CMM AND ISO CERTIFICATION GRANT GRIFFEY JOHN ALEXANDER DAVID SOLOVITZ KATIE MANAHAN.
-
Upload
gwenda-stokes -
Category
Documents
-
view
219 -
download
0
Transcript of CMM AND ISO CERTIFICATION GRANT GRIFFEY JOHN ALEXANDER DAVID SOLOVITZ KATIE MANAHAN.
CMM AND ISO CERTIFICATION
GRANT GRIFFEY JOHN ALEXANDER
DAVID SOLOVITZKATIE MANAHAN
2
Presentation Objectives
Explanation of CMM CMM Case Study – Infosys Explanation of ISO – 9000/14000 ISO Examples – Baublitz Advertising and
Industrial Security Services Inc. Comparison Questions?
3
Capability Maturity Model
What is it? What is it’s purpose? How does it help the company? What are the major advantages? What are the major disadvantages? What is the future of CMM?
(10) 4
What is CMM?
Capabilities Maturity Model
Quantifies ability for a company to produce high quality software
(7) 5
History of CMM
In 1984, Congress founded a non-profit group that could impact the growing field of IT and obtain standardized, consistent processes
Created Software Engineering Institute or SEI, which was headquartered at Carnegie Melon University at Pittsburgh
(7) 6
History of CMM
In 1991, the first version of CMM was created by SEI
Was created to help improve the practice of software engineering and establish protocols and methodologies in software development
By 2003, over 2000 organizations have been appraised
(9) 7
What is CMM?Describes a framework of 5 stages of software maturity
(7) 8
Predictability/Risk Relationship
Level 5
Level 4
Level 3
Level 2
Level 1
Risk Increases
Predictability Increases
Implementing the Capability Maturity Model, James R. Persse
(5) 9
Country Level 4 Level 5 Total
India 27 50 77
USA 39 20 59
China 0 2 2
Australia 2 0 2
Canada 0 1 1
Russia 0 1 1
France 1 0 1
Ireland 1 0 1
Israel 1 0 1
Singapore 1 0 1
(7) 10
Key Process Areas
Each level of CMM specifies not only general goals, but defines how the company/organization should operate at each level
Key process areas are major functional areas that need to be incorporated into the organization when working with CMM
(8) 11
LEVELS OF CMM
Level 1 – Initial 25 months to get to level 2
Level 2 – Repeatable 23 months to get to level 3
Level 3 – Defined 28 months to get to level 4
Level 4 – Managed 15 months to get to level 5
Level 5 - Optimizing
LEVEL 5 OPTIMIZING
LEVEL 4 MANAGED
LEVEL 3 DEFINED
LEVEL 2 REPEATABLE
LEVEL 1 INITIAL
Continously improving process (25 months)
Predictable process (23 months)
Standard, consistent process(28 months)
Disciplines process(15 months)
(8) 12
LEVEL 1 - INITIAL
Characteristics Processes are chaotic
and disorganized Few formal rules Most companies would
achieve Level 1 if they were assessed
Comprises approx. 12% of certifications between 1998-2001
LEVEL 5 OPTIMIZING
LEVEL 4 MANAGED
LEVEL 3 DEFINED
LEVEL 2 REPEATABLE
LEVEL 1 INITIAL
Continously improving process (25 months)
Predictable process (23 months)
Standard, consistent process(28 months)
Disciplines process(15 months)
(7) 13
Level 1 Key Process Areas
According to Persee in Implementing the Capability Maturity Model, most groups qualify for level 1 certification without knowing it. Have no processes for software developmentHave processes in place without formal
assessment Therefore, there are no key processes
(11) 14
CMM Case Study - Infosys
Infosys is a software house based in Bangalore, India
Revenues have grown at an annual rate of over 70% each of the last 5 years
Infosys has been assessed at level 4 of the CMM
(11) 15
Level 1 – Initial (Infosys)
At level one a customer will get in contact with Infosys
Customer will request information from Infosys about itself. This is called request for information (RFI)
If only a single project is the goal, the customer will then send back a request for proposal (RFP)
(11) 16
Level 1 – Initial (Infosys)
From RFP, Infosys will prepare and send a proposal. Many models for proposal ie. Fixed price – RFP is analyzed and a cost is determined
from estimating manpower effort and scheduling Proposal is fixed because customer will give agreed price
unless requirements change Requirements usually change, and projects are split into
two parts Creating detailed requirements analysis Developing the software
(8) 17
LEVEL 2 - REPEATABLE
Characteristics Defined and documented
processes Success is repeated Basic project management
techniques track costs, schedules, etc
Largest percentage of companies assessed between 1998-2001
LEVEL 5 OPTIMIZING
LEVEL 4 MANAGED
LEVEL 3 DEFINED
LEVEL 2 REPEATABLE
LEVEL 1 INITIAL
Continously improving process (25 months)
Predictable process (23 months)
Standard, consistent process(28 months)
Disciplines process(15 months)
(7) 18
Level 2 Key Process Areas
Establish basic set of management controlsRequirements managementSoftware project planningSoftware project tracking and oversightSoftware quality assuranceSoftware configuration managementSubcontractor management
(11) 19
Level 2 – Repeatable (Infosys) Two major activities
Requirements analysis and specificationRequirements change management
Main objective of requirements analysis is to produce the software requirement specification document (SRS)
Step by step process for requirements analysis
Prepare – Gather/elicit requirements – Analyze – Prepare SRS – Review – Obtain sign off
(11) 20
Level 2 – Repeatable (Infosys)
Requirements change management Changes can come at any time during a project
Process for dealing with changes Log the changes Perform impact analysis on the work products Estimate effort needed for the change request Re-estimate delivery schedule Perform cumulative cost impact analysis Review the impact with senior management if thresholds are exceeded Obtain customer sign-off Rework work products
A danger of requirements change is that even though changes are usually small, the cumulative effect can be great
(8) 21
LEVEL 3 - DEFINED
Characteristics Standardized software
process meets organizations needs
Process follows defines process
LEVEL 5 OPTIMIZING
LEVEL 4 MANAGED
LEVEL 3 DEFINED
LEVEL 2 REPEATABLE
LEVEL 1 INITIAL
Continously improving process (25 months)
Predictable process (23 months)
Standard, consistent process(28 months)
Disciplines process(15 months)
(7) 22
Level 3 Key Process Areas
Emphasizes project and organizational issuesOrganizational process focusOrganizational process definitionProcess training program Integrated software managementSoftware product engineering Inter-group coordinationPeer reviews
(11) 23
Level 3 – Defined (Infosys) KPA – Peer Review Defects are inevitable, reviews are done to identify
defects The best form of review is a formal group review (in
authors opinion) 4 stages to a group review Planning
Verify entry criteria
Select the group review teamPrepare the group review package
(11) 24
Level 3 – Defined (Infosys) Overview and Preparation
Call a meeting to describe review objectivesProvide an overview of the work productReview group review work individually
Group Review MeetingConduct meetingRecord defectsSummarize issues and close meeting
Rework and Follow-upPerform rework to fix defects detectedPerform investigation and provide results to authorPrepare a summary report and send it to the SEPG
(8) 25
LEVEL 4 - MANAGED
Characteristics Processes are predictable Management can adjust
processes to specific projects without affecting overall quality
Detailed measurements of process and product quality are collected
65% of Motorola’s Global Software Group is at Level 4 or greater
LEVEL 5 OPTIMIZING
LEVEL 4 MANAGED
LEVEL 3 DEFINED
LEVEL 2 REPEATABLE
LEVEL 1 INITIAL
Continously improving process (25 months)
Predictable process (23 months)
Standard, consistent process(28 months)
Disciplines process(15 months)
(7) 26
Level 4 Key Process Areas
Establish quantitative understanding of software process and software productsQuantitative process managementSoftware quality management
(11) 27
Level 4 – Managed (Infosys)
The goal of quality management is to plan quality control activities and to properly execute and control these activities so that defects are detected before software is delivered
The later a defect is detected, the more it cost to remove
(11) 28
Level 4 – Managed (Infosys) Quality Management
Quality management focuses on the defect injection and removal cycle
(11) 29
Level 4 – Managed (Infosys) Quantitative Quality Management
Human reviews are done during RA, Design, and coding phases.
After these phases comes the testing UT, IT/ST and AT (quantitative)
(11) 30
Level 4 – Managed (Infosys)
Defect Removal EfficiencyTool used to measure effectiveness of quality
control activities
DRE =
(8) 31
LEVEL 5 - OPTIMIZING
Characteristics Processes are
continuously improving through feedback and shared ideas
147 organizations from 10 different countries that have achieved Level 5 certification
LEVEL 5 OPTIMIZING
LEVEL 4 MANAGED
LEVEL 3 DEFINED
LEVEL 2 REPEATABLE
LEVEL 1 INITIAL
Continously improving process (25 months)
Predictable process (23 months)
Standard, consistent process(28 months)
Disciplines process(15 months)
(7) 32
Level 5 Key Process Areas
Addresses issues for continuous, measurable software process improvementTechnology change managementProcess change management
(8) 33
How to reach each level of CMM
6 stage process involving senior management and coaches from SEI or other licensed assessment vendor 1. Selection stage 2. Commitment stage 3. Preparation stage 4. Assessment phase 5. Report stage 6. Assessment follow-up stage
(8) 34
How to Reach each level of CMM
No reassessment is completed once a company achieves any level of CMM
Assumed that company will continue to maintain levels achieved
(8) 35
CMM success factors and pitfalls
Creating strategic motivation to pursue certification Internal – help build capabilities crucial to success of company External – reassurance of customers
Increases visibility to customers Customer recognition of certification importance may not reflect
changing in their own organization with regards to maturity
Sustaining management commitment Necessary for substantial time and financial investment by
management Improper motivation for obtaining CMM certification Expenditure versus investment
(8) 36
CMM Success Factors and Pitfalls
Ensuring organizational socialization to encourage developer buy-in for process discipline Shift in attitude from independent to interdependent Everyone may not be “on board”
Broad participation in defining and refining processes Involve as many people as possible to foster acceptance of
program Managers do not explain rationale behind some process
requirements
(9) and (10) 37
Benefits of CMM Certification Productivity increases
According to one study, software productivity increased 35%
Decrease in defectsPost-release defects lowered by 39%
Cost savings 9.2 million dollars were saved within a 3 year
period on software re-works
(12) 38
International Standards Organization
The international standards organization specifies requirements for a quality management system
Basic form of the Standard requires: Understand product and service requirements Establish processes to meet those requirements Provide resources to run the processes Operate, monitor, and measure the processes Improve continuously, based on analysis of the
results
(3) 39
Model of a process-based quality management system
(12) 40
“Plan-Do-Check-Act” Methodology
Plan Establish objectives and
processes Do
Implement the processes Check
Monitor and measure processes
Act Take actions to continually
improve process performance
(1) 41
ISO Certification
ISO consists of members from 156 countries on the basis of one member per country.
Full members: Member bodies = one vote
Members from countries with non developed national standards activity: Correspondent members = no vote
Members from countries with small economies: Subscriber members
(1) 42
ISO Certification
Central Secretariat in Geneva, Switzerland Permanently appointed Reports to the ISO Council ISO Council develops proposals for
standards to be presented to ISO members
(1) 43
ISO Certification
ISO’s principal activity is the development of technical standards
These standards contribute to making the development, manufacturing and supply of products and services more efficient, safer and cleaner
(1) 44
ISO Certification
ISO officially began operations on February 23, 1947
Delegates from 25 countries met in London and decided to create an organization with the mission of “to facilitate the international coordination and unification of industrial standards.”
(5) 45
Top Ten Countries for ISO Certifications in 2004
1. China 2. Italy 2. United Kingdom 3. United States 4. Germany 5. Japan 6. Spain 7. Australia 8. France 9. Korea
(3) 46
(1) 47
Benefits to Society
BusinessesAllows them to produce a product under
worldwide standards Customers
Provides a wider range of productsMore competition between producers
GovernmentsProvide standards on health, safety and
environmental legislation
(1) 48
Benefits to Society
Trade Officials Helps create a more level playing field for all
competitors
Developing Countries Helps these countries invest their scarce resources
more wisely in order to produce products that meet worldwide standards
Consumers Provides assurance of quality, safety, and reliability
(1) 49
Benefits to Society
EveryoneAssures the things we use in everyday life are
of the highest quality Planet
Provides standards on air, water and soil quality
(1) 50
Particulars of ISO
Equal treatmentAll full members have the right to take part in
any activity ISO is involved in Voluntary
All of ISO’s standards are voluntary. ISO has no legal authority to impose it’s standards.
(1) 51
Particulars of ISO
Market-drivenMarket requirements are what drive standards
development Consensus
Helps ensure application of standards due to the market demand for these standards and the agreement of interested parties on the standards
(1) 52
Particulars of ISO
WorldwideWorldwide standards are difficult to implement ISO has some 3,000 technical groups with
some 50,000 experts to develop standards A process that has been set to an ISO
standard is only useful if it achieves the desired output. ISO will only accomplish the exact same undesired output every time.
(1) 53
Facts about ISO
Number of StandardsSince 1947 the ISO has developed
15,036
(1) 54
ISO 9000
“Provides a framework for quality management throughout the processes of producing and delivering products and services for the cutomer.”(1)
>500,000 organizations in 149 countries have implemented ISO 9000
(1) 55
ISO 14000
Primarily concerned with environmental management.
“Helps companies minimize harmful effects on the environment caused by it’s activities, and continually to improve its environmental performance.”(1)
(4) 56
(2) 57
ISO Examples – Baublitz Advertising
21 year old business wholly owned by The Wolf Organization Inc.
Located in York, Pennsylvania First advertising company to receive ISO
9001 certification in September 1997
(2) 58
ISO Examples – Baublitz Advertising
They were looking to gain competitive advantage
Baublitz President – James Groff has stated:“We saw (standardization of quality) going on
in the industry with our clients”“It adds accountability and concreteness to a
business that has not been known for it”
(6) 59
ISO Examples-Industrial Security Service Inc. A midsized guard-services company based in
Ohio Began the process to become ISO certified in
1999 Received ISO 9001:2000 certification in
February 2004 With the ISO certification it allowed the company
to go from a small, single-site company to a multi-site company with three corporate offices
(6) 60
ISO Examples-Industrial Security Service Inc. Recognized benefits
An increase in operational efficiencyMeasurable rise in customer satisfaction Identified was to decrease indirect costsGained insight in security officer retention
trendsHas the ability to better justify costs
(5) 61
ISO and CMM Comparison
ISO CMM
Is a Certification Is an assessment
Used for all industry development Used for software
Yearly re-certification No follow up after reaching level
Outwardly focus Inwardly focus
Third Party Certification Certified by the SEI (Developers of CMM)
Questions?
63
References 1. http://www.iso.org, viewed October 2005 2. Gaboda, Gail “Ad agency uses ISO certification to gain
competitive edge” Marketing News Chicago: December 8, 1997 Volume 31, Issue 25 page 2
3. West, John E. “Guidance Documents for Using ISO 9001 Effectively” Quality Digest August 2005
4. Berchelor, Sylvie and Coulmont, Michel “ISO 14000-a profitable investment?” CMA Management Hamilton: November 2004 Volume 78, Issue 7 page 36
5. Griggs, Gary M. “Quality Management of the Software Industry” May 19, 2004
64
References (continued) 6. Ricci, Joseph “ISO Proof of Quality” Security Management
Arlington: March 2005 Volume 49, Issue 3 page 31 7. Perse, James R. Implementing the Capability Maturity
Model 2001 page 5 8. Adler, Paul, Binney, Derek, Irion-Talbot, Wendy, and
McGarry, Frank "Enabling Process Discipline: Lessons from the Journey to CMM Level 5" MIS Quarterly Executive Volume 4, Number 1, March 2005 page 215-227
9. Freedman, Rick "More on Standards-Based IT Consulting" Consulting to Management June 2005 Volume 16, Issue 2 page 43
65
References (continued)
10. Kesh, Someswar and Ramanujuan, Sam “Comparison of Knowledge Management and CMM/CMMI Implementation” The Journal of American Academy of Business, Cambridge March 2004 Volume 4 pages 271-277
11. Jalote, Pankaj CMM in Practice-Processes for Executing Software Projects at Infosys Reading, Mass.; Wokingham, England : Addison-Wesley, 2000
12. Beaumont, Leland R. ISO 9001, The Standard Interpretation: The International Standard for Quality Management Systems Third Edition; Middletown, NJ.; ISO Easy 2002 pages 9-16