Cmmi Uaar Seminar 2012
Transcript of Cmmi Uaar Seminar 2012
-
8/2/2019 Cmmi Uaar Seminar 2012
1/77
Software Process ImprovementThrough CMMI & ISO
Imran Hashim
-
8/2/2019 Cmmi Uaar Seminar 2012
2/77
Introduction to CMMI CMMI Representations
Key Stats
CMMI Adoptions CMMI Appraisals
SCAMPI Phases
ISO 9001:2008 Quality Management System
ISO 27001:2005 Information SecurityManagement System
-
8/2/2019 Cmmi Uaar Seminar 2012
3/77
-
8/2/2019 Cmmi Uaar Seminar 2012
4/77
A process improvement technique for evaluatinghow efficiently a company is able to
deliver technology products to its customers.
CMMI Capability Maturity Model Integration
-
8/2/2019 Cmmi Uaar Seminar 2012
5/77
The CMMI is a merger of process improvement models for :
Systems engineering Software engineering Integrated product development Software acquisition
Used in process improvement activities as a collection of bestpractices
A community developed guide
A model for organizational improvement
-
8/2/2019 Cmmi Uaar Seminar 2012
6/77
CMMI:
Integrates systems andsoftware disciplines intoone process
improvementframework.
Provides a frameworkfor introducing newdisciplines as needs
arise.
-
8/2/2019 Cmmi Uaar Seminar 2012
7/77
Sponsored by Dept of DefenseOperated by SEI
-
8/2/2019 Cmmi Uaar Seminar 2012
8/77
Four CMMI constellations: CMMI for Development CMMI-DEV addresses the development of product and service systems
CMMI for Acquisition
Designed to aid organizations that are acquiring products & services or outsourcingthe development or delivery of products & services
CMMI for Services To establish, manage, and deliver services that meet or exceed customer needs
People CMM Provides guidance to organizations for managing and developing their workforce
-
8/2/2019 Cmmi Uaar Seminar 2012
9/77
2010 Version 1.3 ofCMMI for Acquisition, CMMI forDevelopment, and CMMI for Services is released.
2006 CMMI for Development, V1.2 is released
2002 CMMI V1.1 is released.
1995 Systems Engineering CMM, V1.1 is released.
1993 CMM for Software, V1.1 is released.
http://www.sei.cmu.edu/library/abstracts/reports/10tr032.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr034.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/06tr008.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/02tr028.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/95mm003.cfmhttp://en.wikipedia.org/wiki/Capability_Maturity_Modelhttp://en.wikipedia.org/wiki/Capability_Maturity_Modelhttp://www.sei.cmu.edu/library/abstracts/reports/95mm003.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/02tr028.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/02tr028.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/06tr008.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr034.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfmhttp://www.sei.cmu.edu/library/abstracts/reports/10tr032.cfm -
8/2/2019 Cmmi Uaar Seminar 2012
10/77
Staged Representation A systematic, structured way to approach process
improvement one step at a time.
Achieving each step is a foundation for the next step.
There are five levels of maturity.
Continuous Representation A flexible approach to improve process performance.
The organization may choose to improve a single PA or a
group of PAs. Organization may improve each PA at different rates.
There are six levels of process capability.
-
8/2/2019 Cmmi Uaar Seminar 2012
11/77
-
8/2/2019 Cmmi Uaar Seminar 2012
12/77
-
8/2/2019 Cmmi Uaar Seminar 2012
13/77
Process Area: PP SG1
Estimates of project planning parameters are established andmaintained.
SP1: Establish a top-level work breakdown structure (WBS) to estimate the
scope of the project.
-
8/2/2019 Cmmi Uaar Seminar 2012
14/77
Process unpredictable,poorly controlled andreactive
Process characterized forprojects and is often reactive
Process characterized for theorganization and is proactive
Process measuredand controlled
Focus on processimprovement
Optimizing
QuantitativelyManaged
Defined
Initial
Managed
Defined
1
2
3
4
5
-
8/2/2019 Cmmi Uaar Seminar 2012
15/77
Requirements ManagementRequirements DevelopmentTechnical SolutionProduct Integration
VerificationValidation
Engineering
ProjectManagement
Project PlanningProject Monitoring and ControlSupplier Agreement ManagementIntegrated Project ManagementRisk ManagementQuantitative Project Management
Organizational Process FocusOrganizational Process DefinitionOrganizational TrainingOrganizational Process PerformanceOrganizational Innovation and Deployment
ProcessManagement
Configuration ManagementProcess and Product Quality Assurance
Measurement and AnalysisCausal Analysis and ResolutionDecision Analysis and Resolution
Support
Category Process Area
-
8/2/2019 Cmmi Uaar Seminar 2012
16/77
In software and systems engineering, it is a benchmarking toolwidely used by industry and government, both in the US andabroad.
CMMI acts as a roadmap for process improvement activities.
It provides criteria for reviews and appraisals. It provides a reference point to establish present state of
processes.
CMMI addresses practices that are the framework for processimprovement.
-
8/2/2019 Cmmi Uaar Seminar 2012
17/77
The performance results in the following table are from differentorganizations that achieved percentage change in one or more ofthe six categories of performance measures below:
Performance Category Median Improvement
Cost 34 %
Schedule 50 %
Productivity 61 %
Quality 48 %
Customer satisfaction 14 %
Return on investment 4:1
-
8/2/2019 Cmmi Uaar Seminar 2012
18/77
18
Productivity(increase)
Time to market(reduction)
Post-release
defect reports(reduction)
Percent
ageImprovem
ent
Annual Medians
35%
19%
39%
0
510
15
20
25
30
35
40
-
8/2/2019 Cmmi Uaar Seminar 2012
19/77
-
8/2/2019 Cmmi Uaar Seminar 2012
20/77
Since 2006, 4846 SCAMPI v1.2/1.3 appraisals have beenreported to the SEI.
Appraisals report from China, Spain, Brazil, Argentina,and India are increasing at a rapid rate.
The number of appraisals in the USA and China representmore than55% of the total number of appraisals.
China is now reportingmore appraisals than USA
-
8/2/2019 Cmmi Uaar Seminar 2012
21/77
-
8/2/2019 Cmmi Uaar Seminar 2012
22/77
-
8/2/2019 Cmmi Uaar Seminar 2012
23/77
-
8/2/2019 Cmmi Uaar Seminar 2012
24/77
-
8/2/2019 Cmmi Uaar Seminar 2012
25/77
-
8/2/2019 Cmmi Uaar Seminar 2012
26/77
DAEWOO
DELOITTE
HONEYWELL
HSBC MITSUBISHI
NCR
US Army
ACER IBM
HEWLETTE PACKARD
SAMSUNG
JOHN HOPKINUNIVERSITY
NATIONALNUCLEARSOCIETY
INFOSYS
LOCKHEADMARTIN
ARAMCO
US Navy
HYUNDAI
Few of the market leaders who have been obtaining various benefits fromCMMI
-
8/2/2019 Cmmi Uaar Seminar 2012
27/77
CMMI LEVEL 5 Netsol Technologies Pvt. Ltd.
NCR Pakistan
CMMI LEVEL 3 KalSoft (Pvt.) Ltd.
Systems (Pvt.) Ltd.
Digital Processing Units Interactive Convergence (Pvt.)
Ltd.
CMMI LEVEL 2 NADRA Pakistan
ZTE Pakistan
E-worx International Pvt. Ltd.
Techlogix Pakistan (Pvt.) Ltd.
Si3 System Innovations (Pvt.)Ltd.
Abacus Consulting (Pvt.) Ltd.
CMMI LEVEL 2 (cont.d) LMKR Pakistan (Pvt.) Ltd. E-Dev Technologies CARE Pvt. Ltd. Prosol (Pvt.) Ltd. PrisLogix (Pvt.) Ltd.
Shaukat Khanam MemorialCancer Hospital Innovative Pvt. Ltd. GeoPaq Technologies (Pvt.) Ltd. Avanza Solutions (Pvt.) Ltd. ACES
Technosoft (Pvt.) Ltd. Matrix Systems (Pvt.) Ltd. ESOL PK (Pvt.) Ltd. i-engineering Paksitan Pvt. Ltd. infoTech Pakistan (Pvt.) Ltd. Information Architects Pvt. Ltd.
Below list shows the overall adoption of CMMI at various levels
-
8/2/2019 Cmmi Uaar Seminar 2012
28/77
-
8/2/2019 Cmmi Uaar Seminar 2012
29/77
The CMMI Appraisal is an examination of oneor more processes by a trained team ofprofessionals using an appraisal referencemodel as the basis for determining strengths
and weaknesses of an organization.
-
8/2/2019 Cmmi Uaar Seminar 2012
30/77
-
8/2/2019 Cmmi Uaar Seminar 2012
31/77
Appraisals consider three categories of modelcomponents as defined in the CMMI:
Required: specific and generic goals only. Expected: specific and generic practices only. Informative: includes sub practices and
typical work products.
-
8/2/2019 Cmmi Uaar Seminar 2012
32/77
Three types of SCAMPI Appraisals:
Class C Appraisal
Class B Appraisal
Class A Appraisal
-
8/2/2019 Cmmi Uaar Seminar 2012
33/77
-
8/2/2019 Cmmi Uaar Seminar 2012
34/77
Initial assessment Provide a quick gap analysis of an
organization's process relative to the CMMI.
Assess the adequacy of a new process beforeit is implemented.
Monitor the implementation of a process.
Determine an organization's readiness for
Class B Appraisal.
-
8/2/2019 Cmmi Uaar Seminar 2012
35/77
Assess progress towards a targeted CMMIMaturity Level
Lower cost than a SCAMPI A
Provides detailed findings then Class C
Determine an organization's readiness forClass A Appraisal
-
8/2/2019 Cmmi Uaar Seminar 2012
36/77
Most rigorous method The only method resulting in ratings
Findings that describe the strengths andweaknesses of your organization's processrelative to the CMMI.
Consensus regarding the organization's keyprocess issues
-
8/2/2019 Cmmi Uaar Seminar 2012
37/77
-
8/2/2019 Cmmi Uaar Seminar 2012
38/77
-
8/2/2019 Cmmi Uaar Seminar 2012
39/77
Phase I Plan and Prepare For AppraisalPhase II Conduct AppraisalPhase III Report Appraisal Results
-
8/2/2019 Cmmi Uaar Seminar 2012
40/77
-
8/2/2019 Cmmi Uaar Seminar 2012
41/77
-
8/2/2019 Cmmi Uaar Seminar 2012
42/77
-
8/2/2019 Cmmi Uaar Seminar 2012
43/77
Practice implementation indicators arefootprints which are evidence of theimplementation of a practice. SCAMPI appraisals use practice implementation
indicators as the focus to verify practiceimplementation. Verifying practice implementation is the review of
Objective Evidence to determine whether apractice is implemented within a project and/ororganization.
-
8/2/2019 Cmmi Uaar Seminar 2012
44/77
Artifacts:Tangible output's resulting directly from implementation of a specific orgeneric practice.
Affirmations:Oral (interviews) or written statements confirming or supportingimplementation of a specific or generic practice.
-
8/2/2019 Cmmi Uaar Seminar 2012
45/77
Process Area: PP SG1
Estimates of project planning parameters are established andmaintained.
SP1: Establish a top-level work breakdown structure (WBS) to estimate the
scope of the project.
Artifact : Work Break Down Structure
-
8/2/2019 Cmmi Uaar Seminar 2012
46/77
-
8/2/2019 Cmmi Uaar Seminar 2012
47/77
-
8/2/2019 Cmmi Uaar Seminar 2012
48/77
-
8/2/2019 Cmmi Uaar Seminar 2012
49/77
CMMI Appraisal A Interviews ScheduleDate Activity Timings Participants
DD-MM-YYQuality Assurance 2:00 3:00 pm QA TeamTesting 3:30 4:30 pm Testing TeamProcess Engineering Group 5:00 6:00 pm QA Team
DD-MM-YY
Project Manager - 1 09:30 10:30 am PM-1Project Coordinator - 1 10:45 11:45 am PC-1Project Manager - 2 12:00 1:00 pm PM-2Project Coordinator - 2 2:00 3:00 pm PC-2Configuration Management 3:00 4:00 pm CMProcurement 4:00 5:00 pm Admin ManagerOrganizational Trainings 5:00-6:00 pm HR Manager
DD-MM-YY
Project Manager - 3 09:30 10:30 am PM-3Project Coordinator - 3 10:45 -11:45 am PC-3Project Manager - 4 12:00 1:00 pm PM-4Project Coordinator - 4 2:00 3:00 pm PC-4Technical Managers & Developers 3:00 4:00 pm Development TeamSponsor 4:45-5:00 pm Mr. ABC
-
8/2/2019 Cmmi Uaar Seminar 2012
50/77
-
8/2/2019 Cmmi Uaar Seminar 2012
51/77
-
8/2/2019 Cmmi Uaar Seminar 2012
52/77
ISO (International Organization for Standardization) is theworld's largest developer and publisher of InternationalStandards.ISO is a network of the national standards institutes of163 countries, one member per country, with a CentralSecretariat in Geneva, Switzerland, that coordinates thesystem.
ISO published more then19, 000 International Standards
-
8/2/2019 Cmmi Uaar Seminar 2012
53/77
-
8/2/2019 Cmmi Uaar Seminar 2012
54/77
The complete set of quality standards, procedures andresponsibilities for an organization.
The formalized system that documents the structure,responsibilities and procedures required to achieveeffective quality management
A quality management system is a web ofinterconnected processes.
-
8/2/2019 Cmmi Uaar Seminar 2012
55/77
QMS consists of:
Policies
Manuals
Responsibilities Procedures
Work Instructions
Forms/Templates
-
8/2/2019 Cmmi Uaar Seminar 2012
56/77
To achieve Quality
Consistency
Traceability
Resource Independence
Continual Improvement
-
8/2/2019 Cmmi Uaar Seminar 2012
57/77
57
ISO: The official title for the InternationalOrganization for Standardization.
ISO 9001:2008 is an internationalstandard for implementing a qualitymanagement system
-
8/2/2019 Cmmi Uaar Seminar 2012
58/77
58
ISO 9000: Quality management systems Fundamentals and vocabulary
ISO 9001: Quality management systems -Requirements
ISO 9004: Quality management systems
Guidance for improvements ISO 10011: Guidelines for Auditing Quality
-
8/2/2019 Cmmi Uaar Seminar 2012
59/77
59
9001 is series
2008 is version
ISO 9000 provides a framework andsystematic approach to managing businessprocesses to produce a product/service thatconforms to customer expectations.
-
8/2/2019 Cmmi Uaar Seminar 2012
60/77
Customer focused organization Leadership Involvement of people Process approach Systematic approach to management Continual improvement Realistic approach to decision making Mutually beneficial supplier relationship
-
8/2/2019 Cmmi Uaar Seminar 2012
61/77
61
1. Scope2. Normative reference3. Terms and definitions4. Quality Management System5. Management Responsibility6. Resource Management7. Product Realization8. Measurement, Analysis and
Improvement
Major
Clauses
-
8/2/2019 Cmmi Uaar Seminar 2012
62/77
62
Customers
CONTINUAL IMPROVEMENT OF THE QUALITYMANAGEMENT SYSTEM
Clause 5
Clause 6 Clause 8
Clause 7
Service/Productrealization
Value adding activities
Information flow
InputRequirements Output
Customers
Satisfaction
Service
Product
Resource
Management
Measurement,
analysis andimprovement
ISO 9001:2008 Model
Managementresponsibility
-
8/2/2019 Cmmi Uaar Seminar 2012
63/77
-
8/2/2019 Cmmi Uaar Seminar 2012
64/77
An Information Security Management System (ISMS)is a systematic approach to managing sensitivecompany information so that it remains secure. Itcovers people, processes and systems.
ISMS is a set of policies, procedures & processesconcerned with information security.
-
8/2/2019 Cmmi Uaar Seminar 2012
65/77
Information Security describes efforts to protectcomputer and non computer equipment, data, andinformation from misuse by unauthorized parties.
-
8/2/2019 Cmmi Uaar Seminar 2012
66/77
Information security means protecting informationand information systems from following commonthreats:
Unauthorized access
Misuse of authorized access Improper handling of information
Physical theft of information or information systems
Environmental hazards (flood, fire, etc.)
Malicious software programs (viruses/worms/trojans)
Utility failure (power, water, heat, etc.)
-
8/2/2019 Cmmi Uaar Seminar 2012
67/77
Information security is intended to achieve three mainobjectives: Confidentiality:
protecting data and information from disclosure tounauthorized persons
Availability:making sure that the data and information is onlyavailable to those who are authorized to use it
Integrity:
information systems should provide an accuraterepresentation of the physical systems that theyrepresent
-
8/2/2019 Cmmi Uaar Seminar 2012
68/77
-
8/2/2019 Cmmi Uaar Seminar 2012
69/77
Today, Organizations core business processes are supportedby information and communication systems.
Any interruption in the information quality, quantity,distribution relevance puts business at risk.
So organizations need to actively manage the security ofinformation & communication systems.
-
8/2/2019 Cmmi Uaar Seminar 2012
70/77
-
8/2/2019 Cmmi Uaar Seminar 2012
71/77
ISMS consists of following steps:
Identifying the threats that can attack theorganizational information resources
Defining the risks that the threats can impose
Establishing an information security policy
Implementing controls that address the risks
-
8/2/2019 Cmmi Uaar Seminar 2012
72/77
ISO 27001 is specification for an Information SecurityManagement Systems (ISMS)
ISO 27001 defines 133 security controls under 11 mainsecurity categories.
Covers all forms of information including voice &graphics, media such as mobile phones etc. . .
-
8/2/2019 Cmmi Uaar Seminar 2012
73/77
Security Policy
Information security policy document
Review of the information security policy
Organization of information security
Internal organization
External parties
Asset Management
Responsibility for assets
Human Resource Security
Prior to employment
During employment
After Employment
-
8/2/2019 Cmmi Uaar Seminar 2012
74/77
Physical and environmental security
Secure areas
Equipment security
Communication & Operation Management Operational procedures and responsibilities
Media handling
Access Control Access control policy
User access management
Network access control
Information system development and maintenance Security of system files Cryptographic controls
-
8/2/2019 Cmmi Uaar Seminar 2012
75/77
Information security incident management Reporting information security events and weaknesses
Management of information security incidents and improvements
Business continuity management
Business continuity planning framework
Business continuity and risk assessment
Compliance
Compliance with legal requirements
Compliance with security policies and standards, and technical compliance
-
8/2/2019 Cmmi Uaar Seminar 2012
76/77
A structured process approach, to identify your ownindividual Information Security issues.
Find the appropriate ways and methods, to reduce- oreliminate the identified Information security risks.
ISMS Certification brings confidence, that there is a
systematic approach in place, assuring theconfidentiality, integrity and availability of information.
-
8/2/2019 Cmmi Uaar Seminar 2012
77/77
Thank You