1、Information technology Process assessment An exemplar documented assessment process Technologies de linformation valuation des procds Un exemple document dvaluation des procds ISO/IEC TS 33030 First edition 2017-04 Reference number ISO/IEC TS 33030:2017(E) TECHNICAL SPECIFICATION ISO/IEC 2017 ii ISO
2、/IEC 2017 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2017, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or pos
3、ting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax
4、+41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC TS 33030:2017(E) ISO/IEC TS 33030:2017(E)Foreword iv Introduction v 1 Scope . 1 2 Normative references 1 3 T erms and definitions . 1 4 Documented assessment process . 1 4.1 General . 1 4.2 Initiate the assessment 4 4.2.1 Overview . 4 4.2.2 Tasks
5、 . 5 4.3 Plan the assessment 12 4.3.1 Overview 12 4.3.2 Tasks 13 4.4 Brief the assessment participants .16 4.4.1 Overview 16 4.4.2 Tasks 17 4.5 Collect the data 18 4.5.1 Overview 18 4.5.2 Tasks 18 4.6 Validate the data .19 4.6.1 Overview 19 4.6.2 Tasks 20 4.7 Determine the results 21 4.7.1 Overview
6、21 4.7.2 Tasks 21 4.8 Report the Assessment .23 4.8.1 Overview 23 4.8.2 Tasks 23 Annex A (informative) Work product descriptions 25 Annex B (informative) Conformity of the documented assessment process .31 Bibliography .33 ISO/IEC 2017 All rights reserved iii Contents Page ISO/IEC TS 33030:2017(E) F
7、oreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technic
8、al committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part
9、in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different appro
10、val criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives). Attention is drawn to the possibility that some of the elements of this document may be th
11、e subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).
12、 Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about IS
13、Os adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: w w w . i s o .org/ iso/ foreword .html. This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 7, Software and system
14、s engineering. The ISO/IEC 15504 series is being revised as the ISO/IEC 330XX family. This document replaces the contents of ISO/IEC 15504-3:2004, Annex A.iv ISO/IEC 2017 All rights reserved ISO/IEC TS 33030:2017(E) Introduction This document provides an exemplar documented assessment process which
15、includes the minimum elements needed as a basis for performing a process assessment. It is applicable for performing process assessments across all types of organizations using a variety of methods, techniques and tools. The formal entry to the assessment process occurs with the assessment sponsors
16、commitment to proceed. The assessment input may then be compiled including the definition of responsibilities for performing the assessment. After the assessment inputs are compiled, the assessment activities may proceed which end with the production of the assessment report, its delivery to the Spo
17、nsor, and the verification of the conformity of the assessment. ISO/IEC 2017 All rights reserved v Information technology Process assessment An exemplar documented assessment process 1 Scope This document contains an exemplar documented assessment process, and serves as guidance on the nature of act
18、ivities required by this document. The content of this exemplar contains the minimum elements of a documented assessment process applicable for performing all classes of assessments as defined in ISO/IEC 33002. See also Annex B. This document is suitable for all classes of assessments defined in ISO
19、/IEC 33002. This exemplar includes the activities by describing the tasks, inputs, outputs and the assessment-related roles and responsibilities. This description implicitly contains other elements that could comprise the process, like purpose, initial/end conditions, additional supporting roles/res
20、ponsibilities or necessary resources. While this exemplar contains all of the activities that are considered to be required for a process assessment, it is the case that variation exists in individual process assessments, and therefore, some degree of tailoring of this assessment process could be re
21、quired. Tailoring of the assessment process is permitted, though it is the responsibility of the Lead Assessor and it would need to be conformant to the requirements of ISO/IEC 33002. This document is not intended for use in performing organizational maturity assessments. 2 Normative references The
22、following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. I
23、SO/IEC 33001:2015, Information technology Process assessment Concepts and terminology 3 T erms a nd definiti ons For the purposes of this document, the terms and definitions given in ISO/IEC 33001 apply. ISO and IEC maintain terminological databases for use in standardization at the following addres
24、ses: IEC Electropedia: available at h t t p :/ www .electropedia .org/ ISO Online browsing platform: available at h t t p :/ www .iso .org/ obp 4 Documented assessment process 4.1 General This documented assessment process includes the definition of the activities which are performed between the sta
25、rt and formal end of an assessment. It does not cover additional tasks involved in utilizing the results of the assessment. The assessment process consists of the following activities: TECHNICAL SPECIFICATION ISO/IEC TS 33030:2017(E) ISO/IEC 2017 All rights reserved 1 ISO/IEC TS 33030:2017(E) Each a
26、ctivity is described by defining the principal tasks to be executed, the roles and responsibilities for each task and the corresponding necessary inputs and achieved outputs. The documented assessment process may be tailored in order to address variations in organizational scope, business context or
27、 process implementation. Tailoring may include: variation or deletion of individual tasks within an activity, modification of inputs, outputs and sources of information, and changes in the assignment of roles and responsibilities within the assessment. All high-level tasks should be addressed in the
28、 assessment and all task outcomes achieved. If the process is tailored, the extent of tailoring and demonstration of achievement of outcomes should be documented. For the description of the roles involved in the tasks, the following abbreviations and definitions are used: LAC: Local Assessment Co-or
29、dinator Individual or entity, who takes responsibility for the organization of the assessment within the organizational unit assessed. SP: Sponsor Individual or entity, internal or external to the organizational unit to be assessed, who re- quires the assessment to be performed, and provides financi
30、al or other resources to carry it out (see ISO/IEC 33001:2015, 3.2.9). A: Assessor Individual who participates in the rating of process attributes (see ISO/IEC 33001:2015, 3.2.11). Assessors have appropriate education, training and both capability assessment experience and domain experience to perfo
31、rm the required class of assessment and make professional judgments (see ISO/IEC 33001:2015, 3.2.11). LA: Lead Assessor Assessor who has demonstrated the competencies to conduct an assessment and to monitor and verify the conformity of a process assessment (see ISO/IEC 33001:2015, 3.2.12). P: Partic
32、ipant Individual from the organizational unit to be assessed, who takes part in the assessment. For the description of the roles involved in the tasks, the following abbreviations are used:2 ISO/IEC 2017 All rights reserved ISO/IEC TS 33030:2017(E) R: Responsible Those who do the work to achieve the
33、 task. There is at least one role with a participation type of responsible, although others can be delegated to assist in the work required (see also RACI below for separately identifying those who participate in a supporting role). A: Accountable (also approver or final approving authority) The one
34、 ultimately answerable for the correct and thorough completion of the deliverable or task, and the one who delegates the work to those responsible. In other words, an account- able should sign off (approve) work that responsible provides. There should be only one accountable specified for each task
35、or deliverable. ISO/IEC 2017 All rights reserved 3 ISO/IEC TS 33030:2017(E) C: Consulted (sometimes counsel) Those whose opinions are sought, typically subject matter experts, and with whom there is two-way communication. I: Informed Those who are kept up-to-date on progress, often only on completio
36、n of the task or delivera- ble; and with whom there is just one-way communication. NOTE While the role definitions provided above are considered to represent the standard approach to responsibility distribution, it is possible that individual assessments extend or reduce these role definitions as is
37、 appropriate for a given assessment. For example, the SP could be knowledgeable of process assessment and could therefore participate in the detailed aspects of the assessment. The LAC could also be capable of performing a greater role in the process assessment depending on their knowledge and train
38、ing with respect to process assessment. 4.2 Initiate the assessment 4.2.1 Overview Activity Initiate the assessment Brief description The first step in the assessment process is to identify the relevant parties involved in the assessment, collect the required information and make necessary decisions
39、 to set up the assessment plan. Outcomes The following outcomes shall be achieved when performing this activity: 1) Identify the sponsor and define the purpose of the assessment and define the class of assessment; 2) Define the scope of the assessment and what constraints, if any, apply to the asses
40、sment; 3) Identify any additional information that needs to be gathered; 4) Identify the assessment participants and the assessment team and define the roles of team members; 5) Define all assessment inputs and obtain sponsor approval for all assessment inputs.4 ISO/IEC 2017 All rights reserved ISO/
41、IEC TS 33030:2017(E)Tasks The following tasks shall be executed to achieve the outcomes of this activity: 4.2.2.1 Identify the sponsor and the sponsors relationship 4.2.2.2 Select the type and level of independence 4.2.2.3 Identify criteria for the competence of the Lead Assessor 4.2.2.4 Select the
42、Lead Assessor 4.2.2.5 Select the Local Assessment Co-ordinator 4.2.2.6 Identify business context 4.2.2.7 Define the assessment purpose 4.2.2.8 Define the class of assessment 4.2.2.9 Identify the Process Assessment Model 4.2.2.10 Identify the need for and approve confidentiality agreements 4.2.2.11 S
43、ubmit Pre-Assessment Questionnaires to the Local Assessment Co-ordi- nator (optional) 4.2.2.12 Identify the assessment team structure 4.2.2.13 Establish the communication plan 4.2.2.14 Define the assessment scope 4.2.2.15 Specify the rating method(s) 4.2.2.16 Specify the aggregation method(s) 4.2.2.
44、17 Specify constraints on the conduct of the assessment 4.2.2.18 Map the organizational unit to the Process Assessment Model 4.2.2.19 Identify any additional information 4.2.2.20 Review all inputs 4.2.2.21 Obtain sponsor approval 4.2.2 Tasks 4.2.2.1 Identify the sponsor and the sponsors relationship
45、 Identify the sponsor and the sponsors relationship to the organizational unit(s) to be assessed. Responsible (R, A, C, I) SP LA A LAC P A, R I Task inputs Formal or informal assessment inquiry Information about the organization or organizational unit(s) to be assessed Task outputs Commitment of the
46、 sponsor or contract with the sponsors organization ISO/IEC 2017 All rights reserved 5 ISO/IEC TS 33030:2017(E) 4.2.2.2 Select the type and level of independence Select the type and level of independence of the body performing the assessment according to the selected class of assessment. NOTE The re
47、quirements for the type and level of independence of the body performing the assess- ment are defined in ISO/IEC 33002:2015, 4.6. Responsible (R, A, C, I) SP LA A LAC P A, R I Task inputs Definition of the class of assessment Task outputs Definition of type and level of independence of the assessmen
48、t body doc- umented in the preliminary assessment plan 4.2.2.3 Identify criteria for the competence of the Lead Assessor Identify criteria for competence of the Lead Assessor. Responsible (R, A, C, I) SP LA A LAC P A, R I Task inputs Information obtained from sponsor Application or domain specific r
49、equirements for assessor competencies Information about the qualification of Lead Assessors Task outputs Criteria for competence of the Lead Assessor 4.2.2.4 Select the Lead Assessor Select the Lead Assessor, who will lead the assessment team and ensure that the persons nominated possess the necessary competency and skills. The Lead Assessor shall have the required competen- cies to perform the assessment. Responsible (R, A, C,
