Capability maturity and process assessment

Published: 17th May 2011
Views: N/A


Many organizations depend on IT for their core and critical business services. Being confident in a service provider’s capability to deliver IT services is therefore important for a range of strategic, tactical and operational activities. Higher levels of capability provide give greater confidence that an organization can deliver the desired business and IT services. Lower levels of capability may indicate potential sources of risk.

Benchmarking and comparison with best practice

Benchmarking and assessment tools help senior managers to understand areas of weakness, risk and what can be done more efficiently. Comparing the current situation with international standards and best practices is a good starting point for assessing current capability and planning improvement.

In addition to performance and customer satisfaction benchmarks, many organizations assess their service management capability and IT processes using:

- ISO/IEC 20000 IT Service Management series

- ITIL service management best practices


- ISO/IEC 15504 series

A capability maturity model (CMM) or process assessment model (PAM) can be used by an organisation as the framework for benchmarking, internal assessment and planning improvement.

Using COBIT maturity models

COBIT 4.1 (published by ITGI and ISACA, 2007) provides guidance on maturity modelling for management and control over IT processes that is based on a method of evaluating an organization’s processes from a maturity level of non-existent (0) to optimised (5).

The COBIT generic maturity attribute model is useful for performing a high level assessment for a range of processes. It provides a useful model to identify where issues are and how to set priorities. There is also a specific model based on the generic scale for each of COBIT’s 34 IT processes.

ISO/IEC 20000 series

ISO/IEC 20000-1, published in April 2011, is the core of the 20000 series, providing the basis for establishing a Service Management System (SMS), service improvements, management reviews, internal and certification audits. Part 1 is set of requirements which are compulsory for a certification audit, considered often as the destination that is reached.

ISO/IEC 20000-4, published in 2010, defines service management process reference model, aligned to Part 1. The process reference model defines each Part 1 process using inputs, outputs and activities. Although it can assist with process design it was developed as the basis of five-level process assessment model (PAM). .

Using ISO/IEC 15504 and process assessment models (PAM)

The 15504 series sets out the requirements for performing a process assessment and writing a process assessment model (PAM) that is conformant. There are general requirements that apply to all types of assessments and specific requirements that apply to assessments of process capability and organizational maturity.

A process assessment model is composed of a set of indicators of process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to assign ratings for each process. Using 15504 helps to ensure that the assessment output is self-consistent and provides evidence to substantiate the ratings.

Work is currently under development to produce ISO/IEC 15504-8, an Exemplar IT Service Management Process Assessment Model. Several pilots are underway using the draft PAM.

About the Author

Shirley Lacy is Managing Director of ConnectSphere. ConnectSphere provides consulting and professional development services to help organizations to adopt ITIL® service management best practices and use ISO/IEC 20000. Shirley is UK Principle Expert on the ISO and BSI committees that develop IT, IT service management and process assessment standards.


If you want to find out more about using the IT service Process Assessment Model and ISO/IEC 20000, contact ConnectSphere at - They are specialists in IT Governance and ITIL Training Courses

ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries

Report this article Ask About This Article

More to Explore