CMM vs. ISO - PowerPoint PPT Presentation

About This Presentation
Title:

CMM vs. ISO

Description:

CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufacturing Services Agenda Who Am I - EDS Software Systems Development ISO CMM Sarbanes Oxley Who Am I Process ... – PowerPoint PPT presentation

Number of Views:174
Avg rating:3.0/5.0
Slides: 44
Provided by: DavidsC163
Learn more at: https://www.umsl.edu
Category:
Tags: cmm | iso | auditing

less

Transcript and Presenter's Notes

Title: CMM vs. ISO


1
CMM vs. ISO
  • David S. Craft CIRM, PMP
  • Engineering Manufacturing Services

2
Agenda
  • Who Am I - EDS
  • Software Systems Development
  • ISO
  • CMM
  • Sarbanes Oxley

3
Who Am I
Managing Consultant Engineering and
Manufacturing Services Applications Service
Delivery EDS
Inventory Control Manager
Shift Supervisor
Industrial Engineer
Team Leader
Materials Manager
Internal ISO Auditor
Manager Production Planning Control
VISTA Volunteer
Consultant
Project Manager
Chief Industrial Engineer
4
(No Transcript)
5
Process
  • To Develop Software and Systems You Need A
    Process
  • Anything goes
  • Defined
  • Structured

6
(No Transcript)
7
(No Transcript)
8
Process, people and technology are the major
determinants of project cost, quality and
schedule.
9
Common Misconceptions
  • I dont need defined processes I have
  • Really good people
  • Advanced Technology
  • An experienced manager
  • Defined Processes
  • Interfere with creativity
  • Equals bureaucracy regimentation
  • Isnt needed when building prototypes
  • Is only useful on large projects
  • Hinders agility in fast moving projects
  • Costs too much

10
Why We Need Standard Processes
  • Estimating (History)
  • Scope
  • Cost
  • Time
  • Tools
  • Deliver the Product to Estimate (Visibility)
  • Time
  • Cost
  • Quality
  • Handling/Controlling Changes
  • Planned
  • Unplanned
  • Scope Creep

11
How to Achieve Quality Processes
  • ISO
  • CMM

12
ISO CMM Differences
ISO90012000 CMMI
International standard, applies to all types of organizations, supports both product and service oriented organizations Written specifically for software development companies
A brief document about 25 pages long, identifying the minimal requirements for a quality system A detailed document over 500 pages long
Emphasizes on a management of continuous improvement process, based on the PDCA (Plan-Do-Check-Act) model Emphasizes on achieving maturity and improving its process continuously
One level of standard. The standard is based on recommendation Defines 5 maturity levels of the organization, covering 25 process areas (PAs)
Netta Dotan, Quality Assurance project
management, Ronkal Office Technologies
13
ISO CMM Differences My View
ISO 9000 SW-CMMI
Outwardly focused Inwardly focused
Minimum requirements with implied continuous improvements Explicit continuous quality improvement
Registration Document No documentation
Certification audit for a 50 employee organization will be executed by -12 auditors during one day Certification audit for a 50 employee organization will be executed by 4 auditors during 4-5 days
Netta Dotan, Quality Assurance project
management, Ronkal Office Technologies
14
ISO CMM Similarities
  • Both require the organization be explicit about
    what their processes and quality systems are
  • Say what you do do what you say
  • The organization records and tracks data for
    objective analysis
  • Require strong management support to succeed
  • Provide a structured and measured approach to
    quality improvement
  • Require an outside audit for certification
  • Both are refined/improved over time

15
Meet ISO
  • ISO (International Organization for
    Standardization) is the world's largest developer
    and publisher of International Standards.
  • ISO is a network of the national standards
    institutes of 157 countries, one member per
    country, with a Central Secretariat in Geneva,
    Switzerland, that coordinates the system.
  • ISO is a non-governmental organization that forms
    a bridge between the public and private sectors.
    On the one hand, many of its member institutes
    are part of the governmental structure of their
    countries, or are mandated by their government.
    On the other hand, other members have their roots
    uniquely in the private sector, having been set
    up by national partnerships of industry
    associations.
  • Therefore, ISO enables a consensus to be reached
    on solutions that meet both the requirements of
    business and the broader needs of society.

16
What are standards?
17
ISO 9000 and ISO 14000 (Management Systems)
  • The ISO 9000 and ISO 14000 families are among
    ISO's best known standards ever. ISO 90012000
    and ISO 14001 (1996 and 2004 versions) are
    implemented by over 1,000,000 organizations in
    161 countries.
  • The ISO 9000 family addresses "quality
    management". This means what the organization
    does to fulfill
  • the customer's quality requirements and
  • applicable regulatory requirements, while aiming
    to
  • enhance customer satisfaction, and
  • achieve continual improvement of its performance
    in pursuit of these objectives.
  • The ISO 14000 family addresses "environmental
    management". This means what the organization
    does to
  • minimize harmful effects on the environment
    caused by its activities, and to
  • achieve continual improvement of its
    environmental performance.

18
ISOs Impact
  • In the global economy
  • ISO 90012000 and ISO 140012004 have become
    thoroughly integrated with the world economy.
  • ISO 90012000 is now firmly established as the
    globally accepted standard for providing
    assurance about the quality of goods and services
    in supplier-customer relations.
  • The positive roles played in globalization by
    ISOs standards for quality and environmental
    management systems include the following
  • a unifying base for global businesses and supply
    chains such as the automotive and oil and gas
    sectors
  • a technical support for regulation as, for
    example, in the medical devices sector)
  • a tool for major new economic players to increase
    their participation in global supply chains, in
    export trade and in business process outsourcing
  • a tool for regional integration  as shown by
    their adoption by new or potential members of the
    European Union
  • In the rise of services in the global economy
    nearly 33 of ISO 90012000 certificates in 2005
    went to organizations in the service sectors.

19
Where are the Standards (12/31/07)
Sector Standards Pages
Generalities, Infrastructure and Sciences 1,482 54,929
Health, Safety and Environment 684 24,062
Engineering Technologies 4,659 202,370
Electronics, Information Technology and Telecommunications 2,739 181,455
Transport and Distribution of Goods 1,835 49,435
Agriculture and Food Technology 997 22,495
Materials Technology 4,166 101,731
Construction 341 12,447
Special Technologies 138 3,416
Total 17,041 652,340
20
Which ISO Standards
  • The ISO family includes
  • ISO 90002000 Quality Management Systems
    Fundamentals and vocabulary
  • ISO 90012000 Quality Management Systems -
    Requirements
  • ISO 90042000 Quality Management Systems
    Guidelines for performance improvement
  • ISO 19011 Guidelines on quality and/or
    environmental management systems auditing.
  • ISO 10012 Measurement control system

21
Quality System Documentation
22
ISO 90012000 Structure
  • Quality Management System
  • 4.1 General requirements
  • 4.2 Document requirements
  • Management Responsibility
  • 5.1 Management commitment
  • 5.2 Customer focus
  • 5.3 Quality policy
  • 5.4 Planning
  • 5.5 Responsibility, authority, communication
  • 5.6 Management review
  • Product realization
  • 7.1 Planning of product realization
  • 7.2 Customer-related processes
  • 7.3 Design and development
  • 7.4 Purchasing
  • 7.5 Production and service provision
  • 7.6 Control of monitoring and measuring devices
  • Measurement, Analysis Improvement
  • 8.1 General
  • 8.2 Monitoring and measurement
  • 8.3 Control of nonconforming product
  • 8.4 Analysis of data
  • 8.5 Improvement
  • Resource Management
  • 6.1 Provision of resources
  • 6.2 Human resources
  • 6.3 Infrastructure
  • 6.4 Work environment

23
Meet CMM
  • CMM Capability Maturity Model
  • The Capability Maturity models have been
    developed by the Software Engineering Institute
    (SEI)
  • The Carnegie Mellon SEI is a federally funded (US
    Department of Defense) research and development
    center that provides the technical leadership to
    advance the practice of software engineering so
    that software intensive systems can be acquired
    and sustained with predictable and improved cost,
    schedule and quality.

24
(No Transcript)
25
SCAMPI Standard CMMI Appraisal Method for
Process Improvement
26
(No Transcript)
27
Process Areas
Requirements Management Organizational Process Definition
Project Planning Organizational Training
Project Monitoring Control Integrated Project Management
Supplier Agreement Management Risk Management
Measurement Analysis Integrated Teaming
Process Product Quality Assurance Integrated Supplier Management
Configuration Management Decision Analysis Resolution
Requirements Development Organizational Environment for Integration
Technical Solution Organizational Process Performance
Product Integration Quantitative Project Management
Verification Organizational Innovation Deployment
Validation Causal Analysis Resolution
Organizational Process Focus
28
(No Transcript)
29
EIA Electronic Industries Alliance Interim
Standard
30
(No Transcript)
31
(No Transcript)
32
(No Transcript)
33
(No Transcript)
34
(No Transcript)
35
(No Transcript)
36
(No Transcript)
37
(No Transcript)
38
(No Transcript)
39
Staged Process Area Continuous
L2 Requirements Management Engineering
L2 Project Planning Project Mgmt
L2 Project Monitoring and Control Project Mgmt
L2 Supplier Agreement Management Project Mgmt
L2 Measurement and Analysis Support
L2 Process and Product Quality Assurance Support
L2 Configuration Management Support
L3 Requirements Development Engineering
L3 Technical Solution Engineering
L3 Product Integration Engineering
L3 Verification Engineering
L3 Validation Engineering
L3 Organizational Process Focus Process Mgmt.
L3 Organizational Process Definition Process Mgmt.
L3 Organizational Training Process Mgmt.
L3 Integrated Project Management Project Mgmt
L3 Risk Management Project Mgmt
L3 Integrated Teaming Project Mgmt
L3 Integrated Supplier Management Project Mgmt
L3 Decision Analysis and Resolution Support
L3 Organizational Environment for Integration Support
L4 Organizational Process Performance Process Mgmt.
L4 Quantitative Project Management Project Mgmt
L5 Organizational Innovation and Deployment Process Mgmt.
L5 Causal Analysis and Resolution Support
CMM Process Areas
40
Examples of CMMI Impact ROI
  • 51 ROI for quality activities (Accenture)
  • 131 ROI calculated as defects avoided per hour
    spent in training and defect prevention (Northrop
    Grumman Defense Enterprise Systems)
  • Avoided 3.72 M in costs due to better cost
    performance (Raytheon North Texas Software
    Engineering) as the organization improved from
    SW-CMM level 4 to CMMI level 5
  • 21 ROI over 3 years (Siemens Information Systems
    Ltd, India)
  • 2.51 ROI over 12st year, with benefits amortized
    over less than 6 months (reported under non
    disclosure)
  • (reported by the American Society for Quality)

41
Sarbanes-Oxley Implications
  • With its more than 300 discrete points of
    enforceable law, this is the most significant
    piece of account legislation passed since the
    formation of the SEC in 1933
  • SOX was passed with the specific intent of
    increasing accountability and attempting to
    install ethical behavior in financial reporting
    and business operations.
  • With this increase spotlight on reporting,
    companies must invest resources and focus into
    their internal control process
  • The Act created the Public Company Accounting
    Oversight Board (PCAOB) to oversee the activities
    of the auditing profession and mandated reforms
    to enhance corporate and criminal fraud
    accountability.
  • A goal of SOX legislation is to continually
    improve the transparency of financial and
    business events that can impact the accuracy and
    future validity of financial statements.
    Projects to improve processes and regular review
    of controls will become common-place activities
    as compliance evolves. Tools that simplify
    project completion and track status will better
    enable organization to cost-effectively undertake
    these projects.

42
SOX Major Section
  • 302 Corporate Responsibility for Financial
    Reports
  • Requires Executives to certify the accuracy of
    corporate financial reports
  • 404 Management Assessment of Internal Controls
  • Requires executives and auditors to confirm the
    effectiveness of internal controls for financial
    reporting
  • 409 Real Time Issuers Disclose
  • Requires any material changes in financial state
    of issuer be communicated quickly and with
    supporting data to the public

43
Implications for IT
  • Configuration management is now a must
  • Change controls must be handled more carefully
  • Security, security, security
  • All system changes must be verifiable by a clear
    audit trail
  • Reduce reliance on batch processing, update data
    warehouse more frequently
  • Interfaces from any financial system must be
    documented and controlled
  • IT activities must be aligned with the companys
    governance and risk policies
Write a Comment
User Comments (0)
About PowerShow.com