You know how sometimes you get something in your head that you can't get out? ISO 15504 has been like that for me lately, so read on as I kick out the jams on this little bugger in the hopes I can peacefully move on to other things...
Most of the people who are aware of ISO/IEC 15504 may be software developers, many of whom know it from its former (and still used) nickname --- SPICE, which stands for Software Process Improvement and Capability dEtermination.
PAMs PRMs and more Frameworks...
The original SPICE actually had the software lifecycle processes embedded into the standard. With a revision of ISO 15504 in 2004, the standard evolved to include the concept of a Process Reference Model (PRM) which ISO defines as:
[a model comprising definitions of processes in a life cycle described in terms of process purpose and outcomes, together with an architecture describing the relationships between the processes]
So now the software lifecycle processes are a PRM related to ISO 12207 (Software Lifecycle Processes). Other PRMs are published as well, including some that are industry specific and still cling to the original SPICE terminology (such as Automotive SPICE).
More important for those adopting IT service management is the planned publication of ISO/IEC 15504-8, which is an exemplar process assessment model specifically for IT service management (which will use ISO 20000 as a Process Reference Model).
The other main elements of the ISO 15504 standard include a Measurement Framework which,
[provides a schema for use in characterizing the capability of an implemented process with respect to the Process Assessment Model.
Within this Measurement Framework, the measure of capability is based upon a set of Process Attributes (PA). Each attribute defines a particular aspect of process capability. The extent of process attribute achievement is characterized on a defined rating scale. The combination of process attribute achievement and a defined grouping of process attributes together determine the process capability level.
Although Process Attributes are defined in such a way that they can be rated independently of one another, this does not imply that there are no other relationships between them. e.g. the achievement of one attribute may be linked to the achievement of another attribute within the capability determination.]
Anyone who has seen the OGC's Self Assessment Questionnaire will find this familiar. The ISO 15504 Measurement Framework goes on to define the following maturity levels, with some nice detail in Part 2 of the standard (too much to include here):
| Scale | Process Attributes | Rating |
| Level 1 | Process Performance | Largely or Fully |
| Level 2 | Process Performance | Fully |
| Performance Management | Largely or Fully | |
| Work Product Management | Largely or Fully | |
| Level 3 | Process Performance | Fully |
| Performance Management | Fully | |
| Work Product Management | Fully | |
| Process Definition | Largely or Fully | |
| Process Deployment | Largely or Fully | |
| Level 4 | Process Performance | Fully |
| Performance Management | Fully | |
| Work Product Management | Fully | |
| Process Definition | Fully | |
| Process Deployment | Fully | |
| Process Measurement | Largely or Fully | |
| Process Control | Largely or Fully | |
| Level 5 | Process Performance | Fully |
| Performance Management | Fully | |
| Work Product Management | Fully | |
| Process Definition | Fully | |
| Process Deployment | Fully | |
| Process Measurement | Fully | |
| Process Control | Fully | |
| Process Innovation | Largely or Fully | |
| Process Optimization | Largely or Fully |
The rating scale is also defined in the standard:
N = Not achieved. There is little or no evidence of the defined attribute in the assessed process. [0 to 15% achievement]
P = Partially achieved. There is some evidence of an approach to, and some achievement of, the defined attribute in the assessed process. Some weakness related to this attribute may exist in the assessed process. [>15% to 50% achievement]
L = Largely achieved. There is evidence of a systematic approach to, and significant achievement of, the defined attribute in the assessed process. No significant weaknesses related to this attribute exist in the assessed process. [>50% to 85% achievement]
F = Fully achieved. There is evidence of a complete and systematic approach to, and full achievement of, the defined attribute in the assessed process. No significant weaknesses related to this attribute exist in the assessed processes. [>85% to 100% achievement]
The Process Assessment Model (PAM)
From ISO 15504 Part 2: [A Process Assessment Model (PAM) is related to one or more Process Reference Models. It forms the basis for the collection of evidence and rating of process capability.] So the ISO 15504 standard provides the ability for a number of Process Assessment Models (PAM), supported by a number of Process Reference Models (PRM).
Why is ISO/IEC 15504 relevant to my adoption of IT service management?
If you have started adopting IT service management, you may have performed an initial assessment of your IT processes, or you may have had a third party perform an independent assessment for you. This important step answers the question, “Where Are We Now?” and is fundamental to any ITIL/ITSM adoption program. However, assessment is not a one-time event; ongoing assessment is critical in order to continue improvements during what is hopefully a never-ending journey. So understanding how assessments should be performed is a competency that is needed on an ongoing basis.
As an international standard, ISO/IEC 15504 ‘harmonizes’ existing and future models and assessment methods. So while you may not use ISO/IEC 15504 standalone, understanding the standard can help users select methods and models that conform to the ISO/IEC standard. This is particularly important if you want consistency between internal and external assessment results, or if you have several assessment methods/models in use.
But perhaps the most significant reason is the planned publication of ISO/IEC 15504-8, an exemplar assessment model for IT service management. This will use ISO/IEC 20000 as the Process Reference Model (PRM) and create a Process Assessment Model (PAM), including assessment indicators, base practices and work products as defined in the ISO/IEC 15504 standard.
This will provide customers, suppliers and consulting firms with clear, consistent targets for achieving whatever levels of process maturity are deemed appropriate for the organization.