Software QA

Managing Capability and Maturity

2009-02-24T21:00:00.000-08:00

Managing Capability and Maturity: Part 2

By: David Norfolk, Practice Leader - Development, Bloor Research
Published: 24th February 2009
Copyright Bloor Research © 2009

Page Tools

More from author
February 2009
Managing capability and maturity : 1
February 2009
You don't want a CMDB, you want a CMS
February 2009
Continuous Application Performance Management
January 2009
Something new in Perforce SCM
January 2009
Application Integrity: the Coverity approach.
December 2008
Compuware CU2008 - Day 2
December 2008
CU2008 Day 1
Syndication
Delicious
Digg
reddit
Facebook
StumbleUpon
In part one of this article,we talked about informal maturity management and why it might be a good thing. Now we want to talk about "the real thing" (CMMI; Capability Maturity Management Integrated, from the Software Engineering Institute at Carnegie Mellon) and why it might be worth the effort. But first, a warning: CMMI is not about gaining a shiny medal and boasting about it. As one CMMI ML5 (Maturity Lebvel 5) company once put it to me (more or less) "our marketing department can claim all sorts of wonderful things and point to real case studies that back up their claims. CMMI is all about not fooling ourselves, making sure that we can actually deliver on our marketroids' claims".

And, another thing to remember. It's generally accepted "in the trade" that if you are at CMMI Maturity Level 1 (ML1: managing, possibly successfully, by the seat of your pants and relying on the right people being around because you're not sure exactly what they do), there's no point in looking at CMMI ML5 as a target. It is simply beyond your comprehension. Aim for CMMI ML2 or 3. This means knowing what you've got, where it runs, what it does and who looks after it; and also involves identifying a few "good practices" that are being used and provably deliver something useful to the business, and sharing them with everyone in the organisation. Now, as a goal, that might sound reasonable, and even achievable.

That said, we thought we'd talk to a CMMI ML5 organisation: Aricent (its appraisal record is here—you should always check a CMMI ML claim, to see what it really means) and attempt to convey a glimpse of the vision. If it all seems too airy-fairy, by all means go back to the previous paragraph and stop reading there.

We talked to R. Sathyavageeswaran, an Assistant Vice President for Quality at Aricent, which is one of the largest privately-held companies in Silicon Valley, focussed on providing strategic innovation, technology and outsourcing services to the communications industry.

Bloor: How is CMMI assessment used—for external marketing or internal process?

S: Aricent has had a long and robust Quality journey where we have aligned our Quality Management Systems to meet the requirements of various international standards and frameworks to meet our business needs.

To give a quick summary, we started off our Quality journey by getting certified to ISO 9001 in 1996, CMM Level 4 in the year 2000, BS7799 Information Security standards in the year 2002, CMMI v1.1 Level 5 in the year 2003, TL9000 (Telecom specific ISO 9001 standards) in the year 2005, ISO 27001 Information Security standards in the year 2007 and now, CMMI v1.2 Level 5 in the year 2008. These frameworks and standards help us in ensuring a very high level of quality in all our deliveries. Alignment to these international standards and frameworks has been primarily to improve our internal processes, while letting the customers benchmark our services with known international standards.

Bloor: OK, so what is the impact of CMMI on your front-line developers?

RS: During our journey towards CMMI assessment, we have been able to implement many process improvements which have resulted in improving schedule/effort compliance and the quality of our deliveries. Some major improvements that were demonstrated during assessment are given below:

Implementation of Monte-Carlo Simulation based Process Performance Models to identify sub-processes that have an impact on the project outcome and help the project team manage the projects better. This has helped us to improve our estimations and re-estimations.
Implementation of a suite of prediction tools to predict defects, schedule, SLA and effort. These include:
Test End Date Prediction using the Exponentially Weighted Moving Average (EWMA) technique (a paper on this technique was selected for presentation in a Software Testing Conference held in Bangalore (India) where it was well received—see abstract here).
Use of a Rayleigh distribution to predict defects during and after the delivery of the product.
Reliability assessment using the Gompertz technique.
Use of non-homogeneous Poisson Process (NHPP) based tools to predict post-release defects.
Use of Monte-Carlo simulation based prediction of effort and SLAs (for maintenance type of projects).
Use of Moving Range Control Charts (XmR charts) for tracking critical sub-processes identified at the time of estimations.
Implementation of a comprehensive Health Index to track the health of projects under maintenance. This has helped us to improve our SLA compliance significantly (by approx 24%) and obtain a corresponding improvement in our Customer Satisfaction Index by 15% during the same period. [The Customer Satisfaction Index is on a scale of +5 to -5 and measures satisfaction levels derived from formal feedback in customer surveys.] This was also selected for presentation in the Global TL9000 conference held in Denver, USA (Sep 2008) where it was well received and we got invitations to present in other forums as well. Our marketing team even covered this through a press note.
Use of basic and advanced statistical techniques to baseline performance, with probabilistic modelling capability.
Bloor: Hmm... with our interest in testing, we're rather impressed to find someone putting defect prediction into practice. We also like seeing someone placing numbers against the benefits delivered

RS: In addition, the following process improvements were successfully demonstrated in many instances during the assessment:

Tracking review effectiveness using 2x2 matrix across different phases of projects.
Implementation of klocwork, a commercially-available Static Analysis tool, in our Products' Business Unit, resulting in reduction in memory leaks in our products.
A suite of tools to plan, identify, and track risks in projects. This includes Risk Profiling and Risk Identification Tracking through intranet tools; and maintenance of a Risk Database.
Process Improvements in the area of QMS (Quality Management System) integration, Testing Effectiveness, Test Automation, Internal Auditing, etc.
All of the above have had a deep impact on our employees. Here's a list of a few benefits:

For Project Managers: The improved focus on Quantitative Project Management helps the project managers in managing the project better, right from planning till closure. The statistical process control mechanisms and process performance models that we introduced as part of our journey to CMMI helps them in predicting the quality and schedule, thereby reducing any negative surprises.
For Developers and Testers: The focus on a well defined documented system, along with training delivery mechanisms, helps the developers and testers to get quickly ramped up on projects. As part of the journey, we enhanced our process assurance on both upstream and downstream life cycle phases and this has resulted in improved quality of deliveries and improved customer satisfaction, which has a very positive impact on team morale and engagement.
For the Business team: It has helped the business team to predict customer satisfaction and retention (based on the various Quality-Cost-Delivery metrics) and also helped in putting in some internal controls on costs/efficiencies/defect rates etc.
In addition, as a robust measurement framework is available, all stakeholders in the project are able to see the relevant metrics and take actions at the appropriate time.

Bloor: So, exploring the measured business value delivered a bit further, what is the impact of CMMI ML5 on business outcomes and how will this be measured?

RS: During this journey, we have seen significant improvements in our ability to meet our plans, quality of deliveries, SLA compliance and most importantly, on our Customer Satisfaction Index. These are business critical parameters and we would continue to track these, along with productivity improvement and repeat business from customers.

Bloor: Ah, we like measuring Customer Satisfaction formally. OK, so what next—reassessment? When?

RS: We plan to expand the scope of the assessment to include more business units and more geographical locations. We will track the CMMI model continuously and upgrade our Quality systems to meet any changes that the SEI may incorporate into the model and plan to go for a re-assessment in the next 24–36 months.

Bloor: But, surely, there must be some downsides to all this?

RS: There are no major downsides in a model based improvement journey. However, as the company goes through inorganic growth through acquisitions of companies which may not have a mature quality system, we would like to keep a close watch on integration of processes to ensure that the processes in these acquired entities are enhanced to meet the business needs.

The other possible area to consider would be the suitability of CMMI for really short duration or low efffort projects. In such cases, it would be better to adapt the full-blown CMMI requirements to meet the requirements of the project—which the CMMI model allows anyway, through project-level tailoring.

Bloor: Yes, that last is a good point, a degree of flexibility is, indeed, built into CMMI. Thank you.

So, there you have it. Does this all sound useful? Well, no matter. You can start on the maturity journey without CMMI. Get rid of the "blame culture". Start managing your assets. Take a look at ITIL v3. Identify "good practice" and make sure everyone gets to use it. Start measuring business outcome in a way that makes sense to the business users (who, ultimately, pay your salaries) and relate your budget requests and project reviews to these metrics. And, please, analyse every delivered project, to see if you can learn things that will help you do it better next time.

Then revisit CMMI and see if there might be something in it after all. It does seem to be succeeding, and not just with US Defence suppliers—see here for a review of the formal "class A" CMMI appraisal results the SEI knows about. They make interesting reading and may dispel a few misconceptions.

Reader Comments

Do you agree with what David Norfolk is saying? Perhaps you feel, or even know, different? Why not post your opinion on this issue?

more

2008-10-22T23:27:00.001-07:00

PTA Professional Edition Updates
Latest Update: Version 1.54 Build 1206 - October 11, 2008.

Build 1206 - Download Latest Cumulative Update - October 11, 2008
If the PTA Risk Assessment tool is already installed on your computer, we strongly recommend that you keep it up-to-date by downloading a free cumulative update with the latest improvements and bug fixes (4MB size; less than 1 minute download time, applicable for all previous versions of PTA).
Build 1206 introduces a revised reporting system which enables better aggregation and sorting of threat model data and analysis results. The new mechanism allows users to define simple Tags Filter queries which filter the data shown in reports according to the tags attached to the threat’s model entities.
Thanks to Andy Baron for his excellent tip on sorting report records at runtime and to Jerry Lee for his great help in defining the tags query UI.
Build 1206 is fully compatible with all existing PTA threat models and libraries versions.
If this is your first time with PTA, you are invited to visit our download area and get a full version of the PTA Professional Edition Risk Assessment tool.

Latest Support Notes :
If you encounter problems when trying to run PTA for the first time after installation:
Please have a look at section 8 in PTA Support & FAQ page which includes a few updated solutions regarding difficulties in running PTA on machines with Office 2007/2003 installed.
How do I know the current version of PTA installed on my computer?
Click the Help About menu option in PTA main menu. The About dialog displays the current PTA version and build number.

***

ISO 9001 for Software Industry

2008-04-19T18:58:00.000-07:00

-- updated quarterly (ISO 9000-3, TickIT,...) --
"Quality will always win if you give it a chance." -- Small Business 2000
Tantara offers easy access to ISO 9001 information (ISO 9000-3, TickIT,...) that is specific to improving a software organization's process effectiveness and product/service potential.
See Tantara's main hotlist for other information.

When reading information on the internet, take note of the standard/model's edition being discussed/compared. Click here for a list depicting the current edition of key standards/models.
Click here for a quick view of the world's maturity regarding software quality and software process capability.

Resources:

Guidelines for application of ISO 9001 to software development: This web page summarizes ISO 9000-3:1991.

ISO 9000-3:1991 guidelines translated in plain english: Praxiom summarizes their interpretation of ISO 9000-3:1997 and highlights their main points.

ISO 9000-3:1991 checklist: Suggestions and a list of questions to determine whether requirments are met.

ISO 9001 explained clause-by-clause (both 2000 & 1994 editions): This is a good summary of how to interprete the ISO 9001 standard.

ISO 9001:2000 guidance: Lots of guidance here from ISO themselves.

ISO standards for the software industry: Enter software in the keyword field of the form -- if you prefer to view all computing specific standards, enter "information technology" in the keyword field. Then, click the SEARCH button to see the list of ISO standards.

ISO 9001:2000 translated in plain english: Praxiom summarizes their interpretation of ISO 9001:2000 and highlights their main points.

Trillium capability (area 5) - Quality System: Refer to this model's capability area #5 for a phase (level) approach to implementing an ISO 9001 compliant quality system for software development.
Articles:

Applicability of ISO 9001 to software development: How is ISO 9001:1994 relevant to software development organizations? What is the role of ISO 9000-3:1997?

Briefing--ISO 9000:1994 series: In light of the software development challenge, a briefing on the ISO 9000 series of standards (presented in March 1996).

History and relationship of process standards/models: Software process improvement is often influenced by process related standards/models and thus, it is important that a "change agent" understands the history and relationships of these standards/models.

TickIT description: TickIT is an ISO 9001 scheme for the software industry. Discover the principles and objectives of this scheme.

TickIT--providing confidence in ISO 9001:1994 certification: This paper traces the events that led up to the TickIT initiative, outlines TickIT, and discusses the issues that were outstanding in 1995.
Documents and Reports:

Report: Comparison of ISO 9001:1994 and SEI's SE-CMM V1.1 [pdf]: This is a top level summary of the comparison between the Systems Engineering Capability Maturity Model and ISO 9001.

Report: Comparison of ISO 9001:1987 and SEI's SW-CMM V1.1 [pdf]: M. Paulk's comparison report for SEI, report released in 1994. Comparison is version 1.1 of SEI's Capability Maturity Model for Software (SW-CMM) against the initial release (1987 edition) of ISO 9001. Also see M.Paulk's January 1996 IEEE Software feature article "How ISO 9001:1994 Compares with the CMM V1.1".

Report: Executive overview - TickIT for ISO 9001:2000 [pdf]: This is a quick four page overview of the revised TickIT guide for ISO 9001:2000.
Registered Software Organizations and their Registrars:

Quality Digest's search for ISO 9001 registered organizations: A form is presented; to view all software development organizations registered to ISO 9001in North America, enter "9001" in the "Standards" field and "software" in the "Scope of Registration" field -- leave all other fields blank. -- Note: Click here to purchase a complete directory of all ISO 9000 registered companies in North America.

Registrar Accreditation Board (RAB) accredited ISO 9000 registrars: Enter "33-Information Technology" in the scope field of the form presented at the bottom of this page. Click SUBMIT button to see a list of RAB accredited "ISO 9000 registrars for the software industry".

Standards Council of Canada (SCC) accredited ISO 9000 registrars: This is the current list of SCC accredited ISO 9000 registrars.
Governing agents for ISO 9001 and related software industry schemes:

ISO: The home (web) site for the International Organization for Standardization.

ISO Members: This is a list of all ISO Members--view this list to determine who is the ISO Member representative for your country.

ISO's Technical Sub-Committee #176-SC2 (re: Quality Management/Assurance): This site is provided for work specific to ISO 9001 and 9004 -- checkout this site for the many guidelines regarding transitioning ISO 9001:1994 to ISO 9001:2000

ISO's Technical Committee #176 (oversees Quality Management/Assurance): This site is for the TC176 committee members who oversee work pertaining to the ISO 9000 series and related standards/guidelines (e.g., ISO 10000 serries...)

TickIT: The home (web) site for the United Kingdom's TickIT scheme.
If you found this hotlist helpful, imagine what Tantara can do "in person" (consulting / training).
Why consider Tantara's consulting/training?
Tantara is one of the few firms that has proven experience in both software process improvement and ISO 9001 (ISO 9000-3, TickIT, AS 3563).
more

Moving up the ladder from ISO 9001

2008-03-04T00:49:00.000-08:00

go here

Software Testing

2008-02-18T22:34:00.000-08:00

The main objective of testing is to find defects in requirements, design, documentation, and code as early as possible. The test process should be such that the software product that will be delivered to the customer is defect less. All Tests should be traceable to customer requirements.Test cases must be written for invalid and unexpected, as well as for valid and expected input conditions. A necessary part of a test case is a definition of the expected output or result. A good test case is one that has high probability of detecting an as-yet undiscovered error.Eight Basic Principles of Testing· Define the expected output or result.· Don't test your own programs.· Inspect the results of each test completely.· Include test cases for invalid or unexpected conditions.· Test the program to see if it does what it is not supposed to do as well as what it is supposed to do.· Avoid disposable test cases unless the program itself is disposable.· Do not plan tests assuming that no errors will be found.The probability of locating more errors in any one module is directly proportional to the number of errors already found in that module.Best Testing Practices to be followed during testing· Testing and evaluation responsibility is given to every member, so as to generate team responsibility among all.· Develop Master Test Plan so that resource and responsibilities are understood and assigned as early in the project as possible.· Systematic evaluation and preliminary test design are established as a part of all system engineering and specification work.· Testing is used to verify that all project deliverables and components are complete, and to demonstrate and track true project progress.· A-risk prioritized list of test requirements and objectives (such as requirements-based, design-based, etc) are developed and maintained. · Conduct Reviews as early and as often as possible to provide developer feedback and get problems found and fixed as they occur.
Posted by expert at 12:38 AM 0 comments
Older Posts

List of software companies certified for quality

2008-02-01T21:27:00.000-08:00

go here

Application software threat analysis

2008-01-25T12:05:00.000-08:00

Buggy and insecure software applications are the top factor in security breaches.
The majority of data breaches are caused by attackers that exploit application software vulnerabilities. Attackers are not limited to Islamic cyber-terror groups like Team Evil, that exploited a known vulnerability in the Invision Power Board Web application. Software vulnerabilities are increasingly exploited by threats from trusted insiders such as contract programmers who have access to the source control repositories of company projects.
We improve software security with software quality

Software defect reduction is a highly economical way of preventing data breaches. You may be able to save hundreds of thousands of dollars in your security budget by decisive, focused software defect reduction.

We carry out a systematic threat analysis on critical business and Internet-facing Web applications after choosing a particular business unit and application functions. You get a cost-effective risk mitigation plan that shows you where and how you should remove software defects and how best to maintain reliable software.

The process requires executive level sponsorship that will later on, need to buy into implementation of the risk mitigation plan. The team members are chosen at a preliminary planning meeting with the lead consultant and the project's sponsor. There are typically 4-8 active participants with relevant knowledge of the business and the software. The team is lead by 2-4 expert Software Associates consultants that have the domain expertise, people skills and patience to guide a chaotic process.

The threat analysis follows a 7 step process: Set scope, Identify business assets, Identify software components, Classify vulnerabilties, build a system threat model, build the risk-mitigation plan and validate findings. Since there is normally a great deal of shared information between process steps, control flows asynchronously between steps.
Companies that perform software application threat analysis receive a clear picture of where to focus their software quality and application patching efforts.

Contact us today for a free consultationUS: +1 301-841-7122Israel: +972 (0)3 610 9750Sales AT software DOT co DOT il

More professional services from Software Associates
Digital Asset Protection
Business vulnerability assessment
Risk control optimization
Featured research articles
Software security assessment of production systems
The 7 step process for software threat analysis
Practical threat analysis in software development
10 questions your CEO should be able to answer

Next >

more

Capability Maturity Model Integration CMMI

2008-01-23T15:31:00.000-08:00

Capability Maturity Model® Integration (CMMI®) is a process improvement approach that provides organizations with the essential elements of effective processes.[1] CMMI best practices are published in documents called models, which each address a different area of interest. There are now two areas of interest covered by CMMI models: Development and Acquisition.

The current release of CMMI is Version 1.2. There are two version 1.2 models now available:
CMMI for Development (CMMI-DEV), Version 1.2 was released in August 2006. It addresses product and service development processes.

CMMI for Acquisition (CMMI-ACQ), Version 1.2 was released in November 2007. It addresses supply chain management, acquisition, and outsourcing processes in government and industry.
Regardless of which model you choose, CMMI best practices should be adapted to each individual organization according to its business objectives. Organizations cannot be CMMI "certified." Instead, an organization is appraised (e.g., using an appraisal method like SCAMPI) and is awarded a 1-5 level rating. The rating results of such an appraisal can be published if released by the appraised organization.[2]

Contents
1 Process Areas
2 History
3 Appraisal
4 Benefits
5 CMMI Concepts
6 References
7 Footnotes
8 See also
9 External links
//
more

List of CMM Level 5 Certified companies in India

2008-01-22T18:16:00.000-08:00

go here

Configuration Management and ISO 9001

2007-11-09T04:42:00.000-08:00

Robert Bamford, William J. Deibler II Software Systems Quality Consulting, http://www.ssqc.com/

Configuration management is about managing change of the multiple items composing an information system. This article puts in reference the configuration management function and the ISO 9001 standard. This standard offers a wide range of advice on how to deal with this important, but often neglected, aspect of software engineering.

The software engineering practices associated with software configuration management (SCM or CM) offer a number of opportunities to address requirements found in the International Standard, ISO 9001. From a management perspective, the principles and practices of CM represent an accepted and understood foundation for implementing ISO-compliant processes in software engineering organizations. In addition, the growing number of tools for automating CM practices is chance for improving the efficiency and effectiveness of these processes.

This article begins with brief, general definitions of configuration management and of ISO 9001.
Configuration Management
While there is no single definition of CM, there are three widely disseminated views from three different sources: the Institute of Electrical and Electronics Engineers (IEEE), The International Organisation for Standardisation (ISO), and the Software Engineering Institute (SEI) at Carnegie Mellon University.

The IEEE perspective on CM
A most widely understood description of the practices associated with configuration management is found in the IEEE Standard 828-1990, Software Configuration Management Plans.
[Numbers in brackets are added]

"SCM activities are traditionally grouped into four functions: [1] configuration identification, [2] configuration control, [3] status accounting, and [4] configuration audits and reviews."
IEEE Standard 828-1990 goes on to list specific activities associated with each of the four functions (the number of the paragraph containing the reference appears in parentheses):
Identification: identify, name, and describe the documented physical and functional characteristics of the code, specifications, design, and data elements to be controlled for the project. (Paragraph 2.3.1)

Control: request, evaluate, approve or disapprove, and implement changes (Paragraph 2.3.2)
Status accounting: record and report the status of project configuration items [initial approved version. status of requested changes, implementation status of approved changes] (Paragraph 2.3.3)

Audits and reviews: determine to what extent the actual configuration item reflects the required physical and functional characteristics (Paragraph 2.3.4)

This list is similar to the set of activities noted by Pressman:
"Software configuration management is an umbrella activity ... developed to (1) identify change, (2) control change, (3) ensure that change is being properly implemented, and (4) report change to others who may have an interest."

The ISO perspective on CM
In the guideline document, ISO 9000-3:1991 Guidelines for the application of ISO 9001 to the development, supply and maintenance of software, the International Organisation for Standardisation identifies a similar set of practices as CM:
"Configuration management provides a mechanism for identifying, controlling and tracking the versions of each software item. In many cases earlier versions still in use must also be maintained and controlled.

"The [CM] system should
"a) identify uniquely the versions of each software item;
"b) identify the versions of each software item which together constitute a specific version of a complete product;
"c) identity the build status of software products in development or delivered and installed;
"d) control simultaneous updating of a given software item by more than one person;
"e) provide coordination for the updating of multiple products in one or more locations as required;
"f) identify and track all actions and changes resulting from a change request, from initiation ... to release."

The SEI perspective on CM
Based on a review of currently available tools and an evolving understanding of the organizational role of CM, the SEI advocates a broader definition of CM in SEI-92-TR-8:
"The standard definition for CM taken from IEEE standard 729-1983 [updated as IEEE Std 610.12-1990] includes:
"Identification: identifying the structure of the product, its components and their type, and making them unique and accessible in some form
"Control: controlling the release of product and changes to it throughout the life cycle …
"Status Accounting: recording and reporting the status of components and change requests, and gathering vital statistics about components in the product
"Audit and review: validating the completeness of a product and maintaining consistency among the components …

"[The IEEE] definition of CM … needs to be broadened to encompass … :
"Manufacturing: managing the construction and building of the product
"Process management: ensuring the correct execution of the organization's procedures, policies, and life-cycle model
"Team work: controlling the work and interactions between multiple developers on a product."

more

more

Advice on Configuration Management

Software Validation

2007-11-03T14:32:00.000-07:00

Software validation is a critical tool used to assure the quality of device software and software automated operations. Software validation can increase the usability and reliability of the device, resulting in decreased failure rates, fewer recalls and corrective actions, less risk to patients and users, and reduced liability to device manufacturers.

Software validation can also reduce long term costs by making it easier and less costly to reliably modify software and revalidate software changes. Software maintenance can represent a very large percentage of the total cost of software over its entire life cycle. An established comprehensive software validation process helps to reduce the long-term cost of software by reducing the cost of validation for each subsequent release of the software.

Table of Contents
SECTION 1. PURPOSE
SECTION 2. SCOPE
2.1. Applicability
2.2. Audience
2.3. THE LEAST BURDENSOME APPROACH
2.4. Regulatory Requirements for Software Validation
2.4. Quality System Regulation vs Pre-Market Submissions
SECTION 3. CONTEXT FOR SOFTWARE VALIDATION
3.1. Definitions and Terminology
3.1.1 Requirements and Specifications
3.1.2 Verification and Validation
3.1.3 IQ/OQ/PQ
3.2. Software Development as Part of System Design
3.3. Software is Different from Hardware
3.4. Benefits of Software Validation
3.5 Design Review
SECTION 4. PRINCIPLES OF SOFTWARE VALIDATION
4.1. Requirements
4.2. Defect Prevention
4.3. Time and Effort
4.4. Software Life Cycle
4.5. Plans
4.6. Procedures
4.7. Software Validation After a Change
4.8. Validation Coverage
4.9. Independence of Review
4.10. Flexibility and Responsibility
SECTION 5. ACTIVITIES AND TASKS
5.1. Software Life Cycle Activities
5.2. Typical Tasks Supporting Validation
5.2.1. Quality Planning
5.2.2. Requirements
5.2.3. Design
5.2.4. Construction or Coding
5.2.5. Testing by the Software Developer
5.2.6. User Site Testing
5.2.7. Maintenance and Software Changes
SECTION 6. VALIDATION OF AUTOMATED PROCESS EQUIPMENT AND QUALITY SYSTEM SOFTWARE
6.1. How Much Validation Evidence Is Needed?
6.2. Defined User Requirements
6.3. Validation of Off-the-Shelf Software and Automated Equipment
APPENDIX A - REFERENCES
Food and Drug Administration References
Other Government References
International and National Consensus Standards
Production Process Software References
General Software Quality References
APPENDIX B - DEVELOPMENT TEAM

more

more

Software Quality Basics

2007-11-03T12:52:00.000-07:00

'Quality' is a relative term and it is generally used with reference to the end use of the product. The word 'quality' has variety of meanings including fitness for purpose, grade, degree of preference, degree of excellence & fulfillment of promises.

It may also be defined as a degree of conformance of design and specifications. American Heritage Dictionary defines Quality as "A characteristics or attribute of something". When we examine an item based on its measurable characteristics, two kinds of quality may be encountered:1.Quality of design2.Quality of conformanceThe quality of design of a product is concerned with the tightness of the specifications for manufacture of the product. It depends on the type of customers in the market, capital goods, profit consideration of the organization & special requirements of the product. The quality of conformance is concerned with how well the manufactured product conforms to the quality of design. To achieve this, the incoming raw materials have to be of adequate quality, selection of the process should be proper, operators need to be trained and experienced & proper care should be taken during shipment and storage of finished goods. A proper inspection program & feedback mechanism should exist, both for internal inspection & for the customers.The quality of performance is concerned with how well the manufactured product gives its performance t depends upon the quality of design & the quality of conformance.The cost of carrying out the company's quality functions (meeting the quality needs of the customers) are known as costs of quality. It provides baseline for the current cost of quality and identifies opportunities for reducing the cost of quality in the future. A quality cost committee of the American Society for Quality Control has recommended that quality cost be defined in four categories:

more

debugging and testing

2007-11-03T12:37:00.000-07:00

Debugging is a methodical process of finding and reducing the number of bugs, or defects, in a computer program or a piece of electronic hardware thus making it behave as expected. Debugging tends to be harder when various subsystems are tightly coupled, as changes in one may cause bugs to emerge in another.
Contents[hide]
1 Origin
2 Tools
3 Basic steps
3.1 Recognize a bug exists
3.2 Isolate source of bug
3.3 Identify cause of bug
3.4 Determine fix for bug
3.5 Fix and test
4 Steps to reduce debugging
4.1 The correct mindset
4.2 Start at the source
4.3 Treat user input with suspicion
4.4 Use of log files
4.5 Test suites
4.6 Change one thing at a time
4.7 Back out changes that have no effect
4.8 Think of similar situations
5 See also
6 References
7 External links

more

Freeware Debugging Freeware Download Shareware Download ...
Download freeware Debugging freeware download Debugging shareware download software Debugging software directory provide Software Developer :: Debugging ...www.brothersoft.com/Software_Developer_Debugging_Download_List_1.html - 57k - Cached - Similar pages

Testing and Debugging Software
Readers chose VMware Workstation as the Best Testing and Debugging Software.www.windowsitpro.com/Articles/Index.cfm?ArticleID=40181 - Similar pages

New Approaches to Software Debugging
The long term goal of our research is to investigate more effective, general methods of debugging complicated software systems. We are investigating new ...www.cs.purdue.edu/AnnualReports/95/AR95Book-126.html - 4k - Cached - Similar pages

Software debugging, testing, and verification
IBM Systems Journal issue 41-1, Software Testing and Verification - Software debugging, testing, and verification - Feature paper.www.research.ibm.com/journal/sj/411/hailpern.html - 53k - Cached - Similar pages

Software Debugging Process: How it goes and how to improve it ...
The process of debugging: formalization & improvement.www.codeproject.com/Purgatory/debugprocess.asp - 31k - Cached - Similar pages

Chipping software for faster debugging
If you've spent some time doing software development, you know that debugging and testing consume more time than writing code, especially on large projects. ...www.primidi.com/2007/10/06.html - 26k - Cached - Similar pages

Deshpande Center - Complex Systems and Communications Projects
This project is applying a novel technology to the problems of understanding, evolving, testing, and debugging software systems. The technology will be able ...web.mit.edu/deshpandecenter/proj_ernst.html - 17k - Cached - Similar pages

Linux software debugging with GDB
Most flavours of Linux come with the GNU debugger, or gdb to the shell. Gdb lets you see the internal structure of a program, print out variable values, ...www.ibm.com/developerworks/library/l-gdb/ - 53k - Cached - Similar pages

! Aware: default selections: Software Debugging and Testing
Debugging can be just as disciplined, systematic, and quantifiable as any other area of software engineering--which means that we should eventually be able ...www.rocketaware.com/spec/softdev/debug/ - 50k - Cached - Similar pages

Applicability of ISO 9001 to Software Development

2007-10-11T18:52:00.000-07:00

go here

ISO 9000-3 1997 Guidelines in Plain English
go here

ISO 9000-3 1997 is now OBSOLETE. It has been replaced by ISO IEC 90003 2004.

How to ensure EVM operates well for software projects

2007-10-07T03:52:00.000-07:00

go here

Configuration Management

2007-08-23T15:05:00.000-07:00

FAQ's
go here

SPICE (ISO/IEC 15504) VS SEI CMMI

2007-06-28T17:18:00.000-07:00

Acceptance of ISO/IEC 15504
ISO/IEC 15504 has been successful as:

In 2006 GM and Chrysler have started phasing out CMMI in favor of SPICE as they relocate their engineering centers to Europe.
ISO/IEC 15504 is publicly available through National Standards Bodies.
It has the support of the international community
Over 4000 assessments have been performed to date
Major sectors are leading the pace such as automotive, space and medical systems with industry relevant variants
Domain-specific models like Automotive SPICE can be derived from it
There have been many international initiatives to support take-up such as SPICE for small companies.

more

Adding SPICE whiile preserving the CMM

ISO/IEC 15504 - SPICE

2007-06-28T16:51:00.000-07:00

Contents: What is ISO/IEC 15504?What does the SEI plan to do to be compliant to this standard? How will the SEI help the community prepare to meet this standard?How does ISO/IEC 15504 relate to the Software CMM and to ISO 9001?Will the software community have to choose between 15504 and their current model of choice?What are the considerations in determining whether 15504 conformance is important to my business?How can I obtain more information about 15504?

http://www.sei.cmu.edu/cmmi/faq/15504-faq.html

ISO/IEC 15504 (all parts) provides a framework for the assessment of processes. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services.

ISO/IEC 15504-3:2004 provides guidance on meeting the minimum set of requirements for performing an assessment contained in ISO/IEC 15504-2.

It provides an overview of process assessment and interprets the requirements through the provision of guidance on:

performing an assessment;
the measurement framework for process capability;
process reference models and process assessment models;
selecting and using assessment tools;
competency of assessors;
verification of conformity.

ISO/IEC 15504-3:2004 also provides an exemplar documented assessment process that conforms to the requirements of 4.2 in ISO/IEC 15504-2.
Corrigenda, Amendments and other parts
ISO/IEC 15504-1:2004
ISO/IEC 15504-2:2003
ISO/IEC 15504-4:2004
ISO/IEC 15504-5:2006

http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=37454

There are a variety of ISO standards addressing various aspects of process improvement.
ISO 9000 is a set of standards for quality management systems that is accepted around the world. Currently more than 800,000 organizations in 161 countries have adopted ISO 9000 as national standards. When you purchase a product or service from an organization that is registered to the appropriate ISO 9000 standard, you have important assurances that the quality of what you receive will be as you expect. In addition, with the year 2000 revision of the standard, quality objectives, continual improvement, and monitoring of customer satisfaction provide the customer with increased assurances that their needs and expectations will be met. There is significant overlap between ISO 9000 and SW-CMM® Level 2. A comparison of the two is documented in A Comparison of ISO 9001 and the SW-CMM® [download is cmm9001.pdf] Note that the document was scanned in reverse order, so the first page you see is actually the last page of the document.
ISO 15504 (SPICE) SPICE (ISO/IEC 15504) is a major international initiative to develop a Standard for Software Process Appraisal. The project is carried out under the auspices of the International Committee on Software Engineering Standards ISO/IEC JTC 1/SC 7, through its Working Group on Software Process Appraisal (WG10). Since 1993, the SPICE (ISO/IEC 15504) (Software Process Improvement and Capability Determination) project, launched within the ISO has been developing a framework standard for software process Appraisal, bringing together the major suppliers and users of Appraisal methods. Field trials of SPICE-based Appraisal commenced in January 1995, and will continue until ISO/IEC 15504 is published as a full International Standard, scheduled by 2002.
ISO 12207 offers a framework for software life-cycle processes from concept through retirement. It is especially suitable for acquisitions because it recognizes the distinct roles of acquisitor and supplier. In fact, the standard is intended for two-party use where an agreement or contract defines the development, maintenance, or operation of a software system. It is not applicable to the purchase of commercial-off-the-shelf (COTS) software products. ISO 12207 provides a structure of processes using mutually accepted terminology, rather than dictating a particular life-cycle model or software development method. Since it is a relatively high-level document, 12207 does not specify the details of how to perform the activities and tasks comprising the processes. Nor does it prescribe the name, format, or content of documentation. Therefore, organizations seeking to apply 12207 may want to use additional standards or procedures that specify those details.
CMMI® version 1.2 is coming. Are you ready?
CMMI® version 1.1 will be sunsetted as of August 31, 2007, and version 1.1 of the Introduction to the CMMI® will not be offered after December 31, 2006. MDM will provide the new version 1.2 of the CMMI® introduction class, along with training on SCAMPISM version 1.2.
Learn MoreLearn about the L2 QuickStart Workshop.

Purpose Driven Process ImprovementSM is designed to:

improve quality
reduce costs
improve morale
reduce cycle times
increase productivity
improve project control

Is process improvement right for you?

-->
http://www.mdmaturity.com/models.php

ISO 15504

ISO/IEC 15504 also known as SPICE (Software Process Improvement and Capability dEtermination) is a "framework for the assessment of processes" developed by the Joint Technical Subcommittee between ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission).
ISO/IEC 15504 initially was derived from process lifecycle standard ISO 12207 and the ideas of capability maturity in SW CMM.
Contents
1 Overview
2 The ISO/IEC 15504 standard
2.1 Reference model
2.1.1 Processes
2.1.2 Capability levels and process attributes
2.2 Assessments
2.2.1 Assessment process
2.2.2 Assessment model
2.2.3 Tools used in the assessment
2.3 Assessor qualifications and competency
2.4 Uses of ISO/IEC 15504
2.4.1 Process improvement
2.4.2 Capability determination
3 History
4 Acceptance of ISO/IEC 15504
5 References
6 External links

more

what you get as you head towards CMMI Level 5

2007-06-28T16:41:00.000-07:00

go here

FAQ's

2007-06-28T13:31:00.001-07:00

Optimising the software delivery cycle **** A ZDNet UK discussion panel ****
Quality software delivery is a perennial challenge for anyone involved in the software delivery process, from CIOs to developers.
There is a rolling pressure to deliver, within a fixed time frame and a very fixed budget, high quality, robust software that can both support and help grow the business.
How can you best deliver quality software on time and to budget?
Discover how some of the big software development houses do it in this ZDNet UK panel discussion.
Watch the panel discussion

http://www.zdnet.co.uk/zdnetuk/resources/articles/0,1000001991,39287689,00.htm

2007-05-31T21:00:00.000-07:00

[Methods & Tools] [Links]

Martinig & Associates has conducted software process evaluation based on the Capability Maturity Model (CMM ( CMMI) between 1993 and 2001 using a questionnaire based the first version of the assessment questionnaire produced by the Software Engineering Institute (SEI) in 1987. These assessments evaluated the quality of the software development process of organisations. There are more than 200 organisations assessed in our database from all over the world.

Software Process Assessments Results
ISO 9000 and CMM usage
CMM (1987 questionnaire) Maturity levels and key process area results
CMM (1987 questionnaire) Technology usage results
Articles
Does training influence the quality of the software development process?
Assessing Readiness for (Software) Process Improvement
Don't Write Another Process
Process Improvement – Is it a Lottery?
Software Development Articles - Software Process Improvement area
Resources
External links page

http://www.martinig.ch/ae/process.php

Journey from ISO 9001 to SW CMM Level 5

2007-05-31T00:05:00.000-07:00

[PDF]
Two stage journey from ISO 9001 to CMM Level 5, an Experience
File Format: PDF/Adobe Acrobat - View as HTMLSyntel (India) Ltd. Journey from ISO 9001 to SW CMM Level 5. Page 1 of. 8. Journey from ISO 9001 to SW CMM Level 5. (A Two Stage Journey Experience) ...www.softwaredioxide.com/channels/Content/Syntel_Journey_ISO_to_CMM.pdf - Similar pages
AmitySoft receives ISO 9001 millennium version
With the certification, AmitySoft has achieved the distinction of being one of the first set of software companies in India to be ISO 9001:2000 compliant. ...amitysoft.com/press9.aspx - 13k - Cached - Similar pages

FAQ;s

2007-05-20T03:20:00.000-07:00

Table of Contents Software QA and Testing Frequently-Asked-Questions Part 1, covers the following:
What is 'Software Quality Assurance'?
What is 'Software Testing'?
What are some recent major computer system failures caused by software bugs?
Does every software project need testers?
Why does software have bugs?
How can new Software QA processes be introduced in an existing organization?
What is verification? validation?
What is a 'walkthrough'?
What's an 'inspection'?
What kinds of testing should be considered?
What are 5 common problems in the software development process?
What are 5 common solutions to software development problems?
What is software 'quality'?
What is 'good code'?
What is 'good design'?
What is SEI? CMM? CMMI? ISO? Will it help?
What is the 'software life cycle'?
Software QA and Testing Frequently-Asked-Questions Part 2, covers the following:
What makes a good Software Test engineer?
What makes a good Software QA engineer?
What makes a good QA or Test manager?
What's the role of documentation in QA?
What's the big deal about 'requirements'?
What steps are needed to develop and run software tests?
What's a 'test plan'?
What's a 'test case'?
What should be done after a bug is found?
What is 'configuration management'?
What if the software is so buggy it can't really be tested at all?
How can it be known when to stop testing?
What if there isn't enough time for thorough testing?
What if the project isn't big enough to justify extensive testing?
How does a client/server environment affect testing?
How can World Wide Web sites be tested?
How is testing affected by object-oriented designs?
What is Extreme Programming and what's it got to do with testing? Software QA and Testing Less-Frequently-Asked-Questions, covers the following:
Why is it often hard for organizations to get serious about quality assurance?
Who is responsible for risk management?
Who should decide when software is ready to be released?
What can be done if requirements are changing continuously?
What if the application has functionality that wasn't in the requirements?
How can QA processes be implemented without reducing productivity?
What if an organization is growing so fast that fixed QA processes are impossible?
Will automated testing tools make testing easier?
What's the best way to choose a test automation tool?
How can it be determined if a test environment is appropriate?
What's the best approach to software test estimation?
Other Software QA and Testing Resources
Top 5 List
Software QA and Testing-related Organizations and Certifications
Links to QA and Testing-related Magazines/Publications
General Software QA and Testing Resources
Web QA and Testing Resources
Web Security Testing Resources
Web Usability Resources
Software QA and Test Tools
Test tools
CM tools and PM tools
Web site test and management tools
Web Site Test Tools and Site Management Tools
Load and performance test tools
Java test tools
HTML Validators
Link Checkers
Free On-the-Web HTML Validators and Link Checkers
PERL and C Programs for Validating and Checking
Web Functional/Regression Test Tools
Web Site Security Test Tools
External Site Monitoring Services
Web Site Management Tools
Log Analysis Tools
Other Web Test Tools
Jobs and News
Web Job Boards useful to QA and Test Engineers
Latest News Headlines -- Technology, Software Development, Computer Security, Tech Stocks, more...
Software QA and Testing Bookstore
Software Testing Books
Software Test Automation Books
Software Quality Assurance Books
Software Requirements Engineering Books
Software Metrics Books
Configuration Management Books
Software Risk Management Books
Software Engineering Books
Software Project Management Books
Technical Background Basics Books
Other Books

http://www.softwareqatest.com/

Vendor Selection

2007-05-20T02:46:00.000-07:00

for software outsourcing
http://72.14.235.104/search?q=cache:7o8W9ifNxbsJ:www.oobp.org/Vendor/Downloads_GetFile.aspx%3Fid%3D540+copc+or+cobit&hl=en&amp;amp;amp;ct=clnk&cd=5&gl=in

for esourcing

eSourcing Capability Models
Quality models and certification for IT and ITES organizations
With the continued growth of IT services and ITES (Information Technology Enabled Services), organizations are striving to reach higher levels of performance and capability. In these relationships, service providers use information technology as a key component of, or as an enabler for, delivering their services. Technology alone does not provide complete solutions, as the eSourcing relationships between clients and their service providers must overcome many challenges to be successful.
The eSourcing relationship challenges include:
Clients often have little experience in outsourcing and have no standard criteria for selecting a provider.
Success criteria for the relationship are not well understood or agreed upon from inception by both parties.
Clients’ expectations often change as the nature of the services change, due to rapid shifts in technology and tools, and providers are not always able to keep up with those changes
The necessary trade-offs between the service’s quality, speed, and cost are not always articulated and understood.
The transfer of personnel, equipment, and knowledge between the client and service provider is often problematic.
Service providers often have trouble analyzing and reporting their progress in terms that are meaningful for clients.
Types of sourcing services
The IT Services Qualification Center (ITSqc) at Carnegie Mellon University has created “best practices” capability models for both sides of the eSourcing relationship. The eSourcing Capability Model for Service Providers (eSCM-SP) v2 was released in April 2004. The eSourcing Capability Model for Client Organizations (eSCM-CL) is being released in 2006.
eSCM for Service Providers
The eSCM-SP v2 offers ITES providers a framework to improve their capability to deliver consistently high quality services. It also assists them in establishing, managing, and continually improving relationships with clients. The intent of the eSCM is to present service providers with a set of best practices that help them effectively manage sourcing relationships. Besides, it presents clients with a way to evaluate and compare service provider’s capabilities.
ITSqc developed the eSCM-SP for three purposes. First, it helps ITES providers appraise and improve their ability to provide high quality sourcing services. Second, it gives them a way to differentiate themselves from the competition. Third, prospective clients can evaluate service providers based on their eSCM-SP level of certification and Practice Satisfaction Profile.
Each of the Model’s 84 Practices is distributed along three dimensions: Sourcing Life-cycle, Capability Areas, and Capability Levels. While most quality models focus only on delivery capabilities, the eSCM-SP’s Sourcing Life-cycle includes delivery, as well as initiation and completion of contracts where many commonly encountered problems arise.
The eSCM-SP offers a five-level improvement path that service providers can travel to enhance value and sustain excellence over time. By grouping the practices into increasing levels of capability, the eSCM-SP describes an improvement path for a service provider. Providers may advance from a minimal level of delivering services, to the highest level, where they are proactively enhancing value for clients, regardless of the requirements or scope of sourcing efforts.
The eSCM-SP has been designed to complement existing quality models so that service providers can capitalize on their previous improvement efforts. The Model’s structure complements most existing quality models such as ISO 9001, ISO 20000-1, ISO 27001, the CMMs®, COBIT® and COPC-2000®. Therefore it can be implemented in parallel with these other frameworks. A series of documents comparing the eSCM-SP with other models and standards is in production and available from the ITSqc Web site.
eSCM for Client Organizations
In order to address both aspects of the eSourcing relationship, the ITSqc has developed the eSCM for Client Organizations (eSCM-CL), which addresses the challenges of sourcing relationships from client’s perspective. Existing frameworks do not comprehensively address the best practices needed by client organizations to successfully source and manage ITES. Actions of the client organization and of the service provider in these sourcing relationships are critical for the success.
Many other frameworks focus on delivery, although the roots of many sourcing difficulties often lie elsewhere. The 95 Practices of the eSCM-CL cover the full sourcing life cycle. This best practice model begins with the client’s strategy for eSourcing, moving through initiation into delivery and, eventually, into completion activities. It allows client organizations to continuously evolve, improve, and innovate their capabilities to develop stronger, longer term, and more trusting relationships with their service providers. It also ensures that their sourcing activities provide true business value to the organization. Key aspects of the eSCM-CL that are not covered by many other standards include organizational change management and value management practices to ensure that the organization successfully manages its sourcing transformation, and that its sourcing activities return appropriate value and align with the organization’s objectives.
In addition, eSCM-CL enables client organizations to appraise and improve their capability to foster the development of more effective relationships, better manage these relationships, and experience fewer failures in their client-service provider relationship.
The eSCM-SP v2
The 84 eSCM-SP v2 Practices are arranged within three dimensions: Sourcing Life-cycle, Capability Areas, and Capability Levels.
The eSCM-CL
The Sourcing Life-cycle addressed by the eSCM-CL extends earlier than the Phases of the Sourcing Life-cycle covered by the eSCM-SP. Its 95 Practices address the sourcing activities of the client organization dealing with its sourcing strategy and analysis of its operations and potential sourcing opportunities during the Analysis Phase.
ITSqc and UL
Carnegie Mellon University’s ITSqc is a multidisciplinary group of researchers, practitioners, and organizations that addresses the needs of ITES providers and their clients. To that end, the ITSqc develops quality models and qualification methods for organizations involved in eSourcing. eSCM, a set of complimentary best practices for the IT-Sourcing Market, is fast becoming the standard for sourcing relationships on both sides of the service relationship. For more information about the eSCM Models or eSCM-certified organizations, visit http://www.itsqc.cmu.edu/. These documents and all Model documents are available at itsqc.cmu.edu/downloads.
UL is an ITSqc-authorized provider of independent, third-party eSCM appraisals and evaluations, which can lead to certification by the ITSqc at Carnegie Mellon University.
For more information about eSourcing Capability Model, please contact Dr. Hefley at Hefley@cmu.edu or JC Sekar, General Manager, Management System Registration Services (Asia Pacific, Middle East and Africa) at Jc.sekar@sg.ul.com.

http://www.ul-asia.com/news_nl/2006-Issue20/page6.htm

SEI Authorized Lead Assessor

2007-02-20T12:56:00.000-08:00

How to become an SEI Partner
http://www.sei.cmu.edu/partners/lead-assessor.html

SEI Partner Network Directory: SEI Partner Directory Search
http://partner-directory.sei.cmu.edu/

Index of FAQs
Appraisal Program
CERT Coordination Center
CMMI Frequently Asked Questions
Education and Training
Intellectual Property
INTRo
IPRC
ISO/IEC 15504 [0.03MB PDF]
OCTAVE
Open Systems
People Capability Maturity Model
Risk Management
SEI Partner Network
SEIR
Software Product Line Acquisition
Sunset of the Software CMM
TSP and PSP
Publications

http://www.sei.cmu.edu/about/faq-list.html

People Capability Maturity Model (People CMM)
This topic contains questions and answers about the People CMM.
http://www.sei.cmu.edu/cmm-p/version2/faq.html#Q204

Contents: What is the People Capability Maturity Model (People CMM)?What are the plans for People CMM in the coming year?How do I become a People CMM Lead Appraiser?How do I get more information about the People CMM?My organization is planning an appraisal soon, and we have been guiding our improvement program with Version 1 of the People CMM; can we still conduct the appraisal with version 1?Why isn't there a continuous representation of People CMM version 2?Will People CMM version 2 be integrated into CMMI?How does People CMM version 2 support integrated product development teams?Where can I obtain training on the People CMM?When will you release People CMM version 3?How do I find an authorized People CMM Lead Appraiser?

What is the People Capability Maturity Model (People CMM)?
The People Capability Maturity Model (People CMM) is a maturity framework that focuses on continuously improving the management and development of the human assets of an organization. It describes an evolutionary improvement path from ad hoc, inconsistently performed practices, to a mature, disciplined, and continuously improving development of the knowledge, skills, and motivation of the workforce that enhances strategic business performance. The People CMM provides guidance to organizations in selecting immediate improvement actions that help organizations
characterize the maturity of their workforce practices
set priorities for immediate action
integrate workforce development with process improvement
become an employer of choice
With the help of the Capability Maturity Model Integration (CMMI) and Capability Maturity Model for Software (SW-CMM), many organizations have made valuable improvements in their software and systems processes and practices. These organizations have also discovered that their continued improvement requires significant changes in the way they manage and develop their people. The People CMM can be coupled with CMM-based software process improvement programs or used on its own to guide improvements in workforce practices or to address strategic human capital objectives.
return to top

What are the plans for People CMM in the coming year?
The People CMM team is migrating to SCAMPI for People CMM Appraisals. Six pilot SCAMPI A appraisals were completed from 2004 to 2006. An interpretive guidance document, Interpreting SCAMPI for a People CMM Appraisal at Tata Consultancy Services has been published and is available on the SEI's Web site at http://www.sei.cmu.edu/publications/documents/05.reports/05sr001.html.
An Intermediate Concepts of the People CMM Course is available to the public. Information about that course and the necessary prerequisites can be found at http://www.sei.cmu.edu/products/courses/a15.html.
A People CMM Instructor Training course is available for those who wish to become SEI-authorized Introduction to People CMM instructors. Information about the course and the prerequisites for taking it can be found at http://www.sei.cmu.edu/products/courses/a18.html.
A SCAMPI for People CMM course will be available in 2007.
return to top

How do I become a People CMM Lead Appraiser?
Organizations that become SEI Partners for SCAMPI (Standard CMMI Appraisal Method for Process Improvement) with People CMM appraisal services can sponsor candidates to become SEI-authorized SCAMPI Lead Appraisers. Candidates who successfully complete the process outlined below will be authorized to train appraisal teams and lead appraisals on behalf of SEI Partner organizations.
Individuals who wish to become Authorized SCAMPI with People CMM Lead Appraisers must meet the following requirements:
ensure that their organizations have applied to become transition partners for SCAMPI appraisal services, have been accepted, and have signed the applicable Carnegie Mellon University/SEI agreement
have a signed Code of Professional Conduct for SEI Services in place
have successfully completed the application process to become an Authorized People CMM SCAMPI Lead Appraiser that consists of
participation as an appraisal team member on at least one SCAMPI A appraisal with People CMM within the prior 24 months
at least ten years of management, human resources, or organizational development experience
a minimum of two years of experience managing technical personnel
an advanced degree in a related management area or equivalent experience
have successfully completed the Introduction to People CMM course
have successfully completed the Intermediate Concepts of People CMM course
have successfully completed the SCAMPI Lead Appraiser Training for People CMM
have successfully been observed leading a SCAMPI Appraisal with People CMM
return to top

How do I get more information about the People CMM?
Direct links to all People CMM products and services can be found at http://www.sei.cmu.edu/cmm-p/version2/. Questions about the Introduction to the People CMM course can be directed to Course Information e-mail: course-info@sei.cmu.edu. Questions about interpreting the People CMM should be directed to Sally Miller, e-mail to sal@sei.cmu.edu. Additionally, the Software Engineering Information Repository (SEIR) contains a People CMM section where users of the model have contributed implementation guidance. You can access the SEIR at https://seir.sei.cmu.edu/seir/.
return to top

My organization is planning an appraisal soon, and we have been guiding our improvement program with Version 1 of the People CMM; can we still conduct the appraisal with version 1?
Appraisals against People CMM version 1 are no longer accepted. All organizations should use version 2 of the model for guiding improvement programs and appraisal because of its improvements and greater consistency with CMMI.
return to top

Why isn't there a continuous representation of People CMM version 2?
People CMM version 2 is only produced in a staged representation. After lengthy review of the literature and experience gathered from implementers on programs to improve workforce practices, the authors determined that these programs often fail when workforce practices are not introduced as a system, but rather are deployed in isolation. For instance, efforts to install empowered teams are likely to fail if compensation practices continue to reward individual performance without recognizing contribution to team performance and team success.
return to top

Will People CMM version 2 be integrated into CMMI?
There are no existing plans to integrate the People CMM into CMMI, either directly or by extensions. Currently, the CMMs that have been integrated in CMMI all concern behavior performed in or on behalf of projects, whereas the People CMM concerns behavior performed regularly throughout the organization. Nevertheless, People CMM Version 2 has adopted some of the advances made in the CMMI Framework and has tried to ensure that People CMM improvement programs would integrate with improvement programs guided by CMMI. Enhancing the focus on process abilities in workforce competencies at maturity level 3 and quantitative performance management practices at maturity level 4 will make integrating these various models much easier.
return to top

How does People CMM version 2 support integrated product development teams?
Because of its inherent subject matter, the People CMM presents a more detailed model for the evolutionary development of workgroups or teams. Nevertheless, the CMMI-DEV+IPPD model and People CMM both focus on process-based workgroup development at maturity level 3, and this was one motivation for creating People CMM version 2. The IPPD materials in CMMI-DEV+IPPD are supported by several process areas in People CMM Version 2 as follows:
Integrated Project Management (IPPD)Specific Goal 3 - Apply IPPD Principles
Competency Analysis (level 3)Communication and Coordination (level 2)Workgroup Development (level 3)
Organization Process Definition (OPD) Specific Goal 2 - Enable IPPD Management
Work Environment (level 2)Communication and Coordination (level 2)Compensation (level 2)Workgroup Development (level 3)Participatory Culture (level 3)Workforce Planning (level 3)Competency Development (level 3)Competency-Based Practices (level 3)
Additional People CMM guidance for integrated product development teams can be found in Competency Integration (level 4), Empowered Workgroups (level 4), and Continuous Capability Improvement (level 5). These are high maturity process areas within a staged model, so care should be taken to ensure that an organization has the proper foundation (maturity level 2 and 3) in place to manage successful implementation.
return to top

Where can I obtain training on the People CMM?
The SEI-authorized Introduction to the People CMM , Intermediate Concepts of the People CMM, People CMM Instructor Training and SCAMPI for People CMM courses are offered by the SEI. For more information on these courses and for a list of scheduled dates, see the SEI Web site at http://www.sei.cmu.edu/products/courses/courses.html#CMM.
The SEI-authorized Introduction to the People CMM course is also available from SEI Partner organizations.
return to top

When will you release People CMM version 3?
Currently there are no plans for a version 3. Version 2 was not released for review until six years after the release of version 1 in 1995. We do not anticipate accelerating the revision cycle unless there is evidence from People CMM improvement programs that significant additions or changes need to be made to the model.
return to top

How do I find an authorized People CMM Lead Appraiser?
The list of SEI-authorized SCAMPI for People CMM Lead Appraisers will appear in the online Partner Directory in November 2006.
The listing of authorized People CMM Lead Assessors who are still using the soon to be sunsetted People CMM Appraisal Method can be found at http://partner-directory.sei.cmu.edu/.
return to top
top

ISO/IEC 15504 FAQ's
http://www.sei.cmu.edu/iso-15504/resources/FAQ.PDF