1 / 43

CMM vs. ISO

CMM vs. ISO. David S. Craft CIRM, PMP Engineering & Manufacturing Services. Agenda. Who Am I - EDS Software Systems Development ISO CMM Sarbanes Oxley. Who Am I. Managing Consultant Engineering and Manufacturing Services Applications Service Delivery EDS. Shift Supervisor.

locke
Download Presentation

CMM vs. ISO

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufacturing Services

  2. Agenda • Who Am I - EDS • Software Systems Development • ISO • CMM • Sarbanes Oxley

  3. Who Am I Managing Consultant Engineering and Manufacturing Services Applications Service Delivery EDS Shift Supervisor Inventory Control Manager Industrial Engineer Team Leader Internal ISO Auditor Materials Manager Manager Production Planning & Control VISTA Volunteer Consultant Project Manager Chief Industrial Engineer

  4. Process • To Develop Software and Systems You Need A Process • Anything goes • Defined • Structured

  5. Process, people and technology are the major determinants of project cost, quality and schedule.

  6. Common Misconceptions • I don’t need defined processes I have: • Really good people • Advanced Technology • An experienced manager • Defined Processes: • Interfere with creativity • Equals bureaucracy + regimentation • Isn’t needed when building prototypes • Is only useful on large projects • Hinders agility in fast moving projects • Costs too much

  7. Why We Need Standard Processes • Estimating (History) • Scope • Cost • Time • Tools • Deliver the Product to Estimate (Visibility) • Time • Cost • Quality • Handling/Controlling Changes • Planned • Unplanned • Scope Creep

  8. How to Achieve Quality Processes • ISO • CMM

  9. ISO – CMM Differences Netta Dotan, Quality Assurance & project management, Ronkal Office Technologies

  10. ISO – CMM Differences – My View Netta Dotan, Quality Assurance & project management, Ronkal Office Technologies

  11. ISO – CMM Similarities • Both require the organization be explicit about what their processes and quality systems are • Say what you do; do what you say • The organization records and tracks data for objective analysis • Require strong management support to succeed • Provide a structured and measured approach to quality improvement • Require an outside audit for “certification” • Both are refined/improved over time

  12. Meet ISO • ISO (International Organization for Standardization) is the world's largest developer and publisher of International Standards. • ISO is a network of the national standards institutes of 157 countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system. • ISO is a non-governmental organization that forms a bridge between the public and private sectors. On the one hand, many of its member institutes are part of the governmental structure of their countries, or are mandated by their government. On the other hand, other members have their roots uniquely in the private sector, having been set up by national partnerships of industry associations. • Therefore, ISO enables a consensus to be reached on solutions that meet both the requirements of business and the broader needs of society.

  13. Standards are documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose. For example, the format of the credit cards, phone cards, and "smart" cards that have become commonplace is derived from an ISO International Standard. Adhering to the standard, which defines such features as an optimal thickness (0,76 mm), means that the cards can be used worldwide. International Standards thus contribute to making life simpler, and to increasing the reliability and effectiveness of the goods and services we use. Last modified 2002-07-17 What are standards?

  14. ISO 9000 and ISO 14000 (Management Systems) • The ISO 9000 and ISO 14000 families are among ISO's best known standards ever. ISO 9001:2000 and ISO 14001 (1996 and 2004 versions) are implemented by over 1,000,000 organizations in 161 countries. • The ISO 9000 family addresses "quality management". This means what the organization does to fulfill: • the customer's quality requirements and • applicable regulatory requirements, while aiming to • enhance customer satisfaction, and • achieve continual improvement of its performance in pursuit of these objectives. • The ISO 14000 family addresses "environmental management". This means what the organization does to: • minimize harmful effects on the environment caused by its activities, and to • achieve continual improvement of its environmental performance.

  15. ISO’s Impact • In the global economy • ISO 9001:2000 and ISO 14001:2004 have become thoroughly integrated with the world economy. • ISO 9001:2000 is now firmly established as the globally accepted standard for providing assurance about the quality of goods and services in supplier-customer relations. • The positive roles played in globalization by ISO’s standards for quality and environmental management systems include the following: • a unifying base for global businesses and supply chains – such as the automotive and oil and gas sectors • a technical support for regulation – as, for example, in the medical devices sector) • a tool for major new economic players to increase their participation in global supply chains, in export trade and in business process outsourcing; • a tool for regional integration –  as shown by their adoption by new or potential members of the European Union • In the rise of services in the global economy – nearly 33 % of ISO 9001:2000 certificates in 2005 went to organizations in the service sectors.

  16. Where are the Standards (12/31/07)

  17. Which ISO Standards • The ISO family includes: • ISO 9000:2000 – Quality Management Systems – Fundamentals and vocabulary • ISO 9001:2000 – Quality Management Systems - Requirements • ISO 9004:2000 – Quality Management Systems – Guidelines for performance improvement • ISO 19011 – Guidelines on quality and/or environmental management systems auditing. • ISO 10012 Measurement control system

  18. Level 1 Defines Approach and Responsibility Quality Manual Level 2 Defines Who, What, When Procedures Work/Job Instructions Level 3 Answers How Level 4 Results: shows that the system is operating Records/Documentation Quality System Documentation

  19. ISO 9001:2000 Structure • Quality Management System • 4.1 General requirements • 4.2 Document requirements • Management Responsibility • 5.1 Management commitment • 5.2 Customer focus • 5.3 Quality policy • 5.4 Planning • 5.5 Responsibility, authority, communication • 5.6 Management review • Product realization • 7.1 Planning of product realization • 7.2 Customer-related processes • 7.3 Design and development • 7.4 Purchasing • 7.5 Production and service provision • 7.6 Control of monitoring and measuring devices • Measurement, Analysis & Improvement • 8.1 General • 8.2 Monitoring and measurement • 8.3 Control of nonconforming product • 8.4 Analysis of data • 8.5 Improvement • Resource Management • 6.1 Provision of resources • 6.2 Human resources • 6.3 Infrastructure • 6.4 Work environment

  20. Meet CMM • CMM – Capability Maturity Model • The Capability Maturity models have been developed by the Software Engineering Institute (SEI) • The Carnegie Mellon SEI is a federally funded (US Department of Defense) research and development center that provides the technical leadership to advance the practice of software engineering so that software intensive systems can be acquired and sustained with predictable and improved cost, schedule and quality.

  21. SCAMPI – Standard CMMI Appraisal Method for Process Improvement

  22. Process Areas

  23. EIA – Electronic Industries Alliance Interim Standard

  24. CMM Process Areas

  25. Examples of CMMI Impact: ROI • 5:1 ROI for quality activities (Accenture) • 13:1 ROI calculated as defects avoided per hour spent in training and defect prevention (Northrop Grumman Defense Enterprise Systems) • Avoided $3.72 M in costs due to better cost performance (Raytheon North Texas Software Engineering) as the organization improved from SW-CMM level 4 to CMMI level 5 • 2:1 ROI over 3 years (Siemens Information Systems Ltd, India) • 2.5:1 ROI over 12st year, with benefits amortized over less than 6 months (reported under non disclosure) • (reported by the American Society for Quality)

  26. Sarbanes-Oxley Implications • With its more than 300 discrete points of enforceable law, this is the most significant piece of account legislation passed since the formation of the SEC in 1933 • SOX was passed with the specific intent of increasing accountability and attempting to install ethical behavior in financial reporting and business operations. • With this increase spotlight on reporting, companies must invest resources and focus into their internal control process • The Act created the Public Company Accounting Oversight Board (PCAOB) to oversee the activities of the auditing profession and mandated reforms to enhance corporate and criminal fraud accountability. • A goal of SOX legislation is to continually improve the transparency of financial and business events that can impact the accuracy and future validity of financial statements. Projects to improve processes and regular review of controls will become common-place activities as compliance evolves. Tools that simplify project completion and track status will better enable organization to cost-effectively undertake these projects.

  27. SOX Major Section • 302 – Corporate Responsibility for Financial Reports • Requires Executives to certify the accuracy of corporate financial reports • 404 – Management Assessment of Internal Controls • Requires executives and auditors to confirm the effectiveness of internal controls for financial reporting • 409 – Real Time Issuers Disclose • Requires any material changes in financial state of issuer be communicated quickly and with supporting data to the public

  28. Implications for IT • Configuration management is now a must • Change controls must be handled more carefully • Security, security, security • All system changes must be verifiable by a clear audit trail • Reduce reliance on batch processing, update data warehouse more frequently • Interfaces from any financial system must be documented and controlled • IT activities must be aligned with the company’s governance and risk policies

More Related