The framework for assessment covers processes employed in the development, maintenance, and use of systems across the information technology domain and those employed in the design, transition, delivery, and improvement of services. Results of assessment can be applied for improving process performance, or for identifying and addressing risks associated with application of processes.
This document provides guidance on the application of the results of process assessment for process risk determination. The guidance covers:
- Initiating process risk determination
- Identifying relevant processes and the relevant process context
- Defining target process profile
- Defining target assessment input
- Assessing current process quality
- Determining proposed process quality characteristic achievement
- Verifying proposed process quality characteristic achievement
- Analysing process-related risk
- Acting on results
The set of International Standards ISO/IEC 33001 – ISO/IEC 33099 defines the requirements and resources needed for process assessment. The overall architecture and content is described in ISO/IEC 33001.
This document assumes familiarity with the normative parts of the ISO/IEC 330xx family of standards.
Several International Standards in the ISO/IEC 330xx family of standards for process assessment are intended to replace and extend parts of the ISO/IEC 15504 series. ISO/IEC 33001:2015, Annex A provides a detailed record of the relationship between the ISO/IEC 330xx family and the ISO/IEC 15504 series.