Information technology - Process assessment - Guidance for process risk determination
This document is part of a set of International Standards ISO/IEC 33001 – ISO/IEC 33099, termed the ISO/IEC 330xx family, designed to provide a consistent and coherent framework for the assessment of process quality characteristics, based on objective evidence resulting from implementation of the processes.
The framework for assessment covers processes employed in the development, maintenance, and use of systems across the information technology domain and those employed in the design, transition, delivery, and improvement of services. Results of assessment can be applied for improving process performance, or for identifying and addressing risks associated with application of processes.
The framework for assessment covers processes employed in the development, maintenance, and use of systems across the information technology domain and those employed in the design, transition, delivery, and improvement of services. Results of assessment can be applied for improving process performance, or for identifying and addressing risks associated with application of processes.
This document provides guidance on the application of the results of process assessment for process risk determination. The guidance covers:
- Initiating process risk determination
- Identifying relevant processes and the relevant process context
- Defining target process profile
- Defining target assessment input
- Assessing current process quality
- Determining proposed process quality characteristic achievement
- Verifying proposed process quality characteristic achievement
- Analysing process-related risk
- Acting on results
This document is primarily addressed to the stakeholders of the process risk determination, members of the process risk determination team and other people, such as lead assessors or assessment team members, who need guidance on performing a process risk determination based on conformant process assessments. It will also be of value to developers of process assessment methods and tools supporting process assessment as well as members of assessed organizations.
The set of International Standards ISO/IEC 33001 – ISO/IEC 33099 defines the requirements and resources needed for process assessment. The overall architecture and content is described in ISO/IEC 33001.
This document assumes familiarity with the normative parts of the ISO/IEC 330xx family of standards.
Several International Standards in the ISO/IEC 330xx family of standards for process assessment are intended to replace and extend parts of the ISO/IEC 15504 series. ISO/IEC 33001:2015, Annex A provides a detailed record of the relationship between the ISO/IEC 330xx family and the ISO/IEC 15504 series.