Process Standards - ISO 9000 and CMM

(Web references are given before the text.)

ISO 9000

 ISO 9000 http://www.iso.ch/infoe/intro.htm

Standards are documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose.

For example, the format of the credit cards, phone cards, and "smart" cards that have become commonplace is derived from an ISO International Standard. Adhering to the standard, which defines such features as an optimal thickness (0,76 mm), means that the cards can be used worldwide.

International Standards thus contribute to making life simpler, and to increasing the reliability and effectiveness of the goods and services we use. The International Organization for Standardization (ISO) is a worldwide federation of national standards bodies from some 130 countries, one from each country.

ISO is a non-governmental organization established in 1947. The mission of ISO is to promote the development of standardization and related activities in the world with a view to facilitating the international exchange of goods and services, and to developing cooperation in the spheres of intellectual, scientific, technological and economic activity.

Tens of thousands of businesses are implementing ISO 9000, which provides a framework for quality management and quality assurance.

http://www.iso.ch/9000e/plain.htm

ISO 9000 is primarily concerned with "quality management". Like "beauty", everyone may have his or her idea of what "quality" is. In plain language, the standardized definition of "quality" in ISO 9000 refers to all those features of a product (or service) which are required by the customer. "Quality management" means what the organization does to ensure that its products conform to the customer’s requirements.

http://www.iso.ch/9000e/magical.htm

ISO 9001 sets out the requirements for an organization whose business processes range all the way from design and development, to production, installation and servicing.

ISO 9000-3, Quality management and quality assurance standards – Part 3: Guidelines for the application of ISO 9001:1994 to the development, supply, installation and maintenance of computer software Provides you with specific interpretation of the requirements of ISO 9001 for computer software development applications.

http://connect.ab.ca/~praxiom/9000-3.htm

[ISO 9000-3 contains 20 standards of which one in plain English is]

ISO 9000-3: 4.4 Product design requirements

• Develop and document procedures to control the product design and development process. These procedures must ensure that all requirements are being met.
• Control your software development projects and make sure they are executed in a disciplined manner.
• Control your software design process and make sure that it is performed in a systematic way.
• Develop product design and development planning procedures.
• Prepare a software development plan. Your plan should be documented and approved before it is implemented. Your plan should:

• Define your project.
• List project objectives.
• Present your project schedule.
• Define project inputs and outputs.
• Identify related plans and projects.
• Explain how your project will be organized.
• Discuss project risks and potential problems.
• Identify important project assumptions.
• Identify all relevant control strategies.

• Identify the groups who should be routinely involved in the product design and development process, and ensure that their design input is properly documented, circulated, and reviewed.
• Make sure that your software development plan defines:

• How the responsibility for software development will be distributed amongst all participants.
• How technical information will be shared and transmitted between all participants.

• Make sure that your customer has accepted the responsibility to cooperate and support your software development project.
• Make sure that you schedule project reviews in order to evaluate the activities and the results achieved by all participants.
• Develop procedures to ensure that all design input requirements are identified, documented, and reviewed; and that all design flaws, ambiguities, contradictions, and deficiencies are resolved.
• Design input requirements should be specified by the customer. However, sometimes the customer will expect you to develop the design-input specification. In this case you should:

• Prepare procedures that you can use to develop design-input specifications.
• Work closely with your customer in order to avoid misunderstandings and to ensure that the specification meets the customer's needs and expectations.
• Express your specification using terms that will make it easy to validate during product acceptance.
• Ask your customer to approve the resulting design-input specification.

• Develop procedures to control design outputs.
• Prepare design output documents using standardized methods and make sure that your documents are correct and complete.
• Develop procedures which specify how product design reviews should be planned and performed.
• Plan and perform product design reviews for your software development projects.
• Develop and document software design review procedures.
• Develop procedures which specify how design outputs, at every stage of the product design and development process, should be verified.
• Verify your software design outputs by performing design reviews, demonstrations, and tests.
• Maintain a record of your design verifications.
• Develop procedures that validate the assumption that your newly designed products will meet customer needs.
• Prove that your product is ready for its intended use before you ask your customer to accept it.
• Accept validated products for subsequent use only if they have been verified and only if all remedial actions have been taken.
• Maintain a record of your design validations.
• Develop procedures to ensure that all product design modifications are documented, reviewed, and formally authorized before the resulting documents are circulated and the changes are implemented.
• Develop procedures to control software design changes that may occur during the product's life cycle.

 Capability Maturity Model

A company is either ISO-9001 compliant or it is not. The Capability Maturity Model (CMM) has five levels of quality.

http://www.sei.cmu.edu/cmm/cmm.html

The Capability Maturity Model for Software (CMM or SW-CMM) is a model for judging the maturity of the software processes of an organization and for identifying the key practices that are required to increase the maturity of these processes.

The SW-CMM has been developed by the software community with stewardship by the SEI [Software Engineering Institute at Carnegie-Mellon]. The Software CMM has become a de facto standard for assessing and improving software processes. Through the SW-CMM, the SEI and community have put in place an effective means for modeling, defining, and measuring the maturity of the processes used by software professionals.

http://www.sei.cmu.edu/activities/cmm/cmm.sum.html

Capability Maturity Model® (SW-CMM®) for Software

The Capability Maturity Model for Software describes the principles and practices underlying software process maturity and is intended to help software organizations improve the maturity of their software processes in terms of an evolutionary path from ad hoc, chaotic processes to mature, disciplined software processes. The CMM is organized into five maturity levels:

1) Initial. The software process is characterized as ad hoc, and occasionally even chaotic. Few processes are defined, and success depends on individual effort and heroics.

2) Repeatable. Basic project management processes are established to track cost, schedule, and functionality. The necessary process discipline is in place to repeat earlier successes on projects with similar applications.

3) Defined. The software process for both management and engineering activities is documented, standardized, and integrated into a standard software process for the organization. All projects use an approved, tailored version of the organization's standard software process for developing and maintaining software.

4) Managed. Detailed measures of the software process and product quality are collected. Both the software process and products are quantitatively understood and controlled.

5) Optimizing. Continuous process improvement is enabled by quantitative feedback from the process and from piloting innovative ideas and technologies.

Predictability, effectiveness, and control of an organization's software processes are believed to improve as the organization moves up these five levels. While not rigorous, the empirical evidence to date supports this belief.

Except for Level 1, each maturity level is decomposed into several key process areas that indicate the areas an organization should focus on to improve its software process.

The key process areas at Level 2 focus on the software project's concerns related to establishing basic project management controls. They are Requirements Management, Software Project Planning, Software Project Tracking and Oversight, Software Subcontract Management, Software Quality Assurance, and Software Configuration Management.

The key process areas at Level 3 address both project and organizational issues, as the organization establishes an infrastructure that institutionalizes effective software engineering and management processes across all projects. They are Organization Process Focus, Organization Process Definition, Training Program, Integrated Software Management, Software Product Engineering, Intergroup Coordination, and Peer Reviews.

The key process areas at Level 4 focus on establishing a quantitative understanding of both the software process and the software work products being built. They are Quantitative Process Management and Software Quality Management.

The key process areas at Level 5 cover the issues that both the organization and the projects must address to implement continual, measurable software process improvement. They are Defect Prevention, Technology Change Management, and Process Change Management.

Each key process area is described in terms of the key practices that contribute to satisfying its goals. The key practices describe the infrastructure and activities that contribute most to the effective implementation and institutionalization of the key process area.
 

Additional References:

CMU SEI: http://www.sei.cmu.edu/

CMU SEI Management Processes: http://www.sei.cmu.edu/managing/managing.html

CMU SEI PSP/TSP: http://www.sei.cmu.edu/tsp/

Pathways to Process Maturity: The Personal Software Process and  Team Software Process by Watts Humphrey:
http://interactive.sei.cmu.edu/Features/1999/June/Background/Background.jun99.htm

Return to Martin's Homepage