Software Process Improvement and Capability dEtermination (SPICE) – ISO/IEC 15504

When I wanted to learn about SPICE, CMMI, ISO, I faced some problem related to learning of SPICE. So I decided to share this information here. I will try to provide the differences between ISO, CMMI and SPICE in a series of posts.

1. Introduction

Due to the increased awareness of the fact that the quality of a product depends on the quality of process, more and more organizations started to study and adopt international standards such as Spice, ISO 9001:2000 and CMMI etc. to improve their software process. International standards help to initiate software process improvement in organizations.

International standards are created by dozens of organizations and hundreds of professionals, academics etc. working together across the globe [1]. With more and more organizations moving towards global software development, many conflicts arise due to geographical, technological and cultural differences[2]. International standards are considered as an adaptable way to prevent or overcome barriers and incompatibility issues caused by such differences. In this section the authors will give a description of the three widely used international standards and models in the world.

A. CMMI

CMMI (Capability Maturity Model-Integrated) is a well-known, widely used and standardized model which primarily focuses on process assessment and process improvement of software and systems [3]. CMMI offers continuous and staged improvement through maturity levels and capability levels [4]. These levels assist in identifying and evaluating the progress and the status of the improvement. It presents a “roadmap” and a demonstrated sequence of process improvement by advancing to next level. By providing guidelines, systematic implementation of process improvement is made possible by CMMI [5].

B. ISO

ISO (International Organization for Standardization) is a global standard organization that identifies and develops standards for business, government and society [6]. According to the updated list of ISO standards, it has developed over 18000 international standards covering a variety of subjects. Almost 1100 new ISO standards are published every year [7]. The purpose of ISO is to facilitate global consensus agreements on international quality standards, and make international coordination and unification among organizations. It has resulted in a system for certifying suppliers to make sure they meet internationally accepted standards for quality management. These standards contribute and influence every aspect of our lives, because they assist in ensuring and enhancing essential features, such as quality, safety, economy, reliability, compatibility, efficiency and effectiveness. As a result, spread knowledge, shared technological advances and skilled management practices are achieved [6].

Every standard of ISO has specific focus. ISO 9000 family focuses on quality management which ensures the product or service meet the expectation and need of customers or other stakeholders. ISO 9001 is one of the standards in the ISO 9000 family, which specifies quality requirements that can be used to demonstrate supplier’s capability of providing adequate product quality, and enhanced performance [8]. ISO 15504 focuses on process improvement and capability evaluation.

Comparing with CMMI, ISO is more general and applicable to any type of organization and environments. Both CMMI and ISO are the examples of model based Software process improvements (SPI), widely being used in the industries.

C. SPICE

ISO/IEC 15504, commonly referred as SPICE, is the international standard for process assessment, which was initiated in 1993 as the SPICE Project [9]. The project was to support the development, validation of a practical international standard for software process improvement. It was jointly developed by ISO (International Organization for Standardization) and the IEC (International Electrotechnical Commission) [1][9][10][11]. This framework helps the organizations in terms of controlling planning, managing, monitoring and improving the acquisition, supply, development, operation, evolution and support of software [12]. The initial versions of ISO/IEC 15504 focused exclusively on software development processes. Later, it was extended to cover all processes related to software life cycle, for example, project management, configuration management, quality assurance etc. [10].

ISO/IEC 15504 can be considered as the product of SPICE project, which comprises of a guide for performing an assessment for software development processes [12]. As part of this standard, framework for software process assessment, a model about how to perform an assessment, a description of tools that can be used as part of the assessment process and a discussion of factors that can lead to a successful assessment are provided [13]. The structured approach provided by ISO/IEC 15504 can be used for process improvement as well as for capability determination [14][15]. ISO/IEC 15504 makes it possible for organizations to use the standard for process capability determination mode, process improvement mode and self-assessment mode [16].

ISO/IEC 15504 enhances confidence in a supplier’s quality management for the intent of ISO 9000 and provides acquirers with a framework for assessing whether potential suppliers have the capability to meet their needs in a comparable and repeatable way [12].

The development of ISO/IEC 15504 was based on the weaknesses of previous standards and models. It is considered as to complement other international standards and models for assessing the capability, effectiveness and quality of processes and organizations [12]. Other standards influence ISO/IEC 15504 to some extent. ISO 9001 TickIT influenced ISO/IEC 15504 model in the way that it encouraged quality assurance and quality management [17]. SW-CMM, Trillium influenced ISO/IEC 15504 in the way that it determines the capability of processes [17].

In this article, we focus on studying ISO/IEC 15504 and how it relates to CMMI and ISO 9001:2000. The article is organized in the following way.

Section II describes ISO/IEC 15504 in detail. Section III provides a critical analysis of the structure and focus of ISO/IEC 15504. A comparison of ISO/IEC 15504 with ISO 9001:2000 and CMMI is presented in section IV, based on analyzing the similarities and differences, the strength and weakness of these standards and models.

2. Overview of SPICE and characteristics

“ISO/IEC 15504 is a framework for the assessment of processes” [7]

As stated earlier, ISO/IEC 15504 is the result of efforts of SPICE project. Initially, SPICE had 9 parts. However, in 2004, after a major revision, to the draft standard, the 9 parts were reduced to 5. Later on, ISO/IEC 15504 was extended further.

A. Structure of the standard

At the moment, ISO/IEC 15504 consists of seven parts [9]. Another part, part eight, is currently under development. These parts are stated as under [13].

Part 1. ISO/IEC 15504-1:2004 (Concepts and vocabulary)

This part is the most important part of the standard as it defines the terms, twin contexts of process improvement and process capability determination and the concepts of process assessment [18].

Part 2. ISO/IEC 15504-2:2003 ( Performing an assessment)

The actual requirements for performing process assessment are described in this part. These requirements should be used as a basis for use in process improvement and capability determination [13].

The process improvement requirements in ISO/IEC 15504-2:2003 helps to [13]:

· facilitate self-assessment;

· provide a basis for use in process improvement and capability determination;

· produces a process rating;

· focus on the ability of the process to achieve its purpose;

· be applicable across all application domains and different sizes of organizations

· Provide an objective benchmark between organizations.

Part 3. ISO/IEC 15504-3:2004 (Guidance on performing an assessment)

This part gives detailed steps regarding how to meet the minimum requirements for performing an assessment presented in ISO/IEC 15504-2:2003 [19].

Part 4. ISO/IEC 15504-4:2004 (Guidance on use for process improvement and process capability determination)

ISO/IEC 15504-4:2004 gives directions regarding the effective utilization of conformant process assessment within a process improvement or process capability determination project [20].

Part 5. ISO/IEC 15504-5:2006(An exemplar process assessment model)

Guidance is provided in this part on the nature and structure of process assessment models (PAM), and on the function of process performance and capability indicators. This guidance is provided by example [21].

Part 6. ISO/IEC 15504-6:2008 (An exemplar system life cycle process assessment model)

Based on the requirement PAM of system life cycle processes in ISO/IEC 15504-2, exemplar guidance is provided in this part. This part also describes the overall structure of the PAM and the capability dimension from ISO/IEC 15288 and ISO/IEC 15504-2 respectively [22].

Apart from this, this part also provides detailed descriptions of work products and steps for defining additional assessment indicators [22].

Part 7. ISO/IEC TR 15504-7:2008( Assessment of organizational maturity)

Organizational maturity relates to the degree the organization implements processes, in order to achieve its business goals, within a defined scope. ISO/IEC TR 15504-7:2008 defines the conditions for the assessment of organizational maturity and provides a framework which helps to conduct assessment of organizational maturity [23].

B. Activities

In order to conduct the assessment, it is necessary to know how the processes are divided and identified.

1) Reference Model

A two dimensional process reference model (PRM), containing the process dimension and a capability dimension, is defined under ISO/IEC 15504-2:2003. ISO/IEC 12207 and ISO/IEC 15288 define process set characterized by statements of process purpose and process outcome. They define the process dimension of ISO/IEC 15504-2.

2) Processes

The process dimension defines processes divided into 5 categories. These are as under:
  • Organization
  • Management
  • Engineering
  • Support
  • Customer-Supplier

3) Maturity levels and their attributes

The measurement framework of ISO/IEC 15504-2 defines six capability levels. It also assigns process attributes to each level. At level 0, no attributes are assigned [14][12][13]. Figure 1 shows the six capability levels of the standard. Figure 2 shows the capability levels with their attributes assigned.

Figure 1: Six Capability levels of ISO/IEC 15504 [24]

Figure 2: Capability levels of ISO/IEC 15504 with assigned attributes [3]

4) Assessment

Part 2 and part 3 of ISO/IEC 15504 provides guidelines for performing assessment.

a) Assessment model

The PAM is an elaboration of PRM. As stated already, PRM uses ISO/IEC 12207 and ISO/IEC 15288 for the definition of process dimension.

The following steps show the generalized steps of process assessment.

  • assessment sponsor
  • Assessment team and assessor are selected
  • Assessment is planned (resources set aside, targets / goals identified etc.)
  • pre-assessment briefing
  • start data collection
  • start data validation
  • process rating based on guidelines
  • reporting the assessment result

The assessor collects the data by interviewing the assessment team. He ensures that the data collected is accurate and covers the assessment scope completely. This data is evaluated against the process’s practices and capability dimensions expected practices. After careful review rating is provided. The results are sent to the sponsor.

Next week, I will write about the critical analysis of SPICE, highlighting its strengths and weaknesses.

References

[1] T. P. Rout, “ISO/IEC 15504 and Spice, link = http://onlinelibrary.wiley.com.miman.bib.bth.se/doi/10.1002/0471028959.sof171/full, last visited = 2011-01-06.”

[2] H. Holmstrom, E. O. Conchuir, P. J. Agerfalk, and B. Fitzgerald, “Global software development challenges: A case study on temporal, geographical and socio-cultural distance,” 2006.

[3] N. Ehsan, A. Perwaiz, J. Arif, E. Mirza, and A. Ishaque, “CMMI/SPICE based process improvement,” in Management of Innovation and Technology (ICMIT), 2010 IEEE International Conference on, pp. 859–862, 2010.

[4] D. Jacobs, Accelerating process improvement using agile techniques. CRC Press, 2005.

[5] B. Mutafelija and H. Stromberg, Systematic process improvement using ISO 9001: 2000 and CMMI. Artech House on Demand, 2003.

[6] “ISO in Brief, link = http://www.iso.org/iso/isoinbrief_2008.pdf, last visisted = 2011-01-06.” .

[7] “ISO official website, link = http://www.iso.org/iso/home.htm, last visited = 2011-01-06.” .

[8] D. Stelzer, W. Mellis, and G. Herzwurm, “A critical look at ISO 9000 for software quality management,” Software Quality Journal, vol. 6, no. 2, pp. 65–79, 1997.

[9] Scott P. Duncan, “MAKING SENSE OF ISO 15504 (AND SPICE),” Quality/Process Improvement Consultant SoftQual Consulting 6029 Flat Rock Rd #437, Columbus, GA 31907 (706) 565-9468.

[10] T. P. Rout, K. El Emam, M. Fusani, D. Goldenson, and H. W. Jung, “SPICE in retrospect: Developing a standard for process assessment,” Journal of Systems and Software, vol. 80, no. 9, pp. 1483–1493, 2007.

[11] T. P. Rout, “Guest editorial software process improvement and capability determination: selected articles from SPICE,”J. Softw. Maint. Evol.: Res. Pract, vol. 22, pp. 239–241, 2010.

[12] “SPICE, link = http://www.sqi.gu.edu.au/SPICE/, last visited = 2011-01-06.” .

[13] “ISO Standard: ISO/IEC 15504-2:2003.”

[14] A. Dorling, “SPICE: Software process improvement and capability determination,” Software Quality Journal, vol. 2, no. 4, pp. 209–224, 1993.

[15] “Software Process Improvement and Capability dEtermination, link = http://searchsoftwarequality.techtarget.com/definition/Software-Process-Improvement-and-Capability-dEtermination, last visisted = 2011-01-07,” .

[16] M. Konrad, M. Paulk, and A. Graydon, “An overview of SPICE’s model for process management,” in Proc. 5th International Conference on Software Quality.

[17] “History and relationship of

process standards/models, link = http://www.tantara.ab.ca/a_isorel.htm, Last visited = 2011-01-06.” .

[18] “ISO Standard: ISO/IEC 15504-1: 2004.”

[19] “ISO Stanndard: ISO/IEC 15504-3:2004.”

[20] “ISO Standard: ISO/IEC 15504-4:2004.”

[21] “ISO Standard: ISO/IEC 15504-5:2006.”

[22] “ISO Standard: ISO/IEC 15504-6:2008.”

[23] “ISO Standard: ISO/IEC 15504-7:2008.”

[24] “CMMI, SPICE, Six Sigma…What’s their business value? link = http://www.bcs.org/server.php?show=conWebDoc.7901, last visited = 2011-01-07.”

[25] “ISO/IEC 15504. link = http://en.wikipedia.org/wiki/ISO/IEC_15504, last visited = 2011-01-06.” .

[26] B. Barafort, B. Di Renzo, and O. Merlan, “Benefits resulting from the combined use of ISO/IEC 15504 with the Information Technology Infrastructure Library (ITIL),” Product Focused Software Process Improvement, pp. 314–325, 2002.

[27] “Software process engineering systems: models and industry cases, link = http://herkules.oulu.fi/isbn9514265084/html/x199.html, last visited = 2011-01-06.” .

[28] A. Coletta, “The SPICE project: An international standard for software process assessment, improvement and capability determination,” Objective Software Quality, pp. 49–63, 1995.

[29] M. E. Fayad and M. Laitnen, “Process assessment considered wasteful,” Communications of the ACM, vol. 40, no. 11, pp. 125–128, 1997.

[30] T. B. Bollinger and C. McGowan, “A critical look at software capability evaluations,” Software, IEEE, vol. 8, no. 4, pp. 25–41, 2002.

[31] E. M. Gray and W. L. Smith, “On the limitations of software process assessment and the recognition of a required re-orientation for global process improvement,” Software Quality Journal, vol. 7, no. 1, pp. 21–34, 1998.

[32] H. W. Jung, “Evaluating the ordering of the SPICE capability levels: an empirical study,” Information and Software Technology, vol. 47, no. 3, pp. 141–149, 2005.

[33] “Software Process Improvement and Capability dEtermination, link =http://searchsoftwarequality.techtarget.com/definition/Software-Process-Improvement-and-Capability-dEtermination, last visited = 2011-01-06.” .

Advertisements
Posted in Uncategorized | Tagged , , , , , , , | 2 Comments

ISO 9000 vs. CMMI: A comparison!

This article was written by me, Huan Pang, Mubeen Arshid and Noman Latif. I wish to share this article with all those who seek information about ISO and CMMI. Of course, if you feel somewhere I am wrong in this article, don’t hesitate to point me out.

I. Introduction

Software process improvements (SPI) methods assure the delivery of successful software project. There are two different types of SPI:

1. Model Based SPI

2. Inductive SPI

Model based SPI is based on the external knowledge, pre-packaged and best practices. On the other hand inductive SPI is based on the internal knowledge of the organization e.g. Quality Improvement Paradigm (QIP) [1]. Both CMMI and ISO are the examples of model based SPI. This report will give overall reflection of both ISO and CMMI in depth.

II. Characteristics of CMMI and ISO

This section explains the intentions for developing ISO and CMMI. It also explains how it helps in improving the final product quality.

A. International Organization for Standardization (ISO)

ISO is a global organization which identifies and creates the required international standards for organizations, government bodies. Next, these standards are implemented, adopted and made available worldwide [2]. It was started in 1947. There are more than 18000 defined international standards at the moment. The purpose of developing international standards was to make international coordination and unification between organizations in order to have better quality and compatible products [3][4].

ISO 9000 series are quality and process management standards which were launched to reduce the problem of large number of standards [5][3]. ISO 9001 is a standard in the 9000 series which specifies the requirements. These requirements enable the organizations to provide the products according to customer and regulatory requirement [6]. ISO defines standards which tell “what” to do not “how” to do. They are general in nature and not specific to any application domain, development paradigm, life-cycle model, process model, type of development and type of product [3].

In order to get ISO certificate, the company need to fulfill all the requirements mentioned in ISO document. Then a certifier does the audit and gives the certificate to the organization. However it requires a lot of time and effort to fulfill ISO requirements It works as following [7].

· Plan to get ISO and gain commitment of people, particularly of the higher management.

· Assign the responsibility of the process to someone either from the company or consultant.

· Perform the assessment of current processes and find the gaps. This analysis figures out where the organization currently stands and what are the required changes to meet ISO requirements.

· Fill the gap by revising, adding or improving the processes and documenting the system to meet the ISO requirements. This is the most difficult and time consuming part. Plan-Do-Check (Study)-Act (PDCA or PDSA) is very useful model at this stage for improvement and analysis.

· Perform internal audit and if any problem is found, resolve them.

· Find the certifier and perform an external audit. The auditor will check all the ISO requirements whether or not it fulfills the requirements. After all requirements are verified, a certificate is given to the organization.

B. Capability Maturity Model-Integrated (CMMI)

CMMI is an approach for process improvement which provides organizations, essential element of effective processes to improve their performance [8]. It particularly focuses on system engineering and software engineering [9]. It was first published in 2000 as a collaborative effort of Software Engineering Institute (SEI), government representatives and industry representatives. The purpose of developing CMMI was to develop an integrated model, by merging popular and successful models, which is consistent with many other well known models [4]. According to Software Engineering Institute (SEI)

“It helps integrate traditionally separate organizational functions, set process improvement goals and priorities, provide guidance for quality processes, and provide a point of reference for appraising current processes”

Many people have misunderstanding that it is a methodology which tells the organizations how to implement processes. CMMI is a model not a methodology. It only tells what should be done, not how it should be done [4].

CMMI has two flavors: Staged and continuous. Selection of flavor depends on the organization’s goal. Staged model has five levels: Level 1 Initial, Level 2 Managed, Level 3 Defined, Level 4 Quantitatively managed and Level 5 Optimizing.

Each level is associated with process areas which must be met to achieve a certain level. Figure 1 shows staged levels like a stair of improvement for an organization.

In continuous model, each level is composed of practices related to one process which allow organizations to select a process area to concentrate upon [4]. For example if one organization wants to focus more on support process, they can use continuous model to focus on support. Figure 2 shows the CMMI continuous Levels. In order to get CMMI, companies assess their processes according to the level they want to achieve. Then fill the gaps by revising, adding or improving the processes.

clip_image002

Figure: 1 Staged CMMI Stairs to Success [4]

clip_image004

Figure: 2 CMMI Continuous Levels [4]

III. Differences between CMMI and ISO

There are many differences between CMMI and ISO. Some of them are given below:

A. 1st Difference (CMMI VS ISO)

CMMI has been developed by Software Engineering Institute. It’s an improvement of the previous CMM model. The basic use of CMM model was to determine whether the software intensive systems are mature enough or not. CMMI V 1.3 is the most recent version which has been released on November 1, 2010. CMMI addressed three different areas [10]:

· Development (CMMI-DEV)

· Services (CMMI-SVC)

· Acquisition (CMMI-ACQ)

For example, CMMI-DEV is used for checking the organizational maturity in development process by making a comparison with some best industry practices available [11].

ISO belongs to a family of quality management standards. These standards have been developed by International Organization for Standardization (ISO). There are different standards of ISO for different things and there is change in specification of ISO with time [11].

B. 2nd Difference (Conceptual Difference)

The main difference between CMMI and ISO is the conceptual difference [11].

CMMI is referred to as process model. On the other hand, ISO is referred to as an audit standard [11]. In CMMI, different organizations can get rating from level 1 to level 5 depending upon the maturity of processes defined in every process level [12]. ISO is a certification tool and one organization can get this certification after confirming some standards [11].

C. 3rd Difference (Scope Difference)

There is also scope difference between CMMI and ISO. CMMI is considered only to improve businesses related to software industry [12]. Main focuses of CMMI are on project management and other engineering disciplines. There are 22 process areas in CMMI (V1.2) and organizations can select any process area relevant to organization’s own need [11]. ISO is generic in nature. ISO is very flexible and can be implemented in any manufacturing industry. ISO certification requirements are same for all organizations and industries [11].

D. 4th Difference (Approach Difference)

There is requirement in the CMMI for an organization to adopt ingraining processes [12]. The main purpose of this adoption is that all processes can become the part of the organizational culture and these processes can’t be affected with pressure of deadlines as well [11]. There are also organized and technical disciplines in CMMI for managing risk. There was a neutral approach in ISO for risk management before ISO 31000:2009. This ISO standard now provides some general guidelines for risk management [11].

CMMI links processes to different business goals for getting maturity and ISO gives emphasis to customer satisfaction.

E. 5th Difference (Implementation Difference)

For implementation, CMMI makes a comparison between existing processes and industrial best practices [11]. On the other end, ISO makes an adjustment between existing processes and specific ISO requirements [11].

clip_image006

Figure 3. ISO 9000 Approach [13]

ISO is very cheaper than CMMI. CMMI is more expensive because there are very minimum chances of misuse and all details need to be fulfilled.

clip_image008

Figure 4. CMMI Approach [14]

IV. Strengths and weaknesses of ISO and CMMI

A. Strengths of ISO 9001

1) Broad applicability

The strength of ISO is that it can be applied to any process assessment and improvement effort. It can be used for broad implementation in variety of industries, environments etc. [12]. ISO 9001 contributes to most organization entities, such as management, human resources, production, engineering, and quality. It can affect most of the functional areas of an organization [12].

2) International standard

Due to its benefits of enhancing customer satisfaction and experience by systematically improving the processes in an organization, ISO 9001 received an international recognition and appeal [12]. It helps in accessing larger market in a global setting industry. Due to standardization of processes between different organizations, customers and suppliers can both understand each other’s way of working. Thus, ISO facilitates the integration and collaboration between different organizations.

3) Freedom of implementation

As mentioned in previous section, ISO can be implemented in any organization flexibly. All the requirements contained in quality system elements of ISO 9001 can be interpreted, tailored and implemented according to the specific needs of the organization. This is because ISO states what to do instead of how to do [15]. In order to achieve more positive effects, the requirements can be implemented differently for different objectives in a company. Secondly, organizations can select specific parts of the standard according to their needs and objectives [15].

4) Performance improvement

The ISO 9001 provides guidance to quality management and assurance. It helps to specify quality system requirements that can be used to demonstrate supplier’s capability of providing adequate product quality, and enhanced performance [15].

B. Weaknesses of ISO 9001

1) Lack of specific guidelines and solid understanding

ISO 9001 is too general, because it does not provide specific guidelines for its implementation [12]. In order to understand the requirements correctly, people need to read and understand some other standards of ISO 9000 family, for example, ISO 9000-1, ISO 9000-2 and ISO 9004-1, which contain guidance for the design and implementation of quality systems [15].

A previous study shows that ISO 9001 have no empirical evidence, no theory, and no explicit model to show or explain relation between the suggestions and accomplishment of objectives [15]. Nobody knows if the suggested solutions of ISO 9001 can adequately reflect the problems in a specific organization [15].

2) No support for continuous improvement

The scope of ISO 9001:2000 does not include the continuous improvement. It is contained in ISO 9004-1 and 9004-4.

3) The focus on certification

Most software suppliers believe that the certification of ISO 9001 is the key factor to obtain market competitiveness. Although the certification process can be a strong motivation and encouragement for company’s staff members, it also has negative effects. The organization will ignore other important standards when they concentrate on certification of ISO 9001 [15]. It could be a possibility that only organization documents fulfill the criteria for acquiring the certification, however, no processes are actually changed by the management.

Moreover, ISO requires organizations creating their own quality management system (QMS). During the certification process, many organizations spend a lot of time and effort on developing and implementing their QMS. Due to this the organizations may not focus enough on understanding improvement, because more efforts are spent on promoting specification, control, and procedures [16].

C. Strengths of CMMI

1) Inclusion of institutionalization practices

CMMI emphasizes institutionalization through generic goals and generic practices. This is considered as critical to process improvement success. This gives the strength to CMMI [4]. Through the institutionalization goal, it points out a set of prerequisites needed to ensure that the specific practices are implemented [12].

2) Continual process improvement through maturity and capability levels

CMMI provides capability levels and maturity levels. Through these levels, improvement progression and status can be defined. It provides a “roadmap” and a proven sequence for improvement by advancing to next level [12]. CMMI focuses on continuous improvement during the process. The progress of improvement can be reflected by comparing the process areas across and among organizations [17]. A high maturity level is attained by progressing and clearing each maturity level. This is because skipping maturity levels is usually counterproductive [17].

3) Recognition of organizational process versus project-defined processes

CMMI emphasizes comprehensive program management practices [18]. It makes it possible to first stabilize the management activities in an organization before introducing advanced technology into processes [12]. By moving forward to higher maturity level, processes in organization and project are improved to ensure high quality of delivered product or service.

4) Sufficient guidelines

CMMI provides detailed guidelines for systematic implementation of process improvement [12]. It helps in measuring and improving development and management performance, as well as ensuring the quality of final product or services. By following the guidelines, productivity, efficiency, and performance are enhanced as well.

5) Long-term benefit

The fruits for efforts of implementing the requirements of CMMI, appear quite late in the process improvement. It can be regarded as a weakness because employees of organizations may start losing the focus on process improvement. However, accelerated process improvement methodology helps to lower this weakness. In the long-run the real benefits of achieving higher CMMI level can be met [4].

D. Weaknesses of CMMI

1) Specific applicability

Unlike ISO, CMMI does not cover all organizational aspects. It is just intended for application to the area of software engineering, system engineering, product development, supplier sourcing [12][17]. Also, CMMI does not address the issues related to IT operation, for example, security, configuration and change management, and incident response, etc. [16]. It does not cover human resources also.

2) Lack of an explicit model description

As mentioned earlier, CMMI also lacks model explanation. Study has shown that people need to spend a lot of time on learning how, when, why, and for whom process improvement is helpful, and understanding the critical factors that cause success and failure [19].

References

[1] L. Briand, K. El Emam, and W. L. Melo, “ANSI–An Inductive Method for Software Process Improvement: Concrete Steps and Guidelines,” 1995.

[2] “ISO in Brief. Link = http://www.iso.org/iso/isoinbrief_2008.pdf, Last visited = 2010-12-17.”

[3] C. Gencel, “Lecture 4: ISO and CMM. Lecture devlivered in subject “Software Quality Management”,” 10-Dec-2010.

[4] D. Jacobs, Accelerating process improvement using agile techniques. CRC Press, 2005.

[5] M. C. Paulk, “How ISO 9001 compares with the CMM,” Software, IEEE, vol. 12, no. 1, pp. 74–83, 2002.

[6] “ISO 9001:2000. link = http://www.iso.org/iso/iso_catalogue/catalogue_ics/catalogue_detail_ics.htm?csnumber=21823. Last visited = 2010-12-17.” .

[7] “How to get ISO. linke = http://www.mapwright.com.au/how_to_get_ISO9001_process.html. Last visited = 2010-12-17.” .

[8] “CMMI Overview. link = http://www.sei.cmu.edu/cmmi/index.cfm. last visited = 2010-12-17.” .

[9] “Update observations of the relationship between CMMI and ISO 9001:2000. link = http://www.asq509.org/ht/a/GetDocumentAction/id/1319. last visited = 2010-12-17.”

[10] “CMMI Version 1.3 Information Center link = http://www.sei.cmu.edu/cmmi/tools/cmmiv1-3/. last visited = 2010-12-18.” .

[11] N. Nayab, “Difference Between CMMI vs ISO link = http://www.brighthub.com/office/project-management/articles/69310.aspx. last visited = 2010-12-18.” .

[12] B. Mutafelija and H. Stromberg, Systematic process improvement using ISO 9001: 2000 and CMMI. Artech House on Demand, 2003.

[13] “The ISO 9000 family – core standards. linke = http://www.iso.org/iso/iso_catalogue/management_standards/quality_management/iso_9000_selection_and_use/iso_9000_family_core_standards.htm. Last visited = 2010-12-20.” .

[14] “Components of CMMI Model Wikimedia Commons. link = http://www.brighthub.com/office/project-management/articles/69310.aspx?image=73481 last visited =2010-12-20.” .

[15] D. Stelzer, W. Mellis, and G. Herzwurm, “A critical look at ISO 9000 for software quality management,” Software Quality Journal, vol. 6, no. 2, pp. 65–79, 1997.

[16] “The ‘quality’ you can’t feel. link =http://www.systemsthinking.co.uk/6-quality.asp. last visited = 2010-12-20.” .

[17] “Maturity Model Or Conformity Standard. link = http://www.slideshare.net/ROUSES63/maturity-model-or-conformity-standard. last visited = 2010-12-20.” .

[18] “Maturity Model or Conformity Standard: CMMI or ISO 9001: Which is Better link =http://www.slideshare.net/ROUSES63/maturity-model-or-conformity-standard last visited = 2010-12-20.” .

[19] J. Herbsleb, A. Carleton, J. Rozum, J. Siegel, D. Zubrow, and C. U. P. P. S. E. INST, Benefits of CMM-based software process improvement: Initial results. Citeseer, 1994.

[20] “http://www.sei.cmu.edu/cmmi/. last visited = 2010-12-20.” .

[21] M. , H.J, and K.O. Hartley, “Project Planning and
Performance,” Project Management Journal, Mar. 1986.

[22] Rehessar, “Project Management Success Factors.,” University of New South Wales, 1996.

[23] H. Zhang, B. Kitchenham, and R. Jeffery, “Planning Software Project Success with Semi-Quantitative Reasoning,” in Software Engineering Conference, 2007. ASWEC 2007. 18th Australian, pp. 369–378, 2007.

[24] T. A. Clark, Project Management for Planners: A Practical Guide. 2002.

[25] L. Liu, Y. Jiang, and C. Zhu, “Process-related software requirements management,” in Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on, vol. 9, pp. 361–365, 2010.

[26] S. Datta and R. van Engelen, “Effects of changing requirements: a tracking mechanism for the analysis workflow,” in Proceedings of the 2006 ACM symposium on Applied computing, pp. 1739–1744, 2006.

[27] W. N. Robinson, S. D. Pawlowski, and V. Volkov, “Requirements interaction management,” ACM Computing Surveys (CSUR), vol. 35, no. 2, pp. 132–190, 2003.

[28] N. G. Leveson, Safeware: system safety and computers. ACM New York, NY, USA, 1995.

[29] J. L. Lions, “Ariane 5: Flight 501 failure report,” Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July, vol. 5, no. 6, p. 7, 1996.

[30] B. Nuseibeh, “Ariane 5: who dunnit?,” IEEE SOFTWARE, pp. 15–16, 1997.

[31] B. W. Boehm, “Software risk management: principles and practices,” IEEE software, pp. 32–41, 1991.

Posted in Software Process Improvement | Tagged , , , , , , , | 9 Comments