Misplaced Pages

ISO/IEC 15504: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editNext edit →Content deleted Content addedVisualWikitext
Revision as of 21:55, 29 January 2008 edit82.136.79.38 (talk) External links← Previous edit Revision as of 21:10, 16 March 2008 edit undoHanvanloon (talk | contribs)175 edits Capability determinationNext edit →
(23 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{nofootnotes}}
'''ISO/IEC 15504''' also known as '''SPICE''' (Software Process Improvement and Capability dEtermination) is a "framework for the assessment of software processes" developed by the Joint Technical Subcommittee between ISO (]) and IEC (]).


'''ISO/IEC 15504''' also known as '''SPICE''' (Software Process Improvement and Capability dEtermination) is a "framework for the assessment of processes" developed by the Joint Technical Subcommittee between ISO (]) and IEC (]).
ISO/IEC 15504 derives from ] and uses many of the ideas of ].

ISO/IEC 15504 initially was derived from process lifecycle standard ] and the ideas of capability maturity in ].


==Overview== ==Overview==
Line 7: Line 9:
The ISO/IEC 15504 framework does ''not set out specific ]''. Other, more specific standards, set out requirements for (say) a valid ]. What ISO/IEC 15504 is concerned about is the capability provided by the organization's management and process definition structures. The ISO/IEC 15504 framework does ''not set out specific ]''. Other, more specific standards, set out requirements for (say) a valid ]. What ISO/IEC 15504 is concerned about is the capability provided by the organization's management and process definition structures.


ISO/IEC 15504 is ''not a methodology''. Although ISO/IEC 15504 sets out a list of activities that might (and should) occur in a software project, it does not set out the order in which such activities should be carried out. ISO/IEC 15504 is ''not a methodology''. Although ISO/IEC 15504 sets out a list of activities that might (and should) occur in a (software) project, it does not set out the order in which such activities should be carried out.


ISO/IEC 15504 is, in effect, a set of categories (pigeon holes) in which the assessors can place the evidence that they collect during their assessment, so that the assessors can give an overall determination of the organisation's capabilities for delivering software. ISO/IEC 15504 is, in effect, a set of categories (the process attributes and generic practices) against which the assessors can place the evidence that they collect during their assessment, so that the assessors can give an overall determination of the organisation's capabilities for delivering products (software, systems, IT services).


ISO/IEC 15504 has been developed by the Joint Technical Subcommittee between ISO (International Organization for Standardization) and IEC (International Electrotechnical Committee). ISO/IEC 15504 has been developed by the Joint Technical Subcommittee between ISO (International Organization for Standardization) and IEC (International Electrotechnical Committee).
Line 15: Line 17:
==The ISO/IEC 15504 standard== ==The ISO/IEC 15504 standard==


The Technical Report (TR) document for ISO/IEC TR 15504 is divided into 9 parts. The Technical Report (TR) document for ISO/IEC TR 15504 was divided into 9 parts. The initial International Standard was recreated in 5 parts. This was proposed from Japan when the TRs were published at 1997.

But IS version of ISO/IEC 15504 is divided into 5 parts. This is proposed from Japan when the TRs were published at 1997.
The International Standard (IS) version of ISO/IEC 15504 now composes 6 parts. The 7th part is currently in an advanced Final Draft Standard form and work has started on part 8.


''Part 1'' of ISO/IEC TR 15504 explains the concepts and gives an overview of the framework. ''Part 1'' of ISO/IEC TR 15504 explains the concepts and gives an overview of the framework.
Line 32: Line 35:
ISO/IEC 15504 contains a ''reference model''. The reference model defines a ''process dimension'' and a ''capability dimension''. ISO/IEC 15504 contains a ''reference model''. The reference model defines a ''process dimension'' and a ''capability dimension''.


The reference model is not the subject of ''part 2'' of ISO/IEC 15504, now. The process dimension in the reference model is not the subject of ''part 2'' of ISO/IEC 15504, but refers to external process lifecycle standards including ISO/IEC 12207 and ISO/IEC 15288.
The assessment model is part5, reference model of process dimension is IOS/IEC 12207 annex.


====Processes==== ====Processes====
Line 43: Line 45:
* management * management
* organization * organization
With new parts being published, the process categories will expand, particularly for IT service process categories and enterprise process categories.


====Capability levels and process attributes==== ====Capability levels and process attributes====


For each process, ISO/IEC 15504 defines a ''capability level'' on the following scale: For each process, ISO/IEC 15504 defines a ''capability level'' on the following scale (see ISO 15504 part 2):


{| {|
Line 74: Line 77:
* 5.1 Process Innovation * 5.1 Process Innovation
* 5.2 Process ]. * 5.2 Process ].

Each process attribute consists of one or more generic practices, which are further elaborated into practice indicators to aid assessment performance.


Each process attribute is assessed on a four-point (N-P-L-F) rating scale: Each process attribute is assessed on a four-point (N-P-L-F) rating scale:
Line 81: Line 86:
* Fully achieved (>85% - 100%). * Fully achieved (>85% - 100%).


The rating is based upon evidence collected against the practice indicators, which demonstrate fulfillment of the process attribute (see ISO 15504 part 3).


===Assessments=== ===Assessments===


ISO/IEC 15504 provides a guide for ''performing an assessment''. ISO/IEC 15504 provides a guide for ''performing an assessment'' (see ISO 15504 part 3).


This includes: This includes:
Line 90: Line 96:
* the model for the assessment * the model for the assessment
* any tools used in the assessment * any tools used in the assessment
* success factors


====Assessment process====
Performing assessments is the subject of ''parts 3 and 4'' of ISO/IEC TR 15504.
Part 3 is the normative part and part 4 gives a guidance to fulfill the requirements.


Performing assessments is the subject of ''parts 2 and 3'' of ISO/IEC 15504 (see ISO 15504). Part 2 is the normative part and part 3 gives a guidance to fulfill the requirements in part 2.
===Assessment model===


One of the requirements is to use a conformant assessment method for the assessment process. The actual method is not specified in the standard although the standard places requirements on the method, method developers and assessors using the method (van Loon, 2007a). The standard provides general guidance to assessors and this must be supplemented by undergoing formal training and detailed guidance during initial assessments.
The ''assessment model'' is the detailed model that is used for an actual assessment. This is an elaboration of the reference model.


The assessment process can be generalized as the following steps:
''Part 5'' of ISO/IEC TR 15504 provides an assessment model, but other models could be used instead, if they meet ISO/IEC 15504's criteria.
* initiate an assessment (assessment sponsor)
* select assessor and assessment team
* plan the assessment, including processes and organizational unit to be assessed (lead assessor and assessment team)
* pre-assessment briefing
* data collection
* data validation
* process rating
* reporting the assessment result


An assessor can collect data on a process by various means, including interviews with persons performing the process, collecting documents and quality records, and collecting statistical process data. The assessor validates this data to ensure it is accurate and completely covers the assessment scope. The assessor assesses this data (using their expert judgment) against a process's base practices and the capability dimension's generic practices in the process rating step. Process rating requires some exercising of expert judgment on the part of the assessor and this is the reason that there are requirements on assessor qualifications and competency. The process rating is then presented as a preliminary finding to the sponsor (and preferably also to the persons assessed) to ensure that they agree that the assessment is accurate. In a few cases, there may be feedback requiring further assessment before a final process rating is made (van Loon 2007b).
===Assessors===


====Assessment model====
For a successful assessment, the ''assessor'' must have a suitable level of the relevant skills.

The ''process assessment model (PAM)'' is the detailed model that is used for an actual assessment. This is an elaboration of the process reference model (PRM) provided by the process lifecycle standards (see ISO 15504 part 2).

The process assessment model (PAM) in part 5 is based on the process reference model (PRM) for software: ISO/IEC 12207.

The process assessment model in part 6 is based on the process reference model for systems: ISO/IEC 15288.

The standard allows other models to be used instead, if they meet ISO/IEC 15504's criteria, which include a defined community of interest and meeting the requirements for content (i.e. process purpose, process outcomes and assessment indicators).

====Tools used in the assessment====

There exist several assessment tools. The simplest comprise paper based tools that are manually used. In general, they at laid out to incorporate the assessment model indicators, including the base practice indicators and generic practice indicators. Assessors write down the assessment results and notes supporting the assessment judgment.

There are a limited number of computer based tools that present the indicators and allow users to enter the assessment judgment and notes in formatted screens, as well as automate the collated assessment result (i.e. the process attribute ratings).

===Assessor qualifications and competency===

For a successful assessment, the ''assessor'' must have a suitable level of the relevant skills and experience.


These skills include: These skills include:
Line 109: Line 139:
* relevant education and training and experience * relevant education and training and experience
* specific skills for particular categories, e.g. management skills for the management category. * specific skills for particular categories, e.g. management skills for the management category.
* training and experience in software capability assessments. * ISO/IEC 15504 related training and experience in process capability assessments.

The competency of assessors is the subject of ''part 3'' of ISO/IEC 15504.


In summary, the ISO/IEC 15504 specific training and experience for assessors comprise:
The competency of assessors is the subject of ''part 6'' of ISO/IEC TR 15504.
* completion of a 5 day lead assessor training course
* performing at least one assessment successfully under supervision of a competent lead assessor
* performing at least one assessment successfully as a lead assessor under the supervision of a competent lead assessor. The competent lead assessor defines when the assessment is successfully performed. There exist schemes for certifying assessors and guiding lead assessors in making this judgment(van Loon 2007a).


===Uses of ISO/IEC 15504=== ===Uses of ISO/IEC 15504===
Line 121: Line 156:
====Process improvement==== ====Process improvement====


ISO/IEC 15504 can be used to perform ] within a technology organization. Process improvement is always difficult, and initiatives often fail, so it is important to understand the initial baseline level, and to assess the situation after an improvement project. ISO 15504 provides a standard for assessing the organization's capacity to deliver at each of these stages. ISO/IEC 15504 can be used to perform ] within a technology organization. Process improvement is always difficult, and initiatives often fail, so it is important to understand the initial baseline level (process capability level), and to assess the situation after an improvement project. ISO 15504 provides a standard for assessing the organization's capacity to deliver at each of these stages.


In particular, the reference framework of ISO/IEC 15504 provides a structure for defining objectives, which facilitates specific programs to achieve these objectives. In particular, the reference framework of ISO/IEC 15504 provides a structure for defining objectives, which facilitates specific programs to achieve these objectives.


Process improvement is the subject of ''part 4'' of ISO/IEC 15504. It specifies requirements for improvement programmes and provides guidance on planning and executing improvements, including a description of an eight step improvement programme. Following this improvement programme is not mandatory and several alternative improvement programmes exist (van Loon, 2007b).
Process improvement is the subject of ''part 7'' of ISO/IEC 15504.


====Capability determination==== ====Capability determination====
Line 131: Line 166:
An organization considering ] software development needs to have a good understanding of the capability of potential suppliers to deliver. An organization considering ] software development needs to have a good understanding of the capability of potential suppliers to deliver.


ISO/IEC 15504 can also be used to inform supplier selection decisions. The ISO/IEC 15504 framework provides a framework for assessing proposed suppliers, as assessed either by the organization itself, or by an independent assessor. ISO/IEC 15504 (Part 4) can also be used to inform supplier selection decisions. The ISO/IEC 15504 framework provides a framework for assessing proposed suppliers, as assessed either by the organization itself, or by an independent assessor (see ISO 1504 part 4).


The organization can determine a ''target capability'' for suppliers, based on the organization's needs, and then assess suppliers against this profile. This is particularly important in contexts where the organization (for example, a government department) is required to accept the cheapest ''qualifying'' tender. This also enables suppliers to identify gaps between their current capability and the level required by a potential customer, and to undertake improvement to make the contract. Work on extending the value of capability determination includes a method called Practical Process Profiles - which uses risk as the determining factor in setting target profiles. Combining risk and processes promotes improvement with active risk reduction, hence reducing the likelihood of problems occurring. The organization can determine a ''target capability'' for suppliers, based on the organization's needs, and then assess suppliers against a set of target process profiles that specify this target capability. Part 4 of the ISO/IEC 15504 specifies the high level requirements and an initiative has been started to create an extended part of the standard covering target process profiles. Target process profiles are particularly important in contexts where the organization (for example, a government department) is required to accept the cheapest ''qualifying'' tender. This also enables suppliers to identify gaps between their current capability and the level required by a potential customer, and to undertake improvement to achieve the contract requirements (i.e. become qualified). Work on extending the value of capability determination includes a method called Practical Process Profiles - which uses risk as the determining factor in setting target process profiles (van Loon 2007b). Combining risk and processes promotes improvement with active risk reduction, hence reducing the likelihood of problems occurring.

Supplier process evaluation has been merged into Part 8 of ISO/IEC 15504.


==History== ==History==
Line 141: Line 174:
A working group was formed in ] to draft the international standard and used the acronym, ]. SPICE initially stood for "] ] and ]", but ] concerns over the meaning of the last word meant that SPICE now means "Software Process Improvement and Capability Determination". A working group was formed in ] to draft the international standard and used the acronym, ]. SPICE initially stood for "] ] and ]", but ] concerns over the meaning of the last word meant that SPICE now means "Software Process Improvement and Capability Determination".


Even though the formal ISO standards number, ISO 15504, is now the correct reference, SPICE is still used for the user group of the standard, and the title for the annual conference. The first SPICE was held in ], ] in ], "SPICE ]" was hosted by ] in ], "SPICE ]" was hosted in ], "SPICE ]" was hosted in ], and "SPICE ]" was hosted in Luxembourg. Even though the formal ISO standards number, ISO 15504, is now the correct reference, SPICE is still used for the user group of the standard, and the title for the annual conference. The first SPICE was held in ], ] in ], "SPICE ]" was hosted by ] in ], "SPICE ]" was hosted in ], "SPICE ]" was hosted in ], "SPICE ]" was hosted in Luxembourg, and SPICE ] was hosted in Korea.


The first versions of the standard were focused exclusively on ] processes. This was expanded to cover all related processes in a software business, for example, ], ], ], and so on. The list of processes covered, grew to cover six business areas: The first versions of the standard were focused exclusively on ] processes. This was expanded to cover all related processes in a software business, for example, ], ], ], and so on. The list of processes covered, grew to cover six business areas:
Line 152: Line 185:


In a major revision to the draft standard in 2004, the process reference model was removed and is now related to the ] (]). The issued standard now specifies the measurement framework and can use different process reference models. There are five general and industry models in use. In a major revision to the draft standard in 2004, the process reference model was removed and is now related to the ] (]). The issued standard now specifies the measurement framework and can use different process reference models. There are five general and industry models in use.

Part 5 specifies software process assessment and part 6 specifies system process assessment.

The latest work in the ISO standards working group includes creation of a maturity model, which is planned to become ISO/IEC 15504 part 7.


==Acceptance of ISO/IEC 15504== ==Acceptance of ISO/IEC 15504==
Line 161: Line 198:
* Over 4000 assessments have been performed to date * Over 4000 assessments have been performed to date
* Major sectors are leading the pace such as automotive, space and medical systems with industry relevant variants * Major sectors are leading the pace such as automotive, space and medical systems with industry relevant variants
* Domain-specific models like Automotive SPICE can be derived from it * Domain-specific models like Automotive SPICE and SPICE 4 SPACE can be derived from it
* There have been many international initiatives to support take-up such as SPICE for small companies. * There have been many international initiatives to support take-up such as SPICE for small companies.


On the other hand, ISO/IEC 15504 has not been very successful, as compared to the ]. This has been for several reasons: On the other hand, ISO/IEC 15504 has not yet been as successful as the ]. This has been for several reasons:


* ISO/IEC 15504 is not available as free download but must be purchased from the ISO. (Automotive SPICE on the other hand can be freely downloaded from the link supplied below.) CMM and CMMI are available as free downloads from the SEI website. * ISO/IEC 15504 is not available as free download but must be purchased from the ISO. (Automotive SPICE on the other hand can be freely downloaded from the link supplied below.) CMM and CMMI are available as free downloads from the SEI website.
Line 171: Line 208:
* The CMM has subsequently been replaced by the CMMI, which incorporates many of the ideas of ISO/IEC 15504, but also retains the benefits of the CMM. * The CMM has subsequently been replaced by the CMMI, which incorporates many of the ideas of ISO/IEC 15504, but also retains the benefits of the CMM.


Like the CMM, ISO/IEC 15504 has been created in a development context, making it difficult to apply in a service management context. But work has started to develop an ]-based process reference model that can serve as a basis for a process assessment model. In addition there are methods available that adapt its use to various contexts . Like the CMM, ISO/IEC 15504 was created in a development context, making it difficult to apply in a service management context. But work has started to develop an ]-based process reference model that can serve as a basis for a process assessment model. This is planned to become part 8 to the standard. In addition there are methods available that adapt its use to various contexts.


==References== ==References==
{{reflist}} {{reflist}}
*Process Assessment and ISO 15504 ISBN 0-387-23172-2 * van Loon.H. (2007a) Process Assessment and ISO 15504 Springer ISBN 9780387300481
*Process Assessment and Improvement ISBN 0-387-23182-X * van Loon.H. (2007b) Process Assessment and Improvement Springer ISBN 9780387300443


==External links== ==External links==
*
* *
* *
* *
*


] ]

Revision as of 21:10, 16 March 2008

This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. Please help improve this article by introducing more precise citations. (Learn how and when to remove this message)

ISO/IEC 15504 also known as SPICE (Software Process Improvement and Capability dEtermination) is a "framework for the assessment of processes" developed by the Joint Technical Subcommittee between ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission).

ISO/IEC 15504 initially was derived from process lifecycle standard ISO 12207 and the ideas of capability maturity in SW CMM.

Overview

The ISO/IEC 15504 framework does not set out specific standards. Other, more specific standards, set out requirements for (say) a valid test plan. What ISO/IEC 15504 is concerned about is the capability provided by the organization's management and process definition structures.

ISO/IEC 15504 is not a methodology. Although ISO/IEC 15504 sets out a list of activities that might (and should) occur in a (software) project, it does not set out the order in which such activities should be carried out.

ISO/IEC 15504 is, in effect, a set of categories (the process attributes and generic practices) against which the assessors can place the evidence that they collect during their assessment, so that the assessors can give an overall determination of the organisation's capabilities for delivering products (software, systems, IT services).

ISO/IEC 15504 has been developed by the Joint Technical Subcommittee between ISO (International Organization for Standardization) and IEC (International Electrotechnical Committee).

The ISO/IEC 15504 standard

The Technical Report (TR) document for ISO/IEC TR 15504 was divided into 9 parts. The initial International Standard was recreated in 5 parts. This was proposed from Japan when the TRs were published at 1997.

The International Standard (IS) version of ISO/IEC 15504 now composes 6 parts. The 7th part is currently in an advanced Final Draft Standard form and work has started on part 8.

Part 1 of ISO/IEC TR 15504 explains the concepts and gives an overview of the framework.

Nationality of editors of ISO/IEC 15504 5 parts are below.

Part 1, Japan, South Africa. Part 2, Japan, U.K. Part 3, U.S.A, Italy. Part 4, U.K., Israel. Part 5, France, Finland.

Reference model

ISO/IEC 15504 contains a reference model. The reference model defines a process dimension and a capability dimension.

The process dimension in the reference model is not the subject of part 2 of ISO/IEC 15504, but refers to external process lifecycle standards including ISO/IEC 12207 and ISO/IEC 15288.

Processes

The process dimension defines processes divided into the five process categories of:

  • customer-supplier
  • engineering
  • supporting
  • management
  • organization

With new parts being published, the process categories will expand, particularly for IT service process categories and enterprise process categories.

Capability levels and process attributes

For each process, ISO/IEC 15504 defines a capability level on the following scale (see ISO 15504 part 2):

Level Name
5 Optimizing process
4 Predictable process
3 Established process
2 Managed process
1 Performed process
0 Incomplete process

The capability of processes is measured using process attributes. The international standard defines nine process attributes:

  • 1.1 Process Performance
  • 2.1 Performance Management
  • 2.2 Work Product Management
  • 3.1 Process Definition
  • 3.2 Process Deployment
  • 4.1 Process Measurement
  • 4.2 Process Control
  • 5.1 Process Innovation
  • 5.2 Process Optimization.

Each process attribute consists of one or more generic practices, which are further elaborated into practice indicators to aid assessment performance.

Each process attribute is assessed on a four-point (N-P-L-F) rating scale:

  • Not achieved (0 - 15%)
  • Partially achieved (>15% - 50%)
  • Largely achieved (>50%- 85%)
  • Fully achieved (>85% - 100%).

The rating is based upon evidence collected against the practice indicators, which demonstrate fulfillment of the process attribute (see ISO 15504 part 3).

Assessments

ISO/IEC 15504 provides a guide for performing an assessment (see ISO 15504 part 3).

This includes:

  • the assessment process
  • the model for the assessment
  • any tools used in the assessment

Assessment process

Performing assessments is the subject of parts 2 and 3 of ISO/IEC 15504 (see ISO 15504). Part 2 is the normative part and part 3 gives a guidance to fulfill the requirements in part 2.

One of the requirements is to use a conformant assessment method for the assessment process. The actual method is not specified in the standard although the standard places requirements on the method, method developers and assessors using the method (van Loon, 2007a). The standard provides general guidance to assessors and this must be supplemented by undergoing formal training and detailed guidance during initial assessments.

The assessment process can be generalized as the following steps:

  • initiate an assessment (assessment sponsor)
  • select assessor and assessment team
  • plan the assessment, including processes and organizational unit to be assessed (lead assessor and assessment team)
  • pre-assessment briefing
  • data collection
  • data validation
  • process rating
  • reporting the assessment result

An assessor can collect data on a process by various means, including interviews with persons performing the process, collecting documents and quality records, and collecting statistical process data. The assessor validates this data to ensure it is accurate and completely covers the assessment scope. The assessor assesses this data (using their expert judgment) against a process's base practices and the capability dimension's generic practices in the process rating step. Process rating requires some exercising of expert judgment on the part of the assessor and this is the reason that there are requirements on assessor qualifications and competency. The process rating is then presented as a preliminary finding to the sponsor (and preferably also to the persons assessed) to ensure that they agree that the assessment is accurate. In a few cases, there may be feedback requiring further assessment before a final process rating is made (van Loon 2007b).

Assessment model

The process assessment model (PAM) is the detailed model that is used for an actual assessment. This is an elaboration of the process reference model (PRM) provided by the process lifecycle standards (see ISO 15504 part 2).

The process assessment model (PAM) in part 5 is based on the process reference model (PRM) for software: ISO/IEC 12207.

The process assessment model in part 6 is based on the process reference model for systems: ISO/IEC 15288.

The standard allows other models to be used instead, if they meet ISO/IEC 15504's criteria, which include a defined community of interest and meeting the requirements for content (i.e. process purpose, process outcomes and assessment indicators).

Tools used in the assessment

There exist several assessment tools. The simplest comprise paper based tools that are manually used. In general, they at laid out to incorporate the assessment model indicators, including the base practice indicators and generic practice indicators. Assessors write down the assessment results and notes supporting the assessment judgment.

There are a limited number of computer based tools that present the indicators and allow users to enter the assessment judgment and notes in formatted screens, as well as automate the collated assessment result (i.e. the process attribute ratings).

Assessor qualifications and competency

For a successful assessment, the assessor must have a suitable level of the relevant skills and experience.

These skills include:

  • personal qualities such as communication skills
  • relevant education and training and experience
  • specific skills for particular categories, e.g. management skills for the management category.
  • ISO/IEC 15504 related training and experience in process capability assessments.

The competency of assessors is the subject of part 3 of ISO/IEC 15504.

In summary, the ISO/IEC 15504 specific training and experience for assessors comprise:

  • completion of a 5 day lead assessor training course
  • performing at least one assessment successfully under supervision of a competent lead assessor
  • performing at least one assessment successfully as a lead assessor under the supervision of a competent lead assessor. The competent lead assessor defines when the assessment is successfully performed. There exist schemes for certifying assessors and guiding lead assessors in making this judgment(van Loon 2007a).

Uses of ISO/IEC 15504

ISO/IEC 15504 can be used in two contexts:

  • Process improvement, and
  • Capability determination (= evaluation of supplier's process capability).

Process improvement

ISO/IEC 15504 can be used to perform process improvement within a technology organization. Process improvement is always difficult, and initiatives often fail, so it is important to understand the initial baseline level (process capability level), and to assess the situation after an improvement project. ISO 15504 provides a standard for assessing the organization's capacity to deliver at each of these stages.

In particular, the reference framework of ISO/IEC 15504 provides a structure for defining objectives, which facilitates specific programs to achieve these objectives.

Process improvement is the subject of part 4 of ISO/IEC 15504. It specifies requirements for improvement programmes and provides guidance on planning and executing improvements, including a description of an eight step improvement programme. Following this improvement programme is not mandatory and several alternative improvement programmes exist (van Loon, 2007b).

Capability determination

An organization considering outsourcing software development needs to have a good understanding of the capability of potential suppliers to deliver.

ISO/IEC 15504 (Part 4) can also be used to inform supplier selection decisions. The ISO/IEC 15504 framework provides a framework for assessing proposed suppliers, as assessed either by the organization itself, or by an independent assessor (see ISO 1504 part 4).

The organization can determine a target capability for suppliers, based on the organization's needs, and then assess suppliers against a set of target process profiles that specify this target capability. Part 4 of the ISO/IEC 15504 specifies the high level requirements and an initiative has been started to create an extended part of the standard covering target process profiles. Target process profiles are particularly important in contexts where the organization (for example, a government department) is required to accept the cheapest qualifying tender. This also enables suppliers to identify gaps between their current capability and the level required by a potential customer, and to undertake improvement to achieve the contract requirements (i.e. become qualified). Work on extending the value of capability determination includes a method called Practical Process Profiles - which uses risk as the determining factor in setting target process profiles (van Loon 2007b). Combining risk and processes promotes improvement with active risk reduction, hence reducing the likelihood of problems occurring.

History

A working group was formed in 1993 to draft the international standard and used the acronym, SPICE. SPICE initially stood for "Software Process Improvement and Capability Evaluation", but French concerns over the meaning of the last word meant that SPICE now means "Software Process Improvement and Capability Determination".

Even though the formal ISO standards number, ISO 15504, is now the correct reference, SPICE is still used for the user group of the standard, and the title for the annual conference. The first SPICE was held in Limerick, Ireland in 2000, "SPICE 2003" was hosted by ESA in Netherlands, "SPICE 2004" was hosted in Portugal, "SPICE 2005" was hosted in Austria, "SPICE 2006" was hosted in Luxembourg, and SPICE 2007 was hosted in Korea.

The first versions of the standard were focused exclusively on software development processes. This was expanded to cover all related processes in a software business, for example, project management, configuration management, quality assurance, and so on. The list of processes covered, grew to cover six business areas:

  • organizational
  • management
  • engineering
  • acquisition supply
  • support
  • operations.

In a major revision to the draft standard in 2004, the process reference model was removed and is now related to the ISO 12207 (Software Lifecycle Processes). The issued standard now specifies the measurement framework and can use different process reference models. There are five general and industry models in use.

Part 5 specifies software process assessment and part 6 specifies system process assessment.

The latest work in the ISO standards working group includes creation of a maturity model, which is planned to become ISO/IEC 15504 part 7.

Acceptance of ISO/IEC 15504

ISO/IEC 15504 has been successful as:

  • ISO/IEC 15504 is publicly available through National Standards Bodies.
  • It has the support of the international community
  • Over 4000 assessments have been performed to date
  • Major sectors are leading the pace such as automotive, space and medical systems with industry relevant variants
  • Domain-specific models like Automotive SPICE and SPICE 4 SPACE can be derived from it
  • There have been many international initiatives to support take-up such as SPICE for small companies.

On the other hand, ISO/IEC 15504 has not yet been as successful as the CMMI. This has been for several reasons:

  • ISO/IEC 15504 is not available as free download but must be purchased from the ISO. (Automotive SPICE on the other hand can be freely downloaded from the link supplied below.) CMM and CMMI are available as free downloads from the SEI website.
  • The CMMI is actively sponsored (by the US Department of Defense).
  • The CMM was created first, and reached critical 'market' share before ISO 15504 became available.
  • The CMM has subsequently been replaced by the CMMI, which incorporates many of the ideas of ISO/IEC 15504, but also retains the benefits of the CMM.

Like the CMM, ISO/IEC 15504 was created in a development context, making it difficult to apply in a service management context. But work has started to develop an ITIL-based process reference model that can serve as a basis for a process assessment model. This is planned to become part 8 to the standard. In addition there are methods available that adapt its use to various contexts.

References

  • van Loon.H. (2007a) Process Assessment and ISO 15504 Springer ISBN 9780387300481
  • van Loon.H. (2007b) Process Assessment and Improvement Springer ISBN 9780387300443

External links

Categories: