Title: CMM vs. ISO
1CMM vs. ISO
- David S. Craft CIRM, PMP
- Engineering Manufactuing Services
2Agenda
- Who Am I
- CMM
- ISO
- Similarities And Differences
- Sarbanes Oxley
3Who Am I
Managing Consultant Engineering and
Manufacturing Services Applications Service
Delivery
Inventory Control Manager
Shift Supervisor
Industrial Engineer
Team Leader
Internal ISO Auditor
Materials Manager
Information Specialist, Senior
VISTA Volunteer
Consultant
Manager Production Planning Control
Chief Industrial Engineer
Project Manager
4(No Transcript)
5(No Transcript)
6(No Transcript)
7(No Transcript)
8CMMI History
- Federal government cannot distinguish between
competing bids for software development - Early 1980s - Federal Government (Congress)
awards a contract to establish the Software
Engineering Institute (SEI) at Carnegie Mellon
University (sponsored by the DOD) - 1988 - SEI begins work on a Process Maturity
Framework for judging a companys capability to
produce software - The Process Maturity Framework evolves into the
Capability Maturity Model (CMM) - August 1991 SW-CMM Version 1 released
- SE-CMM developed by the Enterprise Process
Improvement Collaboration (EPIC) - 1992 - CMM Version 1.1 released
- 1999 - Begin developing CMMI (CMM Integrated)
- 2002 CMMI SE/SW/IPPD/SS Version 1.1 introduced
- 200? - CMMI Version 1.2 Released
9(No Transcript)
10(No Transcript)
11(No Transcript)
12(No Transcript)
13(No Transcript)
14(No Transcript)
15(No Transcript)
16(No Transcript)
17(No Transcript)
18(No Transcript)
19(No Transcript)
20(No Transcript)
21(No Transcript)
22(No Transcript)
23(No Transcript)
24(No Transcript)
25(No Transcript)
26(No Transcript)
27ISO History
- Began with British Military standards
- ISO organization was established in 1947
- Headquartered in Geneva, Switzerland
- Currently composed of 148 National Standard
Bodies and 2,981 technical bodies - As of 12/31/05 there are 15,649 International
Standards embodied in 573,494 pages of English
text
28What are standards?
29Where are the Standards (12/31/05)
Sector Standards Pages
Generalities, Infrastructure and Sciences 1,406 49,761
Health, Safety and Environment 658 20,252
Engineering Technologies 4,099 169,843
Electronics, Information Technology and Telecommunications 2,447 161,132
Transport and Distribution of Goods 1,710 44,918
Agriculture and Food Technology 954 20,335
Materials Technology 3,943 93,121
Construction 311 11,068
Special Technologies 121 3,064
Total 15,649 573,494
30Which ISO Standards
- The ISO family includes
- ISO 90002000 Quality Management Systems
Fundamentals and vocabulary - ISO 90012000 Quality Management Systems -
Requirements - ISO 90042000 Quality Management Systems
Guidelines for performance improvement - ISO 19011 Guidelines on quality and/or
environmental management systems auditing. - ISO 10012 Measurement control system
31Quality System Documentation
Level 1 Defines Approach and Responsibility
Quality Manual
Level 2 Defines Who, What, When
Procedures
Work/Job Instructions
Level 3 Answers How
Level 4 Results shows that the system is
operating
Records/Documentation
32ISO 90012000 Structure
- Quality Management System
- 4.1 General requirements
- 4.2 Document requirements
- Management Responsibility
- 5.1 Management commitment
- 5.2 Customer focus
- 5.3 Quality policy
- 5.4 Planning
- 5.5 Responsibility, authority, communication
- 5.6 Management review
- Product realization
- 7.1 Planning of product realization
- 7.2 Customer-related processes
- 7.3 Design and development
- 7.4 Purchasing
- 7.5 Production and service provision
- 7.6 Control of monitoring and measuring devices
- Measurement, Analysis Improvement
- 8.1 General
- 8.2 Monitoring and measurement
- 8.3 Control of nonconforming product
- 8.4 Analysis of data
- 8.5 Improvement
- Resource Management
- 6.1 Provision of resources
- 6.2 Human resources
- 6.3 Infrastructure
- 6.4 Work environment
33Similarities
- Both require the organization be explicit about
what their processes and quality systems are - Say what you do do what you say
- The organization records and tracks data for
objective analysis - Require strong management support to succeed
- Provide a structured and measured approach to
quality improvement - Require an outside audit for certification
- Both are refined/improved over time
34Differences
ISO 9000 SW-CMMI
Outwardly focused Inwardly focused
Minimum requirements with implied continuous improvements Explicit continuous quality improvement
Not specific to any one industry or service Software focus
Registration Document No documentation
Continual Audits No follow up audits
35Sarbanes-Oxley Implications
- With its more than 300 discrete points of
enforceable law, this is the most significant
piece of account legislation passed since the
formation of the SEC in 1933 - SOX was passed with the specific intent of
increasing accountability and attempting to
install ethical behavior in financial reporting
and business operations. - With this increase spotlight on reporting,
companies must invest resources and focus into
their internal control process - The Act created the Public Company Accounting
Oversight Board (PCAOB) to oversee the activities
of the auditing profession and mandated reforms
to enhance corporate and criminal fraud
accountability. - A goal of SOX legislation is to continually
improve the transparency of financial and
business events that can impact the accuracy and
future validity of financial statements.
Projects to improve processes and regular review
of controls will become common-place activities
as compliance evolves. Tools that simplify
project completion and track status will better
enable organization to cost-effectively undertake
these projects.
36(No Transcript)