CMM and ISO Certification
Jittapat Yuwutaepakorn
Parach Waiyawajamai
Booncharat Tangtiphongkul
MIS 6800
Dr. Mary C. Lacity
December 2, 2004
Table of contents
- Executive Summary…………………………………………………………1
- Capability Maturity Model………………………………………………….3
- What is CMM……………………………………………………………….3
- Each level of Maturity level
contains KPAs that software
development project has to meet…………………………………………….4
- An example of Requirement
Management of Infosys company…………………………………………...6
- Common features of KPAs indicate
the implementation and institutionalization…………………………………9
- An example of Measurement and
Analysis in common features………………………………………………..9
- The median times to move from
one maturity level to the next………………………………………………10
- How to get CMM certificate………………………………………………..11
- The benefits of Capability Maturity
Model for an organization…………………………………………………. 11
11. Criticisms of CMM…………………………………………………………12
12.What is ISO…………………………………………………………………13
13.ISO 9000 family…………………………………………………………….13
14.ISO 9001:2000 Quality Management System-Requirement………………..15
15.The process Approach………………………………………………………15.
16.The process Model………………………………………………………….16
17.Quality Management Principles…………………………………………….17
18.Benefits of ISO Implementation and Certification………………………….18
19.Limitation of ISO Implementation and Certificate…………………………18
20. Comparison of ISO and CMM………………………………………………18
12. Case study 1: Oklahoma CityAirLogisticCenter (OC-ALC)
Software Division (LAS) used CMM as an guide to software process
Improvement………………………………………………………………..19
13. Case study 2:ULTRATECH STEEPER (UTS) successfully gets
ISO 9001 certified by using 13 steps……………………………………….22
14. References…………………………………………………………………..26
15. APPENDIX A………………………………………………………………
16. APPENDIX B………………………………………………………………
Executive Summary
Increasingly, software development is an important activity in a rapidly increasing number of companies. Each year there are approximately a million software project which produce software worth more than $600 billion worldwide. It has been found that software development takes over more and more of the total development cost. Often, it takes over more than 50% and in many cases account for most of the functionality of the products.
However, most software projects encounter an unsuccessful in producing software because of Schedule and budget overruns, low quality and unable to deliver functionality. The most reason of unsuccessful in software project is an improper management of the project.
Therefore, using effective project management techniques helps to develop the opportunity of successful in producing software. There are two the most recognized methods of quality management with respect to software development which are Capability Maturity Model and International Organization for Standardization 9001. The purpose of using these two methods of quality management is to build more creditability for the organization and the software development process to their customers.
In this report, we would like to provide you information about Capability Maturity Model including an example of Infosys’s case study of CMM in the first part.We will also provide you criticisms of CMM. And then, we will talk about International Organization for Standardization 9001, the similarity and difference between CMM and ISO, and finally we will give you a case study of companies, OC-ALC and UTS, implementing CMM and ISO9001 respectively..
The capability Maturity model originates by the Software Engineering Institute (SEI) of CarnegieMelonUniversity in 1991. The federal government mainly involved in producing CMM because the government faced the problem of inconsistency, overruns time and budget in using software, then the federal government contracted with SEI to create CMM to evaluate software contractors. The purpose of CMM for software is to help organizations in producing quality software and improving the maturity of their software processes.
The CMM is a framework consisting of 5 maturity levels which are the key elements of software processes: Initial, Repeatable, Defined, Managed, and Optimizing. Each maturity level contains Key Process Areas (KPAs) that specify requirements or best practices for organization to be demonstrated. KPAs are organized into a set of 5 common features that help indicate whether the implementation and institutionalization of a key process area is effective, repeatable, and lasting. Each KPAs have some goals that organization must meet in each KPA to satisfy it. In addition, in each KPAs also have a group of activities which called “key practices” that can collectively satisfy the goals of that KPAs.
For an organization to reach a level or the assessment method, all of the KPAs at that maturity level as well as the KPAs at all lower maturity levels must be satisfied by the process of that organization.[14]Any organization that achieved in CMM will gains in productivity, quality, time to delivery, accuracy of cost, effective schedule estimated, product quality and low waste.
ISO standards have been developed by International Organization for Standardization since 1947.The most well-known standard that related to software development is ISO 9001 which are now the only Certificate Standard in ISO 9000 family. ISO 9000 family is a set of generic standards for quality management and assurance which can be implemented by any size or type of organizations. ISO 9000 family is a customer-oriented standard that concerns on continual improvement. Since its initial releasein 1987 to 2003, there are more than 560,000 ISO 9000 certificates issued in 152 countries.
ISO 9001 : 2000 is the requirement of Quality Management System which is composed of quality management systems, management responsibility, resource management, product realization, and measurement, analysis and improvement
Eight Quality Management Principle are the guidances for organizations to
focus oncustomer,provide leadership,encourage the involvement of people, use process approach, manage a system approach, continually improve,usefactual approach to decision making,and be mutually beneficial relationshipswith supplier.
The main difference between CMM and ISO is CMM focus only on sofeware development while ISO covers any kind of industry .The similality of CMM and ISO is “Say what we do and do what we say”
We also provide the two case studies: OC-ALC emplementing CMM, and ULTRA TECH STEEPER(UTS). OC-ALC improved its software process and gain the benefits. UTS used 13 steps to get certified of ISO 9001: 2000 in less than a year with very low costs. Look at how they could get certified of those standard effectively. Commitment of senior managements and involvement of people in the organization are two main keys of their success. Champions are also important to the success of project.
What is CMM
CMM (Capability Maturity Model)
CMM stands for the Capability Maturity Model. CMM developed by adapting the Total Quality Management to use for Software Development and changed the name to Capability Maturity Model.The CMM for software is a structure that emphasizes on processes for software development. It was developed by observing best practices in software organization as well as non-software organization. Therefore, the collective process experience and expectations of many companies are reflected the CMM for software. The CMM for the software can be used both to evaluate the software process of an organization and to plan process improvements
CMM originated by Software Engineering Institute (SEI) of Carnegie Mellon in 1991. The government is a major purchaser of software and has had to deal with unqualified software, overrun schedules, and high costs for many times. Therefore, the federal government asked Software Engineering Institute to establish a quality management tool that would allow the government to distinguish between completing bids for software development. SEI started work on a maturity framework in 1985 and over the next six years it developed into the Capability Maturity Model that was established.
The purpose of CMM is to help organization that produce software, improve the maturity of their software processes.The improvement is conceptualized as an evolutionary path from an AD-HOC chaotic state, to mature, disciplined software process.[28]
Figure 1: The structure of CMM[27]
The structure of CMM shows that The CMM framework consists of 5 maturity levels which are the key elements of software processes: Initial, Repeatable, Defined, Managed, and Optimizing. Each maturity level contains Key Process Areas (KPAs) that specify requirements or best practices for organization to be demonstrated. KPAs are organized into a set of 5 common features that help indicate whether the implementation and institutionalization of a key process area is effective, repeatable, and lasting. Each KPA have some goals that organization must meet in each KPA to satisfy it. In addition, in each KPA also have a group of activities which called “key practices” that can collectively satisfy the goals of that KPA. After all KPAs in that maturity level and at lower level are met, it means that that organization and that software development project are reached that CMM level.
Each level of maturity level contains KPAs that software development project has to meet.
The CMM framework explained the key elements of software processes at different levels of maturity. Thus, it also indicates the route that a software process follows in moving from immature and ad-hoc process to highly mature process.[8]There are 5 maturity levels.
- Initial
- Repeatable
- Defined
- Managed
- Optimizing
Each level within the CMM framework is referred to as a ‘maturity level’. The Key Process Areas can be considered as the requirement or best practices for each maturity level. For an organization to reach a level, all of the KPAs at that maturity level and KPAs at all lower maturity level must be satisfy by the processes of that organization. Each key process areas have its goals that an organization has to meet in order to reach that KPA. Furthermore, each KPA also specifies a group of activities which called key practices that can collectively satisfied the goals of that KPA.[14]
Maturity Level / Rating / Description / KPAs5 / Optimizing / Continuous process improvement is enabled by quantitative feedback from the process and from piloting innovative ideas and technologies.
- The organization is continuously striving to improve their process capability range.
- The organization has the means to identify weakness and strengthen the process proactively
- The goal is the prevention of defects.
- Defect Prevention
- Technology Change Management
- Process Change Management.
4 / Managed / Detailed measures of the software process and product quality are collected. Both the software process and products are quantitatively understood and controlled.
- Software process capability is quantifiable and predictable.
- Quantitative Process Management
- Software Quality Management
3 / Defined / The software process for both management and engineering activities is documented, standardized and integrated into standard software processes for the organization. All project use an approved, tailored version of the organization's standard software process for developing and maintaining software.
- Management has good insight into technical activities.
- Organization Process Focus
- Organization Process Definition
- Training Program
- Integrated Software Management
- Software Product Engineering
- Intragroup Coordination
- Peer Reviews
2 / Repeatable / Basic project management processes are established to track cost, schedule, and functionality. The necessary process discipline is in place to repeat earlier successes on project with similar applications.
- Software project standards are defined.
- Planning and managing new projects is based on similar project experience.
- Requirements Management
- Software Project Planning
- Software Project Tracking and Oversight
- Software Subcontract Management
- Software Quality Assurance
- Software Configuration Management
1 / Initial / The software process is characterized as ad-hoc, and occasionally even chaotic. Outcomes are unpredictable and poorly controlled. Few processes are defined, and success depends on individual effort and heroics.
- The organization typically does not provide a stable environment for developing and maintaining software.
- Over commitment is very common at this level.
- During crisis, projects typically abandon planned procedures and revert to coding and testing.
Source:
An example of Requirement Management of Infosys company
We would like to give you an example of one software project of Infosys Company. First of all, we would like to talk briefly about Infosys Company. Infosys Company is a highly successful software house that has its headquarters in Bangalor, India. It currently employs approximately 10,000 people. It was founded in 1981 by a group of seven software professionals. It provides software services to customers. It has customers in 15 countries. Their customers are engaged in variety of businesses such as banking, retailing, manufacturing, telecommunications, financial services, insurance, and transportation. Infosys has a market capitalization of more than $8 billion (based on market rates in June 2001). Its revenue was more than $400 million in 2000 (revenue in 1994 was $9.4 million). The basic aim is the company is to provide software services to customers all over the world. To provide software services to the customers, the company is organized into strategic business units, with each business unit focusing on a different application domain. Infosys Company achieved CMM level 5 on December 6, 1999.
Source:
Figure 2
We would like to give you an example of one software project of Infosys Company that is in requirement management which is KPA in level 2.After software project reached level 1 or Initial, next step is achieved requirements specification and management which is a key process area in level 2 or repeatable. The goals of requirements management are first software requirements are controlled to establish a baseline for software engineering and management and second software plans, products, and activities are kept consistent with requirement[14] The purpose of requirements management is to establish a common understand between a customer and project team on the customer’s requirement.[2]For Infosys software project, requirements specification and management divided into 3 activities:
- The requirements specification activities are done at the start of the project
- Change management is done throughout the project
- Requirements traceability management aims to ensure that all requirements can be traces to elements in the outputs produced in later stages of the project.
Source: Jalote, Pankai, CMM in Practice: Process for Executing Software Projects at Infosys[14]
Figure 3
In the figure 3 shows the activities performed during the requirements specification and management. Infosys mainly focused on two areas.
- The problem analysis activities consist of three activities
- prepare for requirements gathering and analysis
- Do background reading on customers’ technical/business concepts
- Become familiar with customer’s methodology and tools to be used
- Identify methods for information gathering
- Prepare questionnaires for eliciting information
- Plan Prototyping
- Define requirement specification standards, interview plan and review with customers
- gather requirements
- Establish objectives and scope of the system
- Gather information about business events, external environment, operating environment requirements, performance requirements, standard requirements and special requirements
- Prepare and evaluate prototypes which give the users feel of the system and are a helpful technique in gathering requirements
- Conduct feedback sessions in order to understand all requirements
- Analysis
- Develop process model
- Develop logical data model
- Set up data dictionary
- The product description activities
- Prepare software requirements specification document as you can see an example in APPENDIX A
- Prepare acceptance criteria
- Review requirements and acceptance criteria
After customer reviews and sign-off for the requirements, software project reached the requirement specification and management.
Common features of KPAs indicate the implementation and institutionalizationKPAs are structured into a set of five common features that help indicate whether the implementation and institutionalization of a key process area is effective, repeatable, and lasting.[28]
Common Feature / DescriptionCommitment to Perform
- Establishing organization policies
- Obtaining senior-management sponsorship
Ability to Perform
- Resources requirement
- Organization structure
- training
Activities Performed
- establishing plans and procedures
- performing the work, tracking it
- take corrective actions as necessary
Measurement and Analysis / Describes the need to measure the process and analyze the measurements. Includes examples of measurements that could determine the status and effectives of activities performed.
Verifying Implementation / Describes the steps to ensure that the activities are performed in compliance with the process that has been established. Includes practices on management reviews and audits.
Source: