Antoni Lluís Mesquida

IT Service Management Process Improvement based on ISO/IEC 15504: A systematic review

Context: In recent years, many software companies have considered Software Process Improvement (SPI) as essential for successful software development. These companies have also shown special interest in IT Service Management (ITSM). SPI standards have evolved to incorporate ITSM best practices. Objective: This paper presents a systematic literature review of ITSM Process Improvement initiatives based on the ISO/IEC 15504 standard for process assessment and improvement. Method: A systematic literature review based on the guidelines proposed by Kitchenham and the review protocol template developed by Biolchini et al. is performed. Results: Twenty-eight relevant studies related to ITSM Process Improvement have been found. From the analysis of these studies, nine different ITSM Process Improvement initiatives have been detected. Seven of these initiatives use ISO/IEC 15504 conformant process assessment methods. Conclusion: During the last decade, in order to satisfy the on-going demand of mature software development companies for assessing and improving ITSM processes, different models which use the measurement framework of ISO/IEC 15504 have been developed. However, it is still necessary to define a method with the necessary guidelines to implement both software development processes and ITSM processes reducing the amount of effort, especially because some processes of both categories are overlapped.

Application of ISO/IEC 15504 in Very Small Enterprises

This paper presents the experience of application of the ISO/IEC 15504 standard in eight software companies. Firstly, the objectives, the participants and the work plan are exposed. Secondly, the implementation of the project activities and its results are summarized. And finally, the cost of the implementation is detailed. The project which has allowed this improvement effort in these organizations has been named “QuaSAR II” and represents the continuance of the “QuaSAR” project, a software process improvement initiative started in 2002 in the Balearic Islands.

Implementing information security best practices on software lifecycle processes

The ISO/IEC 15504 international standard can be aligned with the ISO/IEC 27000 information security management framework. During the research conducted all the existing relations between ISO/IEC 15504-5 software development base practices and ISO/IEC 27002 security controls have been analysed and the ISO/IEC 15504 Security Extension has been developed. This extension details the changes that software companies should make in the software lifecycle processes for the successful implementation of the related security controls. To attain our research objectives, we evaluate the ISO/IEC 15504 Security Extension through case studies in a sample of software development organizations. This study follows the design science research paradigm that is based on constructive research. ISO/IEC 15504-5 processes can be adapted to deploy ISO/IEC 27002 controls on them.Relations between ISO/IEC 15504-5 and ISO/IEC 27002 security controls are analysed.From these relations, the ISO/IEC 15504 Security Extension has been developed.The Design Science Research paradigm has been followed during its development.The ISO/IEC 15504 Security Extension has been validated in industry.

A Cynefin Based Approach to Process Model Tailoring and Goal Alignment

In an industrial context all process models require a certain amount of tailoring to fit to the business environment of any specific organization in which the model is to be deployed. Process models should therefore be accompanied by tailoring guidelines and approaches to assist with strategic and operational goal alignment that support their use in industry. This paper explores shortcomings of process improvement and the existing process models, suggesting that a more holistic approach should be taken to process improvement in the modern organization. The paper provides an overview of systems thinking and the Cynefin framework that organizations can use to detect the characteristics of the domain in which they are operate. Knowing their domain helps the organization realize the amount of tailoring and goal alignment necessary to benefit from implementing process model guidance.

An ISO/IEC 15504 Security Extension

Software companies which have been involved in a process improvement programme according to ISO/IEC 15504 have already performed some steps in order to implement ISO/IEC 27000 as an information security management framework. After analysing in depth the existing relations between ISO/IEC 15504-5 base practices and ISO/IEC 27002 security controls, in this paper the security controls covered by the ISO/IEC 15504-5 processes are described, the changes over these processes which would be necessary for the implementation of the controls are detailed and an ISO/IEC 15504 Security Extension that facilitates the implementation of both standards is presented.

Developing an Integrated Risk Management Process Model for IT Settings in an ISO Multi-standards Context.

With risk management as a key topic for most organizations, aligning and improving organisational and business processes is essential. Capability and Maturity Models can contribute to assess and then enable process improvement. With the need to integrate risk management in IT settings (IT department/organisation), ISO/IEC 15504-330xx process assessment approach combined with ISO 31000 for risk management can be the foundations for new process models. An integrated process-based approach with various market-demanded ISO standards (ISO 9001, ISO 21500, ISO/IEC 20000-1 and ISO/IEC 27001) is proposed in the paper; it explains how the Integrated Risk Management Process Model for IT settings in an ISO multi-standards context is developed with a Design Science research method.

A Game Toolbox for Process Improvement in Agile Teams

This paper demonstrates the use of game techniques for Software Process Improvement. InnoBox, a game toolbox for process improvement and innovation in agile teams is presented. Authors selected 12 collaborative games to be used in team meetings. Each game card in InnoBox has been created and classified based on a design thinking approach and team maturity level. InnoBox is a ready to use tool designed for agile teams to facilitate, innovate and improve communication, cohesion and their way of working.

Team SPICE: A SPICE-Based Teamwork Assessment Model

Software engineering is currently paying special attention to cooperative and human aspects of software development. Within this new socio-technical perspective of software engineering, teamwork appears to be a relevant topic. This paper presents a SPICE-based Teamwork Assessment Model for software teams. This model, named Team SPICE, is composed of a Teamwork Reference Model (TRM) and a Measurement Framework, both introduced in previous works. In this paper, the assessment process to be followed to perform a teamwork assessment and the experience of its application to software teams are described.

Towards the Development of a Sequential Framework for Agile Adoption

This research demonstrates the first steps towards the creation of a generic sequential Agile adoption framework. The presented Framework is the result of a detailed analysis of academic literature and industrial reports, and a multi-case study conducted in three large enterprises in Spain and Serbia. The proposed Agile adoption framework is composed of three main sequential phases for Agile method adoption process: Preparation, Transformation and Agile organisation. Preparation, the first phase of the framework, is developed to the highest level of detail and validated in three case companies. The main contribution of the paper is the proposed framework, from which the first phase is ready to be used by practitioners, and second and third phases are useful for academic society and they can be developed and validated further in the future. Integrated list of contingency factors, and list of situational factors, may be used by practitioners independently of using the generic Framework for Agile adoption presented in the paper.

How to Elicit Processes for an ISO-Based Integrated Risk Management Process Reference Model in IT Settings?

Process performance remains a key challenge in organizations. Improving processes can be guided by Capability Maturity Models resting on processes that can be assessed. Several ISO standards propose process models for Management System Standards, such as ISO 9001, ISO/IEC 20000-1 and ISO/IEC 27001, and project management proposes processes in ISO 21500. The ISO 31000 standard provides guidance for Risk management with a process approach and systemic perspective. This paper presents the approach for eliciting processes based on ISO 31000 as the main thread in a process reference model (PRM). This PRM integrates risk management dimensions with the selected ISO standards: ISO 9001, ISO 21500, ISO/IEC 20000-1 and ISO/IEC 27001.