Information technology — Process assessment — Part 9: Target process profiles

ISO/IEC TS 15504-9:2011 documents guidelines for target process profiles for capability determination and improvement purposes. It provides guidance for establishing target process profiles for the following purposes: by or on behalf of an organization with the objective of specifying a target process profile to meet specified needs; by or on behalf of an organization with the objective of specifying a target process profile against which to assess the actual ability of the organization to meet that target; by or on behalf of an organization with the objective of specifying a target process profile against which to assess the actual ability of another organization to meet that target; by or on behalf of an organization with the objective of determining the need for improvement based upon any capability gap between the actual capability and the target process profile.

Technologies de l'information — Évaluation des procédés — Partie 9: Profils de procédés cibles

General Information

Status
Withdrawn
Publication Date
25-Jul-2011
Withdrawal Date
25-Jul-2011
Current Stage
9599 - Withdrawal of International Standard
Completion Date
22-Aug-2019
Ref Project

Relations

Buy Standard

Technical specification
ISO/IEC TS 15504-9:2011 - Information technology -- Process assessment
English language
16 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

TECHNICAL ISO/IEC
SPECIFICATION TS
15504-9
First edition
2011-08-01


Information technology — Process
assessment —
Part 9:
Target process profiles
Technologies de l'information — Évaluation des procédés —
Partie 9: Profils de procédés cibles




Reference number
ISO/IEC TS 15504-9:2011(E)
©
ISO/IEC 2011

---------------------- Page: 1 ----------------------
ISO/IEC TS 15504-9:2011(E)

COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2011
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2011 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC TS 15504-9:2011(E)
Contents Page
Foreword . iv
Introduction . vi
1  Scope . 1
2  Normative references . 1
3  Terms and definitions . 1
4  Overview . 2
4.1  Introduction . 2
4.2  Target process profiles sponsors and users . 2
4.3  Target process profiles purpose . 3
4.4  Deploying a documented process . 4
5  Target process profiles . 4
5.1  General . 4
5.2  Defining a target process profile . 5
5.2.1  Introduction . 5
5.2.2  Define the purpose . 5
5.2.3  Select the community of use . 6
5.2.4  Define the business requirement . 6
5.2.5  Define the domain of application . 6
5.2.6  Define characterization . 7
5.2.7  Define target process profile factors . 7
5.2.8  Define criteria for data and information collection . 8
5.2.9  Select processes . 9
5.2.10  Define target process profile output . 10
5.2.11  Define target capability . 10
6  Process for creating and using target process profiles . 11
6.1  Overview . 11
6.2  Create the target process profiles . 11
6.3  Using target process profiles . 13
6.3.1  User Guidance . 13
6.3.2  Application for gap analysis . 13
Bibliography . 16

© ISO/IEC 2011 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC TS 15504-9:2011(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
In other circumstances, particularly when there is an urgent market requirement for such documents, the joint
technical committee may decide to publish an ISO/IEC Technical Specification (ISO/IEC TS), which
represents an agreement between the members of the joint technical committee and is accepted for
publication if it is approved by 2/3 of the members of the committee casting a vote.
An ISO/IEC TS is reviewed after three years in order to decide whether it will be confirmed for a further three
years, revised to become an International Standard, or withdrawn. If the ISO/IEC TS is confirmed, it is
reviewed again after a further three years, at which time it must either be transformed into an International
Standard or be withdrawn.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC TS 15504-9 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Software and systems engineering.
ISO/IEC 15504 consists of the following parts, under the general title Information technology — Process
assessment:
 Part 1: Concepts and vocabulary
 Part 2: Performing an assessment
 Part 3: Guidance on performing an assessment
 Part 4: Guidance on use for process improvement and process capability determination
 Part 5: An exemplar Process Assessment Model
 Part 6: An exemplar system life cycle process assessment model [Technical Report]
 Part 7: Assessment of organizational maturity [Technical Report]
 Part 9: Target process profiles [Technical Specification]
 Part 10: Safety extension [Technical Report]
iv © ISO/IEC 2011 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC TS 15504-9:2011(E)
The following part is under preparation:
 Part 8: An exemplar process assessment model for IT service management [Technical Report]
© ISO/IEC 2011 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC TS 15504-9:2011(E)
Introduction
ISO/IEC 15504 provides a framework for process assessment and sets out the minimum requirements for
performing an assessment in order to ensure consistency and repeatability of assessment results. Process
assessment is applicable in the following circumstances:
 by or on behalf of an organization with the objective of understanding the state of its own processes for
process improvement;
 by or on behalf of an organization with the objective of determining the capability of another organization's
processes for a particular contract or class of contracts, or to determine the capability of its own
processes for a particular requirement or class of requirements.
Process assessment has two dimensions, a process dimension and a capability dimension. ISO/IEC 15504-2
specifies the measurement framework within the capability dimension. The process dimension is provided by
an external process reference model, which describes a set of processes, each characterized by defined
process purpose and process outcomes. ISO/IEC 15504-4:2004 describes the need for a target capability
using the capability dimension in ISO/IEC 15504-2 for each process, in a process reference model,
appropriate to the specified requirements. This part of ISO/IEC 15504 provides guidance on how to create and
utilize target process profiles to meet this need for a target capability.
This part of ISO/IEC 15504 is being developed as a Technical Specification to enable experience to be gained
in the use of the approach to setting Target Process Profiles. In future revisions of ISO/IEC 15504, it is likely
that the content of this part will be integrated with ISO/IEC 15504-4.
This part of ISO/IEC 15504 provides guidelines for creating and using a target process profile. These
guidelines cover the following aspects:
a) the defined purpose of the target process profile as a process improvement initiative or for process
capability determination;
b) the community of use, such as automotive, aerospace;
c) the business requirement;
d) the domain of application, such as systems, software, IT services management;
e) the characterization of the domain of application, such as safety critical systems;
f) applicable processes or process reference models (in whole or part), processes from one or more
process reference models or defined process for the domain of application;
g) the data and information to be collected to ensure the profile is relevant to the community of use,
business requirements, domain of application and characterization scheme;
h) the factors that, when analysed, transform the collected data or information into processes and process
capability (process attributes and process attribute rating) to create a target process profile for a process
at the defined characterization of domain of application of the business requirement for the community of
use;
i) the expression of results, i.e. a target process profile for each required process, with data and notes that
allow traceability and interpretation for assessment and improvement guidance purposes.

vi © ISO/IEC 2011 – All rights reserved

---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/IEC TS 15504-9:2011(E)

Information technology — Process assessment —
Part 9:
Target process profiles
1 Scope
This part of ISO/IEC 15504 documents guidelines for target process profiles for capability determination and
improvement purposes. This part of ISO/IEC 15504 provides guidance for establishing target process profiles
for the following purposes:
 by or on behalf of an organization with the objective of specifying a target process profile to meet
specified needs;
 by or on behalf of an organization with the objective of specifying a target process profile against which to
assess the actual ability of the organization to meet that target;
 by or on behalf of an organization with the objective of specifying a target process profile against which to
assess the actual ability of another organization to meet that target;
 by or on behalf of an organization with the objective of determining the need for improvement based upon
any capability gap between the actual capability and the target process profile.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendment) applies.
ISO/IEC 15504-1:2004, Information technology — Process assessment — Part 1: Concepts and vocabulary
ISO/IEC15504-2:2003, Information technology — Process assessment — Part 2: Performing an assessment
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 15504-1 and the following
apply.
3.1
target process profile
process attributes and process attribute ratings required for a process or process capability level and process
capability level rating required for a process, with the rationale for the ratings
© ISO/IEC 2011 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO/IEC TS 15504-9:2011(E)
3.2
target capability
set of target process profiles, subject to an acceptable process related risk, which meet the specified
requirement for process capability determination or the business goals for process improvement
NOTE This definition is based upon ISO/IEC 15504-4:2004, 7.2.2.
4 Overview
4.1 Introduction
Within ISO/IEC 15504, process assessment can be utilized:
 by or on behalf of an organization with the objective of understanding its processes for process
improvement purposes;
 by or on behalf of an organization with the objective of determining the capability of another organization's
processes for a particular contract or class of contracts, or to determine the capability of its own
processes for a particular requirement or class of requirements.
Within a process improvement context, process assessment provides a means of characterizing an
organizational unit in terms of the capability of selected processes. Analysis of the output of a conformant
process assessment against an organizational unit's business goals identifies strengths, weaknesses and
risks related to the processes. This, in turn, can help determine whether the processes are effective in
achieving business goals, and provide the drivers for making improvements.
Process capability determination is concerned with analysing the output of one or more conformant process
assessments to identify the strengths, weaknesses and risks involved in undertaking a specific project using
the selected processes within a given organisational unit. A Process Capability Determination can provide a
fundamental input to supplier selection, in which case it is often termed a “supplier capability determination”.
Process Capability Determination requires a target profile.
A target process profile is derived from the defined business requirements, traceable to one or more process
practice indicators and one or more process capability indicators that meet these requirements and can be
used for process improvement or process capability determination.
4.2 Target process profiles sponsors and users
Target process profiles will usually be required and resourced by a target process profile sponsor for the
purpose of process capability determination or process improvement – as described in ISO/IEC 15504-1:2004.
The sponsor has the authority and responsibility to ensure that the target process profiles, the process
assessment and any agreed actions are carried out effectively to meet the intended use, as described in
ISO/IEC 15504-2:2003 (see note). For process capability determination, the Process Capability Determination
sponsor should deploy a process capability determination process as outlined in ISO/IEC 15504-4:2004, 4.5.
For process improvement, the Process Improvement sponsor should deploy a process improvement process
as outlined in ISO/IEC 15504-4:2004, 4.4.
Defining target process profiles requires skill and experience of a nature similar to that required for an
experienced lead assessor and assessment model developer. In order to correctly define a target process
profile the sponsor, or sponsor appointed individual or team, should meet the following education and
experience criteria:
 be a competent assessor (see ISO/IEC 15504-3);
 be able to demonstrate competence in using the selected documented process to create target process
profiles under supervision of an experienced user of the documented process.
2 © ISO/IEC 2011 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/IEC TS 15504-9:2011(E)
A well defined target process profile set should provide guidance so that users of the profiles should only
require minimal training and experience in order to be effective. In order to correctly use a target process
profile, the sponsor or sponsor appointed user:
 has successfully selected a set of target process profiles under supervision of an experienced sponsor.
The selected set of target process profiles correctly covers the intended use.
 is conversant with using ISO/IEC 15504 for process improvement or capability determination purposes.
NOTE The target process profiles sponsor may be independent of or may also be a process assessment sponsor.
4.3 Target process profiles purpose
The purpose of target process profiles is to identify the desired or required process capability for selected
processes with respect to a particular intended use. Clause 5 of this part of ISO/IEC 15504 describes the
detailed content of a set of target process profiles. As a result of successful establishment, a target process
profile ensures the following criteria are met:
 the purpose is defined;
 the community of use is defined;
 the business requirement is defined;
 the intended domain of application is defined;
 the characterization required for the domain of application is documented;
 the applicable processes or process reference models for the domain of application are defined;
 the applicable process assessment model for the domain of application is defined;
 the data and information collected to create the target process profile is representative of all relevant
aspects of the community of use for the defined characterization of the domain of application for the
business requirement;
 the traceability from the input data to the resultant target process profile is documented;
 the process, process attributes and target rating for each process attribute, or process capability level
rating, are derived from the identified indicators of process practice and process capability which are
derived from the analyzed data and information;
 a defined expression of the target process profile result for each required process with data and notes
that allow traceability and interpretation to be made by users;
 the usage criteria to assess the effectiveness of the target process profiles is documented. Usage criteria
are covered in clause 6.3.1.
NOTE 1 The intended use is defined by the first five elements in the above list. The intended use becomes a defined
requirement specifically based upon this set of elements. If any of these elements is changed the intended use changes
and a target process profile should be checked to determine if it is still applicable or requires rework.
NOTE 2 A defined community of use could be at industry level, enterprise level, team or project level, or professional or
technical level.
NOTE 3 A defined business requirement may be assurance that development of software for medical device systems
meets safety standards; another may be assessing suppliers to ensure their deployment of security systems meet security
standards.
© ISO/IEC 2011 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO/IEC TS 15504-9:2011(E)
NOTE 4 The domain of application may cover systems, software and services; either individually or in combination.
NOTE 5 The characterization for the domain of application defines how this is further specified, and can consist of one
or more forms of characterization. This can allow a separate profile per characterization. For example, if the domain of
application is defined as medical software, there may be several levels of safety criticality, ranging from human safety
critical to software with minor or no safety criticality.
NOTE 6 The community of use for a Target Capability can be defined independently of a community of interest for any
related Process Reference Model.
4.4 Deploying a documented process
Organisations should deploy a documented process to specify target process profiles that meet an intended
use. Clause 6 of this part of ISO/IEC 15504 describes in detail the content and performance of such a
documented process. The intent of the documented process is to provide a reproducible and traceable target
process profile. Such a documented process should:
 take account of the guidance contained within this part of ISO/IEC 15504;
 take account of the guidance contained within ISO/IEC 15504-4:2004;
 include or reference an assessment process which satisfies the requirements set out within
ISO/IEC 15504-2:2003 and accords with the guidance set out in ISO/IEC 15504-3:2004;
 describe how to define the intended use of the target process profiles;
 describe the type of data and information needed to create a profile applicable to the intended use;
 describe the techniques and activities to create and use target process profiles and provide guidance in
their use;
 describe the appropriate roles;
 describe the qualifications, experience and skills of persons using the documented process.
NOTE Training may be used to satisfy the need for qualifications and skills.
5 Target process profiles
5.1 General
The value of a target process profile is its ability to clearly address the process improvement and process
capability determination needs described in clause 4. The set of target process profiles expresses the target
capability which the sponsor judges to be adequate, subject to an acceptable process related risk, for meeting
the defined business requirements (see note 1). A target process profile is derived from the defined business
requirements, traceable to one or more process practice indicators and one or more process capability
indicators that meet these requirements. These in turn enable the sponsor to select the appropriate process
attributes and a required rating for each process attribute or select the appropriate process capability level and
the required process capability level ratings.
In general, it is recommended that the sponsor selects one or more existing process reference models and
uses the processes in the selected models as the basis for determining the process capability of each
selected process within the models. Should additional processes need to be defined to meet business
requirements, the sponsor has two options:
1) Define the process to demonstrate conformance as required in ISO 15504-2:2003, 6.2.4 in order to
have a conformant target process profile, or
4 © ISO/IEC 2011 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/IEC TS 15504-9:2011(E)
2) Where the process does not meet ISO 15504-2:2003, 6.2.4 requirements, use the target process
profile while noting it is nonconforming for process capability determination purposes.
As a result, a set of target process profiles will consist of a set of processes and process attribute ratings or a
set of processes and process capability level ratings applicable to the intended use. A set of target process
profiles cannot be generic (e.g. all processes to be capability level 2 or capability level 3) as this will not meet
the specific application defined by its intended use. This form of generic profile will not address the specified
business requirement, domain of application and characterization nor specifically determine the indicators of
process performance and process capability that meet the intended use (see note 2).
NOTE 1 The sponsor may appoint persons or teams to perform the work in defining and using target process profiles.
NOTE 2 Software that needs to meet human safety critical business requirements (i.e. a specific domain of application)
has different requirements to software used to create personal web sites. Within any domain of application, some of the
selected processes will need to be at higher process capability levels in order to achieve acceptable process related risk,
while the other selected processes that have less effect on the process related risk should be effective at lower process
capability levels.
NOTE 3 A maturity level in an organizational maturity model may be composed from a set of target process profiles.
5.2 Defining a target process profile
5.2.1 Introduction
The ten steps associated with defining a target process profile are:
 Define the purpose
 Select the community of use
 Define the business requirement
 Define the domain of application
 Define characterization
 Define target process profile factors
 Define criteria for data and information collection
 Select processes
 Define target process profile output
 Define target capability
NOTE The process of defining a target process profile should also be shown diagrammatically.
5.2.2 Define the purpose
The sponsor selects or defines the purpose for the target process profile.
 by or on behalf of an organization with the objective of specifying a target process profile to meet
specified needs;
 by or on behalf of an organization with the objective of specifying a target process profile against which to
assess the actual capability of the organization to meet that target;
© ISO/IEC 2011 – All rights reserved 5

---------------------- Page: 11 ----------------------
ISO/IEC TS 15504-9:2011(E)
 by or on behalf of an organization with the objective of specifying a target process profile against which to
assess the actual capability of another organization to meet that target;
 by or on behalf of an organization with the objective of determining the need for improvement based upon
any capability gap between the actual capability and the target process profile.
5.2.3 Select the community of use
The sponsor selects or defines a community of use for the target process profiles. Target process profiles
should vary depending upon the community of use. Hence an industry-wide community of use should be
applicable across various industry participants with different enterprise business models. An enterprise based
community of use should embrace the specific enterprise business model. Similarly, a team or project oriented
target process profile should embrace more specific team or project needs. The community of use may be
based upon:
 a defined industry, e.g. automotive, medical devices, telecommunications, aerospace, IT services,
finance, insurance;
 an enterprise level community, i.e. a specific enterprise with a specific business model, hence allowing for
enterprise processes and characteristics that may drive competitive advantage in comparison to other
enterprises;
 a team or project level within an enterprise with a specified set of business requirements, e.g. software
project teams in a enterprise application supplier, that may allow more specific guidance for improvement
of teams and projects;
 a professional or technical community of use (see note), that should allow the community to define
various levels of target capability for application of its processes.
NOTE A professional or technical community may be a specific software development community, IT service
management, project management community or similar body.
5.2.4 Define the business requirement
The sponsor selects or defines the business requirement so that it is clear to which business requirements the
target process profiles are applicable. For example, the sponsor may define the business requirement to cover
medical device software with potential human safety issues (both to patients and operators) should a medical
device running the software not perform correctly. Alternately, the sponsor may define the business
requirement on the basis of financial, security or other business risk based criteria.
5.2.5 Define the domain of application
The sponsor s
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.