ISO/IEC TS 33072:2016: -定义符合ISO/IEC 33004要求的过程评估模型（PAM），并通过提供指标来指导解释ISO/IEC TS 33052中定义的过程目的和结果以及ISO/IEC 33020中定义的过程属性，从而支持过程能力评估的执行； -举例说明评估指标的定义、选择和使用。 PAM包括一组过程性能和过程能力的指标。这些指标被用作收集客观证据的基础，使评估员能够进行评级。ISO/IEC TS 33072:2016中包含的一组指标并非旨在成为一套包罗万象的指标，也并非旨在完全适用。ISO/IEC TS 33072:2016中的PAM针对希望选择模型和相关记录过程方法进行评估（用于能力确定或过程改进）的评估发起人和合格评估员。此外，通过提供良好的信息安全管理实践的例子，它可能有助于评估模型的开发者构建他们自己的模型。它可用于: a)服务提供商评估和改进信息安全管理系统(ISMS)； b)服务提供商展示其设计、开发、过渡和交付满足信息安全管理要求的服务的能力。 任何符合ISO/IEC 33004中有关过程评估模型规定要求的PAM均可用于评估。可能需要不同的模型和方法来满足不同的业务需求。ISO/IEC TS 33072:2016中的评估模型符合ISO/IEC 33004中表达的所有要求。 注PAM的版权发布:ISO/IEC TS 33072:2016的用户可以复制第5.2至5.27、6.2、B.2和B.3小节，作为任何工具或其他材料的一部分，以支持过程评估的执行，以便其可用于其预期目的。

ISO/IEC TS 33072:2016:

• - defines a process assessment model (PAM) that meets the requirements of ISO/IEC 33004 and that supports the performance of an assessment of process capability by providing indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC TS 33052 and the process attributes as defined in ISO/IEC 33020;
• - provides guidance, by example, on the definition, selection and use of assessment indicators.

A PAM comprises a set of indicators of process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to assign ratings. The set of indicators included in ISO/IEC TS 33072:2016 is not intended to be an all-inclusive set nor is it intended to be applicable in its entirety. The PAM in ISO/IEC TS 33072:2016 is directed at assessment sponsors and competent assessors who wish to select a model, and associated documented process method, for assessment (for either capability determination or process improvement). Additionally it may be of use to developers of assessment models in the construction of their own model, by providing examples of good information security management practices. It can be used by: a) service providers to assess and improve an Information Security Management System (ISMS); b) service providers to demonstrate their capability for the design, development, transition and delivery of services that fulfil information security management requirements. Any PAM meeting the requirements defined in ISO/IEC 33004 concerning models for process assessment can be used for assessment. Different models and methods might be needed to address differing business needs. The assessment model in ISO/IEC TS 33072:2016 meets all the requirements expressed in ISO/IEC 33004. NOTE Copyright release for the PAM: Users of ISO/IEC TS 33072 :2016 may reproduce subclauses 5.2 to 5.27, 6.2, B.2 and B.3 as part of any tool or other material to support the performance of process assessments so that it can be used for its intended purpose.