Professional Documents
Culture Documents
Imran Hashim
Introduction to CMMI CMMI Representations Key Stats CMMI Adoptions CMMI Appraisals SCAMPI Phases ISO 9001:2008 Quality Management System ISO 27001:2005 Information Security Management System
Used in process improvement activities as a collection of best practices A community developed guide A model for organizational improvement
CMMI: Integrates systems and software disciplines into one process improvement framework. Provides a framework for introducing new disciplines as needs arise.
People CMM
Provides guidance to organizations for managing and developing their workforce
2010 Version 1.3 of CMMI for Acquisition, CMMI for Development, and CMMI for Services is released. 2006 CMMI for Development, V1.2 is released 2002 CMMI V1.1 is released. 1995 Systems Engineering CMM, V1.1 is released. 1993 CMM for Software, V1.1 is released.
Staged Representation
A systematic, structured way to approach process improvement one step at a time. Achieving each step is a foundation for the next step. There are five levels of maturity.
Continuous Representation
A flexible approach to improve process performance. The organization may choose to improve a single PA or a group of PAs. Organization may improve each PA at different rates. There are six levels of process capability.
Optimizing
Focus on process improvement
Process measured and controlled Process characterized for the organization and is proactive
2 1
Process characterized for projects and is often reactive Process unpredictable, poorly controlled and reactive
Managed
Initial
Category
Project Management
Process Area
Project Planning Project Monitoring and Control Supplier Agreement Management Integrated Project Management Risk Management Quantitative Project Management
Configuration Management Process and Product Quality Assurance Measurement and Analysis Causal Analysis and Resolution Decision Analysis and Resolution Requirements Management Requirements Development Technical Solution Product Integration Verification Validation Organizational Organizational Organizational Organizational Organizational Process Focus Process Definition Training Process Performance Innovation and Deployment
Support
Engineering
Process Management
In software and systems engineering, it is a benchmarking tool widely used by industry and government, both in the US and abroad. CMMI acts as a roadmap for process improvement activities. It provides criteria for reviews and appraisals. It provides a reference point to establish present state of processes. CMMI addresses practices that are the framework for process improvement.
The performance results in the following table are from different organizations that achieved percentage change in one or more of the six categories of performance measures below: Performance Category Median Improvement Cost Schedule 34 % 50 %
Productivity
Quality Customer satisfaction Return on investment
61 %
48 % 14 % 4:1
Percentage Improvement
40 35 30 25 20 15 10 5 0
39% 35%
Productivity (increase)
19%
Annual Medians
18
Since 2006, 4846 SCAMPI v1.2/1.3 appraisals have been reported to the SEI. Appraisals report from China, Spain, Brazil, Argentina, and India are increasing at a rapid rate. The number of appraisals in the USA and China represent more than 55% of the total number of appraisals.
Few of the market leaders who have been obtaining various benefits from CMMI
DAEWOO DELOITTE HONEYWELL HSBC MITSUBISHI NCR US Army ACER IBM HEWLETTE PACKARD
SAMSUNG JOHN HOPKIN UNIVERSITY NATIONAL NUCLEAR SOCIETY INFOSYS LOCKHEAD MARTIN ARAMCO US Navy HYUNDAI
CMMI LEVEL 5
CMMI LEVEL 3
CMMI LEVEL 2
KalSoft (Pvt.) Ltd. Systems (Pvt.) Ltd. Digital Processing Units Interactive Convergence (Pvt.) Ltd. NADRA Pakistan ZTE Pakistan E-worx International Pvt. Ltd. Techlogix Pakistan (Pvt.) Ltd. Si3 System Innovations (Pvt.) Ltd. Abacus Consulting (Pvt.) Ltd.
LMKR Pakistan (Pvt.) Ltd. E-Dev Technologies CARE Pvt. Ltd. Prosol (Pvt.) Ltd. PrisLogix (Pvt.) Ltd. Shaukat Khanam Memorial Cancer Hospital Innovative Pvt. Ltd. GeoPaq Technologies (Pvt.) Ltd. Avanza Solutions (Pvt.) Ltd. ACES Technosoft (Pvt.) Ltd. Matrix Systems (Pvt.) Ltd. ESOL PK (Pvt.) Ltd. i-engineering Paksitan Pvt. Ltd. infoTech Pakistan (Pvt.) Ltd. Information Architects Pvt. Ltd.
The CMMI Appraisal is an examination of one or more processes by a trained team of professionals using an appraisal reference model as the basis for determining strengths and weaknesses of an organization.
Appraisals consider three categories of model components as defined in the CMMI: Required: specific and generic goals only. Expected: specific and generic practices only. Informative: includes sub practices and typical work products.
Initial assessment Provide a quick gap analysis of an organization's process relative to the CMMI. Assess the adequacy of a new process before it is implemented. Monitor the implementation of a process. Determine an organization's readiness for Class B Appraisal.
Assess progress towards a targeted CMMI Maturity Level Lower cost than a SCAMPI A Provides detailed findings then Class C Determine an organization's readiness for Class A Appraisal
Most rigorous method The only method resulting in ratings Findings that describe the strengths and weaknesses of your organization's process relative to the CMMI. Consensus regarding the organization's key process issues
Phase I
Phase II Phase III
Practice implementation indicators are footprints which are evidence of the implementation of a practice. SCAMPI appraisals use practice implementation indicators as the focus to verify practice implementation. Verifying practice implementation is the review of Objective Evidence to determine whether a practice is implemented within a project and/or organization.
Artifacts:
Tangible output's resulting directly from implementation of a specific or generic practice.
Affirmations:
Oral (interviews) or written statements confirming or supporting implementation of a specific or generic practice.
Artifact
Activity
Quality Assurance Testing Process Engineering Group Project Project Project Project Manager - 1 Coordinator - 1 Manager - 2 Coordinator - 2
Timings
2:00 3:00 pm 3:30 4:30 pm 5:00 6:00 pm 09:30 10:30 am 10:45 11:45 am 12:00 1:00 pm 2:00 3:00 pm 3:00 4:00 pm 4:00 5:00 pm 5:00-6:00 pm 09:30 10:30 am 10:45 -11:45 am 12:00 1:00 pm 2:00 3:00 pm 3:00 4:00 pm 4:45-5:00 pm
Participants
QA Team Testing Team QA Team PM-1 PC-1 PM-2 PC-2 CM Admin Manager HR Manager PM-3 PC-3 PM-4 PC-4 Development Team Mr. ABC
DD-MM-YY
DD-MM-YY
Project Coordinator - 3 Project Manager - 4 Project Coordinator - 4 Technical Managers & Developers Sponsor
ISO (International Organization for Standardization) is the world's largest developer and publisher of International Standards. ISO is a network of the national standards institutes of 163 countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system. ISO published more then19, 000 International Standards
The complete set of quality standards, procedures and responsibilities for an organization. The formalized system that documents the structure, responsibilities and procedures required to achieve effective quality management A quality management system is a web of interconnected processes.
QMS consists of :
ISO: The official title for the International Organization for Standardization. ISO 9001:2008 is an international standard for implementing a quality management system
57
ISO 9000: Quality management systems Fundamentals and vocabulary ISO 9001: Quality management systems Requirements
58
ISO 9000 provides a framework and systematic approach to managing business processes to produce a product/service that conforms to customer expectations.
59
Customer focused organization Leadership Involvement of people Process approach Systematic approach to management Continual improvement Realistic approach to decision making Mutually beneficial supplier relationship
Major Clauses
1. Scope 2. Normative reference 3. Terms and definitions 4. Quality Management System 5. Management Responsibility 6. Resource Management 7. Product Realization 8. Measurement, Analysis and Improvement
61
Management responsibility
Customers Clause 5
Customers
Resource Management
Clause 6
Clause 8
Satisfaction
Clause 7
Requirements
Input
Service/Product realization
Service Product
Output
62
An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It covers people, processes and systems. ISMS is a set of policies, procedures & processes concerned with information security.
Information Security describes efforts to protect computer and non computer equipment, data, and information from misuse by unauthorized parties.
Information security means protecting information and information systems from following common threats:
Unauthorized access Misuse of authorized access Improper handling of information Physical theft of information or information systems Environmental hazards (flood, fire, etc.) Malicious software programs (viruses/worms/trojans) Utility failure (power, water, heat, etc.)
Information security is intended to achieve three main objectives: Confidentiality: protecting data and information from disclosure to unauthorized persons Availability: making sure that the data and information is only available to those who are authorized to use it Integrity: information systems should provide an accurate representation of the physical systems that they represent
Today, Organizations core business processes are supported by information and communication systems.
Any interruption in the information quality, distribution relevance puts business at risk. quantity,
So organizations need to actively manage the security of information & communication systems.
ISO 27001 is specification for an Information Security Management Systems (ISMS) ISO 27001 defines 133 security controls under 11 main security categories. Covers all forms of information including voice & graphics, media such as mobile phones etc. . .
Security Policy Information security policy document Review of the information security policy
Organization of information security Internal organization External parties Asset Management Responsibility for assets Human Resource Security Prior to employment During employment After Employment
Access Control
Access control policy User access management Network access control
Compliance
Compliance with legal requirements Compliance with security policies and standards, and technical compliance
A structured process approach, to identify your own individual Information Security issues. Find the appropriate ways and methods, to reduce- or eliminate the identified Information security risks. ISMS Certification brings confidence, that there is a systematic approach in place, assuring the confidentiality, integrity and availability of information.
Thank You