1、BRITISH STANDARD BS ISO/IEC 15504-4:2004 Information technology Process assessment Part 4: Guidance on use for process improvement and process capability determination ICS 35.080 BS ISO/IEC 15504-4:2004 This British Standard was published under the authority of the Standards Policy and Strategy Comm
2、ittee on 14 July 2004 BSI 14 July 2004 ISBN 0 580 44043 5 National foreword This British Standard reproduces verbatim ISO/IEC 15504-4:2004 and implements it as the UK national standard. It supersedes BS ISO/IEC TR 15504-4:1998 which is withdrawn. The UK participation in its preparation was entrusted
3、 to Technical Committee IST/15, Software Engineering, which has the responsibility to: A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement international or European publications referred to in this
4、document may be found in the BSI Catalogue under the section entitled “International Standards Correspondence Index”, or by using the “Search” facility of the BSI Electronic Catalogue or of British Standards Online. This publication does not purport to include all the necessary provisions of a contr
5、act. Users are responsible for its correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. aid enquirers to understand the text; present to the responsible international/European committee any enquiries on the interpretation, or proposals fo
6、r change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. Summary of pages This document comprises a front cover, an inside front cover, the ISO/IEC title page, pages ii to vi, pages 1 to 33 and a back cover. The BSI copyrigh
7、t notice displayed in this document indicates when the document was last issued. Amendments issued since publication Amd. No. Date Comments Reference number ISO/IEC 15504-4:2004(E) OSI4002 CEI/INTERNATIONAL STANDARD ISO/IEC 15504-4 First edition 2004-07-01 Information technology Process assessment P
8、art 4: Guidance on use for process improvement and process capability determination Technologies de linformation Procds dvaluation Partie 4: Conseils sur lutilisation pour lamlioration de processus et la dtermination de capacit de processus BSISO/IEC155044:2004IS/OIE40551 C-4:4002(E) DPlcsid Fremia
9、ihTs PDF file may ctnoian emdebt dedyfepcaes. In ccaocnadrw eith Aebods licensilop gnic,y this file mairp eb ynted iv roweb detu slahl ton ide ebtlnu deess the typefaces whice era hml era deddebicsnede to i dnanstlaled t noeh computfrep reormign tide ehtin.g In wodlnidaot gnhis file, trapise atpecc
10、tiereht nser ehnopsiiblity fo not infriigngn Aebods licensilop gnic.y ehT ISO tneClar Secrteiraat caceptl on siibality in this .aera Ai ebods a tredamafo kr Aebod SystemI sncotaropr.de teDails fo teh softwacudorp erts sut deo crtaee this PDF file cna f ebi dnuon tlareneG eh Info leratit evo the file
11、; tP ehDc-Frtaeion marapterew setpo erimizde for irpnti.gn Evyre caer neeb sah taken to sneeru that the file is suitlbae fosu re yb ISO memdob rebeis. In tlnu ehikletneve y ttah lborp aem leratit gno it is f,dnuo plsaee inform ttneC ehlar Secrteiraat ta the serddaig sleb nevwo. ISO/IE4002 C All irth
12、gs erse.devr lnUeto sswrehise specified, on trap fo this lbupictaion maeb y cudorperro de tuilizi den yna form ro na ybm ynae,s lecetrinoc ro mecinahcal, inclidung tohpcoiypodna gn micrfoilm, wittuoh repmissii non writign from ietI rehSa Ot tsserdda eh ebolw or ISOs memreb i ydobn the cnuotrfo y tts
13、euqer ehe.r ISO cirypothg fofice saCe tsopale 65 eneG 1121-HC 02 av leT. 4 + 10 947 22 1 11 xaF0 947 22 14 + 9 74 E-mail coirypthgiso.o gr We bwww.is.o gro Pulbisdehi n Switlrez dnaii ISO/IE 4002 C Allr ihgtsser edevrBSISO/IEC155044:2004ISO/IEC 15504-4:2004(E) I SO/IE 4002 C All irhgts seredevr iiiC
14、ontents Page Foreword. v Introduction . vi 1 Scope 1 2 Normative references. 1 3 Terms and definitions. 1 4 Introduction. 1 4.1 Process improvement and process capability determination 1 4.2 PI and PCD sponsors and teams. 2 4.3 Process, guidance and method. 2 4.4 Process improvement purpose and outc
15、omes. 2 4.5 Process capability determination purpose and outcomes 3 4.6 Process assessment output 3 5 Utilizing process assessment 4 5.1 General. 4 5.2 Selecting Process Reference Model(s). 4 5.3 Setting target capability. 4 5.4 Defining the assessment input 6 5.5 Evaluating process-related risk. 7
16、5.5.1 Inferring process-related risk from assessment output . 7 5.5.2 Analysing weaknesses. 9 6 Process improvement. 10 6.1 Overview 10 6.2 Steps of process improvement . 10 6.2.1 Step 1 Examine organizations business goals10 6.2.2 Step 2 Initiate process improvement cycle . 11 6.2.3 Step 3 Assess c
17、urrent capability 12 6.2.4 Step 4 Develop action plan . 12 6.2.5 Step 5 Implement improvements 15 6.2.6 Step 6 Confirm improvements 16 6.2.7 Step 7 Sustain improvements. 17 6.2.8 Step 8 Monitor performance . 17 7 Process capability determination 18 7.1 Overview 18 7.2 Steps of process capability det
18、ermination. 19 7.2.1 Step 1 Initiate process capability determination 19 7.2.2 Step 2 Set target capability . 20 7.2.3 Step 3 Assess current capability 20 7.2.4 Step 4 Determine proposed capability. 20 7.2.5 Step 5 Verify proposed capability 21 7.2.6 Step 6 Analyse process-related risk 21 7.2.7 Step
19、 7 Act on results . 21 7.3 Comparability of assessment output analysis 21 Annex A (informative) Analysing process-related risk. 23 A.1 Introduction. 23 A.2 Probability 23 A.3 Consequence. 24 A.4 Process-related risk 24 A.5 Determining which processes represent greatest risk. 25 4002:440551CEI/OSISB4
20、0551CEI/OSISB4:2004BSISO/IEC155044:2004IS/OIE40551 C-4:4002(E) iv I SO/IE 4002 C All irhgts seredevrA.6 Analysis approach.25 A.7 Example risk analysis.25 A.7.1 F.1.3.3 System and Architectural Design.26 A.7.2 F.2.2 Configuration Management27 A.7.3 F.3.1.4 Risk Management.27 Annex B (informative) Sub
21、contractors and consortia 28 B.1 Overview.28 B.1.1 Combining uniquely deployed processes 28 B.1.2 Combining processes deployed by more than one organizational unit29 B.2 Enterprise reference architectures29 Annex C (informative) Process improvement and organizational culture30 C.1 Introduction30 C.2
22、 Management responsibility and leadership .30 C.3 Values, attitudes and behaviour 30 C.4 Process improvement objectives and motivation .31 C.5 Communication and teamwork31 C.6 Recognition31 C.7 Education and training .31 Bibliography33 BSISO/IEC155044:2004IS/OIE40551 C-4:4002(E) I SO/IE 4002 C All i
23、rhgts seredevr vForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standard
24、s through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC
25、, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is t
26、o prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibi
27、lity that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 15504-4 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 7, Software a
28、nd system engineering. This first edition cancels and replaces ISO/IEC TR 15504-7:1998 and ISO/IEC TR 15504-8:1998, which have been technically revised. ISO/IEC 15504 consists of the following parts, under the general title Information technology Process assessment: Part 1: Concepts and vocabulary P
29、art 2: Performing an assessment Part 3: Guidance on performing an assessment Part 4: Guidance on use for process improvement and process capability determination The following part is in preparation: Part 5: An exemplar Process Assessment Model The complete series will replace ISO/IEC TR 15504-1 to
30、ISO/IEC TR 15504-9. BSISO/IEC155044:2004IS/OIE40551 C-4:4002(E) vi I SO/IE 4002 C All irhgts seredevrIntroduction ISO/IEC 15504 provides a framework for process assessment and sets out the minimum requirements for performing an assessment in order to ensure consistency and repeatability of assessmen
31、t ratings. Process assessment is applicable in the following circumstances: by or on behalf of an organization with the objective of understanding the state of its own processes for process improvement; by or on behalf of an organization with the objective of determining the capability of another or
32、ganizations processes for a particular contract or class of contracts, or to determine the capability of its own processes for a particular requirement or class of requirements. This informative part of ISO/IEC 15504 provides guidance on how to utilize a conformant process assessment within a proces
33、s improvement programme or within either type of process capability determination. ISO/IEC 15504-1 provides a general introduction to the concepts of process assessment and a glossary for assessment related terms. ISO/IEC 15504-2 sets requirements for performing an assessment that ensure consistency
34、 and repeatability of the ratings. The requirements help to ensure that the assessment output is self-consistent and provides evidence to substantiate the ratings and to verify compliance with the requirements. ISO/IEC 15504-3 provides guidance for interpreting the requirements for performing an ass
35、essment. ISO/IEC 15504-5 contains an exemplar Process Assessment Model that is mapped to ISO/IEC 12207:1995/Amd.1:2002 as a Process Reference Model. BSISO/IEC155044:2004INTENRATIONAL TSANDADR IS/OIE40551 C-4:4002(E)I SO/IE 4002 C All irhgts seredevr 1Information technology Process assessment Part 4:
36、 Guidance on use for process improvement and process capability determination 1 Scope This part of ISO/IEC 15504 provides guidance on how to utilize a conformant process assessment within a process improvement programme or a process capability determination. This part of ISO/IEC 15504 is for informa
37、tion only. The guidance provided does not presume specific organizational structures, management philosophies, life cycle models or development methods, although some of the examples and tables within the text are based upon processes from ISO/IEC 12207. In the case of process improvement, the conce
38、pts and principles are appropriate for the full range of different business goals, application domains and sizes of organization, so that all types of organizations may use them. In the case of process capability determination, this guidance is applicable within any customersupplier relationship, an
39、d to any organization wishing to determine the process capability of its own processes. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition o
40、f the referenced document (including any amendments) applies. ISO/IEC 12207, Information technology Software life cycle processes ISO/IEC 15504-1, Information technology Process assessment Part 1: Concepts and vocabulary 1)ISO/IEC 15504-2, Information technology Process assessment Part 2: Performing
41、 an assessment 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO/IEC 15504-1 apply. 4 Introduction 4.1 Process improvement and process capability determination Within ISO/IEC 15504, process assessment can be utilized: by or on behalf of an organization
42、 with the objective of understanding its own processes for process improvement; 1) To be published. BSISO/IEC155044:20041IS/OIE40551 C-4:4002(E) 2 I SO/IE 4002 C All irhgts seredevr by or on behalf of an organization with the objective of determining the capability of another organizations processes
43、 for a particular contract or class of contracts, or determining the capability of its own processes for a particular requirement or class of requirements. Within a process improvement (PI) context, process assessment provides a means of characterizing an organizational unit in terms of the capabili
44、ty of selected processes. Analysis of the output of a conformant process assessment against an organizational units business goals identifies strengths, weaknesses and risks related to the processes. This, in turn, can help determine whether the processes are effective in achieving business goals, a
45、nd provide the drivers for making improvements. Process capability determination (PCD) is concerned with analysing the output of one or more conformant process assessments to identify the strengths, weaknesses and risks involved in undertaking a specific project using the selected processes within a
46、 given organizational unit. A process capability determination can provide a fundamental input to supplier selection, in which case it is often termed a supplier capability determination. 4.2 PI and PCD sponsors and teams Process improvement programmes and process capability determinations will usua
47、lly be required and resourced by a sponsor as described in ISO/IEC 15504-1. The sponsor has the authority to ensure that the programme is carried out effectively, and takes ownership of the results. The sponsor may have one or more staff working within a team a PI Team or PCD Team whose task is to p
48、lan and implement the actions required to achieve the objectives identified by the sponsor. Sponsorship may be implemented in a variety of ways, according to the culture of the organization. In non- hierarchical or higher maturity organizations for example, both sponsorship and project management of
49、 process improvement activities may be delegated to working level, although authorities, roles and responsibilities should always be clearly defined. 4.3 Process, guidance and method In order to achieve improvements to selected processes, PI Sponsors should deploy a PI process as outlined in 4.4. In order to determine the capability of selected processes, PCD Teams sh
