ISO/IEC 33071:2016

INTERNATIONAL ISO/IEC
STANDARD 33071
First edition
2016-10-15
Information technology — Process
assessment — An integrated process
capability assessment model for
Enterprise processes
Technologies de l’information — Évaluation des processus — Modèle
d’évaluation de la capacité des processus intégrés pour les processus
d’entreprise
Reference number
©
ISO/IEC 2016
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

Contents Page
Foreword . v
About Enterprise SPICE . vi
Introduction . vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 General . 1
5 Process assessment model architecture . 2
5.1 Two dimensional model . 2
5.2 Assessment indicators . 3
6 The process dimension and process performance indicators . 4
6.1 General . 4
6.2 Governance/Management Category . 6
6.2.1 Enterprise Governance . 6
6.2.2 Investment Management. 9
6.2.3 Human Resource Management . 11
6.2.4 Enterprise Architecture . 14
6.2.5 Business Relationship Management . 16
6.2.6 Supplier Agreement Management . 17
6.2.7 Tendering . 20
6.2.8 Project Management . 23
6.2.9 Risk Management . 27
6.3 Life Cycle Category . 30
6.3.1 Needs . 30
6.3.2 Requirements . 33
6.3.3 Design . 35
6.3.4 Design Implementation . 37
6.3.5 Integration . 38
6.3.6 Evaluation . 40
6.3.7 Deployment and Disposal. 43
6.3.8 Operation and Support . 45
6.4 Support Category . 47
6.4.1 Alternatives Analysis . 47
6.4.2 Measurement and Analysis . 49
6.4.3 Quality Assurance and Management . 52
6.4.4 Change and Configuration Management . 55
6.4.5 Information Management . 58
6.4.6 Knowledge Management . 61
6.4.7 Training. 63
6.4.8 Research and Innovation . 66
6.4.9 Work Environment . 69
6.4.10 Process Definition . 71
6.4.11 Process Improvement . 74
6.5 Special Applications . 77
6.5.1 Safety and Security . 77
7 The capability dimension and process capability indicators . 81
7.1 Process capability Level 0: Incomplete process . 82
7.2 Process capability Level 1: Performed process . 82
© ISO/IEC 2016 — All rights reserved iii

Annex A (informative) Conformity of the process reference model and process assessment
model with ISO/IEC 33004 requirements .83
A.1 Introduction .83
A.2 Conformance of the process reference model with ISO/IEC 33004 Clause 5 .83
A.3 Conformance of the process assessment model with ISO/IEC 33004 Clause 6 .86
Annex B (informative) Application and use of the process assessment model .90
B.1 Relationship to other standards and models .90
B.2 Contexts of Use .91
B.3 Support for Assessment and Process Improvement .92
Annex C (informative) Relationship Tables .95
Annex D (informative) High-level Mapping Tables . 108
Annex E (informative) Project Participants . 145
E.1 Sponsor . 145
E.2 Advisory Board . 145
E.2.1 Current Advisory Board Members . 145
E.2.2 Previous Advisory Board Members (other than those on current Advisory Board) . 145
E.3 Project Leader . 146
E.4 Architecture Team . 146
E.4.1 Current Members . 146
E.4.2 Previous Members (other than those on current team) . 146
E.5 Author Team . 146
E.6 Buddies and Key Early Reviewers . 147
E.7 Editorial Team . 147
E.8 General Reviewers . 148
E.9 Project Stakeholders . 148
Bibliography . 153
1 Enterprise SPICE Sources . 153
2 Enterprise SPICE References . 155
3 [iCMM] Sources and References . 156
4 [iCMM-SS] Sources and References . 158
4.1 Safety Source Standards . 158
4.2 Security Source Standards . 158
4.3 Other Safety and Security References . 158
4.3 Work Environment Sources and References . 159
5 [iCMM] Source Change Annotations . 159
6 Enterprise SPICE post publication references . 160
iv © ISO/IEC 2016 — All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of
document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on the ISO
list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement. ®
Enterprise SPICE is a Registered Trademark.
The following trademarks are referenced in this document. ®
 ITIL is a Registered Trade Mark of AXELOS. ®
 COBIT is a Registered Trade Mark of the Information Systems Audit and Control Association (ISACA)
and the IT Governance Institute (ITGI). ®
 CMMI, CMM, P-CMM, and Capability Maturity Model are registered in the U.S. Patent and Trademark
Office by Carnegie Mellon University.
TM
,
 Val IT IT Governance Institute (ITGI) and Information Systems Audit and Control Association (ISACA).
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
ISO/IEC 33071 was prepared by SPICE User Group and was adopted, under the PAS procedure, by Joint
Technical Committee ISO/IEC JTC 1, Information technology, in parallel with its approval by national bodies of
ISO and IEC.
© ISO/IEC 2016 — All rights reserved v

About Enterprise SPICE
The process community recognized the need for an integrated standards-based enterprise process
assessment model and requested an international activity to develop such a model. The initiative was first
proposed and discussed at SPICE 2006 conference in Luxembourg and formally launched at SPICE 2007
conference in Seoul, Korea.
A call for participation resulted in the community signing up to support the project in various roles (e.g.
advisory board member, author, reviewer, and assessor). Over 120 project team members from 31 different
countries participated in developing the Enterprise SPICE integrated process assessment model for enterprise
processes (Enterprise SPICE process assessment model).
The Enterprise SPICE project is hosted by the SPICE User Group, and it is governed by a 15 member
Advisory Board voted in by the project stakeholders every two years. The Advisory Board has reserved seats
for representatives from various geographical regions, for the SPICE User Group, and for the SPICE
Academy. The Enterprise SPICE project is guided by the Enterprise SPICE strategy, which identifies goals,
objectives and activities, and is led by an International Project Leader who coordinates several authoring
teams. A charter governs the working of the Advisory Board.
The Enterprise SPICE process assessment model was developed and released in review cycles. In 2008, the
project team developed the draft process reference model, providing a description of the proposed
architecture/high-level relationship of processes, the names, purposes, and outcomes for those processes,
and a list of the sources and references integrated to develop each process. All process reference model
review comments were adjudicated, and accepted comments were included in the next major review cycle
which provided a draft process assessment model. This 2009 release of the process assessment model
elaborated the process reference model with indicators (base practices and work products), a new section on
relationship notes, plus a detailed mapping table for all processes indicating the sources and references
integrated at the purpose, outcome, and base practice level. All comments were adjudicated by the project
team and approved comments are reflected in Enterprise SPICE® An Integrated Model for Enterprise-wide
Assessment and Improvement, Technical Report – Issue 1, The Enterprise SPICE Project Team, September
2010. This document which provides an integrated process capability assessment model for enterprise
processes is based on that Technical Report.
The public website for information about the Enterprise SPICE project is: www.enterprisespice.com.
vi © ISO/IEC 2016 — All rights reserved

Introduction
This document provides an integrated process capability assessment model for enterprise processes (process
assessment model) that integrates and harmonizes selected process models and standards into a single
enterprise improvement model. By bringing together best practices from several disciplines and several
models and standards into a comprehensive improvement model, this document provides an efficient effective
mechanism for assessing and improving processes deployed across a typical, large or small, enterprise.
This document provides the following benefits to stakeholders:
 Single Unified Model: the model integrates practices from the widely recognized standards and sources
of best practice; no need to use many separate standards and models concurrently - they are
consolidated into a single unified model
 Pick and Choose: select from the model those areas relevant to your business needs
 Authoritative: provides best guidance available drawn from widely recognized standards and sources,
with detailed mapping tables tracing each practice to sources if further information is desired/required
 Comprehensive: addresses a broad, and expanding, range of disciplines
 Synergized: the sources are integrated, harmonized, and synergized; each source contributes important
perspectives
 Reduced Costs:
 Training on one model, not several
 Improvement using one model, not several, leading to simultaneous improvement vs. all sources;
compliant processes address best practice from multiple standards concurrently
 Avoids duplication of effort
 Appraisals vs. one model, not several, leading to simultaneous multiple ratings/ certification if desired,
assuming required assessment practices are followed
 Enhanced Effectiveness via Integrated Guidance:
 For all levels from enterprise to team processes
 For large or small business units
 Across disciplines for multidisciplinary teams
 Aligns business and technical processes
 Across all product and service life cycle phases/activities
 Improvement initiatives can be aligned across the enterprise
 Conformity Assessment: conformity assessment services from accredited bodies.
© ISO/IEC 2016 — All rights reserved vii

This document can be used by any enterprise or organization that seeks to improve its business performance
in an integrated way. Both large and small enterprises can use the model and reap the benefits outlined
above. Individuals can use the model to get an overview of best practices and to understand how various
standards and models fit together.
viii © ISO/IEC 2016 — All rights reserved

INTERNATIONAL STANDARD ISO/IEC 33071:2016(E)
Information technology — Process assessment — An
integrated process capability assessment model for Enterprise
processes
1 Scope
This document defines an integrated process assessment model for enterprise processes (process
assessment model) for use in performing a conformant assessment of process capability in accordance with
the requirements of ISO/IEC 33002.
The process assessment model integrates and harmonizes existing standards, as determined by stakeholders,
and provides in a single document a process reference model and process assessment model that addresses
broad enterprise processes and which provide an efficient and effective mechanism for assessing and
improving processes deployed across an enterprise.
NOTE: Copyright release: Users of this document may reproduce subclauses 6.1 to 6.5 and 7.1 to 7.2 as part of any tool
or other material to support the performance of process assessments, so that it can be used for its intended purpose.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 33001:2014, Information technology — Process assessment — Concepts and terminology
ISO/IEC 33004:2014, Information technology — Process assessment — Requirements for process reference,
process assessment and maturity models
ISO/IEC 33020:2014, Information technology — Process assessment — Process measurement framework for
assessment of process capability
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 33001 and ISO/IEC 33020
apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
4 General
The Enterprise SPICE process assessment model which forms the basis for this integrated process capability
assessment model for enterprise processes (process assessment model) was built on an existing baseline
® ®
enterprise model, the Federal Aviation Administration (FAA) integrated Capability Maturity Model (iCMM )
© ISO/IEC 2016 — All rights reserved 1

v2.0, which integrated a set of disciplines and source standards/models. Additional disciplines and sources
were identified via a formal survey of stakeholders. These were then vetted against a set of criteria and a
smaller set chosen for integration into the Enterprise SPICE process assessment model.
Criteria for discipline selection
 Priority criticality, importance or urgency for inclusion (should this be in first release (high), next set of
disciplines (medium), sometime in future (low)?)
 Relevance to enterprise operations and success (how relevant is this to your business?)
 Perceived need, value or risk reduction for including this discipline in enterprise assessments (does
this discipline need to be assessed? will risks to enterprise success be reduced by including this
discipline? how valuable to the enterprise will assessments be with respect to this discipline?)
 Existence/maturity of process standards and best practices in the discipline (does this discipline have
mature best practices?)
 Compliance requirements regarding these disciplines in stakeholder enterprises (do you need to comply
with requirements regarding this discipline?)
Criteria for source material selection
 Only major, essential, widely-recognized process standards/models/documents should be selected as
source* documents (others may be useful reference** documents).
 The number of sources for a discipline should be limited to 3 to 5 for a given area.
 Process source documents should be generic rather than method specific improvement approaches (i.e.
sources indicate what, not how).
* Source documents are documents from which the process descriptions are derived. Mapping of the
processes to source practices is required, along with coverage of source documents, at an appropriate level of
detail.
** Reference documents are documents identified as useful in developing best practice in certain areas, but
full coverage and detailed mapping are not required.
The Enterprise SPICE process assessment model addresses the following disciplines by integrating the
following sources.
Disciplines: enterprise management, investment management, general management, service management,
human resource management, acquisition, quality management systems, full lifecycle engineering for
products and services, knowledge management, environment, safety and security, and core supporting
disciplines
Sources: FAA-iCMM (baseline model, integrating ISO 9001, ISO/IEC 12207, ISO/IEC 15288, ISO/IEC 15504, ®
Malcolm Baldrige National Quality Award, CMMI , EIA 731, previous CMMs, MIL-STD-882C, MIL-STD-882D, ®
IEC 61508: DEF STAN 00-56, ISO 17799, ISO 15408, ISO/IEC 21827, NIST 800-30); plus: ITIL ; ISO/IEC ®
20000; CobIT ; People-CMM (P-CMM®); ITIM, ISO 14000. Additional references include ISO 31000, eSCM-
CL, eSCM-SP, PMI Standard for Portfolio Management, PMBOK, and FEA Practice Guidance.
See Bibliography for a full description of all the above sources and references.
5 Process assessment model architecture
5.1 Two dimensional model
This process assessment model is structured as a two-dimensional model of process capability containing a
process dimension and a capability dimension.
The process dimension includes the process descriptions, purpose and outcomes of the processes from a
process reference model. This process assessment model provides the defined process reference model as
an integral part the process dimension in the process assessment model.
2 © ISO/IEC 2016 — All rights reserved

The capability dimension includes a set of process capability levels and process attributes. A process attribute
is a feature of a process that can be evaluated on a scale of achievement, providing a measure of the
capability of any process. The capability dimension of this process assessment model incorporates the
measurement framework for process capability as defined in ISO/IEC 33020 for process Capability Levels 0
and 1.
Note that this process assessment model is a process capability model, not an maturity model, and does not
describe staging or ordering of processes or practices.
This process assessment model expands upon the process reference model and process measurement
framework for assessing process by including a defined set of assessment indicators. Assessment indicators
comprise indicators of process performance and process capability and are defined to support an assessor’s
judgment of the performance and capability of an implemented process.
ISO/IEC 33004 specifies requirements for conformance of process reference models and process assessment
models. Statements of conformance of the process reference model and the process assessment model to
ISO/IEC 33004 requirements are provided in Annex A: Conformity of the process reference model and
process assessment model with ISO/IEC 33004 Requirements.
There are 29 processes in the model which are grouped into three Process Categories and one Special
Applications Area. The process categories and special application area are described below.
Governance/Management The governance/management category includes processes that
Process Category govern the enterprise and manage the business. These
processes set vision and direction and oversee execution of other
processes. They can be used at the enterprise, project or team
level. Included in this category are processes that establish and
manage relationships and partnerships among business owners,
acquirers, and suppliers.
Life Cycle Process Category The life cycle category includes processes that develop, deploy,
operate and maintain a product or service to meet customer
needs. These processes cover the typical life cycle of a product
or service, from inception to disposal.
Support Process Category The support category includes processes that are used by other
processes when needed, and contribute to the success and
quality of all the processes.
Special Applications Area The special “application areas” provide ways of applying the
processes in a particular context. The practices, called
“application practices”, are implemented by using other processes
in the context of the special application of the model. This new
construct facilitates the re-use of the model without recreating
processes that are already well established.
Each process is defined in terms of a process purpose statement and process outcomes. The process
purpose statements contain the unique functional objectives of the process when performed in a particular
environment. The process outcomes associated with each of the process purpose statements is a list of
expected positive results of the performance of the processes.
5.2 Assessment indicators
The process assessment model is based on the principle that the capability of a performed process can be
assessed by demonstrating the achievement of process attribute on the basis of evidence related to
assessment indicators.
© ISO/IEC 2016 — All rights reserved 3

There are two types of assessment indicators: process capability indicators, and process performance
indicators.
The process attribute in the capability dimension has a set of process capability indicators that provide an
indication of the extent of achievement of the attribute in the instantiated process. These indicators concern
significant activities, resources or results associated with the achievement of the attribute purpose by a
process.
The process capability indicators are:
 Generic Practice (GP);
 Generic Resource (GR);
 Generic Work Product (GWP).
Each process in the process dimension has a set of process performance indicators which are used to
support the measure of the degree of achievement of the process performance attribute for the process
assessed.
The process performance indicators are:
 Base Practice (BP);
 Work Products (WP).
The performance of base practices provides an indication of the extent of achievement of the process purpose
and process outcomes. Work products both input and output are either used or produced (or both), when
performing the process.
The process performance and process capability indicators defined in the process assessment model
represent types of objective evidence that might be found in an instantiation of a process and therefore could
be used to judge achievement of capability.
6 The process dimension and process performance indicators
6.1 General
This clause defines the processes and the process performance indicators, also known as the process
dimension, of the process assessment model.
The process dimension includes process reference model elements (purpose and outcomes) plus process
assessment model elements related to process performance indicators (base practices and work products).
Additionally, it includes for each process a set of relationship notes.
The individual processes are described in terms of process ID, process name, process purpose, and process
outcomes:
Process ID: This is a process category identifier, followed by a sequential number assigned to process
descriptions within that category.
Process name: This is the name given to the process.
Process purpose: This is a statement of the purpose of the process.
Process outcomes: These are the outcomes expected as a result of successful implementation of the
process.
4 © ISO/IEC 2016 — All rights reserved

In addition, the process dimension provides information in the form of:
Base practices: A set of base practices are identified by appending sequential numbers to the Process ID,
followed by the practice name, followed by the practice description. Each base practice description indicates
the outcome(s) addressed by the practice.
Relationship notes: Relationship notes are used to describe how the processes are related. Relationships
can be of various forms, such as providing input to another process, receiving output from another process,
indicating general relationships for clarification purposes, or describing when another process might be used
in relation to carrying out the process being described.
Work products: Work products are provided as both input work products and output work products, each are
associated with related outcome(s). They are only examples and are not intended to be prescriptive. Nor do
they necessarily list all possible input or output work products. The identification of example work products is
intended to help the enterprise when defining their own processes, to provide clarification for interpretation of
the outcomes and base practices in the model, and to help assessors regarding potential artifacts to look for
when assessing a particular process.
Work products are further used to clarify relationships between processes. For example, an input work
product may be provided by a producer outside the scope of the model (such as a customer, or an external
legal requirement imposed on the enterprise), or it may be provided from another process within the model. In
the latter case, this relationship is noted by Relationship notes and also in Annex C: Relationship Tables
which captures all such relationships. Output work products similarly fall in different categories. Some are
supplied to other processes in the model, and denoted as such in Relationship notes and Annex C:
Relationship Tables. Other outputs are used as records indicating achievement of outcomes and purpose.
Informative notes are provided for any of the above elements, as appropriate.
Sources and mapping: Each process description has been mapped to the source and reference documents
that were brought together to derive the purpose, outcomes, and base practices. The sources and references
used in developing the process descriptions are described in the Bibliography, and the specific elements
integrated to derive the process descriptions are included in Annex D: High Level Mapping Tables.
Note that Annex B: Application and use of the process assessment model provides information on its use in
relation to its sources.
The processes are listed below with their process ID and process name grouped into the process categories
and special application area.
Figure 1 —Processes Grouped by Process Categories and Special Application Area
Governance/Management Process Category

GVM.1 Enterprise Governance
GVM.2 Investment Management
GVM.3 Human Resource Management
GVM.4 Enterprise Architecture
GVM.5 Business Relationship Management
GVM.6 Supplier Agreement Management
GVM.7 Tendering
GVM.8 Project Management
GVM.9 Risk Management
Life Cycle Process Category
LFC.1 Needs
LFC.2 Requirements
LFC.3 Design
© ISO/IEC 2016 — All rights reserved 5

LFC.4 Design Implementation
LFC.5 Integration
LFC.6 Evaluation
LFC.7 Operation and Support
LFC.8 Deployment and Disposal
Support Process Category
SUP.1 Alternatives Analysis
SUP.2 Measurement and Analysis
SUP.3 Quality Assurance and Management
SUP.4 Change and Configuration Management
SUP.5 Information Management
SUP.6 Knowledge Management
SUP.7 Training
SUP.8 Research and Innovation
SUP.9 Work Environment
SUP.10 Process Definition
SUP.11 Process Improvement
Special Applications Area
SAP.1 Safety and Security
6.2 Governance/Management Category
6.2.1 Enterprise Governance
Process ID GVM.1
Process Enterprise Governance
name
Process The purpose of the Enterprise Governance process is to establish strategic
purpose enterprise direction and ensure the enterprise achieves its goals and
objectives.
NOTE: This process provides enterprise and corporate governance.
Process As a result of successful implementation of the Enterprise Governance
outcomes process:
1) Vision, mission, values, performance goals, objectives, and targets are
established, maintained, and communicated to all employees and
stakeholders.
2) Enterprise policies and directives are established, maintained, and
communicated to all employees and stakeholders.
3) The organization is structured and aligned to operate in order to achieve
the vision, goals, and objectives.
4) Employees share a common vision, culture, and understanding of
enterprise goals and objectives and their role in achieving them.
5) Strategies are developed, budgets are formulated and aligned to strategic
goals, and actions to achieve goals and objectives are established and
reviewed.
6) Societal impacts, regulatory and legal requirements, environmental
impacts, and risks are recognized and addressed when operating the
enterprise.
6 © ISO/IEC 2016 — All rights reserved

7) Employees and stakeholders are informed about enterprise performance.

Base GVM.1.BP1: Establish and Maintain Strategic Vision. Establish, maintain,
practices and communicate a strategic vision that identifies long-term goals, values,
performance expectations, and core activities. [Outcome: 1]
GVM.1.BP2: Establish and Maintain Policies.  Establish, maintain and
communicate policies and directives. [Outcome: 2]
GVM.1.BP3: Align to Achieve the Vision. Align the enterprise to operate in
order to achieve the vision. Establish leadership systems, control systems
and structures for decision making, empowerment, compliance and conflict
resolution. Provide incentives for contributing to enterprise vision and
strategy. Provide consequences for contravening enterprise directives and
policies. [Outcome: 3]
GVM.1.BP4: Ensure sharing of common culture and vision. Ensure that
individuals in the enterprise share a common culture, understand the common
vision, and are committed and empowered to perform their functions
effectively. [Outcome: 4]
GVM.1.BP5: Establish and Maintain Strategy. Establish and maintain the
enterprise strategic plans that identify business objectives to be achieved,
areas of business to be pursued and their interrelationships, and the
significant goals to be accomplished. [Outcome: 5]
GVM.1.BP6: Formulate and Align Enterprise Budgets. Formulate
enterprise budgets to ensure alignment with strategic goals. Ensure
congruency with action plans. [Outcome: 5]
GVM.1.BP7: Develop and Deploy Action Plans. Establish, integrate, and
deploy tactical action plans to accomplish enterprise business objectives.
[Outcome: 5]
GVM.1.BP8: Review Performance. Review performance relative to goals
and changing needs across the enterprise. [Outcome: 5]
NOTE: Performance review information is provided by related management
levels, as appropriate.
GVM.1.BP9: Act on Results of Review. Translate performance review
findings into action plans. [Outcome: 5]
GVM.1.BP10: Fulfil Public Responsibility. Address the impacts on society
and the environment of planned activities, products, services, and operations,
considering regulatory and legal requirements and risks associated with
products, services, and operations. Ensure corporate social responsibility,
and take specific actions to address relevant findings. [Outcome: 6]
GVM.1.BP11: Inform Employees Regarding Enterprise Performance.
Regularly inform employees and stakeholders regarding enterprise
performance [Outcome: 7]
Relationship NOTE 1: The Investment Management process manages the portfolio of
notes enterprise investments to align with achievement of enterprise goals and
objectives.
NOTE 2: The Measurement and Analysis process supports the establishment
© ISO/IEC 2016 — All rights reserved 7

and use of measures to evaluate performance.
NOTE 3: Apply the Risk Management process for assessing risks associated
with operating the enterprise.
NOTE 4: The Process Definition process addresses alignment of processes
to achieve enterprise business objectives.
NOTE 5: The Process Improvement process addresses capability
assessment, development, deployment, and evaluation of best practices for
efficient effective management.
NOTE 6: Products from the Enterprise Architecture process are useful in
developing the enterprise strategy.
Work products
Inputs Outputs
Market analysis [Outcome: 1] Strategic Vision [Outcome: 1]
Customer satisfaction reports Evaluations of the strategic vision [Outcome:1]
[Outcome: 1]
Past enterprise performance Long-term goals [Outcome: 1]
[Outcome: 1]
Technology forecasts [Outcome: 1] Performance expectations [Outcomes: 1, 2]
Regulatory and legal requirements Business objectives [Outcome: 1]
[Outcome: 6]
Enterprise risk assessment reports Values [Outcome: 1]
[Outcome: 6]
Budget [Outcome: 5] Core activities [Outcome: 1]
Measurements [Outcome: 5] Product lines [Outcome: 1]
Performance information [Outcome: Targets [Outcome: 1]
5]
Enterprise architecture [Outcome: Communication plan [Outcomes: 1, 2, 4, 7]
1, 5]
Policies [Outcome: 2]
Directives [Outcome: 2]
Leadership system [Outcome: 3]
Unified goals [Outcome: 3]
Conflict/issue resolution methods [Outcome: 3]
8 © ISO/IEC 2016 — All rights reserved

Work products
Inputs Outputs
Organization charts [Outcome: 3]
Guidelines for empowerment and decision making
[Outcome: 3]
Management structures [Outcome: 3]
Monetary and non-monetary incentives [Outcome: 3]
Performance plans aligned with enterprise goals and
objectives [Outcome: 4]
Strategy; Strategic plans [Outcome: 5]
Aligned budgets; Allocated resources [Outcome: 5]
Action Plans; Tactical Plans [Outcome: 5]
Key performance measures/indicators [Outcome: 5]
Performance results; Performance evaluations [Outcome: 5]
Adjusted Pla
...