BS ISO IEC 33002:2015 pdf free download – Information technology – Process assessment – Requirements for performingprocess assessment
4.2.1 Plan the assessment
A plan for the assessment shall be developed and documented, including at a minimum:
a) required inputs specified in this standard (refer to 4.4);
b)class of assessment (refer to 4.6);
c)category of independence of the body performing the assessment, the lead assessor and the other members of the assessment team (refer to Annex A)
d)communications to the personnel involved in the assessment;
e)identification of the documented assessment process including:
1) the strategy and techniques for the selection, identification, collection and analysis of objective evidence and data, to satisfy any requirements for coverage of the organizational scope or theprocess scope of the assessment as defined for the class of the assessment (refer 4.6);
2) the approach to derive an agreed process attribute rating, where relevant.
f)activities to be performed in performing the assessment;
g)resources and schedule assigned to these activities;
h) identification and definition of roles and responsibilities of the participants in the assessment;
i)criteria to verify that the requirements of this International Standard have been met; i)description of the planned assessment outputs. Roles and responsibilities for process assessment shall be assigned and communicated to personnelimpacted by the assessment. The plan for the assessment shall be approved by the assessment sponsor, and the approval shall bedocumented.
4.2.2 Collect the data
The data collected shall be sufficient to provide coverage of the organization scope and the processscope for the assessment, as specified for the selected class of the assessment. Data shall be collected onthe basis of direct or indirect evidence that shall be sufficient for the class of assessment (refer to 4.6).Evidence required for evaluating the processes within the assessment scope and additional informationshall be collected in a systematic manner applying at minimum the following:
a) a correspondence between the organizational unit’s processes and the elements in the process assessment model, specified in the assessment scope, shall be established;
b) each process identified in the assessment scope shall be assessed on the basis of objective evidence;
c)cobjective evidence shall be identified and gathered to provide the basis forverification ofthe ratings;
d)objective evidence gathered for each process attribute for each process assessed shall be sufficient to meet the assessment purpose, assessment scope and class of assessment;
e)objective evidence collected for each process shall be representative of the implementation of the process across the organizational scope of the assessment, as required for the selected class of theassessment (refer to 4.6);
4.6.1 General
The purpose for performing an assessment may vary significantly, depending on the business andorganizational context in which the assessment is performed.In particular, in some cases,there is a needto develop a high degree of confidence in the accuracy of the assessment results, and in the extent towhich the result can be seen as representative of process performance across the whole organizationalscope of the assessment. In order to ensure that the variety of needs can be met, three classes ofassessment are identified, resulting in different levels of confidence in the results of the assessment.Specific requirements relating to each Class are contained in this Clause.The rating approach shall beappropriate for the classes of assessment.
NOTE ISO/IEC 33010:2015; provides guidance on selecting the class of assessment, data collection and therating approach that is appropriate for different classes of assessment [2].