ISO/IEC TS 15504-8:2012

TECHNICAL ISO/IEC
SPECIFICATION TS
15504-8
First edition
2012-09-15
Information technology — Process
assessment —
Part 8:
An exemplar process assessment model
for IT service management
Technologies de l'information — Évaluation des procédés —
Partie 8: Un modèle d'évaluation des procédés exemplaire pour le
management des services IT
Reference number
©
ISO/IEC 2012
©  ISO/IEC 2012
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2012 – All rights reserved

Contents Page
Foreword . v
Introduction . vi
1  Scope . 1
2  Normative references . 2
3  Terms and definitions . 2
4  Overview of the exemplar Process Assessment Model . 2
4.1  Introduction to Overview . 2
4.2  Structure of the exemplar Process Assessment Model . 3
4.2.1  Processes . 4
4.2.2  Process dimension . 5
4.2.3  Capability dimension . 5
4.3  Assessment Indicators . 6
4.3.1  Process Capability Indicators . 8
4.3.2  Process Performance Indicators . 9
4.4  Measuring process capability . 10
5  The process dimension and process performance indicators (Level 1) . 11
5.1  General . 11
5.2  CON.1 Change management . 12
5.3  CON.2 Configuration management . 13
5.4  CON.3 Release and deployment management . 14
5.5  DTR.1 Service requirements . 15
5.6  DTR.2 Service design . 16
5.7  DTR.3 Service transition . 16
5.8  DTR.4 Service planning . 17
5.9  REL.1 Business relationship management. 18
5.10  REL.2 Supplier management . 20
5.11  RES.1 Incident management . 21
5.12  RES.2 Service request management . 21
5.13  RES.3 Problem management . 22
5.14  SDE.1 Budgeting and accounting for IT services . 23
5.15  SDE.2 Capacity management . 24
5.16  SDE.3 Information security management . 25
5.17  SDE.4 Service availability management . 26
5.18  SDE.5 Service continuity management . 27
5.19  SDE.6 Service level management . 28
5.20  SDE.7 Service reporting. 28
5.21  SMS.1 Audit . 29
5.22  SMS.2 Improvement . 30
5.23  SMS.3 Information item management . 31
5.24  SMS.4 Management review. 32
5.25  SMS.5 Resource management . 34
5.26  SMS.6 Risk management . 34
5.27  SMS.7 Service measurement . 35
5.28  SMS.8 SMS Establishment and improvement . 36
5.29  SMS.9 SMS Implementation and operation . 37
6  Process capability indicators (Level 1 to 5) . 38
6.1  Level 1: Performed process . 39
6.1.1  PA 1.1 Process performance attribute. . 39
6.2  Level 2: Managed process . 39
© ISO/IEC 2012 – All rights reserved iii

6.2.1  PA 2.1 Performance management attribute .39
6.2.2  PA 2.2 Work product management attribute .42
6.3  Level 3: Established process .44
6.3.1  PA 3.1 Process definition attribute .44
6.3.2  PA 3.2 Process deployment attribute .46
6.4  Level 4: Predictable process .48
6.4.1  PA 4.1 Process measurement attribute .49
6.4.2  PA 4.2 Process control attribute .51
6.5  Level 5: Optimizing process .53
6.5.1  PA 5.1 Process innovation attribute .53
6.5.2  PA 5.2 Process optimization attribute .55
6.6  Related Processes for Process Attributes .57
Annex A (informative)  Conformity of the exemplar Process Assessment Model .58
Annex B (informative) Input and output characteristics .65
Annex C (informative) Process Capability for ISO/IEC 20000-1 requirements. 101
Bibliography . 204

iv © ISO/IEC 2012 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
In other circumstances, particularly when there is an urgent market requirement for such documents, the joint
technical committee may decide to publish an ISO/IEC Technical Specification (ISO/IEC TS), which
represents an agreement between the members of the joint technical committee and is accepted for
publication if it is approved by 2/3 of the members of the committee casting a vote.
An ISO/IEC TS is reviewed after three years in order to decide whether it will be confirmed for a further three
years, revised to become an International Standard, or withdrawn. If the ISO/IEC TS is confirmed, it is
reviewed again after a further three years, at which time it must either be transformed into an International
Standard or be withdrawn.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
technology, Subcommittee SC 7, Software and systems engineering.
ISO/IEC TS 15504-8 consists of the following parts, under the general title Information technology — Process
assessment:
 Part 1: Concepts and vocabulary
 Part 2: Performing an assessment
 Part 3: Guidance on performing an assessment
 Part 4: Guidance on use for process improvement and process capability determination
 Part 5: An exemplar software life cycle process assessment model
 Part 6: An exemplar system life cycle process assessment model
 Part 7: Assessment of organizational maturity [Technical Report]
 Part 8: An exemplar process assessment model for IT service management [Technical Specification]
 Part 9: Target process profiles [Technical Specification]
 Part 10: Safety extension [Technical Specification]
© ISO/IEC 2012 – All rights reserved v

Introduction
This part of ISO/IEC 15504 provides an example of an IT Service Management Process Assessment Model
(PAM) for use in performing a conformant assessment in accordance with the requirements of
ISO/IEC 15504-2. It enables implemented processes of ISO/IEC 20000-4 to be assessed according to the
requirements of ISO/IEC 15504-2.
An integral part of conducting an assessment is to use a Process Assessment Model (PAM) that is
constructed for that purpose. A PAM is related to a Process Reference Model (PRM) and is conformant with
ISO/IEC 15504-2. ISO/IEC 15504-2 sets out the minimum requirements for performing an assessment in
order to ensure consistency and repeatability of the ratings. ISO/IEC 15504-2 addresses the assessment of
process and the application of process assessment for improvement and capability determination. Results of
conformant process assessments may be compared when the scopes of the assessments are considered to
be similar. The requirements for process assessment defined in ISO/IEC 15504-2 form a structure which:
a) facilitates self-assessment;
b) provides a basis for use in process improvement and capability determination;
c) takes into account the context in which the assessed process is implemented;
d) produces a process rating;
e) addresses the ability of the process to achieve its purpose;
f) is applicable across all application domains and sizes of organization;
g) may provide an objective benchmark between organizations.
The PRM defined in ISO/IEC TR 20000-4 has been used as the basis for the PAM in this part of
ISO/IEC 15504. The relationship between ISO/IEC 20000-1, ISO/IEC TR 20000-4 and ISO/IEC 15504-2 is
shown in Figure 1.
ISO/IEC 20000-1 – Service ISO/IEC TR 24774 - Guidelines for
Management System Requirements process definition
informs
Provides processes to support
ISO/IEC TR 20000-4 Service
Management – Process Reference
Model
Capability of processes is
assessed by
ISO/IEC 15504-2 – Performing an Assessment
ISO/IEC TS 15504-8 – An exemplar process assessment
model for IT service management

Figure 1 —Relationship between ISO/IEC 20000-1, ISO/IEC TR 20000-4 and ISO/IEC 15504-2
vi © ISO/IEC 2012 – All rights reserved

Any organisation may use processes with additional elements in order to suit it to the environment and
circumstances. The Process Reference Model (PRM) that is the basis for this Process Assessment Model is
ISO/IEC 20000-4:2010. This PRM may not be fully aligned with ISO/IEC 20000-1:2011 as it was developed to
align to ISO/IEC 20000-1:2005. A revised PRM aligned to ISO/IEC 20000-1:2011 is being developed and it is
expected that this revised PRM will address and resolve these identified incompatibilities. Due to the
development status of this PRM, it is known to be unverified and subject to change in the future.
This PAM contains a set of indicators to be considered when interpreting the intent of its PRM. It provides
greater detail to indicate process performance and capability. The indicators may also be used when
implementing a process improvement program or to help evaluate and select an assessment model, method,
methodology or tools.
As an exemplar, this PAM embodies the core characteristics that could be expected of any PAM consistent
with ISO/IEC 15504-2. Nevertheless any other PAMs meeting the requirements of ISO/IEC 15504-2 may be
used in a conformant assessment.
This Part of ISO/IEC 15504 has a similar structure to ISO/IEC 15504 Parts 5 and 6. It may be used in
conjunction with them for joint assessment of service management processes and system/software life cycle
processes.
Within this part of ISO/IEC 15504:
 clause 4 provides a detailed description of the structure and key components of a PAM, which
includes two dimensions: a process dimension and a capability dimension. Assessment indicators
are introduced in this clause;
 clause 5 addresses the process dimension. It uses process definitions from ISO/IEC TR 20000-4 to
designate the PRM. The processes of the PRM are described in the PAM in terms of purpose and
outcomes. The PAM expands the PRM process definitions by including a set of process performance
indicators called base practices for each process. The PAM also defines a second set of indicators of
process performance by associating inputs and outputs with each process. Clause 5 is also linked
directly to Annex B, which defines the inputs/outputs characteristics;
 clause 6 addresses the capability dimension. It duplicates the definitions of the capability levels and
process attributes from ISO/IEC 15504-2, and expands each of the nine attributes through the
inclusion of a set of generic practices. These generic practices belong to a set of indicators of
process capability, in association with generic resource indicators, and generic inputs/outputs
indicators. Annex B is also linked directly to Clause 6 as it defines the inputs/outputs characteristics;
 Annex A provides a statement of conformance of the PAM to the requirements defined in
ISO/IEC 15504-2;
 Annexes B provides selected characteristics for typical inputs/outputs to assist the assessor in
evaluating the capability level of processes;
 Annex C contains a capability process profile linking the requirements of ISO/IEC 20000-1 to base
practices and information items;
 the Bibliography contains a list of informative references.

© ISO/IEC 2012 – All rights reserved vii

TECHNICAL SPECIFICATION ISO/IEC TS 15504-8:2012(E)

Information technology — Process assessment —
Part 8:
An exemplar process assessment model for IT service
management
1 Scope
This part of ISO/IEC 15504:
 defines an exemplar PAM that meets the requirements of ISO/IEC 15504-2 and that supports the
performance of an assessment by providing indicators for guidance on the interpretation of the process
purposes and outcomes as defined in ISO/IEC TR 20000-4 and the process attributes as defined in
ISO/IEC 15504-2;
 provides guidance, by example, on the definition, selection and use of assessment indicators.
A PAM comprises a set of indicators of process performance and process capability. The indicators are used
as a basis for collecting the objective evidence that enables an assessor to assign ratings. The set of
indicators included in this part of ISO/IEC 15504 is not intended to be an all-inclusive set nor is it intended to
be applicable in its entirety. Subsets that are appropriate to the context and scope of the assessment should
be selected, and possibly augmented with additional indicators (see Annex C).
The PAM in this part of ISO/IEC 15504 is directed at assessment sponsors and competent assessors who
wish to select a model, and associated documented process method, for assessment (for either capability
determination or process improvement). Additionally it may be of use to developers of assessment models in
the construction of their own model, by providing examples of good service management practices. It can be
used by:
a) service providers to assess and improve a Service Management System (SMS), including processes,
for the design, development, transition and delivery of services that fulfil service requirements;
b) organizations that are seeking services from service providers and requiring assurance that their
service requirements will be fulfilled;
c) service providers to demonstrate their capability for the design, development, transition and delivery
of services that fulfil service requirements.
Any PAM meeting the requirements defined in ISO/IEC 15504-2 concerning models for process assessment
may be used for assessment. Different models and methods may be needed to address differing business
needs. The assessment model in this part of ISO/IEC 15504 is provided as an exemplar of a model meeting
all the requirements expressed in ISO/IEC 15504-2.
The scope of this Part of ISO/IEC 15504 is consistent with the scope of Part 5 and 6 of ISO/IEC 15504 in
order to assist situations where assessment is being made of both service management and system/software
life cycle processes.
© ISO/IEC 2012 – All rights reserved 1

NOTE:  Copyright release for the Exemplar PAM: Users of this part of ISO/IEC 15504 may freely reproduce the
detailed descriptions contained in the exemplar assessment model as part of any tool or other material to support the
performance of process assessments, so that it can be used for its intended purpose.
2 Normative references
The following normative documents contain provisions which, through reference in this text, constitute
provisions of this part of ISO/IEC 15504. For dated references, subsequent amendments to, or revisions of,
any of these publications do not apply. However, parties to agreements based on this part of ISO/IEC 15504
are encouraged to investigate the possibility of applying the most recent editions of the normative documents
indicated below. For undated references, the latest edition of the normative document referred to applies.
Members of ISO and IEC maintain registers of currently valid International Standards.
ISO/IEC 20000-1:2011, Information technology — Service management — Part 1: Service management
system requirements
ISO/IEC TR 20000-4:2010, Information technology — Service management — Part 4: Process Reference
Model
ISO/IEC 15504-1:2004, Information technology — Process assessment — Part 1: Concepts and Vocabulary
ISO/IEC 15504-2:2003, Information technology — Process assessment — Part 2: Performing an Assessment
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 15504-1 and ISO/IEC 20000-1
apply.
4 Overview of the exemplar Process Assessment Model
4.1 Introduction to Overview
This part of ISO/IEC 15504 provides an exemplar PAM that includes examples of assessment indicators.
The PRM defined in ISO/IEC TR 20000-4, associated with the process attributes defined in ISO/IEC 15504-2,
establish a PAM used as a common basis for performing assessments of service management system
process capability, allowing for the reporting of results using a common rating scale.
The PAM is a two-dimensional model of process capability. In one dimension, the process dimension, the
processes are defined. In the other dimension, the capability dimension, a set of process attributes grouped
into capability levels is defined. The process attributes provide the measurable characteristics of process
capability.
2 © ISO/IEC 2012 – All rights reserved

CAPABILITCAPABILITYY
DimensionDimension
ISO/IEC 15504-2
---- 55 OptimOptimiizingzing (2 at(2 attributributteses))
LeLevveel l : :
---- 44 PredictaPredictable (2 attributeble (2 attributess))
LeLevveel l : :
ISO/IEC TR 20000-4
---- 33 EstablisheEstablished (2 atd (2 attributributteses))
LeLevveel l : :
---- 22 ManagManageed  (2 attributed  (2 attributess))
LeLevveel l : :
---- 11 PerformePerformed (1 attributed (1 attribute))
Level : : ProcessProcess ReferenceReference
Model (PRM)Model (PRM)
Level
---- 00 IncompleteIncomplete
: :
SMS General
PROCESSPROCESS
processes
DimensionDimension
ProcessesProcesses
Design and transition
of new or changed
ProcesseProcessess
Service delivery
services processes
Control
processes
Resolution
processes
Relationship
processes
processes
Figure 2 — Relationship between the Process Assessment Model and its inputs
Figure 2 shows the relationship between the general structure of the PAM, ISO/IEC 15504-2 and ISO/IEC TR
20000-4.
A PRM and a capability dimension defined in ISO/IEC 15504-2 cannot be used alone as the basis for
conducting reliable and consistent assessments of process capability since the level of detail provided is not
sufficient. The descriptions of process purpose and outcomes in a PRM, and the process attribute definitions
in ISO/IEC 15504-2, need to be supported with a comprehensive set of indicators of process performance and
process capability that are used for assessment performance.
The exemplar PAM defined in this part of ISO/IEC 15504 is conformant with the ISO/IEC 15504-2
requirements for a PAM, and can be used as the basis for conducting an assessment of IT service
management process capability.
In order to meet the PAM requirements of ISO/IEC 15504-2, a documented process supporting other
requirements of ISO/IEC 15504-2 is also required. This need may be met, for example, by the adoption of a
supporting method for conducting assessments.
4.2 Structure of the exemplar Process Assessment Model
This clause describes the detailed structure of the PAM and its key components.
This PAM expands upon the PRM by including a defined set of assessment indicators. Assessment indicators
comprise indicators of process performance and process capability and are defined to support an assessor’s
judgment of the performance and capability of an implemented process.
© ISO/IEC 2012 – All rights reserved 3

Clause 5, together with its associated Annex B, describes the components of the process dimension, and
clause 6 describes the components of the capability dimension. Annex A provides a statement of
conformance of the PAM to the requirements defined in ISO/IEC 15504-2.
ISO/IEC 15504-2 requires that processes included in a PRM satisfy the following:
"The fundamental elements of a Process Reference Model are the set of descriptions of the processes within
the scope of the model. These process descriptions shall meet the following requirements:
a) A process shall be described in terms of its Purpose and Outcomes.
b) In any description the set of process outcomes shall be necessary and sufficient to achieve the purpose of
the process.
c) Process descriptions shall be such that no aspects of the measurement framework as described in clause 5
of this International Standard beyond level 1 are contained or implied."
As processes are derived directly from ISO/IEC TR 20000-4, these requirements are satisfied.
4.2.1 Processes
Figure 3 shows the processes from ISO/IEC TR 20000-4, which are included in the process dimension of the
exemplar PAM for service management.
SMS General Processes Design and Transition of New or Changed
Services Processes
SMS.1 Audit
DTR.1 Service requirements
SMS.2 Improvement
DTR.2 Service design
SMS.3 Information item management
DTR.3 Service transition
SMS.4 Management review
DTR.4 Service planning
SMS.5 Resource management
SMS.6 Risk management
SMS.7 Service measurement
Service Delivery Processes
SMS.8 Establishment and improvement
SDE.1 Budgeting and accounting for services
SMS.9 Implementation and operation
SDE.2 Capacity management
SDE.3 Information security management
SDE.4 Service availability management
Control Processes
SDE.5 Service continuity management
CON.1 Change management
SDE.6 Service level management
CON.2 Configuration management
SDE.7 Service reporting
CON.3 Release and deployment management
Resolution Processes
RES.1 Incident management
Relationship Processes
RES.2 Service request management
REL.1 Business relationship management
RES.3 Problem management
REL.2 Supplier management
Figure 3 — Processes in the Process Reference Model
4 © ISO/IEC 2012 – All rights reserved

4.2.2 Process dimension
The process dimension of the PAM includes all processes from the PRM contained in ISO/IEC TR 20000-4
and shown in Figure 3. Each process in the PAM is described in terms of a purpose statement. These
statements contain the unique functional objectives of the process when performed in a particular environment.
A list of specific outcomes is associated with each of the process purpose statements, as a list of expected
positive results of the performance of the processes.
Satisfying the purpose statements of a process represents the first step in building a level 1 process capability
where the expected outcomes are observable. The processes are described in Clause 5.
4.2.3 Capability dimension
For the capability dimension, the process capability levels and process attributes are identical to those defined
in ISO/IEC 15504-2.
Evolving process capability is expressed in the PAM in terms of process attributes grouped into capability
levels. Process attributes are features of a process that can be evaluated on a scale of achievement,
providing a measure of the capability of the process. They are applicable to all processes. Each process
attribute describes a facet of the overall capability of managing and improving the effectiveness of a process
in achieving its purpose and contributing to the business goals of the organization.
A capability level is a set of process attribute(s) that work together to provide a major enhancement in the
capability to perform a process. The levels constitute a rational way of progressing through improvement of
the capability of any process and are defined in ISO/IEC 15504-2.
There are six capability levels, incorporating nine process attributes.
Level 0: Incomplete process
The process is not implemented, or fails to achieve its process purpose.
At this level, there is little or no evidence of any systematic achievement of the process purpose.
Level 1: Performed process
The implemented process achieves its process purpose.
Level 2: Managed process
The previously described Performed process is now implemented in a managed fashion (planned, monitored
and adjusted) and its work products are appropriately established, controlled and maintained.
Level 3: Established process
The previously described Managed process is now implemented using a defined process that is capable of
achieving its process outcomes.
Level 4: Predictable process
The previously described Established process now operates within defined limits to achieve its process
outcomes.
Level 5: Optimizing process
The previously described Predictable process is continuously improved to meet relevant current and projected
business goals.
© ISO/IEC 2012 – All rights reserved 5

Within the PAM, the measure of capability is based upon the nine process attributes (PA) defined in
ISO/IEC 15504-2. Process attributes are used to determine whether a process has reached a given capability.
Each attribute measures a particular aspect of the process capability.
At each level there is no ordering between the process attributes; each attribute addresses a specific aspect
of the capability level. The list of process attributes is shown in Table 1.
Table 1 — Capability levels and process attributes
Capability Levels
Process Attribute ID
and Process Attributes
Level 0: Incomplete process
Level 1: Performed process
Process performance
PA 1.1
Level 2: Managed process
PA 2.1 Performance management
PA 2.2 Work Products management
Level 3: Established process
PA 3.1 Process definition
PA 3.2 Process deployment
Level 4: Predictable process
PA 4.1 Process measurement
PA 4.2 Process control
Level 5: Optimizing process
PA 5.1 Process innovation
Continuous optimization
PA 5.2
The process attributes are evaluated on a four point ordinal scale of achievement, as defined in
ISO/IEC 15504-2. They provide insight into the specific aspects of process capability required to support
process improvement and capability determination.
4.3 Assessment Indicators
The PAM is based on the principle that the capability of a process can be assessed by demonstrating the
achievement of process attributes on the basis of evidence related to assessment indicators.
There are two types of assessment indicators: process capability indicators, which apply to capability levels 1
to 5 and process performance indicators, which apply exclusively to capability level 1. These indicators are
defined in Clause 4.3.2.
6 © ISO/IEC 2012 – All rights reserved

CAPABILITCAPABILITYY
DimenDimenssionion
FoForr each each attributeattribute
ProcessProcess Assessment
PA.1.1 to PA 5.2
---- 55 OptimizingOptimizing
LeLevveel l : :
Process capability assessment (Level 1 to 5)
based on Process Attribute Indicators (PAI):
---- 44 PredictablePredictable
LeLevveel l : :
GP
-- : : Generic Practice
GR
-- : : Generic Resource
---- 33 EstablishedEstablished
LeLevveel l : :
GIO
-- : : Generic Input/Output
AAmplificatmplificatiionon
ffor PA 1.or PA 1.11
---- 22 ManagedManaged
LeLevveel l : :
LevelLevel 11
---- 11 PerformedPerformed
LeLevveel l : : Additional indicators for process
performance assessment based on
---- 00 IncompleteIncomplete
LeLevveel l : :
performance indicators:
BP
-- : Base Practice
IO
-- : I: nput/Output
SMS General
PROCESPROCESSS
processes
DimensiDimensioonn
Design and
Service
Transition of
delivery
new or changed
processes Control
services
Resolution
processes
processes
Relationship
processes
processes
The process attributes in the capability dimension have a set of process capability indicators that provide an
indication of the extent of achievement of the attribute in the instantiated process. These indicators concern
significant activities, resources or results associated with the achievement of the attribute purpose by a
process.
Figure 4 — Assessment indicators
The process capability indicators are:
 Generic Practice (GP);
 Generic Resource (GR);
 Generic Input/Output (GIO).
As additional indicators for supporting the assessment of a process at Level 1, each process in the process
dimension has a set of process performance indicators which is used to measure the degree of achievement
of the process performance attribute for the process assessed.
The process performance indicators are:
 Base Practice (BP);
 Input/output (IO).
The performance of Base Practices (BPs) provides an indication of the extent of achievement of the process
purpose and process outcomes. Input/Outputs (IOs) are either used or produced (or both), when performing
the process.
© ISO/IEC 2012 – All rights reserved 7

The process performance and process capability indicators defined in the PAM represent types of objective
evidence that might be found in an instantiation of a process and therefore could be used to judge
achievement of capability.
Figure 4 shows how the assessment indicators are related to process performance and process capability.
4.3.1 Process Capability Indicators
The three types of process capability indicators related to levels 1 to 5 are identified in Figure 5. They are
intended to be applicable to all processes.
Capability
level 1-5
Process
Attribute
Process
attribute
achievement
Generic
Generic
Generic
Practice
Input/Output
Resources Generic
Practice
Generic
Practice
Figure 5 — Process capability indicators
All the process capability indicators relate to the process attributes defined in the capability dimension of the
PAM. They represent the type of evidence that would support judgments of the extent to which the attributes
are achieved. Evidence of their effective performance or existence supports the judgment of the degree of
achievement of the attribute. The generic practices are the principal indicators of process capability.
The Generic Practice (GP) indicators are indicators of activities of a generic type and provide guidance on
the implementation of the attribute's characteristics. They support the achievement of the process attribute
and many of them concern management practices, i.e. practices that are established to support the process
performance as it is characterized at level 1.
During the evaluation of process capability, the primary focus is on the performance of the generic practices.
In general, performance of all generic practices is expected for full achievement of the process attribute.
The Generic Resource (GR) indicators are associated resources that may be used when performing the
process in order to achieve the attribute. These resources may include human resources, tools, methods and
infrastructure. The availability of a resource indicates the potential to fulfil the purpose of a specific attribute.
8 © ISO/IEC 2012 – All rights reserved

NOTE: The assessor should interpret the generic resources according to the process assessed; e.g. for PA2.1
resources (with identified objectives, responsibilities and authorities), an assessor would look for roles (with identified
objectives, responsibilities and authorities) in primary and supporting processes, but for organizational processes would
look for governance structures (e.g. mandated committees, positions) with identified objectives, responsibilities and
authorities.
The Generic Input/Output (GIO) indicators are sets of characteristics that would be expected to be evident in
inputs/outputs of generic types as a result of achievement of an attribute. The generic inputs/outputs form the
basis for the classification of the inputs/outputs defined as process performance indicators; they represent
basic types of inputs/outputs from all types of processes.
These three types of indicators help to establish objective evidence of the extent of achievement of the
specified process attribute.
Due to the fact that Level 1 capability of a process is only characterized by the measure of the extent to which
the process purpose is achieved, the process performance attribute (PA.1.1) has a single generic practice
indicator (GP.1.1.1). In order to support the assessment of PA.1.1 and to amplify the process performance
achievement analysis, additional process performance indicators are defined in the PAM.
4.3.2 Process Performance Indicators
There are two types of process performance indicators: Base Practice (BP) indicators and Input/Output (IO)
indicators. Process performance indicators relate to individual processes defined in the process dimension of
the PAM and are chosen to explicitly address the achievement of the defined process outcomes.
Evidence of performance of the base practices, and the presence of inputs/outputs with their expected
characteristics, provide objective evidence of the achievement of the process outcomes.
A base practice is an activity that addresses the purpose of a particular process. Consistently performing the
base practices associated with a process will help the consistent achievement of its purpose. A coherent set
of base practices is associated with each process in the process dimension. The base practices are described
at an abstract level, identifying "what" should be done without specifying "how". Implementing the base
practices of a process should achieve the basic outcomes that reflect the process purpose. Base practices
represent only the first step in building process capability, but the base practices represent the unique,
functional activities of the process, even if that performance is not systematic.
In this particular PAM the base practices have been used as a vehicle to link the outcomes of each process in
the PRM with the requirements defined for that process in ISO/IEC 20000-1. This has been achieved using
the following strategy:
 Singular requirements from ISO/IEC 20000-1 have been identified and assigned a unique identifier
(process number plus sequential numbering within the sub-clause).
 Each process outcome has been linked to a single base practice.
 Each base practice has been linked (Annex C) to one or more ISO/IEC 20000-1 singular
requirements to demonstrate that it satisfies a CL1 objective.
 Where relevant, singular requirements in ISO/IEC 20000-1 that imply a level of capability higher than
CL1, are indicated, together with the process that supports the intent of this higher capability level.
This approach provides insight on how the singular requirements from ISO/IEC 20000-1 contribute to the
achievement of the process purpose and outcomes. The performance of a process requires inputs and
produces outputs that are identifiable and usable in achieving the purpose of the process. In this assessment
model, each input/output has a defined set of example characteristics that may be used when reviewing the
input/output to assess the effective performance of a process. Input/output characteristics may be used to
identify the corresponding input/output produced/used by the assessed organization.
© ISO/IEC 2012 – All rights reserved 9

Clause 5 contains a complete description of the processes, including the base practices and the associated
inputs and outputs.
Annex B contains a list of generic inputs/outputs together with their characteristics.
4.4 Measuring process capability
The process performance and process capability indicators in this model give examples of evidence that an
assessor might obtain, or observe, in the performance of an assessment. The evidence obtained in the
assessment, through observation of the implemented process, can be mapped onto the set of indicators to
enable correlation between the implemented process and the processes defined in this assessment model.
These indicators provide guidance for assessors in accumulating the necessary objective evidence to support
judgments of capability. They are not mandatory.
An indicator is defined as an objective characteristic of a practice or input/output that supports performing a
conformant assessment in accordance with the requirements of ISO/IEC 15504-2. The assessment indicators,
and their relationship to process performance and process capability, are shown in Figure 6.
Observable (objective) evidence collected during an assessment is used to confirm the indicators (e.g.,
practices were performed). All such evidence comes either from the examination of inputs/outputs of the
processes assessed, or from statements made by the performers and managers of the processes.
The existence of base practices, inputs/outputs, and input/output characteristics, provide evidence of the
performance of the processes associated with them. Similarly, the existence of process capability indicators
pr
...