cmmi uaar seminar 2012

8/2/2019 Cmmi Uaar Seminar 2012

1/77

Software Process ImprovementThrough CMMI & ISO

Imran Hashim


2/77

Introduction to CMMI CMMI Representations

Key Stats

CMMI Adoptions CMMI Appraisals

SCAMPI Phases

ISO 9001:2008 Quality Management System

ISO 27001:2005 Information SecurityManagement System


3/77


4/77

A process improvement technique for evaluatinghow efficiently a company is able to

deliver technology products to its customers.

CMMI Capability Maturity Model Integration


5/77

The CMMI is a merger of process improvement models for :

Systems engineering Software engineering Integrated product development Software acquisition

Used in process improvement activities as a collection of bestpractices

A community developed guide

A model for organizational improvement


6/77

CMMI:

Integrates systems andsoftware disciplines intoone process

improvementframework.

Provides a frameworkfor introducing newdisciplines as needs

arise.


7/77

Sponsored by Dept of DefenseOperated by SEI


8/77

Four CMMI constellations: CMMI for Development CMMI-DEV addresses the development of product and service systems

CMMI for Acquisition

Designed to aid organizations that are acquiring products & services or outsourcingthe development or delivery of products & services

CMMI for Services To establish, manage, and deliver services that meet or exceed customer needs

People CMM Provides guidance to organizations for managing and developing their workforce


9/77

2010 Version 1.3 ofCMMI for Acquisition, CMMI forDevelopment, and CMMI for Services is released.

2006 CMMI for Development, V1.2 is released

2002 CMMI V1.1 is released.

1995 Systems Engineering CMM, V1.1 is released.

1993 CMM for Software, V1.1 is released.
http://www.sei.cmu.edu/library/abstracts/reports/10tr032.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr034.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/06tr008.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/02tr028.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/95mm003.cfmhttp://en.wikipedia.org/wiki/Capability_Maturity_Modelhttp://en.wikipedia.org/wiki/Capability_Maturity_Modelhttp://www.sei.cmu.edu/library/abstracts/reports/95mm003.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/02tr028.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/02tr028.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/06tr008.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr034.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr032.cfm


10/77

Staged Representation A systematic, structured way to approach process

improvement one step at a time.

Achieving each step is a foundation for the next step.

There are five levels of maturity.

Continuous Representation A flexible approach to improve process performance.

The organization may choose to improve a single PA or a

group of PAs. Organization may improve each PA at different rates.

There are six levels of process capability.


11/77


12/77


13/77

Process Area: PP SG1

Estimates of project planning parameters are established andmaintained.

SP1: Establish a top-level work breakdown structure (WBS) to estimate the

scope of the project.


14/77

Process unpredictable,poorly controlled andreactive

Process characterized forprojects and is often reactive

Process characterized for theorganization and is proactive

Process measuredand controlled

Focus on processimprovement

Optimizing

QuantitativelyManaged

Defined

Initial

Managed

Defined

1

2

3

4

5


15/77

Requirements ManagementRequirements DevelopmentTechnical SolutionProduct Integration

VerificationValidation

Engineering

ProjectManagement

Project PlanningProject Monitoring and ControlSupplier Agreement ManagementIntegrated Project ManagementRisk ManagementQuantitative Project Management

Organizational Process FocusOrganizational Process DefinitionOrganizational TrainingOrganizational Process PerformanceOrganizational Innovation and Deployment

ProcessManagement

Configuration ManagementProcess and Product Quality Assurance

Measurement and AnalysisCausal Analysis and ResolutionDecision Analysis and Resolution

Support

Category Process Area


16/77

In software and systems engineering, it is a benchmarking toolwidely used by industry and government, both in the US andabroad.

CMMI acts as a roadmap for process improvement activities.

It provides criteria for reviews and appraisals. It provides a reference point to establish present state of

processes.

CMMI addresses practices that are the framework for processimprovement.


17/77

The performance results in the following table are from differentorganizations that achieved percentage change in one or more ofthe six categories of performance measures below:

Performance Category Median Improvement

Cost 34 %

Schedule 50 %

Productivity 61 %

Quality 48 %

Customer satisfaction 14 %

Return on investment 4:1


18/77

18

Productivity(increase)

Time to market(reduction)

Post-release

defect reports(reduction)

Percent

ageImprovem

ent

Annual Medians

35%

19%

39%

0

510

15

20

25

30

35

40


19/77


20/77

Since 2006, 4846 SCAMPI v1.2/1.3 appraisals have beenreported to the SEI.

Appraisals report from China, Spain, Brazil, Argentina,and India are increasing at a rapid rate.

The number of appraisals in the USA and China representmore than55% of the total number of appraisals.

China is now reportingmore appraisals than USA


21/77


22/77


23/77


24/77


25/77


26/77

DAEWOO

DELOITTE

HONEYWELL

HSBC MITSUBISHI

NCR

US Army

ACER IBM

HEWLETTE PACKARD

SAMSUNG

JOHN HOPKINUNIVERSITY

NATIONALNUCLEARSOCIETY

INFOSYS

LOCKHEADMARTIN

ARAMCO

US Navy

HYUNDAI

Few of the market leaders who have been obtaining various benefits fromCMMI


27/77

CMMI LEVEL 5 Netsol Technologies Pvt. Ltd.

NCR Pakistan

CMMI LEVEL 3 KalSoft (Pvt.) Ltd.

Systems (Pvt.) Ltd.

Digital Processing Units Interactive Convergence (Pvt.)

Ltd.

CMMI LEVEL 2 NADRA Pakistan

ZTE Pakistan

E-worx International Pvt. Ltd.

Techlogix Pakistan (Pvt.) Ltd.

Si3 System Innovations (Pvt.)Ltd.

Abacus Consulting (Pvt.) Ltd.

CMMI LEVEL 2 (cont.d) LMKR Pakistan (Pvt.) Ltd. E-Dev Technologies CARE Pvt. Ltd. Prosol (Pvt.) Ltd. PrisLogix (Pvt.) Ltd.

Shaukat Khanam MemorialCancer Hospital Innovative Pvt. Ltd. GeoPaq Technologies (Pvt.) Ltd. Avanza Solutions (Pvt.) Ltd. ACES

Technosoft (Pvt.) Ltd. Matrix Systems (Pvt.) Ltd. ESOL PK (Pvt.) Ltd. i-engineering Paksitan Pvt. Ltd. infoTech Pakistan (Pvt.) Ltd. Information Architects Pvt. Ltd.

Below list shows the overall adoption of CMMI at various levels


28/77


29/77

The CMMI Appraisal is an examination of oneor more processes by a trained team ofprofessionals using an appraisal referencemodel as the basis for determining strengths

and weaknesses of an organization.


30/77


31/77

Appraisals consider three categories of modelcomponents as defined in the CMMI:

Required: specific and generic goals only. Expected: specific and generic practices only. Informative: includes sub practices and

typical work products.


32/77

Three types of SCAMPI Appraisals:

Class C Appraisal

Class B Appraisal

Class A Appraisal


33/77


34/77

Initial assessment Provide a quick gap analysis of an

organization's process relative to the CMMI.

Assess the adequacy of a new process beforeit is implemented.

Monitor the implementation of a process.

Determine an organization's readiness for

Class B Appraisal.


35/77

Assess progress towards a targeted CMMIMaturity Level

Lower cost than a SCAMPI A

Provides detailed findings then Class C

Determine an organization's readiness forClass A Appraisal


36/77

Most rigorous method The only method resulting in ratings

Findings that describe the strengths andweaknesses of your organization's processrelative to the CMMI.

Consensus regarding the organization's keyprocess issues


37/77


38/77


39/77

Phase I Plan and Prepare For AppraisalPhase II Conduct AppraisalPhase III Report Appraisal Results


40/77


41/77


42/77


43/77

Practice implementation indicators arefootprints which are evidence of theimplementation of a practice. SCAMPI appraisals use practice implementation

indicators as the focus to verify practiceimplementation. Verifying practice implementation is the review of

Objective Evidence to determine whether apractice is implemented within a project and/ororganization.


44/77

Artifacts:Tangible output's resulting directly from implementation of a specific orgeneric practice.

Affirmations:Oral (interviews) or written statements confirming or supportingimplementation of a specific or generic practice.


45/77

Process Area: PP SG1

Estimates of project planning parameters are established andmaintained.

SP1: Establish a top-level work breakdown structure (WBS) to estimate the

scope of the project.

Artifact : Work Break Down Structure


46/77


47/77


48/77


49/77

CMMI Appraisal A Interviews ScheduleDate Activity Timings Participants

DD-MM-YYQuality Assurance 2:00 3:00 pm QA TeamTesting 3:30 4:30 pm Testing TeamProcess Engineering Group 5:00 6:00 pm QA Team

DD-MM-YY

Project Manager - 1 09:30 10:30 am PM-1Project Coordinator - 1 10:45 11:45 am PC-1Project Manager - 2 12:00 1:00 pm PM-2Project Coordinator - 2 2:00 3:00 pm PC-2Configuration Management 3:00 4:00 pm CMProcurement 4:00 5:00 pm Admin ManagerOrganizational Trainings 5:00-6:00 pm HR Manager

DD-MM-YY

Project Manager - 3 09:30 10:30 am PM-3Project Coordinator - 3 10:45 -11:45 am PC-3Project Manager - 4 12:00 1:00 pm PM-4Project Coordinator - 4 2:00 3:00 pm PC-4Technical Managers & Developers 3:00 4:00 pm Development TeamSponsor 4:45-5:00 pm Mr. ABC


50/77


51/77


52/77

ISO (International Organization for Standardization) is theworld's largest developer and publisher of InternationalStandards.ISO is a network of the national standards institutes of163 countries, one member per country, with a CentralSecretariat in Geneva, Switzerland, that coordinates thesystem.

ISO published more then19, 000 International Standards


53/77


54/77

The complete set of quality standards, procedures andresponsibilities for an organization.

The formalized system that documents the structure,responsibilities and procedures required to achieveeffective quality management

A quality management system is a web ofinterconnected processes.


55/77

QMS consists of:

Policies

Manuals

Responsibilities Procedures

Work Instructions

Forms/Templates


56/77

To achieve Quality

Consistency

Traceability

Resource Independence

Continual Improvement


57/77

57

ISO: The official title for the InternationalOrganization for Standardization.

ISO 9001:2008 is an internationalstandard for implementing a qualitymanagement system


58/77

58

ISO 9000: Quality management systems Fundamentals and vocabulary

ISO 9001: Quality management systems -Requirements

ISO 9004: Quality management systems

Guidance for improvements ISO 10011: Guidelines for Auditing Quality


59/77

59

9001 is series

2008 is version

ISO 9000 provides a framework andsystematic approach to managing businessprocesses to produce a product/service thatconforms to customer expectations.


60/77

Customer focused organization Leadership Involvement of people Process approach Systematic approach to management Continual improvement Realistic approach to decision making Mutually beneficial supplier relationship


61/77

61

1. Scope2. Normative reference3. Terms and definitions4. Quality Management System5. Management Responsibility6. Resource Management7. Product Realization8. Measurement, Analysis and

Improvement

Major

Clauses


62/77

62

Customers

CONTINUAL IMPROVEMENT OF THE QUALITYMANAGEMENT SYSTEM

Clause 5

Clause 6 Clause 8

Clause 7

Service/Productrealization

Value adding activities

Information flow

InputRequirements Output

Customers

Satisfaction

Service

Product

Resource

Management

Measurement,

analysis andimprovement

ISO 9001:2008 Model

Managementresponsibility


63/77


64/77

An Information Security Management System (ISMS)is a systematic approach to managing sensitivecompany information so that it remains secure. Itcovers people, processes and systems.

ISMS is a set of policies, procedures & processesconcerned with information security.


65/77

Information Security describes efforts to protectcomputer and non computer equipment, data, andinformation from misuse by unauthorized parties.


66/77

Information security means protecting informationand information systems from following commonthreats:

Unauthorized access

Misuse of authorized access Improper handling of information

Physical theft of information or information systems

Environmental hazards (flood, fire, etc.)

Malicious software programs (viruses/worms/trojans)

Utility failure (power, water, heat, etc.)


67/77

Information security is intended to achieve three mainobjectives: Confidentiality:

protecting data and information from disclosure tounauthorized persons

Availability:making sure that the data and information is onlyavailable to those who are authorized to use it

Integrity:

information systems should provide an accuraterepresentation of the physical systems that theyrepresent


68/77


69/77

Today, Organizations core business processes are supportedby information and communication systems.

Any interruption in the information quality, quantity,distribution relevance puts business at risk.

So organizations need to actively manage the security ofinformation & communication systems.


70/77


71/77

ISMS consists of following steps:

Identifying the threats that can attack theorganizational information resources

Defining the risks that the threats can impose

Establishing an information security policy

Implementing controls that address the risks


72/77

ISO 27001 is specification for an Information SecurityManagement Systems (ISMS)

ISO 27001 defines 133 security controls under 11 mainsecurity categories.

Covers all forms of information including voice &graphics, media such as mobile phones etc. . .


73/77

Security Policy

Information security policy document

Review of the information security policy

Organization of information security

Internal organization

External parties

Asset Management

Responsibility for assets

Human Resource Security

Prior to employment

During employment

After Employment


74/77

Physical and environmental security

Secure areas

Equipment security

Communication & Operation Management Operational procedures and responsibilities

Media handling

Access Control Access control policy

User access management

Network access control

Information system development and maintenance Security of system files Cryptographic controls


75/77

Information security incident management Reporting information security events and weaknesses

Management of information security incidents and improvements

Business continuity management

Business continuity planning framework

Business continuity and risk assessment

Compliance

Compliance with legal requirements

Compliance with security policies and standards, and technical compliance


76/77

A structured process approach, to identify your ownindividual Information Security issues.

Find the appropriate ways and methods, to reduce- oreliminate the identified Information security risks.

ISMS Certification brings confidence, that there is a

systematic approach in place, assuring theconfidentiality, integrity and availability of information.


77/77

Thank You

cmmi uaar seminar 2012

Documents