BS ISO IEC 29169-2016 Information technology Process assessment Application of conformity assessment methodology to the assessment to process quality characteristics and o.pdf

1、BSI Standards Publication BS ISO/IEC 29169:2016 Information technology Process assessment Application of conformity assessment methodology to the assessment to process quality characteristics and organizational maturityBS ISO/IEC 29169:2016 BRITISH STANDARD National foreword This British Standard is

2、 the UK implementation of ISO/IEC 29169:2016. The UK participation in its preparation was entrusted to Technical Committee IST/15, Software and systems engineering. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to

3、 include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 71807 6 ICS 35.080 Compliance with a British Standard cannot confer immunity from legal obligations.

4、This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 April 2016. Amendments issued since publication Date Text affectedBS ISO/IEC 29169:2016 Information technology Process assessment Application of conformity assessment methodology to the asses

5、sment to process quality characteristics and organizational maturity Technologies de linformation valuation du processus Application de la mthodologie de lvaluation de la conformit lvaluation de circuler les caractristiques de qualit et la maturit organisationnelle INTERNATIONAL STANDARD ISO/IEC 291

6、69 Reference number ISO/IEC 29169:2016(E) First edition 2016-04-01 ISO/IEC 2016 BS ISO/IEC 29169:2016ii ISO/IEC 2016 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2016, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced

7、or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO

8、copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 29169:2016(E)BS ISO/IEC 29169:2016ISO/IEC 29169:2016(E)Foreword iv Introduction v 1 Scope . 1 2 Normative references 1 3 T erms and definit

9、ions . 1 4 Concepts of conformity assessment . 2 4.1 Conformity assessment . 2 4.2 Conformity assessment and standards 2 4.3 Conformity assessment bodies . 3 4.4 Conformity assessment schemes 3 5 Functional approach to conformity assessment . 4 5.1 General . 4 5.2 Selection 4 5.3 Determination . 4 5

10、.4 Review and attestation 4 5.5 Surveillance 5 6 Conformity assessment scheme . 6 6.1 Conformity assessment requirements . 6 6.2 Categorization of bodies . 6 6.3 Mutual recognition agreements . 6 6.4 Agreement groups 6 6.5 Accreditation 6 7 Requirements for performing an assessment . 7 8 Guidance on

11、 planning and performing an assessment 7 8.1 General . 7 8.2 Assessment approach . 8 8.3 Assessment scope . 8 8.4 Assessment sample . 9 8.5 Assessment performance. 9 8.6 Assessment data collection 9 8.7 Determining organizational process maturity level 10 8.8 Assessment reporting 11 9 Requirements f

12、or review and attestation .12 9.1 Review and attestation .12 9.2 Statement of conformity 12 9.3 Certificate of conformity 12 10 Requirements for surveillance .13 10.1 General 13 10.2 Surveillance assessments .13 11 Requirements for the operation of various bodies performing inspection .14 Bibliograp

13、hy .18 ISO/IEC 2016 All rights reserved iii Contents PageBS ISO/IEC 29169:2016ISO/IEC 29169:2016(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies tha

14、t are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other interna

15、tional organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its f

16、urther maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives

17、). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in

18、the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions re

19、lated to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT), see the following URL: Foreword Supplementary information. The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee SC

20、 7, Software and systems engineering.iv ISO/IEC 2016 All rights reservedBS ISO/IEC 29169:2016ISO/IEC 29169:2016(E) Introduction JTC 1s policy on conformity assessment is stated in the Consolidated JTC1 Supplement, 2015. To promote consistent implementation of standards, JTC 1 has resolved that it sh

21、all be a major contributor to international acceptance of conformity assessment procedures and specifications for IT related areas, and that it shall work to support an environment which encourages worldwide recognition of conformity assessment results. Each JTC 1 Subcommittee has the authority and

22、responsibility to specify the conformity assessment methodology applicable to any distinct area of Information Technology that is entirely within the scope of that Subcommittee. In the conformity assessment area, JTC 1s objectives include the facilitation of mutual recognition of accreditation, test

23、 reports, certification and registration in the IT field, primarily by developing appropriate standards, and recognition of Suppliers Declaration as a legitimate statement of conformity. To support JTC1s objectives of mutual recognition of accreditation, test reports, certification, registration, an

24、d recognition of a suppliers declaration of conformity, a conformity assessment methodology for the assessment of process quality characteristics and organizational process maturity is defined in this International Standard which provides for an environment for and encourages the worldwide recogniti

25、on of conformity assessment results. The overall framework for conformity assessment follows the approach defined in ISO/IEC 17020, which covers inter alia the functions of bodies whose work includes the examination of processes, and the determination of their conformity, with requirements, and the

26、subsequent reporting of results of these activities to clients and, when required, to supervisory authorities. Such work normally requires the exercise of professional judgement in providing the service, in particular when assessing conformity. ISO/IEC 17020 is used in the context of first, second a

27、nd third party assessments resulting in the issuance of a conformity assessment report and statement of conformity. Where continuing assurance is needed or desirable to maintain the validity of an assessment result, the scope of conformity assessment can be extended to include periodic surveillance

28、within a defined cycle Additionally, ISO/IEC 17065 can be used as an alternative approach but only in the context of a third- party certification body using an audit approach typically with the issuance non conformity reports. This International Standard has been developed following application of u

29、se in the field and in consultation with key stakeholders, national accreditation bodies, ISOs policy committee for conformity assessment (CASCO) and the International Certification Network (IQNet Association). ISO/IEC 2016 All rights reserved vBS ISO/IEC 29169:2016BS ISO/IEC 29169:2016Information t

30、echnology Process assessment Application of conformity assessment methodology to the assessment to process quality characteristics and organizational maturity 1 Scope This International Standard aims to define the application of a conformity assessment methodology, based on the existing published IS

31、O/IEC standards and guides, to the process assessment of process quality characteristics and organizational process maturity, performed in accordance with the requirements of the ISO/IEC 33001 to ISO/IEC 33099 family of process assessment standards, Conformity assessment, also known as compliance as

32、sessment, is any activity to determine, directly or indirectly, that a process, product, or service meets relevant standards and fulfils relevant requirements. The subject of conformity assessment activities may include testing, inspection or certification. Conformity assessment in this Internationa

33、l Standard can be performed by various types of bodies that meet the requirements of ISO/IEC 17020. The term “inspection” as used in ISO/IEC 17020 is synonymous with the term “process assessment” as defined in ISO/IEC 33001 and used throughout the ISO/IEC 33001 to ISO/IEC 33099 family of standards.

34、While a process assessment may be performed solely according to the ISO/IEC 33002 requirements for performing an assessment, performing a process assessment in the context of conformity assessment according to a conformity assessment scheme brings with it additional requirements. Conformity assessme

35、nt involves a functional approach consisting of a number of stages: selectiondetermination review and attestation, plus surveillance when there is a need to provide continuing assurance of conformity. 2 Normative references The following documents, in whole or in part, are normatively referenced in

36、this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 33001:2015, Information technology Process assessment Concepts and terminol

37、ogy ISO/IEC 33002:2015, Information technology Process assessment Requirements for performing process assessment ISO/IEC 17000, Conformity assessment Vocabulary and general principles ISO/IEC 17020:2012, Conformity assessment Requirements for the operation of various types of bodies performing inspe

38、ction 3 T erms a nd definiti ons For the purposes of this International Standard, the definitions in ISO/IEC 33001, ISO/IEC 33020, ISO/IEC 17000 and ISO/IEC 17020 apply. NOTE 1 Where the term conformity assessment is used, the definition in ISO/IEC 17000 applies. NOTE 2 Wherever the term assessment

39、is used without the word conformity (e.g. assessment, process assessment, conformant process assessment, assessment body), the relevant ISO/IEC 33001 definitions apply. INTERNATIONAL ST ANDARD ISO/IEC 29169:2016(E) ISO/IEC 2016 All rights reserved 1BS ISO/IEC 29169:2016ISO/IEC 29169:2016(E) NOTE 3 T

40、he term inspection as used in ISO/IEC 17020 is synonymous with the term process assessment as defined in ISO/IEC 33001 and used throughout the ISO/IEC 33001 to ISO/IEC 33099 family of standards. NOTE 4 Both ISO/IEC 17020 and ISO/IEC 33002 refer to the independence of the different types of bodies. I

41、n order to clearly distinguish terminology used in the standards, ISO/IEC 17020 uses the term Type to identify the three types of inspection body (Types A, B and C); whereas, ISO/IEC 33002 uses the term Category to categorize the independence of different types of body and the make-up of the assessm

42、ent team performing an assessment (Categories A, B, C and D). 4 Concepts of conformity assessment 4.1 Conformity assessment ISO/IEC 17000 defines conformity assessment as: demonstration that specified requirements relating to a product, process, system, person, or body are fulfilled. The term object

43、 of conformity assessment, or sometimes just object, is used in ISO/IEC 17000 to refer to “product, process, system, person or body”. 4.2 Conformity assessment and standards In the context of conformity assessment there are two major aspects of standardization. The first aspect is the availability o

44、f national, regional and international standards that can be used by suppliers, purchasers, conformity assessment bodies and regulators for setting the requirements for an object and assessing its conformity with them. The essential features of a standard to be used for conformity assessment are tha

45、t the standard must be so written that it can be applied by any of the following: a manufacturer or supplier (first party); a user or purchaser (second party); an independent body (third party). The relevant standard with reference to this International Standard is the ISO/IEC 33001 to ISO/IEC 33099

46、 family of standards on process assessment, where ISO/IEC 33002 defines the requirements for performing process assessment. The scope of the standard should also be clearly stated in terms both of the type of objects to which it relates and to the characteristics of those objects which it specifies.

47、 The type of objects with reference to this International Standard is the process (es) within the scope of an ISO/IEC 33002 process assessment. The relevant characteristic of the objects is the selected process quality characteristic. The second aspect of particular relevance to conformity assessmen

48、t bodies is the availability of standards which set out requirements for best practice of conformity assessment and the bodies which carry it out. These standards are intended to ensure that there are consistent and internationally harmonized practices amongst conformity assessment bodies and the bo

49、dies with which they work (such as accreditation bodies). The responsibility for preparation and maintenance of these conformity assessment standards lies with ISO/CASCO. The relevant standard with reference to this International Standard is ISO/IEC 17020.2 ISO/IEC 2016 All rights reservedBS ISO/IEC 29169:2016ISO/IEC 29169:2016(E) 4.3 Conformity assessment bodies ISO/CASCO standards and guides define the characteristics for a number of different types of conformity