16.1 Introduction
The Software Engineering
Institute1 developed
the Capability Maturity Model (CMM) in the early 1990s as a
framework to help software organizations improve their software
process maturity. The CMMI is the successor to the older CMM, and
its implementation brings best practice in software and systems
engineering into the organization. The SEI and many other quality
experts believe that there is a close relationship between the
maturity of software processes and the quality of the delivered
software product.
The CMM built upon the work of quality
gurus such as Deming [1], Juran
[2] and Crosby [3]. These quality gurus were effective in
transforming struggling manufacturing companies with quality
problem to companies that could consistently produce high-quality
products. Their success was due to the focus on improving the
manufacturing process and in reducing variability in the process.
The work of these quality experts is discussed in [4].
Similarly, software companies need to
have quality software processes to deliver high-quality software to
their customers. The SEI has collected empirical data to suggest
that there is a close relationship between software process
maturity and the quality of the delivered software. Therefore,
there is a need to focus on the software process as well as on the
product.
The CMM was released in 1991 and its
successor, the CMMI® model, was released in 2002
[5]. The CMMI is a framework to
assist an organization in the implementation of best practice in
software and systems engineering. It is an internationally
recognized model for process improvement and is used worldwide by
thousands of organizations.
The focus of the
CMMI is on improvements to the software process to ensure that they
meet business needs more effectively. A process is a set of practices or tasks
performed to achieve a given purpose. It may include tools,
methods, materials and people. An organization will typically have
many processes in place for doing its work, and the object of
process improvement is to improve these to meet business goals more
effectively.
The process is an abstraction of the
way in which work is done in the organization, and is seen as the
glue (Fig. 16.1) that ties people, procedures and tools
together.
Fig. 16.1
Process as glue for people, procedures and
tools
It may be described by a process map
which details the flow of activities and tasks. The process map
will include the input to each activity and the output from each
activity. Often, the output from one activity will become the input
to the next activity. A simple example of a process map for
creating the system requirements specification was described in
Chap. 15 (Fig. 15.2).
The ISO/IEC 12207 standard for
software processes distinguishes between several categories of
software processes, including the primary lifecycle processes for
developing and maintaining software; supporting processes to
support the software development lifecycle, and organization
lifecycle processes. These are summarized in Fig. 16.2.
Fig. 16.2
ISO/IEC 12207 standard for software
engineering processes
Watts
Humphrey began applying the ideas of Deming, Juran and
Crosby to software development, and he published the book
“Managing the Software
Process” [6]. He moved to
the SEI to work on software process maturity models with the other
SEI experts, and the SEI released the Capability Maturity Model in
the early 1990s. This process model has proved to be effective in
assisting companies in improving their software engineering
practices and in achieving consistent results and high-quality
software.
The CMM is a process model and it
defines the characteristics or best practices of good processes. It
does not prescribe how the processes should be defined, and it
allows the organization the freedom to interpret the model to suit
its particular context and business needs. It also provides a
roadmap for an organization to get from where it is today to a
higher level of maturity. The advantage of model-based improvement
is that it provides a place to start process improvement, as well
as a common language and a shared vision.
The CMM consists of five maturity
levels with the higher maturity levels representing advanced
software engineering capability. The lowest maturity level is level
one and the highest is level five. The SEI developed an assessment
methodology (CBA IPI) to determine the maturity of software
organizations, and initially most organizations were assessed at
level one maturity. However, over time companies embarked on
improvement initiatives and matured their software processes, and
today, many companies are performing at the higher maturity
levels.
The first company to be assessed at
CMM level 52 was the
Motorola plant in Bangalore in India. The success of the software
CMM led to the development of other process maturity models such as
the systems engineering capability maturity model (CMM/SE) which is
concerned with maturing systems engineering practices, and the
people Capability Maturity Model (P-CMM) which is concerned with
improving the ability of the software organizations to attract,
develop and retain talented software engineering
professionals.
16.2 The CMMI
The CMMI consists of five maturity
levels (Fig. 16.4) with each maturity level (except level
one) consisting of a number of process areas. Each process area
consists of a set of goals, and these must be implemented by a set
of related practices in order for the process area to be satisfied.
The practices specify what is to be done rather than how it should
be done. Processes are activities associated with carrying out
certain tasks, and they need to be defined and documented. The
users of the process need to receive appropriate training to enable
them to carry out the process, and process discipline need to be
enforced by independent audits. Process performance needs to be
monitored and improvements made to ineffective processes.
The emphasis on level two of the CMMI
is on maturing management practices such as project management,
requirements management and configuration management. The emphasis
on level three of the CMMI is on maturing engineering and
organization practices. Maturity level three is concerned with
defining standard organization processes, and it also includes
process areas for the various engineering activities needed to
design and develop the software. Level four is concerned with
ensuring that key processes are performing within strict
quantitative limits, and adjusting processes, where necessary, to
perform within these limits. Level five is concerned with
continuous process improvement. Maturity levels may not be skipped
in the staged implementation of the CMMI, as each maturity level is
the foundation for work on the next level.
There is also a continuous
representation4 of
the CMMI (similar to ISO 15504) that allows the organization to
focus its improvements on the key processes that are closely
related to its business goals. This allows it the freedom to choose
an approach that should result in the greatest business benefit
rather than proceeding with the standard improvement roadmap of the
staged approach. However, in practice, it is often necessary to
implement several of the level two process areas before serious
work can be done on maturing a process to a higher capability
level. Table 16.1 presents motivations for the implementation
of the CMMI.
Table 16.1
Motivation for CMMI implementation
|
Motivation for CMMI implementation
|
|---|
|
Enhances the credibility of the
company
|
|
Marketing benefit of CMMI maturity
level
|
|
Implementation of best practice in software
and systems engineering
|
|
Clearly defined roadmap for
improvement
|
|
It increases the capability and maturity of
an organization
|
|
It improves the management of
subcontractors
|
|
It provides improved technical and
management practices
|
|
It leads to higher quality of
software
|
|
It leads to increased timeliness of
projects
|
|
It reduces the cost of maintenance and
incidence of defects
|
|
It allows the measurement of processes and
products
|
|
It allows projects/products to be
quantitatively managed
|
|
It allows innovative technologies to be
rigorously evaluated to enhance process performance
|
|
It improves customer satisfaction
|
|
It changes the culture from firefighting to
fire prevention
|
|
It leads to a culture of improvement
|
|
It leads to higher morale in company
|
The CMMI model covers both the
software engineering and systems engineering disciplines. Systems
engineering is concerned with the development of systems that may
or may not include software, whereas software engineering is
concerned with the development of software systems. The model
contains extra information relevant to a particular discipline, and
this is done by discipline amplification.5 The CMMI has been updated in recent
years to provide support for the Agile methodology.
The CMMI allows organizations to
benchmark themselves against similar organizations
(Fig. 16.3). This is generally done by a formal SEI
SCAMPI Class A appraisal6 conducted by an authorized SCAMPI
lead appraiser. The results will generally be reported back to the
SEI, and there is a strict qualification process to become an
authorized lead appraiser. The qualification process helps to
ensure that the appraisals are conducted fairly and objectively and
that the results are consistent. An appraisal verifies that an
organization has improved, and it enables the organization to
prioritize improvements for the next improvement cycle. Small
organizations will often prefer a SCAMPI Class B or C appraisal, as
these are less expensive and time consuming.7
Fig. 16.3
CMMI worldwide maturity 2013
The time required to implement the
CMMI in an organization depends on its size and current maturity.
It generally takes one to two years to implement maturity level
two, and a further one to two years to implement level 3. The
implementation of the CMMI needs to be balanced against the
day-to-day needs of the organization in delivering products and
services to its customers.
The SEI has gathered empirical data
(Table 16.2) on the benefits gained from the
implementation of the CMMI [7]. The
table shows the median results reported to the SEI.
Table 16.2
Benefits of CMMI implementation
|
Benefit
|
Actual saving
|
|---|---|
|
Cost
|
34%
|
|
Schedule
|
50%
|
|
Productivity
|
61%
|
|
Quality
|
48%
|
|
Customer satisfaction
|
14%
|
|
Return on investment
|
4:1
|
The processes implemented during a
CMMI initiative will generally include:
-
Developing and Managing Requirements
-
Design and Development
-
Project Management
-
Selecting and managing Subcontractors
-
Managing change and Configurations
-
Peer reviews
-
Risk Management and Decision Analysis
-
Testing
-
Audits
16.3 CMMI Maturity Levels
The CMMI is divided into five maturity
levels (Table 16.3) with each maturity level (except level
one) consisting of several process areas. The maturity level is a
predictor of the results that will be obtained from following the
software process, and the higher the maturity level of the
organization, the more capable it is and the more predictable its
results. The current maturity level acts as the foundation for the
improvements to be made in the move to the next maturity level.
Table 16.3
CMMI maturity levels
|
Maturity level
|
Description
|
|---|---|
|
Initial
|
Processes are often ad hoc or chaotic with
performance often unpredictable. Success is often due to the
heroics of people rather than having high-quality processes in
place. The defined process is often abandoned in times of crisis,
and there are no audits to enforce the process
It is difficult to repeat previous success
since success is due to heroic efforts of its people rather than
processes. These organizations often over-commit, as they often
lack an appropriate estimation process on which to base project
commitments
Firefighting is a way of life in these
organizations. High-quality software might be produced, but at a
cost including long hours, high level of rework, over budget and
schedule and unhappy staff and customers. Projects do not perform
consistently as their success is dependent on the people
involved
They may have few processes defined and
poor change control, poor estimation and project planning and weak
enforcement of standards
|
|
Managed
|
A level two organization has good project
management practices in place, and planning and managing new
projects is based on experience with similar previous
projects
The process is planned, performed and
controlled. A level two organization is disciplined in following
processes, and the process is enforced with independent
audits
The status of the work products produced by
the process is visible to management at major milestones, and
changes to work products are controlled. The work products are
placed under appropriate configuration management control
The requirements for a project are managed
and changes to the requirements are controlled. Project management
practices are in place to manage the project, and a set of measures
are defined for the budget, schedule and effort variance.
Subcontractors are managed
Independent audits are conducted to enforce
the process. The processes in a level two organization are defined
at the project level
|
|
Defined
|
A maturity level three organization has
standard processes defined that support the whole
organization
These standard processes ensure consistency
in the way that projects are conducted across the organization.
There are guidelines defined that allow the organization process to
be tailored and applied to each project
There are standards in place for design and
development and procedures defined for effective risk management
and decision analysis
Level 3 processes are generally defined
more rigorously than level 2 processes, and the definition includes
the purpose of the process, inputs, entry criteria, activities,
roles, measures, verification steps, exit criteria and output.
There is also an organization-wide training program and improvement
data is collected
|
|
Quantitatively managed
|
A level 4 organization sets quantitative
goals for the performance of key processes, and these processes are
controlled using statistical techniques
Processes are stable and perform within
narrowly defined limits. Software process and product quality goals
are set and managed
A level 4 organization has predictable
process performance, with variation in process performance
identified and the causes of variation corrected
|
|
Optimizing
|
A level 5 organization has a continuous
process improvement culture in place, and processes are improved
based on a quantitative understanding of variation
Defect prevention activities are an
integral part of the development lifecycle. New technologies are
evaluated and introduced (where appropriate) into the organization.
Processes may be improved incrementally or through innovative
process and technology improvements
|
The maturity levels provide a roadmap
for improvements in the organization, and maturity levels are not
skipped in the staged implementation. A particular maturity level
is achieved only when all process areas belonging to that maturity
level (and all process areas belonging to lower maturity levels)
have been successfully implemented and institutionalized8 in the organization.
The implementation of the CMMI
generally starts with improvements to processes at the project
level. The focus at level two is on improvements to managing
projects and suppliers and improving project management, supplier
selection, management practices and so on.
The improvements at level 3 involve a
shift from the focus on projects to the organization. It involves
defining standard processes for the organization, and projects may
then tailor the standard process (using tailoring guidelines) to
produce the project’s software process. Projects are not required
to do everything in the same way as the tailoring of the process
allows the project’s defined software process to reflect the unique
characteristics of the project: i.e., a degree of variation is
allowed as per the tailoring guidelines to reflect the unique
characteristics of the project.
The implementation of level three
involves defining procedures and standards for engineering
activities such as design, coding and testing. Procedures are
defined for peer reviews, testing, risk management and decision
analysis.
The implementation of level four
involves achieving process performance within defined quantitative
limits. This involves the use of metrics and setting quantitative
goals for project and process performance and managing process
performance. The implementation of level 5 is concerned with
achieving a culture of continuous improvement in the company. The
causes of defects are identified and resolution actions implemented
to prevent a reoccurrence.
16.3.1 CMMI Representations
The CMMI is available in the staged
and continuous representations. Both representations use the same
process areas as well as the same specific and generic goals and
practices.
The staged representation was
described in Fig. 16.4, and it follows the well-known improvement
roadmap from maturity level one through improvement cycles until
the organization has achieved its desired level of maturity. The
staged approach is concerned with organization maturity, and it
allows statements of organization maturity to be made, whereas the
continuous representation is concerned with individual process
capability.
Fig. 16.4
CMMI maturity levels
The continuous
representation is illustrated in Fig. 16.5, and it has been
influenced by ISO 15504 (the standard for software process
assessment). It is concerned with improving the capability of those
selected processes, and it gives the organization the freedom to
choose the order of improvements that best meet its business needs
(Fig. 16.6). The continuous representation allows
statements of individual process capability to be made. It employs
six capability levels and a process is rated at a particular
capability level.
Fig. 16.5
CMMI capability levels
Fig. 16.6
CMMI—continuous representation
Each capability level consists of a
set of specific and generic goals and practices, and the capability
levels provide a path for process improvement within the process
area. Process improvement is achieved by the evolution of a process
from its current capability level to a higher capability level. For
example, a company may wish to mature its project planning process
from its current process rating of capability level 2 to a rating
of capability level 3. This requires the implementation of
practices to define a standard project planning process as well as
collecting improvement data. The capability levels are shown in
Table 16.4.
Table 16.4
CMMI capability levels for continuous
representation
|
Capability level
|
Description
|
|---|---|
|
Incomplete (0)
|
The process does not implement all of the
capability level one generic and specific practices. The process is
either not performed or partially performed
|
|
Performed (1)
|
A process that performs all of the specific
practices and satisfies its specific goals. Performance may not be
stable
|
|
Managed (2)
|
A process at this level has the
infrastructure to support the process. It is managed: i.e., planned
and executed in accordance with policy, its users are trained; it
is monitored and controlled and audited for adherence to its
process description
|
|
Defined (3)
|
A process at this level has a defined
process: i.e., a managed process that is tailored from the
organization’s set of standard processes. It contributes work
products, measures and other process improvement information to the
organization’s process assets
|
|
Quantitatively managed (4)
|
A process at this level is a quantitatively
managed process: i.e., a defined process that is controlled by
statistical techniques. Quantitative objectives for quality and
process performance are established and used to control the
process
|
|
Optimizing (5)
|
A process at this level is an optimizing
process: i.e., a quantitatively managed process that is continually
improved through incremental and innovative improvements
|
An incomplete process is a process
that is either partially performed or not performed at all. A
performed process carries out the expected practices and work
products. However, such a process may not be adequately planned or
enforced. A managed process is planned and executed with
appropriately skilled and trained personnel. The process is
monitored and controlled and periodically enforced via
audits.
A defined process is a managed process
that is tailored from the standard process in the organization
using tailoring guidelines. A quantitatively managed process is a
defined process that is controlled using quantitative techniques.
An optimizing process is a quantitatively managed process that is
continuously improved through incremental and innovative
improvements.
The process is rated at a particular
capability level provided it satisfies all of the specific and
generic goals of that capability level, and it also satisfies the
specific and generic goals of all lower capability levels.
We shall be concerned with the
implementation of the staged representation of the CMMI rather than
the continuous representation. The reader is referred to
[5] for more information on both
representations.
16.4 Categories of CMMI Processes
The process areas on the CMMI can be
divided into four categories. These are shown in
Table 16.5.
Table 16.5
CMMI process categories
|
Maturity level
|
Description
|
|---|---|
|
Process management
|
The process areas in this category are
concerned with activities to define, plan, implement, deploy,
monitor, control, appraise, measure and improve the processes in
the organization: They include:
• Organization process
focus
• Organization process
definition
• Organization
training
• Organization process
performance
• Organization innovation
and deployment
|
|
Project management
|
These process areas are concerned with
activities to create and maintain a project plan, tailoring the
standard process to produce the project’s defined process,
monitoring progress with respect to the plan, taking corrective
action, the selection and management of suppliers, and the
management of risk. They include:
• Project planning
• Project monitoring and
control
• Risk management
• Integrated project
management
• Supplier agreement
management
• Quantitative project
management
|
|
Engineering
|
These process areas are concerned with
engineering activities such as determining and managing
requirements, design and development, testing and maintenance of
the product. They include:
• Requirements
development
• Requirements
management
• Technical
solution
• Product
integration
• Verification
• Validation
|
|
Support
|
This includes activities that support
product development and maintenance
• Configuration
management
• Process and product
quality assurance
• Measurement and
analysis
• Decision analysis and
resolution
|
16.5 CMMI Process Areas
This section provides a brief overview
of the process areas of the CMMI model. All maturity levels (with
the exception of level one) contain several process areas. The
process areas are described in more detail in [5] (Table 16.6).
Table 16.6
CMMI Process Areas
|
Maturity level
|
Process area
|
Description of process area
|
|---|---|---|
|
Level 2
|
REQM
|
Requirements
management
This process area is concerned with
managing the requirements for the project and ensuring that the
work products are kept consistent with the requirements
|
|
PP
|
Project
planning
This process area is concerned with
estimation for the project, developing and obtaining commitment to
the project plan and maintaining the plan
|
|
|
PMC
|
Project
monitoring and control
This process area is concerned with
monitoring progress against the plan and taking corrective action
when project performance deviates from the plan
|
|
|
SAM
|
Supplier
agreement management
This process area is concerned with the
selection of suppliers, documenting the (legal) agreement/statement
of work with the supplier and managing the supplier during the
execution of the agreement
|
|
|
MA
|
Measurement
and analysis
This process area is concerned with
determining management information needs and measurement
objectives. Measures are then specified to meet these objectives,
and data collection and analysis procedures defined
|
|
|
PPQA
|
Process and
product quality assurance
This process area is concerned with
providing visibility to management on process compliance.
Non-compliance issues are documented and resolved by the project
team
|
|
|
CM
|
Configuration management
This process area is concerned with setting
up a configuration management system; identifying the items that
will be subject to change control, and controlling changes to
them
|
|
|
Level 3
|
RD
|
Requirements
development
This process area is concerned with
specifying the user and system requirements, and analyzing and
validating them
|
|
TS
|
Technical
solution
This process area is concerned with the
design, development and implementation of an appropriate solution
to the customer requirements
|
|
|
PI
|
Product
integration
This process area is concerned with the
assembly of the product components to deliver the product and
verifying that the assembled components function correctly
together
|
|
|
VER
|
Verification
This process area is concerned with
ensuring that selected work products satisfy their specified
requirements. This is achieved by peer reviews and testing
|
|
|
VAL
|
Validation
This process area is concerned with
demonstrating that the product or product component is fit for
purpose and satisfies its intended use
|
|
|
OPF
|
Organization
process focus
This process area is concerned with
planning and implementing process improvements based on a clear
understanding of the current strengths and weakness of the
organization’s processes
|
|
|
OPD
|
Organization
process definition
This process area is concerned with
creating and maintaining a usable set of organization processes.
This allows consistent process performance across the
organization
|
|
|
OT
|
Organization
training
This process area is concerned with
developing the skills and knowledge of people to enable them to
perform their roles effectively
|
|
|
IPM
|
Integrated
project management
This process area is concerned with
tailoring the organization set of standard processes to define the
project’s defined process. The project is managed according to the
project’s defined process
|
|
|
RSKM
|
Risk
management
This process area is concerned with
identifying risks and determining their probability of occurrence
and impact should they occur. Risks are identified and managed
throughout the project
|
|
|
DAR
|
Decision
analysis and resolution
This process area is concerned with formal
decision making. It involves identifying options, specifying
evaluation criteria and method, performing the evaluation, and
recommending a solution
|
|
|
Level 4
|
OPP
|
Organization
process performance
This process area is concerned with
obtaining a quantitative understanding of the performance of
selected organization processes in order to quantitatively manage
projects in the organization
|
|
QPM
|
Quantitative
project management
This process area is concerned with
quantitatively managing the project’s defined process to achieve
the project’s quality and performance objectives
|
|
|
Level 5
|
OID
|
Organization
innovation and deployment
This process area is concerned with
incremental and innovative process improvements
|
|
CAR
|
Causal
analysis and resolution
This process area is concerned with
identifying causes of defects and taking corrective action to
prevent a reoccurrence in the future
|
16.6 Components of CMMI Process Areas
The maturity level of an organization
indicates the expected results that its projects will achieve and
is a predictor of future project performance. Each maturity level
consists of a number of process areas, and each process area
consists of specific and generic goals, and specific and generic
practices. Each maturity level is the foundation for improvements
for the next level (Fig. 16.7).
Fig. 16.7
CMMI-staged model
The specific
goals and practices are listed first and then followed by
the generic goals and practices. The specific goals and practices
are unique to the process area being implemented and are concerned
with what needs to be done to perform the process. The specific practices are linked to a particular
specific goal, and they describe activities that when performed
achieve the associated specific goal for the process area.
The generic
goals and practices are common to all process areas for that
maturity level and are concerned with process institutionalization
at that level. The generic practices are organized by four common
features:
-
Commitment to perform
-
Ability to perform
-
Directing implementation
-
Verifying implementation
They describe activities that when
implemented achieve the associated generic goal(s) for the process
area. The commitment to perform practices relate to the creation of
policies and sponsorship of process improvement; the ability to
perform practices are related to the provision of appropriate
resources and training to perform the process; the directing
implementation practices relate to activities to control and manage
the process; and verifying practices relate to activities to verify
adherence to the process.
The implementation of the generic practices institutionalizes the process
and makes it ingrained in the way that work is done.
Institutionalization means that the process is defined, documented
and understood. Process users are appropriately trained and the
process is enforced by independent audits. Institutionalization
helps to ensure that the process is performed consistently and is
more likely to be retained during times of stress. The degree of
institutionalization is reflected in the extent to which the
generic goals and practices are satisfied. The generic practices
ensure the sustainability of the specific practices over
time.
There is one specific goal associated
with the Requirements Management process area
(Fig. 16.8), and it has five associated specific
practices:
Fig. 16.8
Specific practices for SG1—manage
requirements
SG 1—Manage Requirements
Requirements are managed and
inconsistencies with project plans and work products are
identified.
The components of the CMMI model are
grouped into three categories, namely required, expected and
informative components. The required category is essential to
achieving goals in a particular area and includes the specific and generic goals that must be implemented
and institutionalized for the process area to be satisfied. The
expected category includes
the specific and generic
practices that an organization will typically implement to
perform the process effectively. These are intended to guide
individuals or groups who are implementing improvements, or who are
performing appraisals to determine the current maturity of the
organization. They state what needs to be done rather than how it
should be done, thereby giving the organization freedom on the most
appropriate implementation.
The informative category includes
information to guide the implementer on how best to approach the
implementation of the specific and generic goals and practices.
These include subpractices,
typical work products and
discipline amplifications.
This information assists with the implementation of the process
area.
The implementation and
institutionalization of a process area involves the implementation
of the specific and generic practices. The specific practices are
concerned with process implementation and are described in detail
in [8]. The generic practices are
concerned with process institutionalization and are summarized in
Table 16.7.
Table 16.7
CMMI generic practices
|
Generic goal
|
Generic practice
|
Description of generic practice
|
|---|---|---|
|
GG 1 Performed process
|
GP 1.1
|
Perform base
practices
The purpose of this generic practice is to
produce the work products and services associated with the process
(i.e., as detailed in the specific practices). These practices may
be done informally without following a documented process
description and success may be dependent on the individuals
performing the work. That is, the basic process is performed but it
may be immature
|
|
GG 2 Managed process
|
GP 2.1
|
Organization
policy
The organization policy is established by
senior management and defines the management expectations of the
organization
|
|
GP 2.2
|
Plan the
process
A plan is prepared to perform the process
and it will assign responsibilities and document the resources
needed to perform the process as well as any training requirements.
The plan is revised as appropriate
|
|
|
GP 2.3
|
Provide
resources
This is concerned with ensuring that the
resources required to perform the process (as specified in the
plan) are available when required
|
|
|
GP 2.4
|
Assign
responsibility
The purpose of this generic practice is to
assign responsibility for performing the process
|
|
|
GP 2.5
|
Train
people
This generic practice is concerned with
ensuring that people receive the appropriate training to enable
them to perform and support the process
|
|
|
GP 2.6
|
Manage
configurations
This generic practice is concerned with
identifying the work products created by the process that will be
subject to configuration management control
|
|
|
GP 2.7
|
Identify and
involve relevant stakeholders
This is concerned with ensuring that the
stakeholders are identified (as described in the plan), and
involved appropriately during the execution of the process
|
|
|
GP 2.8
|
Monitor and
control the process
This generic practice is concerned with
monitoring process performance and taking corrective action
|
|
|
GP 2.9
|
Objectively
evaluate adherence
This is concerned with conducting audits to
verify that process execution adheres to the process
description
|
|
|
GP 2.10
|
Review
status with higher level management
This is concerned with providing higher
level management with appropriate visibility into the process
|
|
|
GG 3 Defined process
|
GP 3.1
|
Establish a
defined process
This is concerned with tailoring the
organization set of standard processes to produce the project’s
defined process
|
|
GP 3.2
|
Collect
improvement information
This generic practice is concerned with
collecting improvement information and work products to support
future improvement of the processes
|
|
|
GG 4 Quantitatively managed process
|
GP 4.1
|
Establish
quantitative objectives
This is concerned with agreeing on
quantitative objectives (e.g., quality/performance) for the process
with the stakeholders
|
|
GP 4.2
|
Stabilize
subprocess performance
This generic practice is concerned with
stabilizing the performance of one or more key subprocesses of the
process using statistical techniques. This enables the process to
achieve its objectives
|
|
|
GG 5 Optimizing process
|
GP 5.1
|
Ensure
continuous process improvement
This generic practice is concerned with
systematically improving selected processes to meet quality and
process performance targets
|
|
GP 5.2
|
Correct root
cause of problems
This generic practice is concerned with
analyzing defects encountered to correct the root cause of these
problems and to prevent reoccurrence
|
The generic goals support an evolution
of process maturity, and the implementation of each generic goal
provides a foundation for further process improvements. That is, a
process rated at a particular maturity level has all of the
maturity of a process at the lower levels and the additional
maturity of its rated level. In other words, a defined process is a
managed process; a quantitatively managed process is a defined
process, and so on.
Several of the CMMI process areas
support the implementation of the generic goals and practices.
These process areas contain one or more specific practices that
when implemented may either fully implement a generic practice or
generate a work product that is used in the implementation of the
generic practice. The implementation of the generic practices is
supported by the following process areas (Table 16.8).
Table 16.8
Implementation of generic practices
|
Generic goal
|
Generic practice
|
Process area supporting implementation of
generic practice
|
|---|---|---|
|
GG 2 Managed process
|
GP 2.2
Plan the process
|
Project planning
|
|
GP 2.5
Train the people
|
Organization training
Project planning
|
|
|
GP 2.6
Manage configurations
|
Configuration management
|
|
|
GP 2.7
Identify/involve relevant
stakeholders
|
Project planning
|
|
|
GP 2.8
Monitor and control the process
|
Project monitoring and control
|
|
|
GP 2.9
Objectively evaluate adherence
|
Process and product quality assurance
|
|
|
GG 3 Defined process
|
GP 3.1
Establish defined process
|
Integrated project management
Organization process definition
|
|
GP 3.2
Improvement information
|
Integrated project management
Organization process focus
Organization process definition
|
|
|
GG 4 Quantitatively managed process
|
GP4.1
Establish quantitative objectives for
process
|
Quantitative project management
Organization process performance
|
|
GP 4.2
Stabilize subprocess performance
|
Quantitative project management
Organization process performance
|
|
|
GG 5
Optimizing process
|
GP5.1
Ensure continuous process improvement
|
Organization innovation and
deployment
|
|
GP 5.2
Correct root cause of problems
|
Causal analysis and resolution
|
16.7 SCAMPI Appraisals
SCAMPI appraisals are conducted to
enable an organization to understand its current software process
maturity, and to prioritize future improvements [9]. The appraisal is an independent examination
of the processes used in the organization against the CMMI model,
and its objective is to identify strengths and weaknesses in the
processes, which are then used to prioritize improvements in the
next improvement cycle.
The SCAMPI methodology is the
appraisal methodology used with the CMMI, and there are three
distinct classes of appraisal (SCAMPI Class A, B and C)
[10]. These classes vary in
formality, the cost, effort and timescales involved, the rating of
the processes and the reporting of results.
The scope of the appraisal includes
the process areas to be examined, and the projects and organization
unit to be examined. It may be limited to the level 2 process
areas, or the level 2 and level 3 process areas, and so on. The
scope depends on how active the organization has been in process
improvement.
The appraisal will identify any gaps
that exist with respect to the implementation of the CMMI practices
for each process area within the scope of the appraisal. The
appraisal team will conduct interviews and review project
documentation, and they will examine the extent to which the
practices are implemented.
The appraisal findings are presented
and are used to plan and prioritize the next improvement cycle.
SCAMPI appraisals are discussed in more detail in [4].
16.8 Review Questions
- 1.
Describe the CMMI Model.
- 2.
Describe the staged and continuous representations of the CMMI.
- 3.
What are the advantages and disadvantages of each CMMI representation?
- 4.
Describe the CMMI maturity levels and the process areas in each level.
- 5.
What is the purpose of the CMMI specific and generic practices?
- 6.
Describe how the generic practices are implemented?
- 7.
What is the difference between implementation and institutionalization?
- 8.
What is the purpose of SCAMPI appraisals?
- 9.
How do appraisals fit into the software process improvement cycle?
16.9 Summary
The Capability
Maturity Model Integration is a framework to assist an
organization in the implementation of best practice in software and
systems engineering. It was developed at the Software Engineering
Institute and is used by many organizations around the world.
The SEI and other quality experts
believe that there is a close relationship between the quality of
the delivered software and the maturity of the processes used to
create the software. Therefore, there needs to be a focus on the
process as well as on the product, and the CMMI contains best
practice in software and systems engineering to assist in the
creation of high-quality processes.
The process is seen as the glue that
ties people, technology and procedures coherently together.
Processes are activities associated with carrying out certain
tasks, and they need to be defined and documented. The users of the
process need to receive appropriate training on their use, and
process discipline needs to be enforced with independent audits.
Process performance needs to be monitored and improvements made to
ineffective processes.
The CMMI consists of five maturity
levels with each maturity level (except level one) consisting of
several process areas. Each maturity level acts as a foundation for
improvement for the next improvement level, and each increase in
maturity level represents more advanced software engineering
capability. The higher the maturity level of the organization, the
more capable it is, and the more predictable its results. The
lowest level of maturity is maturity level 1 and the highest level
is maturity level 5.
Each process area consists of a set of
specific and generic goals, and these must be implemented by an
associated set of specific and generic practices. The practices
specify what is to be done rather than how it should be done, and
the organization is given freedom in choosing the most appropriate
implementation to meet its needs.
The SCAMPI appraisal methodology is
used to determine the maturity of software organizations. It is a
systematic examination of the processes used in the organization
against the CMMI model, and it includes interviews and reviews of
documentation. A successful SCAMPI Class A appraisal allows the
organization to report its maturity rating to the SEI and to
benchmark itself against other companies. Appraisals are a part of
the improvement cycle, and improvement plans are prepared after the
appraisal to address the findings and to prioritize
improvements.
References
1.
W. Edwards Deming,
Out of Crisis (MIT Press,
Cambridge, 1986)
2.
J. Juran, Juran’s Quality Handbook (McGraw Hill,
New York, 1951)
3.
P. Crosby, Quality is Free. The Art of Making Quality
Certain (McGraw Hill, New York, 1979)
4.
G. O’Regan, Introduction to Software Quality
(Springer, Switzerland, 2014)
5.
M.D. Chrissis, M. Conrad, S.
Shrum, CMMI for Development.
Guidelines for Process Integration and Product Improvement,
3rd edn. SEI Series in Software Engineering (Addison Wesley, New
York, 2011)
6.
W. Humphry, Managing the Software Process. (Addison
Wesley, New York, 1989)
7.
Software Engineering
Institute. August 2009 CMMI Impact. Presentation by Anita
Carleton
8.
G. O’Regan, Introduction to Software Process
Improvement (Springer, London, 2010)
9.
Standard CMMI Appraisal
Method for Process Improvement. CMU/SEI-2006-HB-002. V1.2. August
2006
10.
Appraisal Requirements for
CMMI V1.2. (ARC V1.2). SCAMPI Upgrade Team. TR CMU/SEI-2006-TR-011.
August 2006
Footnotes
1
The SEI was founded by the US Congress
in 1984 and has worked successfully in advancing software
engineering practices in the US and worldwide. It performs research
to find solutions to key software engineering problems, and its
proposed solutions are validated through pilots. These solutions
are then disseminated to the wider software engineering community
through its training programme. The SEI’s research and maturity
models have played an important role in helping companies to
deliver high-quality software consistently on time and on
budget.
2
Of course, the fact that a company has
been appraised at a certain CMM or CMMI rating is no guarantee that
it is performing effectively as a commercial organization. For
example, the Motorola plant in India was appraised at CMM level 5
in the late 1990s while Motorola lost business opportunities in the
GSM market.
3
ISO 15504 (popularly known as SPICE)
is an international standard for software process assessment.
4
Our focus is on the implementation of
the staged representation of the CMMI rather than the continuous
representation. This provides a clearly defined roadmap to
improvement, and it also allows benchmarking of organizations.
Appraisals against the staged representation are useful since a
CMMI maturity level rating is awarded to the organization, and the
company may use this to publicize its software engineering
capability.
5
Discipline amplification is a
specialized piece of information that is relevant to a particular
discipline. It is introduced in the model by text such as “For
Systems Engineering”.
6
A SCAMPI Class An appraisal is a
systematic examination of the processes in an organization to
determine the maturity of the organization with respect to the
CMMI. An appraisal team consists of a SCAMPI lead appraiser, one or
more external appraisers, and usually one internal appraiser. It
consists of interviews with senior and middle management and
reviews with project managers and project teams. The appraisers
will review documentation and determine the extent to which the
processes defined are effective, as well as the extent to which
they are institutionalized in the organization. Data will be
gathered and reviewed by the appraisers, ratings produced and the
findings presented.
7
Small organizations may not have the
budget for a formal SCAMPI Class A appraisal. They may be more
interested in an independent SCAMPI Class B or C appraisal, which
is used to provide feedback on their strengths and opportunities
for improvement. Feedback allows the organization to focus its
improvement efforts for the next improvement cycle.
8
Institutionalization is a technical term and means that the process
is ingrained in the way in which work is performed in the
organization. An institutionalized process is defined, documented
and followed in the organization. All employees have been
appropriately trained in its use and process discipline is enforced
via audits. It is illustrated by the phrase “That’s the way we do things around
here”.