ISO/IEC TS 33060:2025

Technical
Specification
ISO/IEC TS 33060
Second edition
Information technology — Process
2025-04
assessment — Process assessment
model for system life cycle
processes
Technologies de l'information — Évaluation du processus —
Modèle d'évaluation du processus pour les processus du cycle de
vie du système
Reference number
© ISO/IEC 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2025 – All rights reserved
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 The process assessment model . 1
4.1 General .1
4.2 Structure of the process assessment model .2
4.2.1 General .2
4.2.2 Processes .3
4.2.3 Process dimension .3
4.2.4 Quality dimension .3
4.3 Assessment indicators .4
5 The process dimension . 5
5.1 General .5
5.2 Agreement processes (AGR) .5
5.2.1 General .5
5.2.2 Acquisition process .6
5.2.3 Supply process .7
5.3 Organizational project-enabling processes (ORG) .8
5.3.1 General .8
5.3.2 Life cycle model management process .9
5.3.3 Infrastructure management process .10
5.3.4 Portfolio management process .11
5.3.5 Human resource management process . 12
5.3.6 Quality management process . 13
5.3.7 Knowledge management process .14
5.4 Technical management processes (MAN) . 15
5.4.1 General . 15
5.4.2 Project planning process . .16
5.4.3 Project assessment and control process .17
5.4.4 Decision management process.19
5.4.5 Risk management process . 20
5.4.6 Configuration management process .21
5.4.7 Information management process . 23
5.4.8 Measurement process .24
5.4.9 Quality assurance process . 25
5.5 Technical processes (TEC) . 26
5.5.1 General . 26
5.5.2 Business or mission analysis process .27
5.5.3 Stakeholder needs and requirements definition process . 28
5.5.4 System requirements definition process. 30
5.5.5 System architecture definition process .31
5.5.6 Design definition process . 34
5.5.7 System analysis process . 36
5.5.8 Implementation process . 38
5.5.9 Integration process . 39
5.5.10 Verification process .41
5.5.11 Transition process .42
5.5.12 Validation process . 44
5.5.13 Operation process . 46
5.5.14 Maintenance process .47
5.5.15 Disposal process . 49

© ISO/IEC 2025 – All rights reserved
iii
6 The quality dimension .50
Annex A (informative) Process outputs .52
Bibliography .65

© ISO/IEC 2025 – All rights reserved
iv
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
This second edition cancels and replaces the first edition (ISO/IEC TS 33060:2020), which has been
technically revised.
The main changes are as follows:
— processes, process purposes, and process outcomes are revised to reflect the ISO/IEC/IEEE 15288:2023
processes;
— base practices are revised to reflect the ISO/IEC/IEEE 15288:2023 activities and tasks;
— process outputs and their descriptions are revised;
— this process assessment model includes a process quality attribute of process performance and can be
used with other models of process quality, for instance capability as described in ISO/IEC 33020.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2025 – All rights reserved
v
Introduction
The set of International Standards ISO/IEC 33001 to ISO/IEC 33099 defines the requirements and
resources needed for process assessment. The overall architecture and content of the series is described in
ISO/IEC 33001.
This document defines a process assessment model for system life cycle processes, conformant with the
requirements of ISO/IEC 33004, for use in performing a conformant assessment in accordance with the
requirements of ISO/IEC 33002.
A process assessment model is related to one or more process reference models. The process reference model
defined in ISO/IEC/IEEE 15288 is used as the basis for the process assessment model in this document.
A process assessment model incorporates a process measurement framework conformant with the
requirements of ISO/IEC 33003 and is expressed as a process quality characteristic with a defined set of
process attributes.
A process assessment model includes a set of assessment indicators. Process performance indicators
address the process purpose and outcomes of each process in the process assessment model. Process
quality indicators demonstrate the achievement of the process attributes in the process measurement
framework. These indicators may also provide a reference source of practices when implementing a process
improvement program.
The assessment indicators are used as a basis for collecting objective evidence to support an assessor’s
judgement in assigning ratings of the performance and quality of an implemented process. The set of
indicators defined in this document is not intended to be an all-inclusive set and applicable in its entirety.
Subsets appropriate to the context and scope of the assessment should be selected, and potentially
augmented with additional indicators.
A process assessment is conducted according to a documented assessment process. A documented
assessment process identifies the rating method to be used in rating process attributes and identifies or
defines the aggregation method to be used in determining ratings.
ISO/IEC 33020 provides a process measurement framework for the assessment of process capability
which may be incorporated as a process measurement framework in this document. ISO/IEC 33020:2019,
Annex B includes a set of process quality indicators for each process attribute in the process measurement
framework.
© ISO/IEC 2025 – All rights reserved
vi
Technical Specification ISO/IEC TS 33060:2025(en)
Information technology — Process assessment — Process
assessment model for system life cycle processes
1 Scope
This document defines a process assessment model for system life cycle processes, conformant with the
requirements of ISO/IEC 33004, for use in performing a conformant assessment in accordance with the
requirements of ISO/IEC 33002.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC/IEEE 15288:2023, Systems and software engineering — System life cycle processes
ISO/IEC 33001, Information technology — Process assessment — Concepts and terminology
ISO/IEC 33003, Information technology — Process assessment — Requirements for process measurement
frameworks
ISO/IEC 33004, Information technology — Process assessment — Requirements for process reference, process
assessment and maturity models
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 33001 and
ISO/IEC/IEEE 15288 apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
4 The process assessment model
4.1 General
This document provides a basis for a process assessment model that is two-dimensional. In one dimension,
the process dimension, the processes are defined and classified into process categories together with the
set of assessment indicators of process performance. In the other dimension, the quality dimension, for each
process attribute in the process measurement framework a set of process quality indicators is defined for
the selected process quality characteristic.

© ISO/IEC 2025 – All rights reserved
Figure 1 — Structure of the process assessment model
Figure 1 shows the process assessment model as a two-dimensional model, the process dimension with its
relationship to ISO/IEC/IEEE 15288 system life cycle processes, and the quality dimension in relationship to
a process measurement framework.
Users of this document may freely reproduce the detailed descriptions contained in the assessment model as
part of any tool or other material to support the performance of process assessments, so that it can be used
for its intended purpose.
4.2 Structure of the process assessment model
4.2.1 General
This clause describes the detailed structure of the process assessment model and its key components.
The process dimension comprises the set of processes defined with the process purpose and process
outcomes together with a set of assessment indicators of process performance.
In accordance with ISO/IEC 33004, a process shall be described in terms of its purpose and process
outcomes, and the set of process outcomes shall be necessary and sufficient to achieve the purpose of the
process (ISO/IEC 33004:2015, 5.4).
The processes in this document are derived directly from ISO/IEC/IEEE 15288 and meet the ISO/IEC 33004
requirements for process descriptions, process purposes and outcomes.
The quality dimension comprising a set of process attributes for a selected process quality characteristic is
incorporated as a process measurement framework together with a set of process quality indicators.
NOTE ISO/IEC 33020 provides a process measurement framework for the assessment of process capability which
can be incorporated into this document. ISO/IEC 33020 also includes a set of process quality indicators for each
process attribute in the process measurement framework.

© ISO/IEC 2025 – All rights reserved
4.2.2 Processes
The process assessment model is based upon the system life cycle processes defined in ISO/IEC/IEEE 15288.
The process reference model drawn from ISO/IEC/IEEE 15288 consists of the process purpose and outcomes
defined in that standard. The purpose and outcomes are a statement of the goals of the performance of each
process.
In this document, ISO/IEC/IEEE 15288 serves as the process reference model for process assessments.
Figure 2 lists the processes from ISO/IEC/IEEE 15288 that are included in the process dimension of the
process assessment model and shows their classification into process groups.
The process groups and their associated processes are described in Clause 5. The description of each process
group includes a characterization of the processes it contains. In this process assessment model, each
process belonging to a group is identified with a process identifier (ID) consisting of the group abbreviated
name and the sequential number of the process in that group.
Figure 2 — Process groups
4.2.3 Process dimension
Each process has a process identifier (ID) consisting of the process group abbreviated name and the
sequential number of the process in that group. Each process is described by its name, purpose, outcomes,
base practices, and process outputs.
Each process is described in terms of a purpose statement. These statements contain the unique functional
objectives of the process when performed in a particular environment. A list of specific process outcomes is
associated with each of the process purpose statements, as a list of expected positive results of the process
performance.
4.2.4 Quality dimension
For the quality dimension, the minimum requirement is that the process is performed, i.e. the implemented
process achieves its process purpose and the expected outcomes are observable.

© ISO/IEC 2025 – All rights reserved
Process attributes are features of a process that can be evaluated on a scale of achievement, providing a
measure of the quality of the process and are applicable to all processes.
4.3 Assessment indicators
A process assessment model is based on the principle that the quality of a process can be assessed by
demonstrating the achievement of process attributes on the basis of evidences related to assessment
indicators.
There are two types of assessment indicators: process performance indicators and process quality
indicators. Process performance indicators address the process purpose and outcomes of each process in
the process dimension. Process quality indicators demonstrate the achievement of the process attributes in
the quality dimension.
The process performance indicators are:
— base practice (BP);
— process output (PO).
The performance of base practices (BPs) provides an indication of the extent of achievement of the process
purpose and process outcomes. The base practices correspond to ISO/IEC/IEEE 15288 activities and tasks.
Process outputs (POs) are either used or produced (or both), when performing the process. Process outputs
that are the key outputs of the process, are primarily used as performance indicators.
Annex A provides the list of process outputs associated with the processes in Clause 5. The process outputs
are identified by categories. The process outputs are indicated by the process IDs.
Process quality indicators depend on the process quality characteristic of interest. ISO/IEC 33003 states
that at least one of the process attributes shall comprise the achievement of the defined process purpose and
process outcomes for the process; this is termed the process performance attribute (ISO/IEC 33003:2015,
4.2.1). Other process quality attributes can be defined as needed.
The process performance and process quality indicators represent types of objective evidence that might be
found in an instantiation of a process and therefore could be used to judge achievement of quality. Figure 3
shows how the assessment indicators are related to process performance and process quality.
Figure 3 — Assessment indicators

© ISO/IEC 2025 – All rights reserved
5 The process dimension
5.1 General
The process dimension comprises the set of processes defined with process purpose and process outcomes
together with a set of assessment indicators of process performance.
The individual processes each have a process identifier (ID) consisting of the process group abbreviated
name and the sequential number of the process in that group and are described in terms of process name,
process purpose, and process outcomes as defined in ISO/IEC/IEEE 15288.
In addition, the process dimension of the process assessment model provides information in the form of a set of:
a) base practices for the process providing a definition of the tasks and activities needed to accomplish
the process purpose and fulfil the process outcomes; each base practice is associated to one or more
process outcomes; and
b) process outputs that are related to one or more process outcomes (see NOTE 2).
ISO/IEC 33004 states that a process assessment model shall be based on a set of assessment indicators that
explicitly address the purpose and process outcomes, as defined in the selected process reference model, of
each of the processes within the scope of the process assessment model (ISO/IEC 33004:2015, 6.3.8).
The process purposes, outcomes, base practices and process outputs associated with the processes are
included in this clause. The base practices and process outputs constitute the set of indicators of process
performance.
NOTE 1 This document uses in 5.2 to 5.5 extracts of text from ISO/IEC/IEEE 15288:2023, Clause 5 and 6 to ensure
uniform interpretation of the process purposes and outcomes and to support the use of ISO/IEC/IEEE 15288. The
process group descriptions refer to ISO/IEC/IEEE 15288:2023, 5.7 and the individual process descriptions refer to
ISO/IEC/IEEE 15288:2023, Clause 6.
NOTE 2 ISO/IEC/IEEE 24774:2021, 5.4.6 defines process outputs: Process outputs are of two main types: artefacts
and information items. Artefacts include prototypes, models, system components and elements, as well as finished
products and services. A work product is an artefact associated with the execution of a process. There are four
generic work product categories: services (e.g. operation); software (e.g. computer program, documents, information,
contents); hardware (e.g. computer, device); and processed materials.
A documented assessment process and assessor judgment is needed to ensure that process context
(application domain, business purpose, development methodology, size of the organization, etc.) is explicitly
considered when using this information.
5.2 Agreement processes (AGR)
5.2.1 General
Organizations are producers and users of systems. One organization (acting as an acquirer) can task another
(acting as a supplier) for products or services. This is achieved using agreements. Agreements allow both
acquirers and suppliers to realise value and support strategies for their organizations.
Generally, organizations act simultaneously or successively as both acquirers and suppliers of systems. The
agreement processes can be used with less formality when the acquirer and the supplier are in the same
organization. Similarly, they can be used within the organization to agree on the respective responsibilities
of organization, project and technical functions.

© ISO/IEC 2025 – All rights reserved
5.2.2 Acquisition process
Process ID AGR.1
Process name Acquisition process
Process purpose The purpose of the acquisition process is to obtain a product or service in accordance
with the acquirer’s requirements.
Process outcomes As a result of the successful performance of the acquisition process:
a) a request for supply is prepared;
b) one or more suppliers are selected;
c) an agreement is established between the acquirer and supplier;
d) a product or service complying with the agreement is accepted;
e) acquirer obligations defined in the agreement are satisfied.
f) responsibility for the acquired product or service is transferred, as directed by
the agreement.
Base practices AGR.1.BP1: Prepare for the acquisition. [Outcome: a]
1) Define a strategy for how the acquisition will be conducted.
2) Prepare a request for the supply of a product or service that includes the
requirements.
AGR.1.BP2: Advertise the acquisition and select the supplier. [Outcome: b]
1) Communicate the request for the supply of a product or service to potential
suppliers.
2) Select one or more suppliers.
AGR.1.BP3: Establish and maintain an agreement. [Outcome: c]
1) Develop and approve an agreement with the supplier that includes acceptance
criteria.
2) Identify necessary changes to the agreement.
3) Evaluate impact of changes on the agreement.
4) Update the agreement with the supplier, as necessary.
AGR.1.BP4: Monitor the agreement. [Outcome: e]
1) Assess the execution of the agreement.
2) Provide data needed by the supplier and resolve issues in a timely manner.

© ISO/IEC 2025 – All rights reserved
AGR.1.BP5: Accept the product or service. [Outcome: d, e, f]
1) Confirm that the delivered product or service complies with the agreement.
2) Provide payment or other agreed consideration.
3) Accept the product or service from the supplier, or other party, as directed by
the agreement.
4) Close the agreement.
Process outputs Acquisition approach [Outcome: all]
Request for supply [Outcome: a]
Acquisition agreement [Outcome: b, c]
Acquisition agreement change request [Outcome: b, c]
Accepted system or system element [Outcome: d, f]
Acquisition report [Outcome: all]
Acquisition payment [Outcome: e, f]
Acquisition records [Outcome: all]
5.2.3 Supply process
Process ID AGR.2
Process name Supply process
Process purpose The purpose of the supply process is to provide an acquirer with a product or service
that meets agreed requirements.
Process outcomes As a result of the successful performance of the supply process:
a) an acquirer for a product or service is identified;
b) a response to the acquirer's request is produced;
c) an agreement is established between the acquirer and supplier;
d) a product or service is provided;
e) supplier obligations defined in the agreement are satisfied;
f) responsibility for the acquired product or service, as directed by the
agreement, is transferred.
Base practices AGR.2.BP1: Prepare for the supply. [Outcome: a]
1) Determine the existence and identity of an acquirer who has a need for a
product or service.
2) Define a supply strategy.
AGR.2.BP2: Respond to a request for supply of products or services. [Out-
come: b]
1) Evaluate a request for the supply of a product or service to determine feasibility
and how to respond.
2) Prepare a response that satisfies the solicitation.
AGR.2.BP3: Establish and maintain an agreement. [Outcome: c]

© ISO/IEC 2025 – All rights reserved
1) Negotiate and approve an agreement with the acquirer that includes
acceptance criteria.
2) Identify necessary changes to the agreement.
3) Evaluate impact of changes on the agreement.
4) Update the agreement with the acquirer, as necessary.
AGR.2.BP4: Execute the agreement. [Outcome: d, e]
1) Execute the agreement according to the established project plans.
2) Assess the execution of the agreement.
AGR.2.BP5: Deliver and support the product or service. [Outcome: d, e, f]
1) Deliver the product or service in accordance with the agreement criteria.
2) Provide assistance to the acquirer in support of the delivered product or
service, per the agreement.
3) Accept and acknowledge payment or other agreed consideration.
4) Transfer the product or service to the acquirer, or other party, as directed by
the agreement.
5) Close the agreement.
Process outputs Supply approach [Outcome: all]
Supply response [Outcome: b]
Supply agreement [Outcome: c]
Supply agreement change request [Outcome: c]
Supplied system or system element [Outcome: d]
Supply report [Outcome: all]
Supply records [Outcome: all]
5.3 Organizational project-enabling processes (ORG)
5.3.1 General
The organizational project-enabling processes are concerned with providing the resources needed to enable
the project to meet the needs and expectations of the organization’s stakeholders. The organizational project-
enabling processes are typically concerned at a strategic level with the management and improvement of
the organization’s undertaking, with the provision and deployment of resources and assets, and with its
management of risks in competitive or uncertain situations.
The organizational project-enabling processes establish the environment in which projects are conducted.
The organization establishes the processes and life cycle models to be used by projects; establishes,
redirects, or cancels projects; provides resources required, including human and financial; and sets and
monitors the quality measures for systems and other deliverables that are developed by projects to satisfy
internal and external customers.
The organizational project-enabling processes do not necessarily imply commercial or profit-making
motives. Organizational project-enabling processes are equally relevant to non-profit organizations,
since they are also accountable to stakeholders, are responsible for resources and encounter risk in their
undertakings. This document can be applied to non-profit organizations as well as to profit-making
organizations. In addition, organizational project-enabling processes are not intended to be a comprehensive
set of organizational processes that enable strategic management of the organization.

© ISO/IEC 2025 – All rights reserved
5.3.2 Life cycle model management process
Process ID ORG.1
Process name Life cycle model management process
Process purpose The purpose of the life cycle model management process is to define, maintain,
and help ensure availability of policies, life cycle processes, life cycle models, and
procedures for use by the organization with respect to the scope of this document.
This process provides policies, life cycle processes, life cycle models, and procedures
that are consistent with the organization's objectives. These life cycle assets are
defined, adapted, improved, and maintained to support individual project needs in a
way that they are capable of being applied using effective, proven methods and tools.
Process outcomes As a result of the successful performance of the life cycle model management pro-
cess:
a) organizational policies and procedures for the management and deployment of
life cycle models and processes are established;
b) roles, responsibility, accountability, and authority within life cycle policies,
processes, models, and procedures are defined;
c) policies, life cycle processes, life cycle models, and procedures for use by the
organization are selected;
d) policies, life cycle processes, life cycle models, and procedures for use by the
organization are assessed;
e) prioritised process, model, and procedure improvements are implemented.
Base practices ORG.1.BP1: Establish the life cycle processes. [Outcome: a, b, c]
1) Establish policies and life cycle procedures for process management and
deployment that are consistent with organizational strategies.
2) Establish the life cycle processes that implement the requirements of this
document and that are consistent with organizational strategies.
3) Define the roles, responsibilities, accountabilities, and authorities to facilitate
implementation of life cycle processes and the strategic management of life
cycles.
4) Define criteria that control progression through the life cycle.
5) Establish standard life cycle models for the organization that are comprised of
stages, and define the purpose and outcomes for each stage.
ORG.1.BP2: Assess the life cycle processes. [Outcome: d]
1) Monitor process execution across the organization.
2) Conduct periodic reviews of the life cycle models used by the projects.
3) Identify improvement opportunities from assessment results.

© ISO/IEC 2025 – All rights reserved
ORG.1.BP3: Improve the process. [Outcome: e]
1) Prioritise and plan improvement opportunities.
2) Implement improvement opportunities and inform relevant stakeholders.
Process outputs Life cycle model management strategy [Outcome: all]
Life cycle policies and procedures [Outcome: all]
Life cycle models and processes [Outcome: all]
Organizational measurement needs [Outcome: d, e]
Organizational measurement data [Outcome: d, e]
Life cycle model management report [Outcome: all]
Life cycle model management records [Outcome: all]
5.3.3 Infrastructure management process
Process ID ORG.2
Process name Infrastructure management process
Process purpose The purpose of the infrastructure management process is to provide the infra-
structure and services to projects to support organization and project objectives
throughout the life cycle.
This process defines, provides and maintains the facilities, tools, and communications
and information technology assets needed for the organization with respect to the
scope of this document.
Process outcomes As a result of the successful performance of the infrastructure management process:
a) the needs for infrastructure are defined;
b) the infrastructure elements are specified;
c) infrastructure elements are obtained;
d) the infrastructure is available;
e) prioritised infrastructure improvements are implemented.
Base practices ORG.2.BP1: Establish the infrastructure. [Outcome: a, b, c, d]
1) Define project infrastructure needs.
2) Identify, obtain, and provide infrastructure resources and services that are
needed to implement and support projects.
ORG.2.BP2: Maintain the infrastructure. [Outcome: a, b, c, d, e]
1) Evaluate the degree to which delivered infrastructure resources satisfy
project needs.
2) Identify and provide improvements or changes to the infrastructure resources
as needed.
Process outputs Infrastructure management strategy [Outcome: all]
Infrastructure requirements [Outcome: a, b]
Infrastructure elements [Outcome: c, d, e]
Infrastructure change requests [Outcome: e]
Infrastructure management report [Outcome: all]
Infrastructure management records [Outcome: all]

© ISO/IEC 2025 – All rights reserved
5.3.4 Portfolio management process
Process ID ORG.3
Process name Portfolio management process
The purpose of the portfolio management process is to initiate and sustain necessary,
sufficient, and suitable projects to meet the strategic objectives of the organization.
This process commits the investment of adequate organization funding and resourc-
es, and sanctions the authorities needed to establish selected projects. It performs
continued assessment of projects to confirm they justify, or can be redirected to
justify, continued investment.
Process outcomes As a result of the successful performance of the portfolio management process:
a) strategic venture opportunities, investments, or necessities are prioritised;
b) projects are identified;
c) resources and budgets for each project are allocated;
d) project management responsibilities, accountability, and authorities are
defined;
e) projects meeting agreements and stakeholder requirements are sustained;
f) projects not meeting agreements or satisfying stakeholder requirements are
redirected or terminated;
g) projects that have completed agreements and satisfied stakeholder
requirements are closed.
Base practicesORG.3.BP1: Define and authorise projects. [Outcome: a, b, c, d]
1) Identify potential new or modified capabilities or missions.
2) Prioritise, select, and establish new strategic opportunities, ventures, or
undertakings.
3) Define projects, accountabilities, and authorities.
4) Identify the expected goals, objectives, and outcomes of each project.
5) Identify and allocate resources for the achievement of project goals and
objectives.
6) Identify any multi-project interfaces and dependencies to be managed or
supported by each project.
7) Specify the project reporting requirements and review milestones that govern
the execution of each project.
8) Authorise each project to commence execution of project plans.
ORG.3.BP2: Evaluate the portfolio of projects. [Outcome: e, f]
1) Evaluate projects to confirm ongoing viability.
2) Act to continue projects that are satisfactorily progressing.
3) Act to redirect projects that can be expected to progress satisfactorily with
appropriate redirection.
© ISO/IEC 2025 – All rights reserved
ORG.3.BP3: Terminate projects. [Outcome: f, g]
1) Where agreements permit, act to cancel or suspend projects whose
disadvantages or risks to the organization outweigh the benefits of continued
investments.
2) After completion of the agreement for products and services, act to close the
projects.
Process outputs Portfolio management strategy [Outcome: all]
Project portfolio [Outcome: a, b]
Project authorisation [Outcome: c, d]
Project direction [Outcome: e, f, g]
Organization lessons learned [Outcome: all]
Portfolio management report [Outcome: all]
Portfolio management records [Outcome: all]
5.3.5 Human resource management process
Process ID ORG.4
Process name Human resource management process
Process purpose The purpose of the human resource management process is to provide the organiza-
tion with necessary human resources and to maintain their competencies, consistent
with strategic needs.
This process provides a supply of skilled and experienced personnel qualified to per-
form life cycle processes to achieve organization, project, and stakeholder objectives.
Process outcomes As a result of the successful performance of the human resource management
process:
a) skills required by projects are identified;
b) necessary human resources are provided to projects;
c) skills of personnel are developed, maintained or enhanced;
d) personnel conflicts are resolved.
Base practices ORG.4.BP1: Identif
...