Each level within the CMM framework is referred to as a ...



CMM and ISO Certification

Jittapat Yuwutaepakorn

Parach Waiyawajamai

Booncharat Tangtiphongkul

MIS 6800

Dr. Mary C. Lacity

December 2, 2004

Table of contents

1. Executive Summary…………………………………………………………1

2. Capability Maturity Model………………………………………………….3

3. What is CMM……………………………………………………………….3

4. Each level of Maturity level

contains KPAs that software

development project has to meet…………………………………………….4

5. An example of Requirement

Management of Infosys company…………………………………………...6

6. Common features of KPAs indicate

the implementation and institutionalization…………………………………9

7. An example of Measurement and

Analysis in common features………………………………………………..9

8. The median times to move from

one maturity level to the next………………………………………………10

9. How to get CMM certificate………………………………………………..11

10. The benefits of Capability Maturity

Model for an organization…………………………………………………. 11

11. Criticisms of CMM…………………………………………………………12

12. What is ISO…………………………………………………………………13

13. ISO 9000 family…………………………………………………………….13

14. ISO 9001:2000 Quality Management System-Requirement………………..15

15. The process Approach………………………………………………………15.

16. The process Model………………………………………………………….16

17. Quality Management Principles…………………………………………….17

18. Benefits of ISO Implementation and Certification………………………….18

19. Limitation of ISO Implementation and Certificate…………………………18

20. Comparison of ISO and CMM………………………………………………18

12. Case study 1: Oklahoma City Air Logistic Center (OC-ALC)

Software Division (LAS) used CMM as an guide to software process

Improvement………………………………………………………………..19

13. Case study 2:ULTRATECH STEEPER (UTS) successfully gets

ISO 9001 certified by using 13 steps……………………………………….22

14. References…………………………………………………………………..26

15. APPENDIX A………………………………………………………………

16. APPENDIX B………………………………………………………………

Executive Summary

Increasingly, software development is an important activity in a rapidly increasing number of companies. Each year there are approximately a million software project which produce software worth more than $600 billion worldwide. It has been found that software development takes over more and more of the total development cost. Often, it takes over more than 50% and in many cases account for most of the functionality of the products.

However, most software projects encounter an unsuccessful in producing software because of Schedule and budget overruns, low quality and unable to deliver functionality. The most reason of unsuccessful in software project is an improper management of the project.

Therefore, using effective project management techniques helps to develop the opportunity of successful in producing software. There are two the most recognized methods of quality management with respect to software development which are Capability Maturity Model and International Organization for Standardization 9001. The purpose of using these two methods of quality management is to build more creditability for the organization and the software development process to their customers.

In this report, we would like to provide you information about Capability Maturity Model including an example of Infosys’s case study of CMM in the first part. We will also provide you criticisms of CMM. And then, we will talk about International Organization for Standardization 9001, the similarity and difference between CMM and ISO, and finally we will give you a case study of companies, OC-ALC and UTS, implementing CMM and ISO9001 respectively..

The capability Maturity model originates by the Software Engineering Institute (SEI) of Carnegie Melon University in 1991. The federal government mainly involved in producing CMM because the government faced the problem of inconsistency, overruns time and budget in using software, then the federal government contracted with SEI to create CMM to evaluate software contractors. The purpose of CMM for software is to help organizations in producing quality software and improving the maturity of their software processes.

The CMM is a framework consisting of 5 maturity levels which are the key elements of software processes: Initial, Repeatable, Defined, Managed, and Optimizing. Each maturity level contains Key Process Areas (KPAs) that specify requirements or best practices for organization to be demonstrated. KPAs are organized into a set of 5 common features that help indicate whether the implementation and institutionalization of a key process area is effective, repeatable, and lasting. Each KPAs have some goals that organization must meet in each KPA to satisfy it. In addition, in each KPAs also have a group of activities which called “key practices” that can collectively satisfy the goals of that KPAs.

For an organization to reach a level or the assessment method, all of the KPAs at that maturity level as well as the KPAs at all lower maturity levels must be satisfied by the process of that organization.[14] Any organization that achieved in CMM will gains in productivity, quality, time to delivery, accuracy of cost, effective schedule estimated, product quality and low waste.

ISO standards have been developed by International Organization for Standardization since 1947. The most well-known standard that related to software development is ISO 9001 which are now the only Certificate Standard in ISO 9000 family. ISO 9000 family is a set of generic standards for quality management and assurance which can be implemented by any size or type of organizations. ISO 9000 family is a customer-oriented standard that concerns on continual improvement. Since its initial release in 1987 to 2003, there are more than 560,000 ISO 9000 certificates issued in 152 countries.

ISO 9001 : 2000 is the requirement of Quality Management System which is composed of quality management systems, management responsibility, resource management, product realization, and measurement, analysis and improvement

Eight Quality Management Principle are the guidances for organizations to

focus on customer,provide leadership,encourage the involvement of people, use process approach, manage a system approach, continually improve,use factual approach to decision making ,and be mutually beneficial relationships with supplier.

The main difference between CMM and ISO is CMM focus only on sofeware development while ISO covers any kind of industry .The similality of CMM and ISO is “Say what we do and do what we say”

We also provide the two case studies: OC-ALC emplementing CMM, and ULTRA TECH STEEPER(UTS). OC-ALC improved its software process and gain the benefits. UTS used 13 steps to get certified of ISO 9001: 2000 in less than a year with very low costs. Look at how they could get certified of those standard effectively. Commitment of senior managements and involvement of people in the organization are two main keys of their success. Champions are also important to the success of project.

What is CMM

CMM (Capability Maturity Model)

CMM stands for the Capability Maturity Model. CMM developed by adapting the Total Quality Management to use for Software Development and changed the name to Capability Maturity Model. The CMM for software is a structure that emphasizes on processes for software development. It was developed by observing best practices in software organization as well as non-software organization. Therefore, the collective process experience and expectations of many companies are reflected the CMM for software. The CMM for the software can be used both to evaluate the software process of an organization and to plan process improvements

CMM originated by Software Engineering Institute (SEI) of Carnegie Mellon in 1991. The government is a major purchaser of software and has had to deal with unqualified software, overrun schedules, and high costs for many times. Therefore, the federal government asked Software Engineering Institute to establish a quality management tool that would allow the government to distinguish between completing bids for software development. SEI started work on a maturity framework in 1985 and over the next six years it developed into the Capability Maturity Model that was established.

The purpose of CMM is to help organization that produce software, improve the maturity of their software processes. The improvement is conceptualized as an evolutionary path from an AD-HOC chaotic state, to mature, disciplined software process.[28]

[pic]

Figure 1: The structure of CMM[27]

The structure of CMM shows that The CMM framework consists of 5 maturity levels which are the key elements of software processes: Initial, Repeatable, Defined, Managed, and Optimizing. Each maturity level contains Key Process Areas (KPAs) that specify requirements or best practices for organization to be demonstrated. KPAs are organized into a set of 5 common features that help indicate whether the implementation and institutionalization of a key process area is effective, repeatable, and lasting. Each KPA have some goals that organization must meet in each KPA to satisfy it. In addition, in each KPA also have a group of activities which called “key practices” that can collectively satisfy the goals of that KPA. After all KPAs in that maturity level and at lower level are met, it means that that organization and that software development project are reached that CMM level.

Each level of maturity level contains KPAs that software development project has to meet.

The CMM framework explained the key elements of software processes at different levels of maturity. Thus, it also indicates the route that a software process follows in moving from immature and ad-hoc process to highly mature process.[8] There are 5 maturity levels.

1. Initial

2. Repeatable

3. Defined

4. Managed

5. Optimizing

[pic]

Each level within the CMM framework is referred to as a ‘maturity level’. The Key Process Areas can be considered as the requirement or best practices for each maturity level. For an organization to reach a level, all of the KPAs at that maturity level and KPAs at all lower maturity level must be satisfy by the processes of that organization. Each key process areas have its goals that an organization has to meet in order to reach that KPA. Furthermore, each KPA also specifies a group of activities which called key practices that can collectively satisfied the goals of that KPA.[14]

|Maturity |Rating |Description |KPAs |

|Level | | | |

|5 |Optimizing |Continuous process improvement is enabled by quantitative |Cover the issues that both the organization and the|

| | |feedback from the process and from piloting innovative ideas |process must address to implement continual, |

| | |and technologies. |measurable software process improvement. The KPAs |

| | | |are: |

| | |The organization is continuously striving to improve their |Defect Prevention |

| | |process capability range. |Technology Change Management |

| | |The organization has the means to identify weakness and |Process Change Management. |

| | |strengthen the process proactively | |

| | |The goal is the prevention of defects. | |

|4 |Managed |Detailed measures of the software process and product quality |Focus on establishing a quantitative understanding |

| | |are collected. Both the software process and products are |of both the software process and the software work |

| | |quantitatively understood and controlled. |products being built. The KPAs are: |

| | | |Quantitative Process Management |

| | |Software process capability is quantifiable and predictable. |Software Quality Management |

|3 |Defined |The software process for both management and engineering |Address both project and organizational issues, as |

| | |activities is documented, standardized and integrated into |the organization establishes an infrastructure that|

| | |standard software processes for the organization. All project |institutionalizes effective software engineering |

| | |use an approved, tailored version of the organization's |and management processes across all projects. The |

| | |standard software process for developing and maintaining |KPAs are: |

| | |software. |Organization Process Focus |

| | | |Organization Process Definition |

| | |Management has good insight into technical activities. |Training Program |

| | | |Integrated Software Management |

| | | |Software Product Engineering |

| | | |Intragroup Coordination |

| | | |Peer Reviews |

|2 |Repeatable |Basic project management processes are established to track |Focus on the software project's concerns related to|

| | |cost, schedule, and functionality. The necessary process |establishing basic project management controls. The|

| | |discipline is in place to repeat earlier successes on project |KPAs are: |

| | |with similar applications. |Requirements Management |

| | | |Software Project Planning |

| | |Software project standards are defined. |Software Project Tracking and Oversight |

| | |Planning and managing new projects is based on similar project|Software Subcontract Management |

| | |experience. |Software Quality Assurance |

| | | |Software Configuration Management |

|1 |Initial |The software process is characterized as ad-hoc, and |None because the software process are just design, |

| | |occasionally even chaotic. Outcomes are unpredictable and |code, compiles and test in the first step of the |

| | |poorly controlled. Few processes are defined, and success |project |

| | |depends on individual effort and heroics. | |

| | | | |

| | |The organization typically does not provide a stable | |

| | |environment for developing and maintaining software. | |

| | |Over commitment is very common at this level. | |

| | |During crisis, projects typically abandon planned procedures | |

| | |and revert to coding and testing. | |

Source: umsl.edu/~sauter[28]

cis.njit.edu[2]

[pic]

An example of Requirement Management of Infosys company

We would like to give you an example of one software project of Infosys Company. First of all, we would like to talk briefly about Infosys Company. Infosys Company is a highly successful software house that has its headquarters in Bangalor, India. It currently employs approximately 10,000 people. It was founded in 1981 by a group of seven software professionals. It provides software services to customers. It has customers in 15 countries. Their customers are engaged in variety of businesses such as banking, retailing, manufacturing, telecommunications, financial services, insurance, and transportation. Infosys has a market capitalization of more than $8 billion (based on market rates in June 2001). Its revenue was more than $400 million in 2000 (revenue in 1994 was $9.4 million). The basic aim is the company is to provide software services to customers all over the world. To provide software services to the customers, the company is organized into strategic business units, with each business unit focusing on a different application domain. Infosys Company achieved CMM level 5 on December 6, 1999.

[pic]

Source: products/cmm.html[26]

Figure 2

We would like to give you an example of one software project of Infosys Company that is in requirement management which is KPA in level 2. After software project reached level 1 or Initial, next step is achieved requirements specification and management which is a key process area in level 2 or repeatable. The goals of requirements management are first software requirements are controlled to establish a baseline for software engineering and management and second software plans, products, and activities are kept consistent with requirement[14] The purpose of requirements management is to establish a common understand between a customer and project team on the customer’s requirement. [2] For Infosys software project, requirements specification and management divided into 3 activities:

1. The requirements specification activities are done at the start of the project

2. Change management is done throughout the project

3. Requirements traceability management aims to ensure that all requirements can be traces to elements in the outputs produced in later stages of the project.

[pic]

Source: Jalote, Pankai, CMM in Practice: Process for Executing Software Projects at Infosys[14]

Figure 3

In the figure 3 shows the activities performed during the requirements specification and management. Infosys mainly focused on two areas.

1. The problem analysis activities consist of three activities

1. prepare for requirements gathering and analysis

• Do background reading on customers’ technical/business concepts

• Become familiar with customer’s methodology and tools to be used

• Identify methods for information gathering

• Prepare questionnaires for eliciting information

• Plan Prototyping

• Define requirement specification standards, interview plan and review with customers

2. gather requirements

• Establish objectives and scope of the system

• Gather information about business events, external environment, operating environment requirements, performance requirements, standard requirements and special requirements

• Prepare and evaluate prototypes which give the users feel of the system and are a helpful technique in gathering requirements

• Conduct feedback sessions in order to understand all requirements

3. Analysis

• Develop process model

• Develop logical data model

• Set up data dictionary

2. The product description activities

1. Prepare software requirements specification document as you can see an example in APPENDIX A

2. Prepare acceptance criteria

3. Review requirements and acceptance criteria

After customer reviews and sign-off for the requirements, software project reached the requirement specification and management.

Common features of KPAs indicate the implementation and institutionalization KPAs are structured into a set of five common features that help indicate whether the implementation and institutionalization of a key process area is effective, repeatable, and lasting.[28]

|Common Feature |Description |

|Commitment to Perform |Describes the actions the organization must take to ensure that the |

| |process is established and will endure. Includes practices on policy |

|Establishing organization policies |and leadership. |

|Obtaining senior-management sponsorship | |

|Ability to Perform |Describes the preconditions that must exist in the project or |

| |organization to implement the software process competently. Includes |

|Resources requirement |practices on plans, procedures, work performed, tracking, and |

|Organization structure |corrective action. |

|training | |

|Activities Performed |Describes the roles and procedures necessary to implement a key |

| |process area. Includes practices on plans, procedures, work |

|establishing plans and procedures |performed, tracking, and corrective action. |

|performing the work, tracking it | |

|take corrective actions as necessary | |

|Measurement and Analysis |Describes the need to measure the process and analyze the |

| |measurements. Includes examples of measurements that could determine |

| |the status and effectives of activities performed. |

|Verifying Implementation |Describes the steps to ensure that the activities are performed in |

| |compliance with the process that has been established. Includes |

| |practices on management reviews and audits. |

Source: umsl.edu/~sauter[28]

cis.njit.edu[2]

[pic]

An example of Measurement and Analysis in common features

For Infosys, it has Project Closure for measurement and analyses software project. The objective of Project closure in Infosys is to determine what went right, what went wrong, what worked, what did not , and how it could be made better the next time. We also have one more example of project closure for Infosys’s software project. This example focuses on measurement and analysis of the software project. As you can see one software project of Infosys’s closure analysis report in APPENDIX B, closure analysis report includes

• General and process-related information

The closure reports provide general information about the project, overall productivity achieved and quality delivered, process used and process deviations, estimated and actual start and end dates for the project, tools used in the project and so on.

• Risk management

Initial risk that occurred at the beginning of the project will be recorded including the risk mitigation steps planned in order to guide a later projects.

• Size

The size of the software is not only estimated size of the software in terms of number of simple, medium or complex modules and then classifies it but also includes data actual size of the project.

• Effort

Total estimated effort and actual effort of the labor in the project are recorded in the closure report.

• Defects

A summary of defects found during the project is being a part of the closure analysis report.

• Causal analysis

When the project has done, the performance of the overall process will be shown in the closure report. If the performance of the process on the project is out of the range given in the capability baseline, then there is a good opportunity that the variability has an assignment cause. Once the causes are identified, company and customer must decide whether some of them can lead to process improvements or can form some lesson learned.

• Process assets

The assets are outputs from a project that might be useful to other projects.

There are some lesson learned from the software project of Infosys such as to understand the performance of the process and causes for any deviations from organizational norms, indicates the quality delivered in the project, the productivity achieved in the project, the distribution of effort, the distribution of defects, the cost of quality, effectiveness of risk mitigation, effectiveness of planning.

The median times to move from one maturity level to the next

Software Engineering Institute published the median times to move from one maturity level to the next

Maturity Level 1 to 2 – 24 months

Maturity Level 2 to 3 – 22 months

Maturity Level 3 to 4 – 32 months

Maturity Level 4 to 5 – 16 months[18]

How to get CMM certificate

The process of assessment is to evaluate the strengths and weaknesses of the software development process in addition to evaluate the satisfaction of the different goals of the different KPAs (figure 3). The assessment is performed by an assessment team which is chose by an SEI-authorized lead assessor. The team members must be familiar with CMM and processes-related issues and obtained training from lead assessor. An assessment team has to collect information about the software process of the organization. There are three main sources of information; maturity questionnaires is used to get feedback regarding the process being used in the organization, document examination and Interview people who are involved in the software process. If the goals of KPAs satisfied, then the KPA is satisfied. An organization is considered to have reached a level if it is satisfies all KPAs for that level and for all levels below.

The benefits of Capability Maturity Model for an organization

For initial level, there is no any benefit in this level because software development process just starts. Software project is inconsistency, over limited budget and time, and lots of defects are found.

For repeatable level, the cost is not over the limit and over time is reduced.

For defined level, the cost and time meets the limit including improved quality of the software development process.

For managed level, the result of the software development project can predictable and knowledge of factors causing variance and reuse.

Lastly, for optimizing level the software development project continuously targeting improvements required to meet business objectives.

In summary of the benefits of using CMM for software, software development project and organization gains in productivity, quality, time to delivery, accuracy of cost, effective schedule estimated, product quality and low waste.

[pic]

Source: products/cmm.html[26]

Figure 4

Capability in this figure refers to Key Process Area or requirements in each maturity level. Any software project that achieves level 5 or optimizing level will have the highest productivity and also have the lowest of risk and waste.

There are three mains limitation of CMM because of CMM is innovative so it is difficult to understand and use. The CMM process is a very complex, time consuming and costly venture for any organization

Criticisms of CMM

Alternatively, outsourcing is used as a method to develop software, and software process. Many companies prefer using outsourcing in software process development when facing with problems; over time and budget. CMM is increasingly important in outsourcing software process development because when you would like to outsource to outsourcing company. CMM is a certification telling you which companies get certified at high level.

Additionally, regarding outsourcing, the companies in U.S. are CMM level 3, and many of best-known outsourcing companies in India are CMM level 5 for examples, TCS, Infosys, Wipro, HCL technologies, Syntel, Mastek, and SISL These companies are leading software organizations and all in India.

.

It looks positive that they can jump two levels by going to partnership with companies in India. But in order to communicate with your partner, you should improve you whole company up close to the level of your partner.

After we have learned about the CMM as an effective way to improve software process in your company, now we are going to provide you another effective, and widely accepted certification, ISO 9001:2000. Before, talking specifically about ISO 9001, we would like to give you broadly an idea of ISO certification.

ISO Certification

What is ISO ?

ISO, International Organization for Standardization, is a non-governmental organization which was established in 1947. It is a network of national standards institutes from 146 countries. Importantly, ISO has developed more than 14,000 international standards covering almost all sectors of business, industry and technology.[1]

[pic]

The most widely known standard that related to information technology industry is ISO 9001 which is one of ISO 9000 family.

ISO 9000 family

ISO 9000 is a set of “Quality Management Standards” which provide quality assurance for customers. The first set of ISO 9000 series was developed in 1987 and was revised in 2000. The new “Quality Management Systems Standards” is comprised of the following:

• ISO 9000 : Quality management systems - Fundamentals and vocabulary

• ISO 9001 : Quality management systems - Requirements

• ISO 9004 : Quality management systems - Guidance for performance improvement

ISO 9000 family has earned a global reputation for being an international reference on Quality management systems (QMS). The ISO 9000 family emphasizes on quality objectives, continual improvement, and the enhancement of customer satisfaction. Moreover, QMS is known as “Generic Standards” which can be applied to any sizes of organizations: large or small, any types of organizations: businesses enterprise or government department, and any industry whatever it sells products or provides services. The ISO standard is not a product standard, but rather is a management process standard. ISO does not audit or certify the quality of any organization system; independent member bodies in each country are authorized to do it. [11]

|year |1993 |

|1.Covers software and hardware |1.Focus only on software |

|2.Outwardly focused from the firm |2.Inwardly focused to the firm |

|3.Addresses minimum requirements |3.Emphasizes on continuous quality |

|with implied continuous improvement |improvement |

|4.Certificated by Third-party |4.Certificated by CMM creaters |

|5.Re-certification every year |5.No re-certification |

[8]

• Similarities of ISO-9000 Standard and the capability Maturity Model

1.“ Say what we do, Do what we say “

that means organizations have to document their procedures and

quality system and also perform the same thing.

2. Both focus on processes and continual improvement.

3. They both require management support and responsibility

4. The approach measurement and analysis are required.

5. They both have internal audits and internal controls.[29, 19]

Case studies of CMM and ISO 9001

Our group had spent lot of time to find and learn from the case studies. Initially, we tried to find the companies in Thailand implementing CMM and/or ISO 9001. We searched for the companies and found that in Thailand, CMM is not widely known. On the other hand, ISO is used widely as an accepted certification in Thailand. However, ISO being used as a certification in Thailand is ISO 9000 and ISO 14000, which certify mainly qualities of industry and environment.

Therefore, we would like to give you an example of the company that went through the software process improvement. We found the study performed by Software Productivity Research in the test software branches of the Oklahoma City Air Logistic Center (OC-ALC), Directorate of Aircraft (LA), Software Division (LAS) from April to June 1994 [3]

Oklahoma City Air Logistic Center (OC-ALC)

Software Division (LAS) used CMM as an guide to software process improvement.

Introduction to OC-ALC

OC-ALC is located at Tinker Air Force Base, Okla. This organization has many divisions. There are over 400 personnel in seven branches of The Software Division. The responsibility of The Software Division (LAS) is to develop and maintain many different Air Force software items.

OC-ALC is located at Tinker Air Force Base, Okla. The Software Division, composed of over 400 personnel in seven branches, is responsible for the development and maintenance of many different Air Force software items.

The history of LAS in association with the Software Process Assessment started in 1990. At that time LAS was rated at CMM level 1, which is the lowest maturity level. However, LAS was chosen by the SEI to be an alpha site for the updated software process improvement methodology. As a result, LAS was one of the first to get CMM level 2 certified in March 1993

At the time article was written, LAS was currently working on getting certified at CMM level 3 with the next assessment scheduled for 1996.

LAS would like to improve their Software process to get certified at level 3, which takes it long time. LAS had to achieve Key Process Areas (KPAs) and goals of the CMM level 3, which were much more than KPAs of the level 2.

Process

LAS began its relationship with the SEI in 1989. It has been working on process improvement since 1986. LAS has been using SEI CMM as an basis for its process improvement efforts since its release in 1981. We can say that when organizations would like to improve their software process, they seek for certification to be as their steps. “To facilitate process improvement, LAS has developed and implemented a process improvement infrastructure, the purpose of which is to guide and monitor the organization’s process improvement efforts.” [3]

LAS used the process improvement infrastructure as a key to success of getting certified. The process improvement infrastructure includes the Management Steering Team (MST), composed of the senior organizational management along with the Software Engineering Process Group (SEPG), composed of technical personnel. In addition, technical working groups were established to work on specific areas.

To ensure that the improvement efforts are effective and that they solve the problems facing the organization, LAS used the MST and the SEPG to work together. It used SEI CMM to guide the process improvement efforts. Many improvements that are worked by LAS can be directly traced to the CMM. However some improvements that were done may not be directly traceable to CMM. LAS feel that they have had success in their process improvement efforts because they have seen an return on their process improvement investment.

As well as many projects, top management leadership and support are very important to the success of the project, so that MST is the biggest keys to LAS’s success, together with the focus and attention that it brings to the process improvement efforts. The Management Steering Team, meets monthly, with the meetings often lasting three to four hours. Process improvement status is briefed, issues are resolved, and resources are assigned to the improvement efforts. The leadership and support of the senior management is very important because they send a clear message to the LAS employees how important the process improvement is.

Another key to success is the funding that the Air Force Material Command provides for process improvement. The organizations usually have other workloads, so that funding is the key allowing the improvement efforts to be worked at the same management level.

Benefit of software process improvement

|Category |Result |

|Return on Investment |7.5 to 1. |

| |An investment of $1.5 million dollars resulted in a |

| |savings of $11.3 million. |

|Defect Rates |90 percent reduction from the baseline project |

| |to the second project. |

|Maintenance Costs |26 percent reduction in the average cost of |

| |a TPS maintenance action over the last two years. |

|Productivity |10X increase from the baseline project to the |

| |most recent project. |

|Table 1: Benefits of Software Process Improvement. |

Source: [3]

According the analysis performed by SPR, LAS invested 15 million over an 8-year period. It saves cost of $11.3 million. The study also showed that the project for which LAS currently has ample defect data, had been reduced by an order of magnitude. In addition, In the past two years, LAS has reduced the cost of a TPS maintenance correction by 26 percent. Productivity of the project had also increased.

Lesson learned from case study of LAS

CMM is used as a guide of the process improvement. Organizations should improve their productivity by improving their process. The process could be improved by improving software process. As an example of LAS, it has been improving their process since 1989, when it was at CMM level 1. The improvement of process must be on-going improvement process.

We learned from the case study that the important factors of improving process are the leadership and support of the senior management. And obviously from the benefits, the process improvement efforts have a positive impact on the organization.

Actually, the involvement of stakeholders is very important. As mentioned in the case, the involvement of the LAS customers was the key element. The customers appreciated their input being used in the study.

The study was useful in many ways. For LAS, it showed that the process improvement efforts were having a positive impact on the organization. For other organizations, it is a data point that can be used to generate support for process improvement.

Another key to success of LAS is that they have worked hard to implement a process improvement infrastructure that responds to the true needs of the organization, by using CMM as a guide.

We showed the case of implementing the CMM and showed how important of improving software process to the organization. LAS was very successful of improving their process by using CMM as a guide to improve their process. CMM is very useful for the organizations willing to improve their software process by giving key process areas at each level. Organization could achieve the KPAs and goals at each level to get certified to the higher level.

Now we would like to give another case study of the company implementing ISO 9001;2000 (and also ISO 14000 at the same time.)

[pic]

ULTRATECH STEEPER (UTS) successfully gets ISO 9001 certified by using 13 steps

Background of company

UTS,located in San Jose, CA, manufactures photolithography equipment used in the fabrication of integrated circuits, nanotechnology devices and thin film heads for disk drives. UTS had sales of $73 million and profits of $34 million, and net income of $4 million annually in 2003.

The company sells semiconductor, advanced packaging, nanotechnology, and laser processing. Main customers of the company were in Japan, Taiwan, China, North America, and Korea.

UTS got certified of ISO 9000:1994 already and was willing to get certified of ISO 9001:2000.

Process of implementation of ISO 9001:2000 (ISO 14000 in the same time)

UTS was among the first 1 to 2% of ISO 9000:1994 registered companies to become certified to ISO 9001: 2000. UTS was very successful of implementing ISO 9001 by using 13 steps. It accomplished this very quickly and inexpensively. It spent only nine months and less than $200,000 in manpower and related costs.

13 steps UTS followed to accomplish its objective.

Step 1: Got Senior Management Commitment

As mentioned frequently, to get any project successful, senior management commitment is very important. UTS conducted The eight-member UTS quality steering committee (QSC), which is composed of senior management. Its charter is to instill a corporate culture of integrity, customer satisfaction, environmental awareness and continual improvement.

The QSC, on average, meets every six to eight weeks, and its responsibility is to define the quality and environment goals and ensuring they are incorporated into executive management’s annual strategic business plan.

To implement ISO 9001 successfully, and effectively, QSC needed to be educated of the ISO 9001 requirements. It is important the QSC believed implementation would improve quality and customer satisfaction.

Step 2: Redefine Quality Policy

The quality policy must be re-defined because of three reason.

- The existing quality policy hadn’t been updated in six years and really hadn’t been reviewed or discussed in any depth.

- ISO 9001;2000 clause 5.3 elaborates on the substances of the quality policy and how it should be communicated. The existing quality policy did not contain all three policy requirement of the new standard.

- Integrating the QMS and EMS required combining the quality and environmental policies for ease of communication with employees.

Step 3: Define customer satisfaction.

UTS tried to meet needs and requirements of the customers.

Step 4: Define Business Processes, Systems

Using the new standard as the model, it was decided to scrap the quality and environment manuals and all existing level two procedures and start anew by defining: key business systems (KBS), interaction between systems, and detailed process requirements. QSC assigned Champions to each KBS to define the sequence and interaction of these systems and processes.

Step 5: Educate Employees

Every employee was trained to understand the ISO 9001 and its requirements. QSC had laid the groundwork for implementation: vision, plan, policy, customer satisfaction in less than a month. A lot changes needed to occur very rapidly, and all personnel needed to be aware of their role in successful implementation. Three level of training were conducted: 1.General training and communication, 2. Champion training 3. Internal auditor training.

Step 6: Draft Manual, Procedures

The existing quality manual written to the ISO 9001;1994, is needed to be changed to new Manual compatible with new requirements of ISO 9001;2000

Step 7: Define Key Metrics, Effectiveness Dashboard

QSC needed a simple tool to measure progress because a lot of activities had been set in motion within two months. A QSC dashboard was created to evaluate progress for each KBS.

[pic]

Source: [20]

Step 8: Conduct External Readiness Review

Many things had been set up, UTS thought that it was doing the right things, but was it? No one in the company had experience of implementing ISO 9001: 2000 before, so that they needed to hire external consultant to help them.

Step 9: Conduct Metrics Reviews

Metrics, or rather the lack of them, had long been one of the weakest aspects of UTS’QMS. A multifunctional metrics review meeting was scheduled. The dialogue was useful in identifying opportunities for improvement and leading to a better understanding of external and internal customer requirements throughout the organization.

Step 10: Schedule, Conduct Gap Assessment

In February 2001, the QSC decided to pursue certification with help of the external consultant. Prior to the gap assessment, all the champions were coached on potential questions and preaudited to ensure compliance.

Step 11: Respond To Findings

UTS needed to focus on:

- Improving the channels for receiving and responding to customer feedback.

- Improving the monitoring, measuring and analysis of data for products and services.

- Training employees to better understand how their jobs contribute to achieving quality objectives and improving customer satisfaction.

Step 12: Prepare For Registration Audit

UTS met the minimum requirements of the standard. Two major actions remained: to educate and audit employees regarding the eree book, and to have internal audits conducted by a partnering company.

Management desired a more thorough analysis of software engineering processes by someone more experienced in disciplined software engineering practices. This time, rather than use a paid consultant.

Step 13: Schedule, Conduct Audit

When the date of certification audit arrived, UTS was confident of success.

As a company, approximately 2,000 hours had been spent upgrading the QMS and EMS. Therefore, it was not surprising that on Nov 30, 2001, UTS was recommended for certification with only two findings and six observations.

Lesson learned from the case study of ULTRATECH STEEPER (UTS)

UTS was very successful in implementing ISO 9001:2000. It accomplished in only 9 months and less than $200,000 in manpower and related costs. We can see that the UTS was successful importantly because of commitment of senior managements, which is the most important factor of every projects. Another factor of success was the involvement of everyone in the organization. UTS set clear goals for everyone in the organization to pursue.

Good planning and measurement of the progress are another two factors of success that UTS used to implement ISO 9001:2000. Another factor, very helpful and important to the success of the project, is assistant from the external expert because no one in the company has had an experience of implementing ISO 9001:2000 before.

In implementing ISO 9001:2000 of UTS, it used Key Process Business (KPB) which is similar to Key Process Areas (KPAs) of CMM. UTS used KPB to set what they have to achieve.

References:

1. About ISO- introduction from viewed 11/12/04

2. A Comparative study of ISO 9000 and Capability Maturity Model, cis.njit.edu/~axp9532/cmm/cmm_intro.html

3. Butler, K.L, The economic benefits of software process improvement.Cross talk (July 1995), 14-17

4. CMM – Capability Maturity Model docs/cmm/cmm.pdf

5. Corbett, Luca, and Pan., “Global perspectives on global standards: a 15- economy survey of ISO 9000 and ISO 14000” Special report, ISO Management System, January- February 2003.

6. Doug and Carole Anton., ISO 9000: 2000 survival guide, AEM Publishing, California, 2003, pp.32-33,78

7. Dr. Dean R.Lee, Strategic process improvement planning.Bloodworth integrated technology

8. Gary M.Griggs., Quality Management of Software Industry,19 May 2004

9. How to develop a process oriented Quality Management System

10. Infosys’s website

11. ISO 9000 and ISO 14000 - in brief from viewed 11/12/04

12. ISO 9000: Guidance on the concept and use of the process approach for management systems from iso/en/iso9000-14000/ iso9000/9001_2000approach.html view 11/20/04

13. ISO 9000-Quality Management Principle from viewed 11/12/04

14. Jalote, Pankai, CMM in Practice: Process for Executing Software Projects at Infosys

15. James, H., David, Z., Dennis, G., Will, H., Mark, P., Software quality and the capability maturity model. Association for Computing Machinery. Communications of the ACM; Jun 1997; 40, 6; ABI/INFORM Global pg.30

16. Jeanne Ketola and Kathy Roberts., ISO 9000:2000 in a nutshell, Paton Press, California, 2001, pp.6

17. Leland R Beaumont., ISO 9001,The standard Interpretation : The Standard for Quality Management Systems, ISO Easy, New Jersey,2002, pp.6,10-15,17-127,148,153,160.

18. Ramanujan, Sam; Kesh, Someswar, “Comparison of knowledge management and CMM/CMMI implementation”, Journal of American Academy of Business, Cambridge; Mar 2004

19. Sunny Dallafior , “ISO 9000:2000 vs. CMMIsm”, An Overview    viewed 11/27/04

20. Tammy Lando, 13 steps to certification in less than a year, Quality Progress, Milwaukee; Mar2003.Vol. 36, Iss. 3; pg. 32, 10 pgs

21. The controversy of outsourcing ()

22. The ISO Survey of ISO 9001 :2000 and ISO 14001 Certificates- 2003 (to 31 December 2003) from . viewed 11/12/04

23. The Software Engineering Institute website, sei.cmu.edu

24. Ultratech Steeper’s official website ()

25. unizg.hr/tempusprojects/Dubrovnik-Ivan%20Mencer.pp

26. products/cmm.html

27. www3.4_decision_tools/measurement/measure_it_articles/2003_0424/ben_cmm.jsp

28. The Capability Maturity Model and ISO 9000 standards : Similarities and Differences,

-----------------------

Prepare SRS and

Acceptance criteria

Review

Obtain sign-off

Analyze

Gather/Elicit

Requirement

Prepare

* Problem analysis

* Product description

After sign-off, the initial baseline for requirement is established

The activities performed during the requirements phase largely focus on two areas

This PDCA methodology is a helping tool for improving a quality manage system by:

Plan : establish the goals and processes.

Do : implement the process.

Check : monitor and measure processes and product

Act : tack actions to continually improve process efficiency

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download