SoftwareTechnical Quality Report Management- ( CMMIAssignment / ISO Family)III Saleh Al-Daajeh School of Computing Blekinge Institute of Technology Ronneby, Sweden
[email protected]
1
Introduction
requirements and satisfaction. The ISO 9001:2000 outlines five areas that have to be considered for organizations to be successful in the following processes [2]:
The article’s sections 2 and 3 briefly investigates the most prominent "‘standards"’ the ISO 9001-2000 and the capability maturity model integration "‘CMMI"’. Moreover, it discusses their characteristics, aims and objectives, the underlying reason for developing these models, and the mechanism by which these system work respectively. Furthermore, section 4 and 5, elaborates on the difference found between these quality systems and the pros and the cons of each of them. Section 6 describes in details what the author believes in as the most important process areas of the CMMI quality system. Finally, the article explore similar quality systems pros and cons in section 7.
2
• Defining processes for developing products • Satisfying customer requirements • Keep the aforementioned activities/processes under control. A notable feature in the standard ISO 9001:2000 is the minimal amount of prescriptive documentation. It has an explicit requirements for only six documented procedures: document control, control of records, conducting audits, nonconformity control, corrective action, and preventive action [2]. Regardless to differences encountered in the structure of the old warhorse standard the ISO 9001:1994- having 20 section, and the relatively recent standard 9001:2000 -having five sections, another difference is depicted on the change of emphasis the afore-stated standards brings on process improvement 2 . The "‘ISO 9001:2000"’ brings more emphasis on upper management commitment to process improvement and also not only on meeting customers’ requirements but also customers’ satisfaction which may go beyond meeting the imposed requirements [2]. According to [2], the ISO 9001:2000 high level characteristics can be depicted in the following:
ISO 9001:2000
The acronym ISO stands for the "‘International Organization for Standardization"’ 1 [1]. The ISO 9001:2000 was issued in December 2000 after revising the afore version ISO 9000:1994, including the withdrawal of ISO 9002, and ISO 9003 [2] [3]. According to [4], the underlying purpose of the standard ISO 9001:2000 is to provide an equitable basis for evaluating the capability of organizations in order to meet customers and applicable regulatory requirements. Moreover, this standard intent to be used for contractual and certificate purposes. The ISO 9001:2000 defines the requirements of a quality management systems, the purpose of which is to enable organization to continually satisfy their customers. The applicability of this standard can be found when an organization needs to demonstrate its ability to provide products and services that meet customers
• The ISO 9001:2000 is a standard and not a model. • The ISO 9001:2000 provides a broad directions on process improvement. • The ISO 9001:2000 consists of one set of requirements to be satisfied in order to be ISO certified. • The ISO 9001:2000 Gives the freedom to organization to implement their process improvement approaches and mechanisms. This standard do not provide guideline for implementation.
1 ISO was chosen instead of IOS, because "‘iso"’ in Greek means equal, and ISO wanted to convey the idea of equality - the idea that they develop standards to place organizations on an equal footing. [1]
2 The [3] provides an excellent overview on the differences between the ISO 9001:1994 and the ISO 9001:2000
1
• Requires an interpretation of an organization with many programs.
Maturity Level Level 3
Optimizing Contains
Process Change Management Technology Change Management Defect Prevention
Indicates
3
Key Process Area
CMMI
Capability Maturity Model Integration "‘CMMI"’ is a model that become a de facto standard for process improvement. In late 1998, the USA government directed the SEI to start working on CMM integration [2]. The "‘CMMI"’ is intended to alleviate the problems of using multiple models, maximize the strengths of each model, and still preserve organizational investments in legacy process improvements based on the software and systems engineering [2]. However, this model was created to harmonize several capability maturity models. Moreover, the CMMI consolidates overlapping activities and provides a systematic approach for process institutionalization over all of the aforementioned domains [2]. The CMMI model consists of five levels "‘in stages format"’ that helps organizations to assess and to improve their practices accordingly. Each of these levels consists of key processes areas and associated goals [2]. Every key process area organizes the key practice into five categories known as common features. However, organization maturity level is accomplished when satisfying all the goals of all key process areas "‘KPA"’. Moreover, the KPA is achieved by addressing the practices in all five common features for that KPA. Figure 1 depicts a rough explanation of the CMMI works. CMMI high level characteristics can be depicted as follows:
Managed
Peer Reviews
Process Capability: Disciplined Process
Software Quality Management Quantitative Process Improvement
Organized By Achieves Common Features
Defined Activities Performed
Goal1: Review and approval of accomplished steps
Peer Reviews Software Product Engineering Integrated Software Management Training Program Intergroup Coordination Organization Process Definition Organization Process Focus
Example Contains
Adress
Key Practice: Tailoring is reviewed and approved
Repeatable Software Configuration Management Software Quality Assurance Software Subcontract Management Software Project Tracking and Oversight Software Project Planning Requirements Management
Implementation or Institutionalization
Infrastructure or Activity
Initial
Figure 1: CMMI levels and the Mechanism to Achieve a level. way. Additionally, the CMMI elaborates on "‘What to do "‘ in more details without mandating the "‘How to do it"’ [2].
• CMMI is a model. Because of broad use of this model it became as a de facto standard [2].
4
• CMMI gives a detailed directions on process improvement. • Consists of progressive steps "‘Five Levels"’.
Differences Between ISO and the CMMI
the
The differences between the ISO 9001:2000 standard and the CMMI model can be interpreted at different levels. However, understanding both the ICO 9001:2000 and the CMMI characteristics and intention of work its easier to show that both are based on principles of systems engineering and a process approach [2]. The differences can be depicted at a higher level between both the ISO 9001:2000 and the CMMI. Table 1 shows the high level differences between both the ISO 9001:2000 and CMMI. However, a major difference between these two standards are in the language. The ISO 9001:2000 is using an prescriptive language using the world "‘shall"’ to address the requirements imposed on process improvement. While CMMI does not list its requirements using shall statements [2]. Moreover, the CMMI dis-
• This model provide guidance for institutionalization and implementation of process improvement. • It accommodates organizations with many programs Another notable characteristic of the CMMI model indicates that the CMMI builds process capability and maturity around projects that develop products "‘produce output"’ [2]. Moreover, the CMMI emphasizes on the need of having a stable management processes before any technical processes can be systematically addressed. The CMMI is constructed to guide process improvement gradually, elevating organization state from initial, may be chaos state, to statistically controlled processes that will enable the development of a higher quality products that are delivered in a cost effective
2
ISO 9001:2000
CMMI
Standard Broad directions on process improvement One set of requirements that must be satisfied in order to be ISO certified Gives organization freedom in implementation process improvement activities "‘ No or high level Guidance for implementation"’ Requires interpretation for an organization with many programs
Model Detailed directions on process improvement Progressive steps "‘ Five levels"’. Provides institutionalization and implementation guidance for process improvement activities accommodates organizations with many programs.
Table 1: High level Differences Between the ISO 9001:2000 and the CMMI According to [2] • Freedom of implementation: organizations have the freedom of interpreting the requirements enclosed in the ISO standards.
tinguishes between the localized process improvement and organization-wide process improvement. In order to win the ISO certification, all the requirements stated in the ISO standard must be satisfied. In contrast, the CMMI model have five levels of process maturity and six levels of process capability that guide an organization in progressively attain its goals.
5
Although of these strengths, ISO standards also have weaknesses. These weaknesses are as follows: • Very general with no guidelines for implementations: it provides no interpretation for how to apply the requirements to entities that are smaller than organizations. This could result in extra expenses to be spent on developing and implementing their SQM. Moreover, although the wide applicability of ISO standards. They lack from guidelines to implementation in special industries or fields.
ISO and CMMI Pros and Cons
General benefits gained from ISO and CMMI is improving quality to products and processes. However, the ISO standards and the CMMI models is designed based on best practices that are adopted in certain organizations and experiences. Focusing on process improvement activities, mechanism, goals the aforementioned frameworks for process improvement have some flaws and strength as indicated in [2]. Moreover, as stated before in sections 2 and 3 , these models provide a set of goals in terms of processes to be achieved in order to attain certain certification or maturity level [5]. Boris et. al. proposes a framework that is built based on combining the afore stated frameworks’ advantages and eliminating their flaws [2]. The followings are the strengths of ISO 9001:2000 as found in [2]:
• Structure: the structure of ISO 9001:2000 is derived from the old warhorse 9001:1994. It does not provide structured processes by which the focus is carried in improving a process areas to another. In general, there it has no road map as there are progressive steps in the CMMI model. • Lack of details: In general, the ISO lack from details regard their requirements, interpretations , and implementation. The strength of the other de facto standard - the CMMI model are explained as follows :
• Broad Applicability: It can be applied to any industry or environment and still provide sensible requirements for implementing a quality management system.
• Inclusion of institutionalization practices: it provides a detailed guideline of process improvement institutionalization. Moreover, it indicates a set of pre-requisits needed for implementing specific practices and ensuring that those practices are implemented.
• Affects most functional areas of an organization such as management, human resources, production, engineering, and quality.
• Provide a road map for improvement through maturity and capability levels: It consists of levels "‘steps"’ by which organization are able to identify their maturity level and work to sustain a higher level.
• International recognition and appeal: The ISO standards have an international appeal as a mark of excellence awarded to companies that are ISO registered.
3
7
• recognition of organizational versus projectdefined processes: The focus is payed on organization rather individuals. However, its also widely used in industry and organizations.
Process improvement is one of the ultimate goals of many organizations. However, there are several models or methods that was built for this intention, for example Trillium, ISO 12207,ISO SPICE, and ISO TickIT. According to [7], the TickIT is not prescriptive about the improvement method that are used, as organizations need to adopt the improvement processes that best suit their business objectives. A further major objective is to provide industry with a practical framework for the management of software development quality by developing more effective quality management system certification procedures. TickIT certification, the objectives of TickIT are to:
The noted weaknesses of this de facto standard can be illustrated as follows: • It can be too detailed for some organization which may be considered as prescriptive. • It requires a major investment in process improvement effort in order to be able to implement the proposed details.
6
Cons and Pros of Similar Models
CMMI Process Areas
• improve market confidence in third party quality management system certification through accredited certification bodies for the software sector.
The CMMI contains 22 process areas. These process areas aims at describing the general and specific goals and practices of product development that are to be covered by organizational processes. However, the followings are what the author’s believe the most important process areas the CMMI model encloses.
• improve professional practice amongst quality management system auditors in the software sector. • publish authoritative guidance material for all stakeholders.
• Requirements Development: requirements are supposed to provide a description of what the customers needs and expected. In order to measure the achieved customer satisfaction, we are required to maintain the process of developing the right requirements for a give product. Moreover, a product failure is strongly related to the developed requirements. Organizations success is tied to meeting customer requirements and satisfaction. Therefore, requirements development which focus on producing and analyzing customer, product, and product component requirements is absolutely one of the most important process areas that the CMMI encloses.
TickIT Guide introduced the concept of developing a quality management system based on software development processes [7]. However, all the enclosed references relate certain elements that are strongly related to quality management system such as Organizational Structure, Responsibilities , Procedures , Processes , and Resources. Many of these process improvements frameworks are focused on improving and defining these elements so that organizations have less complication and yet execute an effective process improvement effort. The ISO SPICE objective is to produce a standard for software process assessment based on rapid development program and industry trials. The underlying advantages can be depicted in the structured approach this standard provide for the assessment of software processes. It also useful that create organization awareness for knowing their current situations, and also adopted by a number of countries such as England and Australia [6]. The ISO 12207 is an international standard on the software lifecycle processes. This standard groups the processes into three main categories: primary lifecycle processes, supporting lifecycle processes, organizational lifecycle processes. The advantage of this standard is that it establishes a common framework for software lifecycle processes that can be referenced by software industry [8]. This standard helps to eliminate the possible conflicts that may encountered
• Risk Management: the underlying objective of this process are is to identify the potential problems before they occur. This process area also aims at planning, and initiating risk-handling activities as needed across the life of the product or project to avoid the undesired impacts on achieving objectives of the project, product, and organization. • Validation: According to [6] validation is the process of evaluating a developed product to determine whether it meets the proposed requirements or not. This process area is one of most important process areas enclosed in the CMMI model which enable organizations to meet customer’s needs and satisfaction.
4
when referring to a certain process. Thus, it pays off to the quality management system of an organization and especially when dealing with suppliers. The Trillium, is a software assessment model developed by Bell Canada. The main objective of this model is to assess the software product development processes of potential software suppliers in order to minimize risks and ensure timely delivery [9]. The Trillium model pays off to the organizations quality management system as this model provides key industry practices that can be used to improve existing process of product development life cycle [6].
References [1] P. Berander, L. Damm, J. Eriksson, T. Gorschek, K. Henningsson, P. Jönsson, S. Kågström, D. Milicic, F. Mårtensson, K. Rönkkö, P. Tomaszewski, L. Lundberg, M. Mattsson, and C. Wohlin, “Software quality and trade-offs,” Blekinge Institute of Technology, Ronneby, Blekinge- Sweden, Tech. Rep. Tech. 2005, June 2005. [2] B. Mutafelija and H. Stromberg, Systematic Process Improvement Using ISO 9001:2000 and CMMI. Norwood- USA: Artech House,Inc., 2003. [3] C. J. Cianfrani, J. J. Tsiakals, and J. E. West, ISO 9001:2000 Explained, 2nd ed. Maliwaukee: WI:ASQ Quality Press, 2001. [4] D. Hoyle, ISO 9000 Quality System Handbook, 2nd ed. Woburn- USA: Butter-worth heinmann, 2006. [5] A. Shaikh, A. Ahmed, N. Memon, and M. Memon, “Strength and weaknesses of maturity driven process improvement effort,” in International Conference on Complex, Intelligent and Software Intensive Systems, 2009, pp. 1–8. [6] S. R. Rakitin, Software Verification and Validation for Practitioners and Managers, Second Edition. Norwood, MA, USA: Artech House, Inc., 2001, pp. 170–230. [7] TickIT, “The tickit guide - executive view,” TickIT, vol. 0.5, January - 2001. [8] ISO, “International standard iso/iec 12207:1995,” Information Technology - Software Life-Cycle processes, 1995. [9] F. Coallier, “Trilluim: A model for the assessment of telecom product development and support capability,” IEEE TCSE Software Process Newsletter, 1995.
5
