1、Information technology Process assessment Requirements for performing process assessmentTechnologies de linformation valuation du processus Exigences relatives la ralisation dune valuation du processusINTERNATIONAL STANDARDISO/IEC33002Reference numberISO/IEC 33002:2015(E)Second edition2015-03-01 ISO
2、/IEC 2015 ii ISO/IEC 2015 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO/IEC 2015All rights reserved.Unless otherwise specified,no part of this publication may be reproduced or utilized otherwise in any form or by any means,electronic or mechanical,including photocopying,or posting on the inter
3、net or an intranet,without prior written permission.Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCase postale 56 CH-1211 Geneva 20Tel.+41 22 749 01 11Fax+41 22 749 09 47E-mail copyrightiso.orgWeb www.iso.orgP
4、ublished in SwitzerlandISO/IEC 33002:2015(E)ISO/IEC 33002:2015(E)Foreword.ivIntroduction.v1 Scope.12 Normative references.13Termsanddefinitions.14 Performing an assessment.14.1 General requirements.24.2 Assessment activities.34.2.1 Plan the assessment.34.2.2 Collect the data.34.2.3 Validate the data
5、.44.2.4 Determine the results.44.2.5 Report the assessment.44.3 Roles,responsibilities and competence.54.4 Assessment inputs.64.5 Assessment record.74.6 Class of assessment.74.6.1 General.74.6.2 Specific requirements Class 1 assessment.84.6.3 Specific requirements Class 2 assessment.94.6.4 Specific
6、requirements Class 3 assessment.104.7 Assessment of process capability.105 Verifying conformity to process assessments.10Annex A(normative)Categories of independence.12Annex B(informative)Example content of an assessment report .13Bibliography.16 ISO/IEC 2015 All rights reserved iiiContents Page ISO
7、/IEC 33002:2015(E)ForewordISO(the International Organization for Standardization)and IEC(the International Electrotechnical Commission)form the specialized system for worldwide standardization.National bodies that are members of ISO or IEC participate in the development of International Standards th
8、rough technical committees established by the respective organization to deal with particular fields of technical activity.ISO and IEC technical committees collaborate in fields of mutual interest.Other international organizations,governmental and non-governmental,in liaison with ISO and IEC,also ta
9、ke part in the work.In the field of information technology,ISO and IEC have established a joint technical committee,ISO/IEC JTC 1.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives,Part 1.In particular the different app
10、roval criteria needed for the different types of document should be noted.This document was drafted in accordance with the editorial rules of the ISO/IEC Directives,Part 2(see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this document may be the subject
11、of patent rights.ISO and IEC shall not be held responsible for identifying any or all such patent rights.Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received(see www.iso.org/patents).Any trad
12、e name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,as well as information about ISOs adherence to the WTO principles in the Tech
13、nical Barriers to Trade(TBT)see the following URL:Foreword-Supplementary informationThe committee responsible for this document is ISO/IEC JTC 1,Information technology,SC 7,Software and systems engineering.This second edition cancels and replaces clauses of ISO/IEC 15504-2:2003 and ISO/IEC/TR 15504-
14、7:2008,which have been technically revised.iv ISO/IEC 2015 All rights reserved ISO/IEC 33002:2015(E)IntroductionThis International Standard defines the minimum set of requirements for performing an assessment that will ensure assessment results are objective,consistent,repeatable,and representative
15、of the assessed processes.The requirements help to ensure that the assessment output is self-consistent and to provide evidence to substantiate the ratings and to verify compliance with the requirements.Process assessment is applicable in the following circumstances:by or on behalf of an organizatio
16、n with the objective of understanding the state of its own processes for process improvement;by or on behalf of an organization with the objective of determining the suitability of its own processes for a particular requirement or category of requirements;by or on behalf of one organization with the
17、 objective of determining the suitability of another organizations processes for a particular purpose,contract,or category of contracts.This International Standard is applicable across all application domains and sizes of organizations.Appropriate methods,techniques,and tools can be used to enable t
18、he assessment process to be effective and efficient.This International Standard is part of a set of International Standards designed to provide a consistent and coherent framework for the assessment of process quality characteristics,based on objective evidence resulting from implementation of the p
19、rocesses.The framework for assessment covers processes employed in the development,maintenance,and use of systems across the information technology domain and those employed in the design,transition,delivery,and improvement of services.The set of International Standards,as a whole,addresses process
20、quality characteristics of any type.Results of assessment can be applied for improving process performance,or for identifying and addressing risks associated with application of processes.The ISO/IEC 330 xx family of Standards defines the requirements and resources needed for process assessment.The
21、overall architecture and content of the series is described in ISO/IEC 33001:2015.Several International Standards in the ISO/IEC 330 xx family of standards for process assessment are intended to replace and extend parts of the ISO/IEC 15504 series of Standards.ISO/IEC 33001,Annex A provides a detail
22、ed record of the relationship between the ISO/IEC 330 xx family and the ISO/IEC 15504 series.ISO/IEC 2015 All rights reserved v Information technology Process assessment Requirements for performing process assessment1 ScopeThis International Standard defines the minimum set of requirements for perfo
23、rming an assessment that will ensure assessment results are objective,consistent,repeatable,and representative of the assessed processes.The requirements defined in this International Standard can be used by or on behalf of an organization toa)facilitate self-assessment,b)provide a basis for improvi
24、ng process performance and mitigating process-related risk,c)produce a rating of the achievement of the relevant process quality characteristic,andd)provide an objective benchmark between organizations.This International Standard is applicable across all application domains and sizes of organization
25、.NOTE An organization can implement a set of integrated processes in a system.2 Normative referencesThe following documents,in whole or in part,are normatively referenced in this document and are indispensable for its application.For dated references,only the edition cited applies.For undated refere
26、nces,the latest edition of the referenced document(including any amendments)applies.ISO/IEC 33001:2015,Information technology Process assessment Concepts and terminologyISO/IEC 33003:2015,Information technology Process assessment Requirements for process measurement frameworksISO/IEC 33004:2015,Info
27、rmation technology Process assessment Requirements for process reference,process assessment and maturity models3 TermsanddefinitionsFor the purposes of this document,the terms and definitions given in ISO/IEC 33001:2015;apply.4 Performing an assessmentThe purpose of process assessment is to understa
28、nd and assess the processes implemented by an organizational unit.Figure 1 shows the key elements of the process assessment process.INTERNATIONAL STANDARD ISO/IEC 33002:2015(E)ISO/IEC 2015 All rights reserved 1 ISO/IEC 33002:2015(E)Figure 1 Key elements of the process assessment processClause 4 sets
29、 out the requirements for performing an assessment conformant with this International Standard.The requirements help to ensure that the assessment output is self-consistent and provides evidence to substantiate the ratings.4.1 General requirementsThe assessment shall be conducted according to a docu
30、mented assessment process.The documented assessment process shall be capable of meeting the assessment purpose and shall be structured in a manner that ensures that the purpose for performing the assessment is satisfied,in terms of the rigour and independence of the assessment and its suitability fo
31、r the intended use.The documented assessment process shall prescribe a set of activities and tasks to be performed that meet all of the requirements defined in this International Standard.Specifically,the documented assessment process shall:identify as a minimum,the assessment activities as defined
32、in 4.2;identify as a minimum the roles,responsibilities and competencies as defined in 4.3;identify the classes of assessment for which the documented assessment process can be applied,and the nature and extent of tailoring associated with each class addressed by the documented process;define the cr
33、iteria for ensuring coverage for both the defined organizational scope and the defined process scope for the assessment,in terms of the strategy for collecting and analysing data;identify the rating method(s)to be used in rating process attributes;identify or define the aggregation method(s)to be us
34、ed in determining ratings.Classes of assessment are described in 4.6.They reflect different levels of confidence in the results of the assessment.Different categories of independence for different types of bodies and personnel are described in Annex A,with criteria for their use.The documented asses
35、sment process shall contain at minimum the following activities:2 ISO/IEC 2015 All rights reserved ISO/IEC 33002:2015(E)4.2 Assessment activitiesThe assessment process shall start with the assessment sponsors commitment to proceed.4.2.1 Plan the assessmentA plan for the assessment shall be developed
36、 and documented,including at a minimum:a)required inputs specified in this standard(refer to 4.4);b)class of assessment(refer to 4.6);c)category of independence of the body performing the assessment,the lead assessor and the other members of the assessment team(refer to Annex A)d)communications to t
37、he personnel involved in the assessment;e)identification of the documented assessment process including:1)the strategy and techniques for the selection,identification,collection and analysis of objective evidence and data,to satisfy any requirements for coverage of the organizational scope or the pr
38、ocess scope of the assessment as defined for the class of the assessment(refer 4.6);2)the approach to derive an agreed process attribute rating,where relevant.f)activities to be performed in performing the assessment;g)resources and schedule assigned to these activities;h)identification and definiti
39、on of roles and responsibilities of the participants in the assessment;i)criteria to verify that the requirements of this International Standard have been met;j)description of the planned assessment outputs.Roles and responsibilities for process assessment shall be assigned and communicated to perso
40、nnel impacted by the assessment.The plan for the assessment shall be approved by the assessment sponsor,and the approval shall be documented.4.2.2 Collect the dataThe data collected shall be sufficient to provide coverage of the organization scope and the process scope for the assessment,as specifie
41、d for the selected class of the assessment.Data shall be collected on the basis of direct or indirect evidence that shall be sufficient for the class of assessment(refer to 4.6).Evidence required for evaluating the processes within the assessment scope and additional information shall be collected i
42、n a systematic manner applying at minimum the following:a)a correspondence between the organizational units processes and the elements in the process assessment model,specified in the assessment scope,shall be established;b)each process identified in the assessment scope shall be assessed on the bas
43、is of objective evidence;c)objective evidence shall be identified and gathered to provide the basis for verification of the ratings;d)objective evidence gathered for each process attribute for each process assessed shall be sufficient to meet the assessment purpose,assessment scope and class of asse
44、ssment;e)objective evidence collected for each process shall be representative of the implementation of the process across the organizational scope of the assessment,as required for the selected class of the assessment(refer to 4.6);ISO/IEC 2015 All rights reserved 3 ISO/IEC 33002:2015(E)f)objective
45、 evidence shall be collected for each element in the selected process assessment model,as required for the selected class of assessment(refer to 4.6);g)information which is relevant to the assessment to support understanding of the output of the assessment shall be compiled.4.2.3 Validate the dataTh
46、e data validation approach for the assessment shall ensure that the requirements of this standard are met in respect of every process instance identified in the assessment scope,and that the coverage requirements are satisfied.The activities shall:a)confirm that the evidence collected is objective;b
47、)ensure that the objective evidence is sufficient and representative to cover the assessment purpose and class of assessment;c)confirm that the data collected provides coverage of the organization scope and the process scope of the assessment,as required for the selected class of the assessment(refe
48、r 4.6);d)ensure that the data as a whole is consistent.4.2.4 Determine the resultsThe defined set of assessment indicators in the process assessment model shall be used to support the assessors judgement when analysing the validated data.The process attribute ratings shall be expressed in terms that
49、 are consistent with the process measurement framework.The assessment team shall perform the following activities:a)rate the process attributes according to the selected rating method;b)aggregate the rating(s)using the selected aggregation method(s),where applicable;c)maintain traceability between a
50、 process attribute rating and the objective evidence used in determining that rating;d)record the relationship between the assessment indicators for each process attribute rated and the objective evidence;e)record the process profile and(if required)the process quality levels for the defined assessm
浙公网安备33021202000488号 | 
浙ICP备2021020529号-1 浙B2-2024(办理中) 
