Overview
ISO/IEC 15504 is the reference model for the maturity models (consisting of capability levels which in turn consist of the process attributes and further consist of generic practices) against which the assessors can place the evidence that they collect during their assessment, so that the assessors can give an overall determination of the organization's capabilities for delivering products (software, systems, and IT services).ISO/IEC 15504-2 Clause 5History
A working group was formed in 1993 to draft the international standard and used the acronym SPICE. SPICE initially stood for ''The standard
The Technical Report (TR) document for ISO/IEC TR 15504 was divided into 9 parts. The initial International Standard was recreated in 5 parts. This was proposed from Japan when the TRs were published at 1997. The International Standard (IS) version of ISO/IEC 15504 now comprises 6 parts. The 7th part is currently in an advanced Final Draft Standard form and work has started on part 8. ''Part 1'' of ISO/IEC TR 15504 explains the concepts and gives an overview of the framework.Reference model
ISO/IEC 15504 contains a '' reference model''. The reference model defines a ''process dimension'' and a ''capability dimension''. The process dimension in the reference model is not the subject of ''part 2'' of ISO/IEC 15504, but part 2 refers to external process lifecycle standards including ISO/IEC 12207 and ISO/IEC 15288. The standard defines means to verify conformity of reference models.Processes
The ''process dimension'' defines processes divided into the five process categories of: * customer-supplier * engineering * supporting * management * organization With new parts being published, the process categories will expand, particularly for IT service process categories and enterprise process categories.Capability levels and process attributes
For each process, ISO/IEC 15504 defines a ''capability level'' on the following scale: The capability of processes is measured using process attributes. The international standard defines nine process attributes: * 1.1 Process performance * 2.1 Performance management * 2.2 Work product management * 3.1 Process definition * 3.2 Process deployment * 4.1 Process measurement * 4.2 Process control * 5.1 Process innovation * 5.2 ProcessRating scale of process attributes
Each process attribute is assessed on a four-point (N-P-L-F) rating scale: * Not achieved (0–15%) * Partially achieved (>15–50%) * Largely achieved (>50–85%) * Fully achieved (>85–100%). The rating is based upon evidence collected against the practice indicators, which demonstrate fulfillment of the process attribute.Assessments
ISO/IEC 15504 provides a guide for ''performing an assessment''. This includes: * the assessment process * the model for the assessment * any tools used in the assessmentAssessment process
Performing assessments is the subject of ''parts 2 and 3'' of ISO/IEC 15504. Part 2 is the normative part and part 3 gives a guidance to fulfill the requirements in part 2. One of the requirements is to use a conformant assessment method for the assessment process. The actual method is not specified in the standard although the standard places requirements on the method, method developers and assessors using the method.van Loon, 2007a The standard provides general guidance to assessors and this must be supplemented by undergoing formal training and detailed guidance during initial assessments. The assessment process can be generalized as the following steps: * initiate an assessment (assessment sponsor) * select assessor and assessment team * plan the assessment, including processes and organizational unit to be assessed (lead assessor and assessment team) * pre-assessment briefing * data collection * data validation * process rating * reporting the assessment result An assessor can collect data on a process by various means, including interviews with persons performing the process, collecting documents and quality records, and collecting statistical process data. The assessor validates this data to ensure it is accurate and completely covers the assessment scope. The assessor assesses this data (using his expert judgment) against a process's base practices and the capability dimension's generic practices in the process rating step. Process rating requires some exercising of expert judgment on the part of the assessor and this is the reason that there are requirements on assessor qualifications and competency. The process rating is then presented as a preliminary finding to the sponsor (and preferably also to the persons assessed) to ensure that they agree that the assessment is accurate. In a few cases, there may be feedback requiring further assessment before a final process rating is made.van Loon, 2007bAssessment model
The ''process assessment model (PAM)'' is the detailed model used for an actual assessment. This is an elaboration of the process reference model (PRM) provided by the process lifecycle standards. The process assessment model (PAM) in part 5 is based on the process reference model (PRM) for software: ISO/IEC 12207. The process assessment model in part 6 is based on the process reference model for systems: ISO/IEC 15288. The standard allows other models to be used instead, if they meet ISO/IEC 15504's criteria, which include a defined community of interest and meeting the requirements for content (i.e. process purpose, process outcomes and assessment indicators).Tools used in the assessment
There exist several assessment tools. The simplest comprise paper-based tools. In general, they are laid out to incorporate the assessment model indicators, including the base practice indicators and generic practice indicators. Assessors write down the assessment results and notes supporting the assessment judgment. There are a limited number of computer based tools that present the indicators and allow users to enter the assessment judgment and notes in formatted screens, as well as automate the collated assessment result (i.e. the process attribute ratings) and creating reports.Assessor qualifications and competency
For a successful assessment, the ''assessor'' must have a suitable level of the relevant skills and experience. These skills include: * personal qualities such as communication skills. * relevant education and training and experience. * specific skills for particular categories, e.g. management skills for the management category. * ISO/IEC 15504 related training and experience in process capability assessments. The competency of assessors is the subject of ''part 3'' of ISO/IEC 15504. In summary, the ISO/IEC 15504 specific training and experience for assessors comprise: * completion of a 5-day lead assessor training course * performing at least one assessment successfully under supervision of a competent lead assessor * performing at least one assessment successfully as a lead assessor under the supervision of a competent lead assessor. The competent lead assessor defines when the assessment is successfully performed. There exist schemes for certifying assessors and guiding lead assessors in making this judgement.Uses
ISO/IEC 15504 can be used in two ''contexts'': * Process improvement, and * Capability determination (= evaluation of supplier's process capability).Process improvement
ISO/IEC 15504 can be used to perform process improvement within a technology organization. Process improvement is always difficult, and initiatives often fail, so it is important to understand the initial baseline level (process capability level), and to assess the situation after an improvement project. ISO 15504 provides a standard for assessing the organization's capacity to deliver at each of these stages. In particular, the reference framework of ISO/IEC 15504 provides a structure for defining objectives, which facilitates specific programs to achieve these objectives. Process improvement is the subject of ''part 4'' of ISO/IEC 15504. It specifies requirements for improvement programmes and provides guidance on planning and executing improvements, including a description of an eight step improvement programme. Following this improvement programme is not mandatory and several alternative improvement programmes exist.Capability determination
An organization considering outsourcing software development needs to have a good understanding of the capability of potential suppliers to deliver. ISO/IEC 15504 (Part 4) can also be used to inform supplier selection decisions. The ISO/IEC 15504 framework provides a framework for assessing proposed suppliers, as assessed either by the organization itself, or by an independent assessor. The organization can determine a ''target capability'' for ''suppliers'', based on the organization's needs, and then assess suppliers against a set of target process profiles that specify this target capability. Part 4 of the ISO/IEC 15504 specifies the high level requirements and an initiative has been started to create an extended part of the standard covering target process profiles. Target process profiles are particularly important in contexts where the organization (for example, a government department) is required to accept the cheapest ''qualifying'' vendor. This also enables suppliers to identify gaps between their current capability and the level required by a potential customer, and to undertake improvement to achieve the contract requirements (i.e. become qualified). Work on extending the value of capability determination includes a method called Practical Process Profiles - which uses risk as the determining factor in setting target process profiles. Combining risk and processes promotes improvement with active risk reduction, hence reducing the likelihood of problems occurring.Acceptance of ISO/IEC 15504
ISO/IEC 15504 has been successful as: * ISO/IEC 15504 is available through National Standards Bodies. * It has the support of the international community. * Over 4,000 assessments have been performed to date. * Major sectors are leading the pace such as automotive, space and medical systems with industry relevant variants. * Domain-specific models like ''Automotive SPICE'' and ''SPICE 4 SPACE'' can be derived from it. * There have been many international initiatives to support take-up such as SPICE for small and very small entities. On the other hand, ISO/IEC 15504 may not be as popular as CMMI for the following reasons: * ISO/IEC 15504 is not available as free download, but must be purchased from the ISO. (Automotive SPICE, on the other hand, can be freely downloaded from the link supplied below.) CMM, and later CMMI, were originally available as free downloads from the SEI website. However, beginning with CMMI v2.0 a license must now be purchased from SEI. * The CMM, and later CMMI, were originally sponsored by theSee also
*Further reading
* Cass, A. et al. “SPiCE in Action - Experiences in Tailoring and Extension.” ''Proceedings. 28th Euromicro Conference''. IEEE Comput. Soc, 2003. Print. *Eito-Brun, Ricardo.External links
* ISO/IEC 33001:2015 - Information technology — Process assessment — Concepts and terminology *VDA QMC Homepage foReferences
{{DEFAULTSORT:ISO IEC 15504 Software engineering standards Software development process #15504