ISO/IEC 30105-3:2016

INTERNATIONAL ISO/IEC
STANDARD 30105-3
First edition
2016-11-15
Information technology — IT
Enabled Services-Business Process
Outsourcing (ITES-BPO) lifecycle
processes —
Part 3:
Measurement framework (MF) and
organization maturity model (OMM)
Technologies de l’information — Processus du cycle de vie de la
délocalisation du processus d’affaires des services activés par IT —
Partie 3: Modèle de maturité de l’organisation (OMM) et cadre de
mesure (MF)
Reference number
©
ISO/IEC 2016
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Overview of measurement framework (MF) and organization maturity model (OMM) .2
5 ITES-BPO measurement framework (MF) for process capability .4
6 Rating and aggregating process attributes . 6
6.1 Process attributes rating scale . 6
6.2 Process attribute ratings method . 7
7 Process capability level model — Achievement of process capability levels .7
8 Organization maturity model (OMM) . 8
8.1 General . 8
8.2 Structure of the ITES-BPO organization maturity model (OMM) . 9
9 Definition of organization maturity levels .10
9.1 Level 0 organization — Immature .10
9.2 Level 1 organization — Basic .10
9.3 Level 2 organization — Managed activities .10
9.4 Level 3 organization — Managed organization .10
9.5 Level 4 organization — Strategic alignment .11
9.6 Level 5 organization — Transformational .11
10 Rules for deriving maturity levels from process attribute ratings.12
10.1 Overview .12
10.2 Maturity level 1 .12
10.3 Maturity level 2 .12
10.4 Maturity level 3 .13
10.5 Maturity level 4 .14
10.6 Maturity level 5 .15
11 Conditions for inclusion of process areas .16
Annex A (informative) Conformity of the measurement framework .18
Annex B (informative) Conformity of the maturity model .22
Bibliography .24
© ISO/IEC 2016 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee
SC 40, IT Service Management and IT Governance.
A list of all parts in the ISO/IEC 30105 series can be found on the ISO website.
iv © ISO/IEC 2016 – All rights reserved

Introduction
ITES-BPO services encompass the delegation of one or more IT enabled business processes to a
service provider who uses appropriate technology to deliver service. Such a service provider manages,
delivers, improves and administers the outsourced business processes in accordance with predefined
and measurable performance metrics. This covers diverse business process areas such as finance,
human resource management, administration, health care, banking and financial services, supply
chain management, travel and hospitality, media, market research, analytics, telecommunication,
manufacturing, etc. These services provide business solutions to customers across the globe and form
part of the core service delivery chain for customers.
ISO/IEC 30105 (all parts) specifies the lifecycle processes requirements involved in the ITES-BPO
industry.
— It provides an overarching standard for all aspects of ITES-BPO industry from the view of the
service provider that performs the outsourced business processes. This is applicable for any ITES-
BPO service provider providing services to customers through contracts and in industry verticals.
— It covers the entire outsourcing lifecycle and defines the processes that are considered to be good
practices.
— It is an improvement standard that enables risk determination and improvement for service
providers performing outsourced business processes. It also serves as a process reference model
for service providers.
— It focuses on IT enabled business processes which are outsourced.
— It is generic and can be applied to all IT enabled business process outsourced services, regardless of
type, size and the nature of the services delivered.
— Process improvement implemented using ISO/IEC 30105 (all parts) can lead to clear return on
investment for customers and service providers.
— Alignment to ISO/IEC 30105 (all parts) can improve consistency, delivery quality and predictability
in delivery of services.
Figure 1 illustrates the key entities and relationships involved in an ITES-BPO service. It includes the
customer, the ITES-BPO service provider and various levels of suppliers. This is as per the supply chain
relationship depicted in ISO/IEC 20000-1:2011, 7.2.
Supplier 1
Customer Service provider Supplier 2
Sub-contracted
Lead supplier 3
supplier 3a
Figure 1 — ITES-BPO key entities
This document details a measurement framework (MF) and an organization maturity model (OMM).
It provides the overview of how an organization can use the PRM and PAM to measure their capability
and maturity levels.
© ISO/IEC 2016 – All rights reserved v

This document is to be used in concurrence with the other parts of ISO/IEC 30105 and the assessment
approach provided by ISO/IEC 33002 for assessing processes.
In this document, the following clauses of ISO/IEC 33020 have been replicated:
— Clause 5: Measurement framework;
— Clause 6: Extract of selected parts of rating and aggregating process attributes;
— Clause 7: Capability level model.
vi © ISO/IEC 2016 – All rights reserved

INTERNATIONAL STANDARD ISO/IEC 30105-3:2016(E)
Information technology — IT Enabled Services-Business
Process Outsourcing (ITES-BPO) lifecycle processes —
Part 3:
Measurement framework (MF) and organization maturity
model (OMM)
1 Scope
ISO/IEC 30105 specifies the lifecycle process requirements performed by the IT enabled business
process outsourcing service provider for the outsourced business processes. It defines the processes to
plan, establish, implement, operate, monitor, review, maintain and improve its services. This document:
— covers IT enabled business processes that are outsourced;
— is not intended to cover IT services but includes similar, relevant process for completeness;
— is applicable to the service provider, not to the customer;
— is applicable to all lifecycle processes of ITES-BPO;
— serves as a measurement framework for processes and provide an organization maturity model for
organizations providing ITES-BPO services that:
— conforms to the requirements of ISO/IEC 33003 and ISO/IEC 33004;
— supports the performance assessment by providing a framework to measure and derive
capability and organization maturity levels.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 33002, Information technology — Process assessment — Requirements for performing process
assessment
ISO/IEC 33003, Information technology — Process assessment — Requirements for process measurement
frameworks
ISO/IEC 33004:2015, Information technology — Process assessment — Requirements for process reference,
process assessment and maturity models
ISO/IEC 33020:2015, Information technology — Process assessment — Process measurement framework
for assessment of process capability
ISO/IEC 30105-2:2016, Information technology — IT Enabled Services-Business Process Outsourcing
(ITES-BPO) lifecycle processes — Part 2: Process assessment model
© ISO/IEC 2016 – All rights reserved 1

3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 30105-4 and
ISO/IEC 33001 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
NOTE For the purposes of this document, the definition for organization is as per ISO 9000:2015, 3.2.1 “a
group of people and facilities with an arrangement of responsibilities, authorities and relationships”.
Organization unit: identified part of an organization that deploys one or more processes that operate within a
coherent set of business goals, and which forms the basis for the scope of an assessment.
An organization’s unit is typically part of a larger organization, although in a small organization, the organization’s
unit may be the whole organization.
4 Overview of measurement framework (MF) and organization maturity
model (OMM)
Figure 2 lists the processes from ISO/IEC 30105-1 that are included in the process dimension of the
process assessment model for ITES-BPO. It includes all aspects of an ITES-BPO outsourced service,
from developing an ITES-BPO solution through service delivery and to transitioning out. It includes the
leadership, relationship management and enabling processes which support the outsourced business
across its lifecycle.
Strategic enablement
Relationship
Service
Solution Transition in Transition out
delivery
Tactical enablement
Operational enablement
Figure 2 — ITES-BPO lifecycle process categories
The ITES-BPO process categories are as follows.
— Strategic enablement processes: include strategic direction and review of the business
performance against plan for the service provider organization and Innovation process to bring in
breakthrough changes.
2 © ISO/IEC 2016 – All rights reserved

— Relationship processes: cover the relationship of the service provider with the customer and the
suppliers.
— Solution processes: include details on how the ITES-BPO solution is envisaged and the contract
developed and managed.
— Transition in processes: cover the movement of business process delivery from the customer to
the service provider, establishing the required management, people and infrastructure capability,
and concluding with piloting the transitioned service.
— Service delivery processes: include all the processes that are required for the day to day
management and delivery of ITES-BPO services.
— Transition out process: covers the movement of the business process delivery back to the customer
or to a different service provider.
— Tactical enablement processes: involve a set of processes that enables achievement of the objective
of the core service delivery processes. These are tactical in nature.
— Operational enablement processes: involve a set of processes that ensures day to day operations
of service delivery are supported and are performed alongside the service delivery processes.
The diagram in Figure 3 provides the relationship between the parts in ISO/IEC 30105 and with the
assessment methods in ISO/IEC 33002, ISO/IEC 33004 and ISO/IEC 33020.
Figure 3 — Overview of MF and OMM
© ISO/IEC 2016 – All rights reserved 3

This document defines the principles for the ITES-BPO measurement framework which supports
the assessment of process capability, in accordance with the requirements of ISO/IEC 33003. The
measurement framework provides a schema that can be used to construct a process assessment
model conformant with ISO/IEC 33004 which can be used to assess process capability according to
the requirements of ISO/IEC 33002. Process capability is a process quality characteristic related to the
ability of a process to consistently meet current or projected business goals. The capability level rating
does not guarantee that an organization will perform its processes at any given process capability level,
simply that it is capable of performing its processes at that level.
This measurement framework forms a structure that:
a) facilitates self-assessment,
b) provides a basis for use in process improvement and process quality determination;
c) is applicable across all business domains and sizes of organization;
d) produces a set of process (capability) attribute ratings (process profile); and
e) derives a process capability level.
This document defines the principles for the ITES-BPO organization maturity model which supports
the assessment of organization maturity, in accordance with the requirements of ISO/IEC 33004.
5 ITES-BPO measurement framework (MF) for process capability
Clause 5 describes the measurement framework to be employed for the assessment of process capability
in the ITES-BPO domain. The measurement framework elements are defined in ISO/IEC 33020:2015,
Clause 5. It defines a six-point ordinal scale for the assessment of process capability, defined as the
characterization of the ability of a process to meet current or projected business goals.
The process capability measurement framework described in this document is expressed in terms of a
set of process attributes. Each process attribute is defined in terms of a set of process attribute outcomes
which can be evaluated to indicate the extent of achievement of the process attribute. The process attributes
are organised into process capability levels, ranging from Incomplete (in which the process does not achieve
its defined process outcomes) to Innovating (in which the process is continually improved to respond to
organization’s change).
Each process attribute is defined in terms of a set of process attribute outcomes which can be evaluated
to indicate the extent of achievement of the process attribute. The process attributes are organised into
process capability levels, ranging from Incomplete (in which the process does not achieve its defined process
outcomes) to Innovating (in which the process is continually improved to respond to organization’s change).
The set of process capability levels and process attributes that comprise the Measurement Framework
are as follows.
Table 1 — Capability levels and process attributes
Process attribute ID Capability levels and process attributes
Level 0: Incomplete process
Level 1: Performed process
PA 1.1 Process performance
Level 2: Managed process
PA 2.1 Performance management
PA 2.2 Work product management
Level 3: Established process
PA 3.1 Process definition
4 © ISO/IEC 2016 – All rights reserved

Process categories
Process dimension
Table 1 (continued)
Process attribute ID Capability levels and process attributes
PA 3.2 Process deployment
Level 4: Predictable process
PA 4.1 Quantitative analysis
PA 4.2 Quantitative control
Level 5: Innovating process
PA 5.1 Process innovation
PA 5.2 Process innovation implementation
Detailed definitions for all of the process capability levels and process attributes are contained in
ISO/IEC 33020:2015, 5.2 and are also set out in ISO/IEC 30105-2:—, Clause 6, together with the relevant
process capability indicators.
The extent of process attribute achievement is characterized on a defined rating scale. The rating scale
and requirements for the conduct of ratings of attribute achievement are set out in Clause 6.
ISO/IEC 30105-3
ISO/IEC 30105-2
Measurement framework and
Process assessment model
organization maturity model
Level 5: Innovating (2 attributes)
•Generic practices for each process attribute
Level 4: Predictable (2 attributes)
•Generic resources for each process attribute
Level 3: Established (2 attributes) •Generic work products for each process attribute
Level 2: Managed (2 attributes)
Level 1: Performed (1 attribute)
•Base practices for each process
Level 0: Incomplete •Work products for each process

Strategic
enablement
Relationship
Solution
Transition in
Service delivery
Transition out
Tactical
enablement
Operational
enablement
Figure 4 — Relationship between PRM, PAM, MF, and OMM
The process performance and process capability indicators for ITES-BPO give examples of evidence that
an assessor might obtain, or observe, in the performance of an assessment. The evidence obtained in the
© ISO/IEC 2016 – All rights reserved 5
Capability
dimension
assessment, through observation of the implemented process, can be mapped onto the set of indicators to
enable correlation between the implemented process and the processes defined in this assessment model.
These indicators provide guidance for assessors in accumulating the necessary objective artefacts to
support judgements of capability. They are not mandatory.
The assessment indicators, and their relationship to process performance and process capability, are
shown in Figure 4.
The existence of process capability indicators provides evidence of process capability.
The output from a process assessment is a set of process profiles, one for each process within the scope of the
assessment. Each process profile consists of a set of the process attribute ratings for an assessed process.
Process capability is the process quality characteristic related to the ability of a process to consistently
meet current or projected business goals.
The process capability level indicators and process attributes for the ITES-BPO measurement
framework are adopted from ISO/IEC 33020 and defined in ISO/IEC 30105-2.
6 Rating and aggregating process attributes
6.1 Process attributes rating scale
Within this measurement framework, a process attribute is a measureable property of process capability.
A process attribute rating is a judgment of the degree of achievement of the process attribute for the
assessed process.
Each attribute rating represents a judgment by the assessor of the extent to which the attribute is achieved.
To improve the reliability and repeatability of the assessment, the judgements of the assessor are based on a
coherent set of recorded objective artifacts.
Aggregation may be performed using a defined set of rules to summarise the ratings.
A process attribute is measured using an ordinal scale as defined below.
N Not achieved: There is little or no evidence of achievement of the defined process attribute in the assessed
process.
P- Partially achieved: There is some evidence of an approach to, and some achievement of, the defined
process attribute in the assessed process. Many aspects of achievement of the process attribute may be
unpredictable.
P+ Partially achieved: There is some evidence of an approach to, and some achievement of, the defined
process attribute in the assessed process. Some aspects of achievement of the process attribute may be
unpredictable.
L- Largely achieved: There is evidence of a systematic approach to, and significant achievement of, the
defined process attribute in the assessed process. Many weaknesses related to this process attribute may
exist in the assessed process.
L+ Largely achieved: There is evidence of a systematic approach to, and significant achievement of, the
defined process attribute in the assessed process. Some weaknesses related to this process attribute may
exist in the assessed process.
F Fully achieved: There is evidence of a complete and systematic approach to, and full achievement of, the
defined process attribute in the assessed process. No significant weaknesses related to this process attribute
exist in the assessed process.
6 © ISO/IEC 2016 – All rights reserved

The corresponding percentages shall be as follows:
— N   Not achieved 0 % to ≤15 % achievement;
— P-  Partially achieved ->15 % to ≤32,5 % achievement;
— P+  Partially achieved+>32,5 % to ≤50 % achievement;
— L-  Largely achieved->50 % to ≤ 67,5 % achievement;
— L+  Largely achieved+>67,5 % to ≤85 % achievement;
— F  Fully achieved >85 % to ≤100 % achievement.
6.2 Process attribute ratings method
A process attribute outcome is the observable result of achievement of a specified process attribute.
A process outcome is the observable result of successful achievement of the process purpose.
Process outcomes and process attribute outcomes may be characterized as an intermediate step providing
a process attribute rating.
The rating method employed for ISO/IEC 30105 process assessment is based on ISO/IEC 33020, rating
method R1, which identifies that the approach to process attribute rating shall satisfy the following
conditions.
a) Each process outcome for processes within the scope of the assessment shall be characterized for all
process instances, based on validated data.
b) Each process attribute outcome of each process attribute for processes within the scope of the
assessment shall be characterized for all process instances, based on validated data.
c) Process outcome characterizations for all assessed process instances shall be aggregated to provide a
process performance attribute achievement rating.
d) Process attribute outcome characterizations for all assessed process instances shall be aggregated to
provide a process attribute achievement rating.
7 Process capability level model — Achievement of process capability levels
The capability level achieved by a process shall be derived from the process attribute ratings for that
process according to the process capability level model defined in Table 2.
This approach is based on ISO/IEC 33020:2015, 5.6 with two dimensional aggregation using heuristics
ISO/IEC 33020:2015, 5.5.2.2.
Table 2 — Capability level ratings
Scale Process attribute Rating
Level 0 Process performance Largely(-) or below
Level 1 Process performance Largely(+) or above
Level 2 Process performance Fully
Performance management Largely(+) or above
Work product management Largely(+) or above
© ISO/IEC 2016 – All rights reserved 7

Table 2 (continued)
Scale Process attribute Rating
Level 3 Process performance Fully
Performance management Fully
Work product management Fully
Process definition Largely(+) or above
Process deployment Largely(+) or above
Level 4 Process performance Fully
Performance management Fully
Work product management Fully
Process definition Fully
Process deployment Fully
Process measurement Largely(+) or above
Process control Largely(+) or above
Level 5 Process performance Fully
Performance management Fully
Work product management Fully
Process definition Fully
Process deployment Fully
Process measurement Fully
Process control Fully
Process innovation Largely(+) or above
Process innovation implemen- Largely(+) or above
tation
8 Organization maturity model (OMM)
8.1 General
Organization’s maturity is measured on a six-point ordinal scale from Level 0 Organization — Immature
Organization to Level 5 Organization — the Transformational Organization. The scale represents the
extent to which the organization has explicitly and consistently performed, managed and established
its processes with predictable performance and demonstrated the ability to change and adapt the
performance of the processes fundamental to achieving the organization’s business goals. In this
measurement framework, organization maturity is derived from the underlying process capability
measures.
Within this framework, each level of organization’s maturity is characterized by the demonstration
of achievement of specified ratings of process attribute achievement in process sets drawn from the
ISO/IEC 30105-2 ITES-BPO process assessment model.
For each of the maturity levels 1-5, processes are categorized based on their contributions to the
business goals of the organization.
a) Basic process set: Set of processes that ensures the achievement of the basic maturity level.
NOTE 1   A basic process set will include a minimum set of processes, together with additional and optional
processes determined by the organization’s context for the assessment. “Additional and optional processes”
are identified as “Additional Optional” in the tables followed.
b) Extended process set: Set of processes specific to a maturity level higher than the basic maturity
level that ensures the achievement of the relevant process profile.
8 © ISO/IEC 2016 – All rights reserved

NOTE 2   An extended process set will include a minimum set of processes, together with additional and
optional processes determined by the organization’s context for the assessment. “Additional and optional
processes” are identified as “Additional Optional” in the tables followed.
c) Additional and Optional processes: A basic or extended process set may include additional
processes that are
1) required for assessments with a particular scope of application;
2) optional depending on the particular circumstances of the organization.
The ITES-BPO organization maturity model specifies the particular circumstances for inclusion of any
additional and optional processes in the basic and extended process sets in Clause 10 and Clause 11.
8.2 Structure of the ITES-BPO organization maturity model (OMM)
Process
Measurement Organization maturity model
reference model
framework ISO/IEC 30105-3
ISO/IEC 30105-1
ISO/IEC 30105-3 •Mapping of process attribute
• Domain and scope
•Capability level ratings to maturity levels
Process purpose
•
•Process attribute •Organization maturity level
• Process outcome
•Rating scale
Process assessment
model
ISO/IEC 30105-2
•Scope
•Indicators
•Mapping
Input
Output
• Identity of sponsor
•Data and evidence
• Business contact
•Assessment report
• Purpose ∎
Process
Assessment activities
Outcome
• Assessment scope
attribute rating
ISO/IEC 33002
• Assessment
•Assessment
1. Process capability level
•Plan the assessment
requirements
record
2. Organization maturity
•Collect the data
• Assessment
•Validate the data level
constraints
•Report the assessment
• Identity of personnel
• Assessor(s)
competence
• PAM - Part 2
• OMM - Part 3
Roles and
responsibities
ISO/IEC 330
...