1、BSI Standards Publication Information technology Process assessment Requirements for process reference, process assessment and maturity models BS ISO/IEC 33004:2015BS ISO/IEC 33004:2015 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 33004:2015. Together
2、with BS ISO/IEC 33002:2015, BS ISO/IEC 33003:2015, and BS ISO/IEC 33020:2015 it supersedes BS ISO/IEC 15504-2:2003, which is withdrawn. Together with BS ISO/IEC 33001:2015, BS ISO/IEC 33003:2015, BS ISO/IEC 33010, and BS ISO/IEC 33014 it also supersedes PD ISO/IEC TR 15504-7:2008, which will be with
3、drawn upon publication of BS ISO/IEC 33010 and BS ISO/IEC 33014. The UK participation in its preparation was entrusted to Technical Committee IST/15, Software and systems engineering. A list of organizations represented on this committee can be obtained on request to its secretary. This publication
4、does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2015 Published by BSI Standards Limited 2015 ISBN 978 0 580 74309 2 ICS 35.080 Compliance with a British Standard cannot confer immunity from l
5、egal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 June 2015. Amendments/corrigenda issued since publication Date Text affectedInformation technology Process assessment Requirements for process reference, process assessment
6、and maturity models Technologies de linformation valuation du processus Exigences relatives au modle de rfrence du processus, au modle dvaluation du processus et au modle de maturit INTERNATIONAL STANDARD ISO/IEC 33004 Reference number ISO/IEC 33004:2015(E) Second edition 2015-03-01 ISO/IEC 2015 BS
7、ISO/IEC 33004:2015 ii ISO/IEC 2015 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2015 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or post
8、ing on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyr
9、ightiso.org Web www.iso.org Published in Switzerland ISO/IEC 33004:2015(E) BS ISO/IEC 33004:2015 ISO/IEC 33004:2015(E)Foreword iv Introduction v 1 Scope . 1 2 Normative references 1 3 T erm(s) and definition(s) . 1 4 Requirements for process models . 1 5 Process reference models . 2 5.1 Introduction
10、 2 5.2 Process reference model purpose and scope . 2 5.3 Requirements for process reference models 2 5.4 Process descriptions 2 5.5 Verifying conformity of process reference models 3 6 Process assessment models 3 6.1 Introduction 3 6.2 Process assessment model scope . 4 6.3 Requirements for process
11、assessment models . 4 6.3.1 Assessment Indicators 5 6.3.2 Mapping process assessment models 5 6.3.3 Expression of assessment results 6 6.4 Verifying conformity of process assessment models . 6 7 Maturity models 6 7.1 Introduction 6 7.2 Maturity model scope . 6 7.3 Requirements for a maturity model .
12、 7 7.3.4 Scale of organizational process maturity . 7 7.3.5 Process descriptions . 7 7.3.6 Rules for deriving maturity level from process quality level . 8 7.4 Verifying conformity of maturity models . 8 Bibliography 9 ISO/IEC 2015 All rights reserved iii Contents Page BS ISO/IEC 33004:2015 ISO/IEC
13、33004:2015(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards
14、through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC,
15、also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the
16、different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document ma
17、y be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.o
18、rg/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO
19、 principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 7, Software and systems engineering. This second edition cancels and replaces clauses of ISO/IEC 1
20、5504-2:2003 and ISO/IEC 15504-7:2008, which have been technically revised.iv ISO/IEC 2015 All rights reserved BS ISO/IEC 33004:2015 ISO/IEC 33004:2015(E) Introduction This International Standard provides requirements for the construction and verification of process reference models, process assessme
21、nt models, and maturity models. This International Standard is part of a set of International Standards designed to provide a consistent and coherent framework for the assessment of process quality characteristics, based on objective evidence resulting from implementation of the processes. The frame
22、work for assessment covers processes employed in the development, maintenance, and use of systems across the information technology domain and those employed in the design, transition, delivery and improvement of services. The set of International Standards, as a whole, addresses process quality cha
23、racteristics of any type. Results of assessment can be applied for improving process performance, or for identifying and addressing risks associated with application of processes. The set of International Standards ISO/IEC 33001:2015 to ISO/IEC 33099, termed the ISO/IEC 330xx family, defines the req
24、uirements and resources needed for process assessment. The overall architecture and content of the series is described in this International Standard. General issues relating to the application of conformity assessment to the assessment of process quality characteristics and organizational process m
25、aturity are addressed in ISO/IEC 29169. Several International Standards in the ISO/IEC 330x x f amily of st andards for process assessment are intended to replace and extend parts of the ISO/IEC 15504 series of Standards. Annex A in ISO/IEC 33001 provides a detailed record of the relationship betwee
26、n the ISO/IEC 330xx family and the ISO/IEC 15504 series. ISO/IEC 2015 All rights reserved v BS ISO/IEC 33004:2015 Information technology Process assessment Requirements for process reference, process assessment and maturity models 1 Scope This International Standard sets out the requirements for pro
27、cess reference models, process assessment models, and maturity models. The requirements defined in this International Standard form a structure which specifies a) the relationship between the classes of process model associated with the performance of process assessment, b) the relationship between
28、process reference models and prescriptive/normative models of process performance, as constituted by, for example, the activities and tasks defined in ISO/IEC 12207 1and ISO/IEC 152882 , c) the integration of process reference models and process measurement frameworks to establish process assessment
29、 models, d) the use of common sets of assessment indicators of process performance and process quality in process assessment models, and e) the relationship between maturity models and process assessment models and the extent to which a maturity model can be constructed using elements from different
30、 process assessment models. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced d
31、ocument (including any amendments) applies. ISO/IEC 33001:2015, Information technology Process assessment Concepts and terminology ISO/IEC 33003, Information technology Process assessment Requirements for process measurement frameworks 3 T erm(s) and defini tion(s) For the purposes of this document,
32、 the terms and definitions given in ISO/IEC 33001 apply. 4 Requirements for process models This International Standard sets out the requirements that shall be met by process models used to support process assessment. A process assessment model shall be based upon a suitable reference source of proce
33、ss definitions based on one or more process reference model(s) as described in Clause 5. The requirements to be met by a process assessment model in order to claim conformance through its relationship with specific process reference model(s) are defined in Clause 6. A maturity model shall be based o
34、n a suitable process assessment model(s); requirements for a maturity model are set out in Clause 7. The requirements for conformance of process assessment models enable comparison of outputs from assessments using different process assessment models based upon the same process reference model(s). I
35、NTERNATIONAL ST ANDARD ISO/IEC 33004:2015(E) ISO/IEC 2015 All rights reserved 1 BS ISO/IEC 33004:2015 ISO/IEC 33004:2015(E) 5 Process reference models 5.1 Introduction Clause 5 sets out the requirements for a process reference model. 5.2 Process reference model purpose and scope The purpose of a pro
36、cess reference model is to define a set of processes that collectively can support the primary aims of a community of interest. A process reference model provides the basis for one or more process assessment models. In order to assure that assessment results are translatable into a set of process pr
37、ofiles in a repeatable and reliable manner, process reference models shall adhere to certain requirements. 5.3 Requirements for process reference models 5.3.1 A process reference model shall contain: a) a declaration of the domain of the process reference model; b) a description of the relationship
38、between the process reference model and its intended context of use; c) descriptions, meeting the requirements of 5.4, of the processes within the scope of the process reference model; d) a description of the relationship between the processes defined within the process reference model. 5.3.2 The pr
39、ocess reference model shall document the community of interest of the model and the actions taken to achieve consensus within that community of interest: a) the relevant community of interest shall be characterized or specified; b) the extent of achievement of consensus shall be documented; c) if no
40、 actions are taken to achieve consensus, a statement to this effect shall be documented. 5.3.3 The processes defined within a process reference model shall have unique process descriptions and identification. NOTE Any elements contained in a process reference model that are not included in this Clau
41、se are to be considered informative. 5.4 Process descriptions The fundamental elements of a process reference model are the descriptions of the processes within the scope of the model. The process descriptions in the process reference model incorporate a statement of the purpose of the process which
42、 describes at a high level the overall objectives of performing the process, together with the set of outcomes which demonstrate successful achievement of the process purpose. A process description shall meet the following requirements: a) a process shall be described in terms of its purpose and pro
43、cess outcomes; b) the set of process outcomes shall be necessary and sufficient to achieve the purpose of the process; c) process descriptions shall not contain or imply aspects of the process quality characteristic beyond the basic level of any relevant process measurement framework conformant with
44、 ISO/IEC 33003.2 ISO/IEC 2015 All rights reserved BS ISO/IEC 33004:2015 ISO/IEC 33004:2015(E) A process outcome describes one of the following: production of an artifact; a significant change of state; meeting of specified constraints, e.g. requirements, goals etc. NOTE 1 Achievement of the process
45、outcomes, without any management or control factors related to the selected process quality characteristic, demonstrates basic satisfaction of the process purpose; this level of achievement is typically recognized as satisfying an important process attribute in any process measurement framework. Whe
46、re the process measurement framework is structured as an ordinal scale, this process attribute constitutes process quality level 1. NOTE 2 For detailed guidance on the content and definition of process descriptions, refer to ISO/IEC 24774 3 . An increasing number of international, national and indus
47、try standards describe process models. These models are developed for a range of purposes including process implementation and assessment. The terms and descriptions used in such models vary in format, content and level of prescription. ISO/IEC/TR 24774 presents guidelines for the elements used most
48、 frequently in describing a process: the title, purpose statement, outcomes, activities and tasks. The primary purpose of ISO/IEC/TR 24774 is to encourage encourage uniformity in the description of processes, and following these guidelines allows the combination of processes from different process r
49、eference models. NOTE 3 As defined in ISO/IEC/TR 24774, an outcome is an observable result of the successful achievement of the process purpose, and thus it is assessable. 5.5 Verifying conformity of process reference models Since a process reference model may be developed by a community of interest, or a relevant International or National Standard, or Publicly Available Specification, verification of the extent to which a process reference model meets the requirements of this International Standard may be thr