ISO/IEC 33001:2015

INTERNATIONAL ISO/IEC
STANDARD 33001
Second edition
2015-03-01
Information technology — Process
assessment — Concepts and
terminology
Technologies de l’information — Évaluation du processus — Concepts
et terminologie
Reference number
©
ISO/IEC 2015
© ISO/IEC 2015
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2015 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms relating to processes and process management . 1
3.2 Terms relating to process assessment . 3
3.3 Terms relating to process models . 5
3.4 Terms relating to process measurement . 6
4 Structure of the set of Standards . 7
5 Concepts .10
5.1 General .10
5.2 Concepts of “process” .10
5.3 The assessment framework .11
5.3.1 Measuring process quality characteristics .11
5.3.2 Process reference models .11
5.3.3 Process assessment models .12
5.3.4 The process assessment process .12
5.4 Organizational process maturity .13
5.5 Competency of assessors .14
5.6 Application of Assessment Results .14
5.6.1 Improving performance.14
5.6.2 Evaluating process-related risk .14
5.6.3 Benchmarking performance .15
6 Assessment of process capability .15
7 Conformance .15
8 Conformity assessment .16
Annex A (informative) Cross Referencing ISO/IEC 330xx to ISO/IEC 15504 .17
Bibliography .18
© ISO/IEC 2015 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
Details of any patent rights identified during the development of the document will be in the Introduction
and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 7, Software
and systems engineering.
This second edition cancels and replaces ISO/IEC 15504-1:2004, which has been technically revised.
iv © ISO/IEC 2015 – All rights reserved

Introduction
This International Standard provides a glossary of terms related to the performance of process
assessment, together with an overall introduction to the concepts and standards framework for
process assessment. This International Standard identifies the principal components supporting the
performance of process assessment, describes the results of process assessment, and gives an overview
of the ways in which the results of assessment can be applied.
This International Standard is part of a set of International Standards designed to provide a consistent and
coherent framework for the assessment of process quality characteristics, based on objective evidence
resulting from implementation of the processes. The framework for assessment covers processes
employed in the development, maintenance, and use of systems across the information technology
domain and those employed in the design, transition, delivery, and improvement of services. The set of
International Standards, as a whole, addresses process quality characteristics of any type. Results of
assessment can be applied for improving process performance, benchmarking, or for identifying and
addressing risks associated with application of processes.
The set of International Standards ISO/IEC 33001:2015, ISO/IEC 33099, termed the ISO/IEC 330xx
family, defines the requirements and resources needed for process assessment. The overall architecture
and content of the series is described in this International Standard. General issues relating to the
application of conformity assessment to process capability and organizational process maturity are
addressed in ISO/IEC 29169.
Several International Standards in the ISO/IEC 330xx family of standards for process assessment are
[13]
intended to replace and extend parts of the ISO/IEC 15504 series of Standards . Annex A in this
Standard provides a detailed record of the relationship between the ISO/IEC 330xx family and the
ISO/IEC 15504 series.
© ISO/IEC 2015 – All rights reserved v

INTERNATIONAL STANDARD ISO/IEC 33001:2015(E)
Information technology — Process assessment — Concepts
and terminology
1 Scope
This International Standard provides a repository for key terminology relating to process assessment. It
gives overall information on the concepts of process assessment, the application of process assessment
for evaluating the achievement of process quality characteristics, and the application of the results of
process assessment to the conduct of process management. This International Standard provides an
introduction to the ISO/IEC 330xx family of standards for process assessment; it describes how the
parts of the family of standards for process assessment fit together and provides guidance for their
selection and use. It explains the requirements contained within the suite and their applicability to
performing assessments.
Readers of this International Standard should familiarize themselves with the terminology and structure
of the document suite and then reference the appropriate elements of the suite for the context in which
they propose to conduct an assessment.
NOTE This International Standard addresses terms used in ISO/IEC 33001 to ISO/IEC 33019 of the
ISO/IEC 330xx family, as well as key terms used in other documents in the family. Terms specific to documents
from ISO/IEC 33020 to ISO/IEC 33099 are defined in each document.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC/IEEE 24765:2010, Systems and software engineering — Vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC/IEEE 24765 and the
following apply.
3.1 Terms relating to processes and process management
3.1.1
acquirer
stakeholder that acquires or procures a product or service from a supplier
[SOURCE: ISO/IEC 15288:2008, 4.1]
3.1.2
defined process
implemented process that is managed and tailored from the organization’s set of standard processes
according to the organization’s tailoring guidelines
Note 1 to entry: A defined process has a process description that is documented and maintained and contributes
work products, measures, and other process improvement information to the organization’s process assets.
A project’s defined process provides a basis for planning, performing, and improving the project’s tasks and
activities of the project.
© ISO/IEC 2015 – All rights reserved 1

3.1.3
effectiveness
extent to which planned activities are realized and planned results are achieved
[SOURCE: ISO 9000:2005, 3.2.14]
3.1.4
information item
separately identifiable body of information that is produced, stored, and delivered for human use
Note 1 to entry: An information item can be produced in several versions during a system, software, or service
life cycle. Syn: information product.
[SOURCE: ISO/IEC 15289:2011, 5.11; Note has been modified.]
3.1.5
organization
group of people and facilities with an arrangement of responsibilities, authorities, and relationships
[SOURCE: ISO 9000:2005, 3.3.1]
3.1.6
process
set of interrelated or interacting activities which transforms inputs into outputs
[SOURCE: ISO 9000:2005, 3.4.1]
3.1.7
process improvement
actions taken to improve the quality of the organization’s processes aligned with the business needs and
the needs of other concerned parties
3.1.8
standard process
set of definitions of the processes used to guide processes in an organization
Note 1 to entry: These process definitions cover the fundamental process elements (and their relationships to
each other) that must be incorporated into the defined processes that are implemented in
...