ISO/IEC TR 29110-3-1:2015

TECHNICAL ISO/IEC TR
REPORT 29110-3-1
First edition
2015-10-15
Systems and software engineering —
Lifecycle profiles for Very Small
Entities (VSEs) —
Part 3-1:
Assessment guide
Ingénierie des systèmes et du logiciel — Profils de cycle de vie pour
très petits organismes (TPO) —
Partie 3-1: Guide d’évaluation
Reference number
©
ISO/IEC 2015
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
1.1 Fields of application . 1
1.2 Target audience . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Conventions and abbreviated terms . 2
4.1 Naming, diagramming, and definition conventions . 2
4.2 Abbreviated terms . 2
5 Process assessment framework . 2
6 VSE process assessment . 3
6.1 Performing an assessment . 3
6.1.1 Introduction . 3
6.1.2 Assessment inputs . 4
6.1.3 Roles and responsibilities . 4
6.1.4 The assessment process . 4
6.2 Use of the assessment results . 6
6.3 Achievement of a VSE Profile . 6
6.4 Application of Process Assessment Models . 7
Annex A (informative) Measurement framework and Process Assessment Model .8
Bibliography .43
© ISO/IEC 2015 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical
Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee
SC 7, Software and systems engineering.
This first edition of ISO/IEC TR 29110-3-1 cancels and replaces ISO/IEC TR 29110-3:2011, which has
been technically revised.
The full list of parts of ISO/IEC 29110 is available here.
iv © ISO/IEC 2015 – All rights reserved

Introduction
Very Small Entities (VSEs) around the world are creating valuable products and services. For the
purpose of this International Standard, a Very Small Entity (VSE) is an enterprise, an organization, a
department, or a project having up to 25 people. Since many VSEs develop and/or maintain system
and software components used in systems, either as independent products or incorporated in larger
systems, a recognition of VSEs as suppliers of high quality products is required.
According to the Organization for Economic Co-operation and Development (OECD) SME and
Entrepreneurship Outlook report (2005), “Small and Medium Enterprises (SMEs) constitute the
dominant form of business organization in all countries world-wide, accounting for over 95 % and
up to 99 % of the business population depending on country”. The challenge facing governments
and economies is to provide a business environment that supports the competitiveness of this large
heterogeneous business population and that promotes a vibrant entrepreneurial culture.
From studies and surveys conducted, it is clear that the majority of International Standards do not
address the needs of VSEs. Implementation of and conformance with these standards is difficult, if not
impossible. Consequently, VSEs have no, or very limited, ways to be recognized as entities that produce
quality systems/system elements including software in their domain. Therefore, VSEs are excluded
from some economic activities.
It has been found that VSEs find it difficult to relate International Standards to their business needs
and to justify the effort required to apply standards to their business practices. Most VSEs can neither
afford the resources, in terms of number of employees, expertise, budget, and time, nor do they see a
net benefit in establishing over-complex systems or software lifecycle processes. To address some of
these difficulties, a set of guides has been developed based on a set of VSE characteristics. The guides
are based on subsets of appropriate standards processes, activities, tasks, and outcomes, referred to as
profiles. The purpose of a profile is to define a subset of International Standards relevant to the VSEs’
context; for example, processes, activities, tasks, and outcomes of ISO/IEC/IEEE 12207 for software;
and processes, activities, tasks, and outcomes of ISO/IEC/IEEE 15288 for systems; and information
products (documentation) of ISO/IEC/IEEE 15289 for software and systems.
VSEs can achieve recognition through implementing a profile and by being audited against
ISO/IEC 29110 specifications.
The ISO/IEC 29110 series of standards and technical reports can be applied at any phase of system or
software development within a lifecycle. This series of standards and technical reports is intended to
be used by VSEs that do not have experience or expertise in adapting/tailoring ISO/IEC/IEEE 12207
or ISO/IEC/IEEE 15288 standards to the needs of a specific project. VSEs that have expertise in
adapting/tailoring ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288 are encouraged to use those standards
instead of ISO/IEC 29110.
ISO/IEC 29110 is intended to be used with any lifecycle such as: waterfall, iterative, incremental,
evolutionary, or agile.
The ISO/IEC 29110 series, targeted by audience, has been developed to improve system or software
and/or service quality, and process performance. See Table 1.
© ISO/IEC 2015 – All rights reserved v

Table 1 — ISO/IEC 29110 target audience
ISO/IEC 29110 Title Target audience
Part 1 Overview VSEs and their customers, assessors,
standards producers, tool vendors,
and methodology vendors
Part 2 Framework Profile producers, tool vendors, and
methodology vendors
Not intended for VSEs
Part 3 Assessment guide VSEs and their customers, assessors,
accreditation bodies
Part 4 Profile specifications VSEs, customers, standards produc-
ers, tool vendors, and methodology
vendors
Part 5 Management and engi- VSEs and their customers
neering guide
If a new profile is needed, ISO/IEC 29110-4 and ISO/IEC TR 29110-5 can be developed with minimal
impact to existing documents.
ISO/IEC TR 29110-1 defines the terms common to the ISO/IEC 29110 series. It introduces processes,
lifecycle and standardization concepts, the taxonomy (catalogue) of ISO/IEC 29110 profiles, and
the ISO/IEC 29110 series. It also introduces the characteristics and needs of a VSE, and clarifies the
rationale for specific profiles, documents, standards, and guides.
ISO/IEC 29110-2 introduces the concepts for systems and software engineering profiles for VSEs. It
establishes the logic behind the definition and application of profiles. For standardized profiles, it
specifies the elements common to all profiles (structure, requirements, conformance, assessment). For
domain-specific profiles (profiles that are not standardized and developed outside of the ISO process),
it provides general guidance adapted from the definition of standardized profiles.
ISO/IEC TR 29110-3 defines certification schemes, assessment guidelines, and compliance requirements
for process capability assessment (ISO/IEC 33xxx), conformity assessments (ISO/IEC 17xxx), and
self-assessments for process improvements. ISO/IEC TR 29110-3 also contains information that can
be useful to developers of certification and assessment methods and developers of certification and
assessment tools. ISO/IEC TR 29110-3 is addressed to people who have direct involvement with the
assessment process, e.g. the auditor, certification, and accreditation bodies, and the sponsor of the
audit, who need guidance on ensuring that the requirements for performing an audit have been met.
ISO/IEC 29110-4-m provides the specification for all profiles in one profile group that are based on
subsets of appropriate standards elements.
ISO/IEC TR 29110-5-m-n provides a management and engineering guide for each profile in one
profile group.
The future ISO/IEC TR 29110-6-x provides management and engineering guides not tied to a
specific profile.
Figure 1 describes the International Standards (IS) and Technical Reports (TR) of ISO/IEC 29110 and
positions the parts within the framework of reference. Overview, assessment guide, management, and
engineering guide are available from ISO as freely available Technical Reports (TR). The Framework
document, profile specifications, and certification schemes are published as International Standards (IS).
vi © ISO/IEC 2015 – All rights reserved

Figure 1 — ISO/IEC 29110 Series
© ISO/IEC 2015 – All rights reserved vii

TECHNICAL REPORT ISO/IEC TR 29110-3-1:2015(E)
Systems and software engineering — Lifecycle profiles for
Very Small Entities (VSEs) —
Part 3-1:
Assessment guide
1 Scope
1.1 Fields of application
This part of ISO/IEC 29110 defines the process assessment guidelines needed to meet the purpose
of defined Very Small Entity (VSE) profiles. It is applicable to all VSE profiles and is compatible with
ISO/IEC 33002.
The possible uses of this part of ISO/IEC 29110 are as follows.
a) Assessment to evaluate the process capabilities. This is when an organization wants an assessment
execution in order to obtain a process profile of the implemented processes.
b) Supplier’s capability assessment. This is when a customer asks for a third party to conduct an
assessment in order to obtain a process profile of the implemented process by the system or
software development and maintenance supplier. The customer chooses the processes to be
assessed depending on the services to be contracted.
1.2 Target audience
The target audience of this part of ISO/IEC 29110 is primarily those who perform process assessments
of VSEs. This part of ISO/IEC 29110 also contains information that can be useful to developers of
assessment methods and assessment tools.
This part of ISO/IEC 29110 is addressed to people who have a direct relation with the assessment
process based on the VSE profiles, e.g. the assessors and the sponsor of the assessment, who need
guidance on ensuring that the requirements for performing an assessment have been met.
It is intended that ISO/IEC TR 29110-1 and ISO/IEC 29110-2 be read first when initially exploring VSE
profile documents.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC TR 29110-1, Software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 1:
Overview
ISO/IEC 33001:2015, Information technology — Process assessment — Concepts and terminology
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC TR 29110-1, ISO/IEC 33001
and the following apply.
© ISO/IEC 2015 – All rights reserved 1

3.1
process quality
ability of a process to satisfy stated and implied stakeholder needs when used in a specified context
[SOURCE: ISO/IEC 33001:2015, 3.4.8]
3.2
process quality level
representation of the achieved level of a process quality characteristic derived from the process
attribute ratings for an assessed process
[SOURCE: ISO/IEC 33001:2015, 3.4.9, modified]
3.3
organizational profile
set of process profiles defined in the ISO/IEC 29110- series
Note 1 to entry: The profiles will conform to the organizational maturity levels that will correspond to the basic,
intermediate, and advanced profiles (as defined in ISO/IEC 29110- series).
4 Conventions and abbreviated terms
4.1 Naming, diagramming, and definition conventions
None.
4.2 Abbreviated terms
BP Base Practice
PA Process Attributes
PAM Process Assessment Model
PRM Process Reference Model
5 Process assessment framework
These guidelines apply to VSE process assessments. The assessment, as defined in this part of
ISO/IEC 29110, has two purposes.
— To evaluate the process capability based on a two-dimensional assessment model containing a
process dimension and the process quality dimension. The process dimension refers to the processes
defined in each VSE profile which are provided by an external Process Reference Model (PRM).
The process quality dimension consists of a Process Measurement Framework comprising Process
Quality Levels, their associated Process Attributes, and the rating scale.
— To evaluate whether an organization fulfils the targeted VSE profile based on the evaluated
capabilities for the processes.
For an official recognition, the conformity assessments should be carried out following a process
assessment process satisfying the requirements of ISO/IEC 33002 and described in Clause 6. For
self-assessments emphasizing identification of process improvements, other approaches can be
applied (additional information can be found in other parts of ISO/IEC 29110 specifically dedicated
to self-assessment).
According to ISO/IEC 33001, a process assessment is a disciplined evaluation of an organizational unit’s
processes against a Process Assessment Model (PAM). In this context, the Process Assessment Model
consists of a subset of process purposes and outcomes of a Process Reference Model, and the process
2 © ISO/IEC 2015 – All rights reserved

attributes, quality levels and rating scale that are defined in the correspondent Process Assessment
Model. A Process Reference Model is, for instance, ISO/IEC/IEEE 12207 and the applicable subset is
defined in a Specification of a profile, for instance, ISO/IEC 29110-4-1. The applied Process Assessment
Model needs to be conformant to ISO/IEC 33002. The result of a process assessment is represented as
a set of process attribute ratings, i.e. a process profile. Figure 2 illustrates the relevant documents and
data for a process applicable to VSE process assessment.
ISO/IEC 33002 ISO/IEC 29110-3-1
Process
Process
Assessment
Assessment
Requirements
Guidelines
VSE Process
Process Pro
ile
Assessment (Assessment
ISO/IEC 29110-3-1-
result)
Annex A
Measurement
framework
ISO/IEC 29110-3-1
ISO/IEC 29110-4-m
Annex A
Pro
ile
Process
Speci
ications
Assessment Model
Process
Reference
Model
Figure 2 — Elements of VSE process assessment
ISO/IEC 33002 sets out the minimum requirements for performing a process assessment that ensure
consistency and repeatability of the ratings. The requirements help to ensure that the process
assessment output is self-consistent and provides evidence to substantiate the ratings and to verify
conformance with the requirements.
Self-assessments are typically performed to identify process improvement opportunities or to check
current status of the organization’s performance. Self-assessments in VSEs are outside the scope of this
part of ISO/IEC 29110.
6 VSE process assessment
6.1 Performing an assessment
6.1.1 Introduction
In performing a process assessment based on ISO/IEC 29110, the requirements expressed in
ISO/IEC 33002 are intended to be satisfied in full. This Clause provides additional guidance related
specifically to the process assessment in VSEs.
A process assessment is conducted according to a documented process that is capable of meeting
the process assessment purpose. The key elements of a documented assessment process are closely
tied to the requirements for performing an assessment, defined in ISO/IEC 33002. The documented
© ISO/IEC 2015 – All rights reserved 3

assessment process is the set of instructions for conducting the process assessment. A documented
assessment process addresses the following aspects of the conduct of a process assessment:
— incorporate as a minimum, the tasks defined in ISO/IEC 33002;
— identify the classes of process assessment for which the documented assessment process can
be applied, and the nature and extent of tailoring associated with each class addressed by the
documented process;
— define the criteria for ensuring coverage for both the defined organizational scope and the defined
process scope for the assessment, in terms of the strategy for collecting and analysing data;
— identify or define the approach to be taken in performing the generation of process attribute ratings,
including (where applicable) the aggregation of observations and/or characterisations across the
elements of the assessment.
6.1.2 Assessment inputs
Process assessment inputs as specified in ISO/IEC 33002:2015, 4.4 are to be defined. In conducting
process assessments of VSEs based on ISO/IEC 29110-4-m, the following issues are expected.
— The process scope of the process assessment [ISO/IEC 33002:2015, 4.4.1 (d) (1, 2)] should be
determined by the target VSE Profile specified for the process assessment.
— The organizational scope of the process assessment [ISO/IEC 33002:2015, 4.4.1 (d) (3)] should
be typically be the entire VSE; however, where the VSE deploys a small number of clearly distinct
projects or functions, the scope can be limited to a single project or function.
— In defining the process assessment context [ISO/IEC 33002:2015, 4.4.1 (d) (4)], the process assessment
plan should take into account the VSE business and engineering context and be affordable for a VSE.
— In defining the process assessment constraints [ISO/IEC 33002:2015, 4.4.1 (g)], the specific nature
of the VSE should be explored to establish constraints on availability of resources or data that might
affect the reliability of the process assessment.
6.1.3 Roles and responsibilities
Typically, the process assessment team for VSE process assessment process consists of at least one
lead assessor or a lead assessor with other assessors. The assessors should be familiar with the VSE
characteristics.
6.1.4 The assessment process
The activities to be performed will be determined by the chosen documented assessment process
tailored as necessary. The documented process for the process assessment of a VSE should address all
of the required activities defined in ISO/IEC 33002:2015, 4.2.
Specific concerns of relevance to process assessment of VSEs include the following:
Plan the assessment
Typically, the schedule for process assessment of a VSE will need to take account of the availability
of key resources. The level of resources required for the process assessment should be determined
according to the resources available to the VSE.
Collect the data
The strategy for data collection should take account of the nature of the work performed within the
VSE, and of the nature of the items of objective evidence that will typically be available. Often, process
assessments in VSEs rely heavily on testimony from performers of the processes; however, to the best
4 © ISO/IEC 2015 – All rights reserved

extent possible, the assessors should endeavour to obtain other supporting objective evidence drawn
from the VSE work products.
© ISO/IEC 2015 – All rights reserved 5

Validate the data
The key issue in data validation in process assessment of a VSE is ensuring that the data collected is
representative of the normal operations of the enterprise.
Derive results
In conducting process attribute rating, the assessors should focus on the extent to which the evidence
obtained addresses the processes and process attributes being rated. The requirement for traceability
between the rating and the evidence employed [ISO/IEC 33002:2015, 4.2.1 e) 1)] is relevant here.
Report the assessment
The assessors should ensure that the report to the sponsor of the process assessment covers the full
scope of the VSE Profile employed in the process assessment.
6.2 Use of the assessment results
The process assessment results can be used to:
a) evaluate the process quality levels of an organization,
b) determine the improvement opportunities, in order to enhance the organization’s ability to meet
its business goals by improving efficiency and quality of its products and services. The findings can
be used as a base to perform the improvement plan,
c) benchmark the process quality levels with other organizations in the market, and
d) select a supplier based on the supplier’s quality level assessment.
6.3 Achievement of a VSE Profile
This subclause provides guidance on how to determine whether an organization fulfils a VSE Profile.
The determination is based on the evaluated quality levels for the processes within each VSE Profile.
ISO/IEC 29110-4-m defines the conformance requirements.
The requirements for the profiles are defined in ISO/IEC 29110-4-m. The corresponding quality levels
to be evaluated for each profile can be derived from the respective parts of ISO/IEC 29110-4-m. At
minimum, all mandatory elements of the VSE profile, as defined in ISO/IEC 29110-4-m, need to be
considered in the process assessment.
For example, to achieve the software basic profile, the assessed processes need to achieve quality level
one as defined in Annex A. This means that the implemented process achieves its process purpose and
its defined outcomes. For example, for VSE Generic basic profile for software, the applicable process
purposes are documented in ISO/IEC 29110-4-1 (Process Reference Model for the Basic Profile):
— Project Management process;
— Software Implementation process.
NOTE Process Reference Models are now to be contained in ISO/IEC 29110-4-m.
The related outcomes of the Process Reference Model are documented in Annex A (supported by
ISO/IEC 29110-5-m-n under the process specific Objectives). A detailed mapping of the profile process
elements to ISO/IEC/IEEE 15288, ISO/IEC/IEEE 12207, and other base standards are provided in
ISO/IEC 29110-4-m.
6 © ISO/IEC 2015 – All rights reserved

6.4 Application of Process Assessment Models
Use of ISO/IEC 33004 compliant Process Assessment Model (PAM) ensures that the process assessment
results are comparable, reliable, and repeatable. The assessor should confirm that the applied PAM is
suitable for assessing the process capability in the context of VSEs.
The applied PAM should have a set of indicators that address the process purpose and outcomes, and
demonstrate the achievement of the required capability level.
ISO/IEC 29110-4-m Specifications for VSE profiles document a detailed mapping of process elements
between ISO/IEC 29110-5-m-n and the Process Reference Model in of ISO/IEC 29110-4-m, respectively.
A VSE specific PAM can be derived by selecting those process assessment indicators relevant to the
corresponding process outcomes defined in ISO/IEC 29110-4-m. An exemplar Process Assessment
Model for the VSE Processes and profiles is provided in Annex A of this part of ISO/IEC 29110.
© ISO/IEC 2015 – All rights reserved 7

Annex A
(informative)
Measurement framework and Process Assessment Model
A.1 Introduction
This Annex provides both the measurement framework and the Process Assessment and Maturity
Model for the evaluation of the process quality attributes of the processes defined in the ISO/IEC 29110
series for VSEs.
A.2 sets out the measurement framework that can be used in the assessment of process capability
and organizational profile for very small entities. The requirements for process capability and
organizational profile scales defined in this Annex form a structure which:
a) facilitates self-assessment,
b) provides a basis for use in process improvement and capability determination,
c) takes into account the context in which the assessed process is implemented,
d) produces a process capability scale,
e) is applicable across all application domains and mainly for a very small entities, and
f) can provide an objective benchmark between organizations.
The requirements from ISO/IEC 33003 for measurement frameworks and ISO/IEC 33004 for maturity
models are embedded verbatim in the text A.2 respectively for compliance verification (see below A.2.9
and A.2.11). Those verbatim requirements are enclosed in a box for ease identification.
A.3 provides an example of a PAM for use in performing a conformant assessment in accordance with
the requirements of ISO/IEC 33004.
An integral part of conducting an assessment is to use a PAM constructed for that purpose, related
to a PRM and conformant with the requirements defined in ISO/IEC 33002. ISO/IEC 33002 provides
a framework for process assessment and sets out the minimum requirements for performing an
assessment in order to ensure consistency and repeatability of the ratings.
A PRM cannot be used alone as the basis for conducting consistent and reliable assessments of process
capability since the level of detail is not sufficient. Therefore:
— the descriptions of process purpose and process outcomes provided by the PRM need to be supported
with a comprehensive set of indicators of process performance;
— the capability levels and process attributes and the rating scale defined in above A.2 need to be
supported with a set of indicators of process capability.
Used in this way, in conjunction with a documented process, consistent and repeatable ratings of
process capability will be possible.
This Process Assessment Model contains a set of indicators to be considered when interpreting the
intent of the PRM. These indicators can also be used when implementing a process improvement
program or to help evaluate and select an assessment model, method, methodology, or tools.
The PRM defined in ISO/IEC 29110-4-1 has been used as the basis for the PAM in this part of
ISO/IEC 29110.
8 © ISO/IEC 2015 – All rights reserved

The Process Assessment Model embodies the core characteristics that could be expected of any PAM
consistent with ISO/IEC 33004.
Within A.3:
— A.3.4 provides a detailed description of the structure and key components of the PAM, which
includes two dimensions: a process dimension and a capability dimension; assessment indicators
are introduced in this Clause;
— A.3.5 addresses the process dimension. It uses process definitions from ISO/IEC 29110-4-m to
identify a PRM. The processes of the PRM are described in the PRM in terms of purpose and outcomes
and are grouped in three process categories. The PAM expands the PRM process definitions by
including a set of process performance indicators called base practices for each process;
— A.3.5 addresses the capability dimension. It duplicates the definitions of the capability levels and
process attributes from A.2 above and expands each of the process attributes through the inclusion
of a set of practices and work products indicators.
— A.3.6 provides selected characteristics for typical work products to assist the assessor in evaluating
the capability level of processes;
— A.3.7 provides a statement of compliancy of the PAM to the requirements defined in ISO/IEC 33004,
where these requirements are verbatim enclosed on a box for ease identification.
A.2 Measurement Framework for assessment of process capability and
organizational profile for VSEs
A.2.1 Introduction
A.2 sets out the measurement framework that can be used in the assessment of process capability and
organizational profile for VSEs.
The requirements for process capability and organizational profile scales defined in this part of
ISO/IEC 29110 form a structure which:
a) facilitates self-assessment,
b) provides a basis for use in process improvement and capability determination,
c) takes into account the context in which the assessed process is implemented,
d) produces a process capability scale,
e) is applicable across all application domains and mainly for a very small entities, and
f) can provide an objective benchmark between organizations.
A.2.2 Overview
The capability to perform a process to a specific level of performance depends on well-established
principles. A.2 sets out those principles that are common to all domains. The process capability
measurement framework described in this Annex is expressed in terms of a set of process attributes.
Each process attribute is defined in terms of a set of process attribute outcomes which can be evaluated
to indicate the extent of achievement of the process attribute. The process attributes are organized into
process capability levels, ranging from Incomplete (in which the process does not achieve its defined
process outcomes) to Performed (in which the process fulfils its purpose and outcomes).
The result of an assessment, using a PAM that incorporates this process measurement framework, will
be a set of process profiles - ratings of the achievement of the set of process attributes for each process
in the scope of the assessment. The result can also be expressed in terms of the capability level ratings
achieved for each process in the assessment scope. A capability level rating does not guarantee that an
© ISO/IEC 2015 – All rights reserved 9

organization will perform its processes at any given process capability level, simply that it is capable of
performing its processes at that level.
A.2.3 Measurement Framework for processes for VSEs
This Clause defines a Measurement Framework for the assessment of process capability. The
Measurement Framework provides a schema for use in characterizing the capability of an implemented
process with respect to a PAM.
Within this process measurement framework, the measure of capability is based upon a set of Process
Attributes (PA). Each attribute defines a measurable property of process capability. The extent of process
attribute achievement is characterized on a defined rating scale. The process capability level for an
assessed process is derived from the set of process attribute ratings represented in the process profile.
Although process attributes are defined in such a way that they can be rated independently of one
another, this does not imply that there are no other relationships between them, e.g. the achievement of
one process attribute can be associated with the achievement of another process attribute within the
process measurement framework.
A.2.4 Process capability levels and process attributes
Process capability is defined on a two-point ordinal scale that enables capability to be assessed from the
bottom of the scale, Incomplete, through to the top end of the scale, Performed. The scale represents
increasing capability of the implemented process, from failing to achieve the process purpose through
to achieving the process purpose and outcomes.
Level 0: Incomplete process
The process is not implemented, or fails to achieve its process purpose.
At this level there is little or no evidence of any systematic achievement of the process purpose.
Level ALPHA: Performed process
The implemented process achieves its process purpose. The following attribute of the process
demonstrates the achievement of this level:
PA 1 Process performance attribute
The process performance attribute is a measure of the extent to which the process purpose is achieved.
As a result of full achievement of this attribute:
a) the process achieves its defined outcomes.
A.2.5 Process attribute rating scale
Within this process measurement framework, a process attribute is a measureable property of process
capability. A process attribute rating is a judgement of the degree of achievement of the process
attribute for the assessed process.
A process attribute is measured using an ordinal scale as defined below.
N Not achieved:
There is little or no evidence of achievement of the defined process attribute in the assessed process.
P Partially achieved:
There is some evidence of an approach to, and some achievement of, the defined process attribute in the
assessed process. Some aspects of achievement of the process attribute can be unpredictable.
L Largely achieved:
10 © ISO/IEC 2015 – All rights reserved

There is evidence of a systematic approach to, and significant achievement of, the defined process
attribute in the assessed process. Some weaknesses related to this process attribute can exist in the
assessed process.
F Fully achieved:
There is evidence of a complete and systematic approach to, and full achievement of, the defined process
attribute in the assessed process. No significant weaknesses related to this process attribute exist in
the assessed process.
The ordinal scale defined above shall be understood in terms of percentage achievement of a
process attribute.
The corresponding percentages shall be the following:
N Not achieved 0 % to ≤ 15 % achievement;
P Partially achieved > 15 % to ≤ 50 % achievement;
L Largely achieved > 50 % to ≤ 90 % achievement;
F Fully achieved > 90 % to ≤ 100 % achievement.
A.2.6 Process attribute rating method
A process outcome is the observable result of successful achievement of the process purpose.
A process attribute outcome is the observable result of achievement of a specified process attribute.
Process outcomes and process attribute outcomes can be characterized as an intermediate step to
providing a process attribute rating.
When performing rating, the rating method employed shall be specified relevant to the class of
assessment, that for VSE process assessments is of R3 (as defined in ISO/IEC 33020), where: Process
attribute rating across assessed process instances shall be made without aggregation.
A.2.7 Process capability level model
The process capability level achieved by a process shall be derived from the process attribute ratings
for that process according to the process capability level model defined in Table A.1.
Table A.1 — Process capability level ratings
Scale Process Attributes Rating
Level ALPHA PA.1 Process Performance Fully
A.2.8 A Measurement Framework for Organizational Profiles
This Clause defines a Measurement Framework for the assessment of organizational profile.
Organizational profile is measured on a two-point ordinal scale from Low profile – the Immature
Organization, through to the Basic Profile. The scale represents the extent to which the organization
has explicitly and consistently performed its basic key processes.
The scale for organizational profile retains the semantic intent of the process Capability Levels that
are defined in subclauses above of A.2. The framework for process capability characterizes the ability
of a process to meet current or projected business goals; the framework of organizational profile
characterizes the extent to which an organization consistently implements sets of processes within a
defined scope. Thus, the two frameworks while consistent, characterize different attributes of separate
entities – the process and the organization. The Measurement Framework provides a schema for use in
characterizing the profile of an organization with respect to a specified PAM.
© ISO/IEC 2015 – All rights reserved 11

Within this Measurement Framework, each level of Organizational Profile is characterized by the
demonstration of achievement of specified levels of Process Capability in process sets drawn from the
specified Process Assessment Model(s) (see A.3).
Processes in ISO/IEC 29110-4-1 can be categorized into one set based on its contributions to the
business goals of the organization. The set of fundamental processes that support the primary activities
of the organization is called the basic process set. Each organizational profile Level beyond level Basic
is characterized by the implementation, at an appropriate level of Process Capability, of a further set of
processes that drive the achievement of the capabilities relevant to each Profile Level. These are called
extended process sets.
Part 7 Assessment of Organizational Maturity Part 2 Performing an Assessment
Organizational Select, Process
Process
Maturity Structure Assessment
Reference
Model Model (s)
Model Model (s)
Scope
Process
Basic Process Set
(minimum, additional,
optional)
Extended Process
Sets (minimum, Measurement
additional,
Framework
optional)
Capability
Measurement
Levels
Framework
Process
Attributes
Maturity
Levels
process scope
Set of Process
Proiles
Maturity
Set of Process
Level
Capability
Ratings
Levels
determines
NOTE Amended from ISO/IEC TR 15504-7:2008.
Figure A.1 — Relationship between assessment of process capability and derivation of
Organizational Profile
Figure A.1 above shows the relationship between the Organizational Profile Model and the specified
PAM(s) when an assessment of organizational profile is conducted. The key elements are the defined
components of the relevant Process Reference Models and the Measurement Frameworks, shown in
Figure A.1 as nested boxes. These components are used to construct models supporting the assessment
of Process Capability and Organizational Profile. The definition of the Organizational Profile Model scope
and the selection of the basic and extended process sets are made in the context of the Organizational
Profile Model. Once the assessment has been planned employing an Organizational Profile Model based
upon one or more conformant Process Assessment Models, the assessment is performed using the
specified PAM(s) to obtain the set of process profiles. The process Capability Levels, derived from the
process profiles, are then transformed into an Organizational Profile Level rating according to the rules
for deriving Profile Levels from Capability Levels.
Organizational profile is expressed on a scale from Profile Level 0 (immature) through Basic Profile
Level aligned as follows.
Level 0 Organization- Immature
12 © ISO/IEC 2015 – All rights reserved

The organization does not demonstrate effective implementation of its processes that are fundamental
to support the organization’s primary activities
At least one process in the basic process set is assessed at Capability Level 0.
© ISO/IEC 2015
...