, Process Reference Models shall adhere to certain
requirements.

12 © ISO/IEC 2003 — All rights reserved

 ISO/IEC 15504-2:2003(E)

6.2.3 Requirements for Process Reference Models

6.2.3.1 A Process Reference Model shall contain:

a) a declaration of the domain of the Process Reference Model;

b) a description, meeting the requirements of 6.2.4 of this International Standard, of the processes within the
scope of the Process Reference Model;

c) a description of the relationship between the Process Reference Model and its intended context of use;

d) a description of the relationship between the processes defined within the Process Reference Model.

6.2.3.2 The Process Reference Model shall document the community of interest of the model and the
actions taken to achieve consensus within that community of interest:

a) the relevant community of interest shall be characterized or specified;

b) the extent of achievement of consensus shall be documented;

c) if no actions are taken to achieve consensus, a statement to this effect shall be documented.

6.2.3.3 The processes defined within a Process Reference Model shall have unique process descriptions
and identification.

NOTE Any elements contained in a Process Reference Model that are not included in this Clause are to be
considered informative.

6.2.4 Process descriptions

The fundamental elements of a Process Reference Model are the descriptions of the processes within the
scope of the model. The process descriptions in the Process Reference Model incorporate a statement of the
purpose of the process which describes at a high level the overall objectives of performing the process,
together with the set of outcomes which demonstrate successful achievement of the process purpose. These
process descriptions shall meet the following requirements:

a) a process shall be described in terms of its purpose and outcomes;

b) in any process description the set of process outcomes shall be necessary and sufficient to achieve the
purpose of the process;

c) process descriptions shall be such that no aspects of the measurement framework as described in
Clause 5 of this International Standard beyond level 1 are contained or implied.

An outcome statement describes one of the following:

 production of an artefact;

 a significant change of state;

 meeting of specified constraints, e.g. requirements, goals etc.

6.3 Process Assessment Models

6.3.1 Introduction

A Process Assessment Model is related to one or more Process Reference Models. It forms the basis for the
collection of evidence and rating of process capability.

© ISO/IEC 2003 — All rights reserved 13

ISO/IEC 15504-2:2003(E)

A Process Assessment Model provides a two-dimensional view of process capability. In one dimension, it
describes a set of process entities that relate to the processes defined in the specific Process Reference
Model(s); this is termed the process dimension. In the other dimension, the Process Assessment Model
describes capabilities that relate to the process capability levels and process attributes defined in this
International Standard; this is termed the capability dimension. The relationship is shown diagrammatically in
Figure 2 (process dimension on the X axis, and capability dimension on the Y axis).

Capability Scale
Measurement Framework Process
mapping

• Capability Levels
• Process Attributes Assessment
• Rating Scale Model

1 2 3 ................... n
Process Entities

mapping

Process Reference Model

• Domain and Scope
• Processes with Purpose and Outcomes

Figure 2 — Process Assessment Model relationships

In order to assure that assessment results are translatable into an ISO/IEC 15504 process profile in a
repeatable and reliable manner, Process Assessment Models shall adhere to certain requirements. A Process
Assessment Model shall contain a definition of its purpose, scope and elements; its mapping to the
measurement framework and specified Process Reference Model(s); and a mechanism for consistent
expression of results.

A Process Assessment Model is considered suitable for the purpose of assessing process capability by
conforming to 6.3.2, 6.3.3 and 6.3.4.

6.3.2 Process Assessment Model scope

6.3.2.1 A Process Assessment Model shall relate to at least one process from the specified Process
Reference Model(s).

6.3.2.2 A Process Assessment Model shall address, for a given process, all, or a continuous subset, of
the levels (starting at level 1) of the measurement framework for process capability for each of the processes
within its scope.

NOTE It would be permissible for a model, for example, to address solely level 1, or to address levels 1, 2 and 3, but
it would not be permissible to address levels 2 and 3 without level 1.

14 © ISO/IEC 2003 — All rights reserved

 ISO/IEC 15504-2:2003(E)

6.3.2.3 A Process Assessment Model shall declare its scope of coverage in the terms of:

a) the selected Process Reference Model(s);

b) the selected processes taken from the Process Reference Model(s);

c) the capability levels selected from the measurement framework.

6.3.3 Process Assessment Model indicators

A Process Assessment Model shall be based on a set of indicators that explicitly addresses the purposes and
outcomes, as defined in the selected Process Reference Model, of all the processes within the scope of the
Process Assessment Model; and that demonstrates the achievement of the process attributes within the
capability level scope of the Process Assessment Model. The indicators focus attention on the implementation
of the processes in the scope of the model.

6.3.4 Mapping Process Assessment Models to Process Reference Models

A Process Assessment Model shall provide an explicit mapping from the relevant elements of the model to the
processes of the selected Process Reference Model and to the relevant process attributes of the
measurement framework.

The mapping shall be complete, clear and unambiguous. The mapping of the indicators within the Process
Assessment Model shall be:

a) the purposes and outcomes of the processes in the specified Process Reference Model;

b) the process attributes (including all of the results of achievements listed for each process attribute) in the
measurement framework.

This enables Process Assessment Models that are structurally different to be related to the same Process
Reference Model.

6.3.5 Expression of assessment results

A Process Assessment Model shall provide a formal and verifiable mechanism for representing the results of
an assessment as a set of process attribute ratings for each process selected from the specified Process
Reference Model(s).

NOTE The expression of results may involve a direct translation of Process Assessment Model ratings into a process
profile as defined in this International Standard, or the conversion of the data collected during the assessment (with the
possible inclusion of additional information) through further judgement on the part of the assessor.

7 Mechanisms for verification of conformity

7.1 Introduction

This Clause is concerned with the mechanisms used to verify that the requirements of this part of
ISO/IEC 15504 have been fulfilled.

There are three types of conformance to the requirements of this part of ISO/IEC 15504:

 conformance of Process Reference Models;

 conformance of Process Assessment Models;

 conformance of process assessments.

© ISO/IEC 2003 — All rights reserved 15

ISO/IEC 15504-2:2003(E)

Conformity to the requirements of this part of ISO/IEC 15504 may be verified by:

 self-declaration (first party);

 a second party;

 a third party.

7.2 Verifying conformity of Process Reference Models

Since a Process Reference Model may be the material produced by a community of interest, or a relevant
International or National Standard, or Publicly Available Specification, verification of the extent to which such
models meet the requirements of this International Standard may be through either demonstration of
conformity or demonstration of compliance.

The party performing verification of conformity shall obtain objective evidence that the Process Reference
Model fulfils the requirements set forth in 6.2 of this part of ISO/IEC 15504. Objective evidence of
conformance shall be retained.

NOTE 1 Conformity is fulfilment by a product, process or service of specified requirements. Compliance is adherence
to those requirements contained in International Standards and Technical Reports which specify requirements to be
fulfilled by other International Standards, Technical Reports or International Standardized Profiles (ISPs) (e.g. reference
models and methodologies).

NOTE 2 This part of ISO/IEC 15504 is not intended to be used in any scheme for the certification/registration of the
process capability of an organization.

7.3 Verifying conformity of Process Assessment Models

The party performing verification shall obtain objective evidence that the Process Assessment Model fulfils the
requirements set forth in 6.3 of this part of ISO/IEC 15504. Objective evidence of conformance shall be
retained.

7.4 Verifying conformity of process assessments

The party performing verification shall ensure that the assessment has conformed with the requirements
stated in Clause 4 of this part of ISO/IEC 15504. Objective evidence of conformance shall be retained.

16 © ISO/IEC 2003 — All rights reserved

ISO/IEC 15504-2:2003(E)

ICS 35.080
Price based on 16 pages

© ISO/IEC 2003 — All rights reserved