ISO/IEC 15504

ISO/IEC 15504 Information technology – Process assessment, also termed Software Process Improvement and Capability Determination (SPICE), is a set of technical standards documents for the computer software development process and related business management functions. It is one of the joint International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standards, which was developed by the ISO and IEC joint subcommittee, ISO/IEC JTC 1/SC 7.^[1]

ISO/IEC 15504 was initially derived from process lifecycle standard ISO/IEC 12207 and from maturity models like Bootstrap, Trillium and the Capability Maturity Model (CMM).

ISO/IEC 15504 has been revised by: ISO/IEC 33001:2015 Information technology – Process assessment – Concepts and terminology as of March, 2015 and is no longer available at ISO.

Overview

ISO/IEC 15504 is the reference model for the maturity models (consisting of capability levels which in turn consist of the process attributes and further consist of generic practices) against which the assessors can place the evidence that they collect during their assessment, so that the assessors can give an overall determination of the organization's capabilities for delivering products (software, systems, and IT services).^[2]

History

A working group was formed in 1993 to draft the international standard and used the acronym SPICE. SPICE initially stood for Software Process Improvement and Capability Evaluation, but in consideration of French concerns over the meaning of evaluation, SPICE has now been renamed Software Process Improvement and Capability Determination. SPICE is still used for the user group of the standard, and the title for the annual conference. The first SPICE was held in Limerick, Ireland in 2000, SPICE 2003 was hosted by ESA in the Netherlands, SPICE 2004 was hosted in Portugal, SPICE 2005 in Austria, SPICE 2006 in Luxembourg, SPICE 2007 in South Korea, SPICE 2008 in Nuremberg, Germany and SPICE 2009 in Helsinki, Finland.

The first versions of the standard focused exclusively on software development processes. This was expanded to cover all related processes in a software business, for example project management, configuration management, quality assurance, and so on. The list of processes covered grew to cover six business areas: organizational, management, engineering, acquisition supply, support, and operations.

In a major revision to the draft standard in 2004, the process reference model was removed and is now related to the ISO/IEC 12207 (Software Lifecycle Processes). The issued standard now specifies the measurement framework and can use different process reference models. There are five general and industry models in use.

Part 5 specifies software process assessment and part 6 specifies system process assessment.

The latest work in the ISO standards working group includes creation of a maturity model, which is planned to become ISO/IEC 15504 part 7.

The standard

The Technical Report (TR) document for ISO/IEC TR 15504 was divided into 9 parts. The initial International Standard was recreated in 5 parts. This was proposed from Japan when the TRs were published at 1997.

The International Standard (IS) version of ISO/IEC 15504 now comprises 6 parts. The 7th part is currently in an advanced Final Draft Standard form^[3] and work has started on part 8.

Part 1 of ISO/IEC TR 15504 explains the concepts and gives an overview of the framework.

Reference model

ISO/IEC 15504 contains a reference model. The reference model defines a process dimension and a capability dimension.

The process dimension in the reference model is not the subject of part 2 of ISO/IEC 15504, but part 2 refers to external process lifecycle standards including ISO/IEC 12207 and ISO/IEC 15288.^[4] The standard defines means to verify conformity of reference models.^[5]

Processes

The process dimension defines processes divided into the five process categories of:

customer-supplier
engineering
supporting
management
organization

With new parts being published, the process categories will expand, particularly for IT service process categories and enterprise process categories.

Capability levels and process attributes

For each process, ISO/IEC 15504 defines a capability level on the following scale:^[2]

Level	Name
5	Optimizing process
4	Predictable process
3	Established process
2	Managed process
1	Performed process
0	Incomplete process

The capability of processes is measured using process attributes. The international standard defines nine process attributes:

1.1 Process performance
2.1 Performance management
2.2 Work product management
3.1 Process definition
3.2 Process deployment
4.1 Process measurement
4.2 Process control
5.1 Process innovation
5.2 Process optimization

Each process attribute consists of one or more generic practices, which are further elaborated into practice indicators to aid assessment performance.

Each process attribute is assessed on a four-point (N-P-L-F) rating scale:

Not achieved (0 - 15%)
Partially achieved (>15% - 50%)
Largely achieved (>50%- 85%)
Fully achieved (>85% - 100%).

The rating is based upon evidence collected against the practice indicators, which demonstrate fulfillment of the process attribute.^[6]

Assessments

ISO/IEC 15504 provides a guide for performing an assessment.^[7]

This includes:

the assessment process
the model for the assessment
any tools used in the assessment

Assessment process

Performing assessments is the subject of parts 2 and 3 of ISO/IEC 15504.^[8] Part 2 is the normative part and part 3 gives a guidance to fulfill the requirements in part 2.

One of the requirements is to use a conformant assessment method for the assessment process. The actual method is not specified in the standard although the standard places requirements on the method, method developers and assessors using the method.^[9] The standard provides general guidance to assessors and this must be supplemented by undergoing formal training and detailed guidance during initial assessments.

The assessment process can be generalized as the following steps:

initiate an assessment (assessment sponsor)
select assessor and assessment team
plan the assessment, including processes and organizational unit to be assessed (lead assessor and assessment team)
pre-assessment briefing
data collection
data validation
process rating
reporting the assessment result

An assessor can collect data on a process by various means, including interviews with persons performing the process, collecting documents and quality records, and collecting statistical process data. The assessor validates this data to ensure it is accurate and completely covers the assessment scope. The assessor assesses this data (using their expert judgment) against a process's base practices and the capability dimension's generic practices in the process rating step. Process rating requires some exercising of expert judgment on the part of the assessor and this is the reason that there are requirements on assessor qualifications and competency. The process rating is then presented as a preliminary finding to the sponsor (and preferably also to the persons assessed) to ensure that they agree that the assessment is accurate. In a few cases, there may be feedback requiring further assessment before a final process rating is made.^[10]

Assessment model

The process assessment model (PAM) is the detailed model used for an actual assessment. This is an elaboration of the process reference model (PRM) provided by the process lifecycle standards.^[11]

The process assessment model (PAM) in part 5 is based on the process reference model (PRM) for software: ISO/IEC 12207.^[12]

The process assessment model in part 6 is based on the process reference model for systems: ISO/IEC 15288.^[13]

The standard allows other models to be used instead, if they meet ISO/IEC 15504's criteria, which include a defined community of interest and meeting the requirements for content (i.e. process purpose, process outcomes and assessment indicators).

Tools used in the assessment

There exist several assessment tools. The simplest comprise paper-based tools. In general, they are laid out to incorporate the assessment model indicators, including the base practice indicators and generic practice indicators. Assessors write down the assessment results and notes supporting the assessment judgment.

There are a limited number of computer based tools that present the indicators and allow users to enter the assessment judgment and notes in formatted screens, as well as automate the collated assessment result (i.e. the process attribute ratings) and creating reports.

Assessor qualifications and competency

For a successful assessment, the assessor must have a suitable level of the relevant skills and experience.

These skills include:

personal qualities such as communication skills.
relevant education and training and experience.
specific skills for particular categories, e.g. management skills for the management category.
ISO/IEC 15504 related training and experience in process capability assessments.

The competency of assessors is the subject of part 3 of ISO/IEC 15504.

In summary, the ISO/IEC 15504 specific training and experience for assessors comprise:

completion of a 5-day lead assessoray training course
performing at least one assessment successfully under supervision of a competent lead assessor
performing at least one assessment successfully as a lead assessor under the supervision of a competent lead assessor. The competent lead assessor defines when the assessment is successfully performed. There exist schemes for certifying assessors and guiding lead assessors in making this judgement.^[9]

Uses

ISO/IEC 15504 can be used in two contexts:

Process improvement, and
Capability determination (= evaluation of supplier's process capability).

Process improvement

ISO/IEC 15504 can be used to perform process improvement within a technology organization.^[14] Process improvement is always difficult, and initiatives often fail, so it is important to understand the initial baseline level (process capability level), and to assess the situation after an improvement project. ISO 15504 provides a standard for assessing the organization's capacity to deliver at each of these stages.

In particular, the reference framework of ISO/IEC 15504 provides a structure for defining objectives, which facilitates specific programs to achieve these objectives.

Process improvement is the subject of part 4 of ISO/IEC 15504. It specifies requirements for improvement programmes and provides guidance on planning and executing improvements, including a description of an eight step improvement programme. Following this improvement programme is not mandatory and several alternative improvement programmes exist.^[10]

Capability determination

An organization considering outsourcing software development needs to have a good understanding of the capability of potential suppliers to deliver.

ISO/IEC 15504 (Part 4) can also be used to inform supplier selection decisions. The ISO/IEC 15504 framework provides a framework for assessing proposed suppliers, as assessed either by the organization itself, or by an independent assessor.^[15]

The organization can determine a target capability for suppliers, based on the organization's needs, and then assess suppliers against a set of target process profiles that specify this target capability. Part 4 of the ISO/IEC 15504 specifies the high level requirements and an initiative has been started to create an extended part of the standard covering target process profiles. Target process profiles are particularly important in contexts where the organization (for example, a government department) is required to accept the cheapest qualifying vendor. This also enables suppliers to identify gaps between their current capability and the level required by a potential customer, and to undertake improvement to achieve the contract requirements (i.e. become qualified). Work on extending the value of capability determination includes a method called Practical Process Profiles - which uses risk as the determining factor in setting target process profiles.^[10] Combining risk and processes promotes improvement with active risk reduction, hence reducing the likelihood of problems occurring.

Acceptance of ISO/IEC 15504

ISO/IEC 15504 has been successful as:

ISO/IEC 15504 is available through National Standards Bodies.
It has the support of the international community.
Over 4000 assessments have been performed to date.
Major sectors are leading the pace such as automotive, space and medical systems with industry relevant variants.
Domain-specific models like Automotive SPICE and SPICE 4 SPACE can be derived from it.
There have been many international initiatives to support take-up such as SPiCE for small and very small entities.

On the other hand, ISO/IEC 15504 has not yet been as successful as the CMMI. This has been for several reasons:

ISO/IEC 15504 is not available as free download but must be purchased from the ISO (Automotive SPICE on the other hand can be freely downloaded from the link supplied below.) CMM and CMMI are available as free downloads from the SEI website.
The CMMI is actively sponsored (by the US Department of Defense).
The CMM was created first, and reached critical 'market' share before ISO 15504 became available.
The CMM has subsequently been replaced by the CMMI, which incorporates many of the ideas of ISO/IEC 15504, but also retains the benefits of the CMM.

Like the CMM, ISO/IEC 15504 was created in a development context, making it difficult to apply in a service management context. But work has started to develop an ISO/IEC 20000-based process reference model (ISO/IEC 20000-4) that can serve as a basis for a process assessment model. This is planned to become part 8 to the standard (ISO/IEC 15504-8). In addition there are methods available that adapt its use to various contexts.

References

↑ ISO. "Standards Catalogue: ISO/IEC JTC 1/SC 7". Retrieved 2014-01-06.
1 2 ISO/IEC 15504-2 Clause 5
↑ DTR, meaning Draft Technical Report
↑ ISO/IEC 15504-2 Clause 6
↑ ISO/IEC 15504-2 Clause 7
↑ ISO/IEC 15504 part 3
↑ ISO/IEC 15504 parts 2 and 3
↑ ISO/IEC 15504-2 Clause 4 and ISO/IEC 15504-3
1 2 van Loon, 2007a
1 2 3 van Loon, 2007b
↑ ISO 15504-2 Clause 6.2
↑ ISO/IEC 15504-2 Clause 6.3 and ISO/IEC 15504-5
↑ ISO/IEC 15504-6
↑ ISO/IEC 15504-4 Clause 6
↑ ISO/IEC 15504-4 Clause 7

External links

Automotive SPICE
Medi SPICE
TIPA - Tudor IT Process Assessment
Test SPICE
Enterprise SPICE
S4S - SPICE for SPACE Part 1: Framework, Part 2: Assessor instrument, ESA bulletin 107
SPiCE in Action - Experiences in Tailoring and Extension

Software engineering

Fields

Concepts

Orientations

Models

Developmental	Agile EUP Executable UML Incremental model Iterative model Prototype model RAD UP Scrum Spiral model V-Model Waterfall model XP

Other	SPICE CMMI Data model ER model Function model Information model Metamodeling Object model Systems model View model

Languages	IDEF UML SysML

Software
engineers

Related fields

Category
Commons

ISO standards by standard number

List of ISO standards / ISO romanizations / IEC standards

1–9999	1 2 3 4 5 6 7 9 16 31 -0 -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 -11 -12 -13 128 216 217 226 228 233 259 269 302 306 428 518 519 639 -1 -2 -3 -5 -6 646 690 732 764 843 898 965 1000 1004 1007 1073-1 1413 1538 1745 1989 2014 2015 2022 2047 2108 2145 2146 2240 2281 2709 2711 2788 2852 3029 3103 3166 -1 -2 -3 3297 3307 3602 3864 3901 3977 4031 4157 4217 4909 5218 5428 5775 5776 5800 5964 6166 6344 6346 6385 6425 6429 6438 6523 6709 7001 7002 7098 7185 7200 7498 7736 7810 7811 7812 7813 7816 8000 8178 8217 8571 8583 8601 8632 8652 8691 8807 8820-5 8859 -1 -2 -3 -4 -5 -6 -7 -8 -8-I -9 -10 -11 -12 -13 -14 -15 -16 8879 9000/9001 9075 9126 9293 9241 9362 9407 9506 9529 9564 9594 9660 9897 9899 9945 9984 9985 9995

10000–19999	10005 10006 10007 10116 10118-3 10160 10161 10165 10179 10206 10218 10303 -11 -21 -22 -28 -238 10383 10487 10585 10589 10646 10664 10746 10861 10957 10962 10967 11073 11170 11179 11404 11544 11783 11784 11785 11801 11898 11940 (-2) 11941 11941 (TR) 11992 12006 12182 12207 12234-2 13211 -1 -2 13216 13250 13399 13406-2 13450 13485 13490 13567 13568 13584 13616 14000 14031 14224 14289 14396 14443 14496 -2 -3 -6 -10 -11 -12 -14 -17 -20 14644 14649 14651 14698 14750 14764 14882 14971 15022 15189 15288 15291 15292 15398 15408 15444 -3 15445 15438 15504 15511 15686 15693 15706 -2 15707 15897 15919 15924 15926 15926 WIP 15930 16023 16262 16612-2 16750 16949 (TS) 17024 17025 17203 17369 17442 17799 18000 18004 18014 18245 18629 18916 19005 19011 19092 (-1 -2) 19114 19115 19125 19136 19439 19500 19501 19502 19503 19505 19506 19507 19508 19509 19510 19600:2014 19752 19757 19770 19775-1 19794-5 19831

20000+	20000 20022 20121 21000 21047 21500 21827:2002 22000 23270 23271 23360 24517 24613 24617 24707 25178 25964 26000 26300 26324 27000 series 27000 27001:2005 27001:2013 27002 27006 27729 28000 29110 29148 29199-2 29500 30170 31000 32000 38500 40500 42010 80000 -1 -2 -3

Category

This article is issued from Wikipedia - version of the 10/25/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.