In the past years, both industrial and research communities in Software Engineering have shown special interest in Software Process Improvement--SPI. This is evidenced by the growing number of publications on the topic. The literature offers numerous quality frameworks for addressing SPI practices, which may be classified into two groups: ones that describe "what" should be done (ISO 9001, CMMI) and ones that describe "how" it should be done (Six Sigma, Goal Question Metrics-GQM). When organizations decide to adopt improvement initiatives, many models may be implied, each leveraging the best practices provided, in the quest to address the improvement challenges as well as possible. This may at the same time, however, generate confusion and overlapping activities, as well as extra effort and cost. That, in turn, risks generating a series of inefficiencies and redundancies that end up leading to losses rather than to effective process improvement. Consequently, it is important to move toward a harmonization of quality frameworks, aiming to identify intersections and overlapping parts, as well as to create a multi-model improvement solution. Our aim in this work is twofold: first of all, we propose a theoretical harmonization process that supports organizations interested in introducing quality management and software development practices or concerned about improving those they already have. This is done with specific reference to CMMI-DEV and ISO 9001 models in the direction "ISO to CMMI-DEV", showing how GQM is used to define operational goals that address ISO 9001 statements, reusable in CMMI appraisals. Secondly, we apply the theoretical comparison process to a real case, i.e., a Small Enterprise certified ISO 9001.
References
[1]
Ardimento, P., Baldassarre, M. T., Caivano, D., & Visaggio, G. (2004). Multi view framework for goal oriented measurement plan design. In Proceedings of the 5th international conference on product focused software process improvement (PROFES), Nara, Japan, pp. 159-173.
Baldassarre, M. T., Caivano, D., Pino, F., Piattini, M., & Visaggio, G. (2010a). A strategy to harmonize ISO/ IEC 9001:2000 and CMMI-DEV. In Proceedings of the 4th international workshop on software quality and maintainability. Madrid, Spain, pp. 65-74.
Baldassarre, M. T., Caivano, D., Pino F, Piattini, M., & Visaggio, G. (2010b). A strategy for painless harmonization of quality standards: A real case. In Proceedings of the product-focused software process improvement, 11th international conference. LNCS, Limerick, Ireland.
Baldassarre, M. T., & Pino, F. (2010c). Technical report: Armonizzazione dei Modelli di Qualità ISO 9001:2000 e CMMI-DEV v.1.2. http://www.serlab.di.uniba.it/files/HarmonizationISO-CMMI.pdf.
Basili, V. R., Caldiera, G., & Rombach, H. D. (1994). Goal question metric paradigm. Encyclopedia of software engineering, Vol. 1 (pp. 528-532). USA: Wiley.
Ferchichi, A., Bigand, M. & Lefebvre, H. (2008). An ontology for quality standards integration in software collaborative projects. In Proceedings of the 1st international workshop on model driven interoperability for sustainable information systems, France.
Ferreira, A. L., & Machado, R. (2009). Software process improvement in multimodel environments. In Proceedings of the 4th international conference on software engineering advances, pp. 512-517.
Ferreira, A. L., Machado, R. J., & Paulk, M. C. (2010). Size and complexity attributes for multimodel improvement framework taxonomy. In Proceedings of the 36th euromicro conference on software engineering and advanced applications, Lille, France, pp. 306-309.
Halvorsen, C. P., & Conradi, R. (2001). A taxonomy to compare SPI frameworks. In V. Ambriola (Ed.), Software process technology. Lecture notes in computer science, Vol. 2077 (pp. 217-235). Berlin: Verlag.
Hefner, R., & Sturgeon, M. (2002). Optimize your solution: Integrating six sigma and CMM/CMMI-based process improvement. In Proceedings of the software technology conference.
Heston, K., & Phifer, W. (2011). The multiple quality models paradox: How much 'best practice' is just enough? Journal of Software Maintenance and Evolution: Research and Practice, 23(n/a).
Kitson, D. H., Vickroy, R., Walz, J., & Wynn, D. (2009). An initial comparative analysis of the CMMI version 1.2 development constellation and the ISO 9000 family (p. 70). USA: Software Engineering Institute.
Mutafelija, B., & Stromber, H. (2009). ISO 9001:2000-CMMI v.1.2 map. Software Engineering Institute. http://www.sei.cmu.edu/cmmi/casestudies/mappings/cmmi12-iso.cfm.
Pardo, C., Pino, F., García, F., & Piattini, M. (2009). Homogenization of models to support multimodel processes in improvement environments. In Proceedings of the 4th international conference on software and data technologies, Sofía.
Pardo, C., Pino, F. J., García, F., Piattini, M., & Baldassarre, M. T. (2010a). A process for driving the harmonization of models. In Proceedings of the 11th international conference on product focused software development and process improvement (PROFES 2010). Second proceeding: Short papers, doctoral symposium and workshops 2010, Limerick, pp. 53-56.
Pardo, C., Pino, F., Garcìa, F., Piattini, M., & Baldassarre, M. T. (2010b). A systematic review on the harmonization of reference models. In Proceedings of the 5th international conference on evaluation of novel approaches to software engineering (ENASE 2010), Athens, Greece, pp. 40-46.
Pino, F., Garcia, F., & Piattini, M. (2008). Software process improvement in small and medium software enterprises: A systematic review. Software Quality Journal, 16(2), 237-261.
Pino, F., Baldassarre, M. T., Piattini, M., Visaggio, G., & Caivano, D. (2009a) Harmonizing improvement technologies: A comparison between CMMI-ACQ and ISO/IEC 12207:2008. In Proceedings of the 4th international conference on evaluation of novel approaches to software engineering (ENASE 2009), Milan, Italy, pp. 177-188.
Pino, F., Baldassarre, M. T., Piattini, M., & Visaggio, G. (2009b). Relationship between maturity levels of ISO/IEC 15504-15507 and CMMI-DEV v1.2. In Proceedings of the software process improvement and capability determination conference (SPICE 2009), Turku, Finland, pp. 69-76.
Pino, F., Baldassarre, M. T., Piattini, M., & Visaggio, G. (2010). Harmonizing maturity levels from CMMI to DEV and ISO/IEC 15504. Journal of Software Maintenance and Evolution: Research and Practice, 22(4), 279-296.
Siviy, J., Kirwan, P., Marino, L., & Morley, J. (2008a). The value of harmonization multiple improvement technologies: A process improvement professional's view. Software Engineering Institute, Carnegie Mellon.
Siviy, J., Kirwan, P., Morley, J., & Marino, L. (2008b). Maximizing your process improvement ROI through harmonization. USA: Software Engineering Institute (SEI).
Wangenheim, C. G. V., & Thiry, M. (2005). Analyzing the integration of ISO/IEC 15504 and CMMI-SE/ SW. San José, Brasil, LQPSL: Laboratorio de Qualidade e Productividade de Software. Universidad do Vale do Itajaí: UNIVALI: 28.
Yoo, C., Yoon, J., Lee, B., Lee, C., Lee, J., Hyun, S., et al. (2006). A unified model for the implementation of both ISO 9001:2000 and CMMI by ISO-certified organizations. Journal of Systems and Software, 79(7), 954-961.
Colomo-Palacios RMikkelsplass SSimensen J(2023)Software and Systems Engineers in ICS SecurityInternational Journal of Human Capital and Information Technology Professionals10.4018/IJHCITP.33385714:1(1-17)Online publication date: 17-Nov-2023
Rodriguez MVerdugo JPino FDelgado BPiattini M(2021)Software Development Process Assessment With MMIS v.2, an ISO/IEC 33000-Based ModelIT Professional10.1109/MITP.2021.306794423:6(17-23)Online publication date: 1-Nov-2021
Barafort BMesquida AMas A(2017)Integrating risk management in IT settings from ISO standards and management systems perspectivesComputer Standards & Interfaces10.1016/j.csi.2016.11.01054:P3(176-185)Online publication date: 1-Nov-2017
PROFES'10: Proceedings of the 11th international conference on Product-Focused Software Process Improvement
Globalization, is pushing companies towards continuous improvement. Quality frameworks addressing SPI practices are classifiable in ones describing: “what” should be done (ISO9001,CMMI); “how” it should be done (Six Sigma, GQM). When organizations adopt ...
Software process improvement and capability determination: selected articles from SPICE 2009
ISO has recently published Part 7 of the ISO-IEC 15504 standard, with the aim of determining the extent to which an organization consistently implements processes that contribute to achievement of its business goals. This new Part 7 of ISO-IEC 15504 has ...
The Capability Maturity Model for Software (CMM), developed by the Software Engineering Institute, and the ISO 9000 series of standards, developed by the International Standards Organization, share a common concern with quality and process management. ...
Given the rather large number of software quality frameworks and standards, it is becoming increasingly difficult for practitioners to select the "right" one. Even worse, different customers or governmental agencies might require compliance to different standards. The authors of this paper address a very interesting topic of great practical value. In this paper, a crucial question arises: How does a developer comply with different standards without having to engage in unnecessary and significant effort__?__
To illustrate their approach, the authors choose two very popular standards and frameworks: ISO 9001:2008 and Capability Maturity Model Integration for Development (CMMI-DEV). Their approach sounds quite simple and straightforward: Compare the two models by verifying whether or not, and to what degree, the elements of model 1 are already part of model 2. In other words, they determine how much of model 2 is already in place if an organization is already complying with model 1. However, as usual, the problems arise in the details of how actually to do this. And this is the contribution of this paper: the harmonization process it proposes is a good theoretical approach. Luckily, it is not only theoretical, but proven in a practical case study with small- and medium-sized enterprises (SMEs) (step 2 of the harmonization process).
Using their approach, the authors compare the ISO 9001:2008 and CMMI-DEV models. It would be quite interesting to have similar comparison results for other standards or frameworks, such as SPICE (ISO 26262). It would also be great if the comparison results could be published in a paper like this, so they could be checked and approved by the Software Engineering Institute (SEI) and the International Organization for Standardization (ISO), the respective owners of CMMI-DEV and ISO 9001:2008.
From a practical point of view, of course, step 2, the application of the mapping to a practical case, is of great interest. It's an excellent idea to use Basili's goal-question-metrics (GQM) method to move from a (source) quality management system (QMS) complying with framework A to a target QMS complying still with A and additionally with framework B. What the authors say about how this is accomplished sounds very reasonable. However, it would have been interesting to get some idea of the amount of effort that is actually required for performing step 2.
By the way, the application subprocess (step 2) in the harmonization process, as proposed by the authors, might be used in another way. Quite often, companies lack good question lists to practically assess their compliance with a dedicated standard or framework, which is close to the company's own business goals. Here, the GQM-based application subprocess might provide excellent guidance. Maybe there is some room for further investigation, besides the directions as given in the "Conclusions and Future Work" section.
In summary, this paper should interest anyone who works on the practical implementation of service, platform, and infrastructure (SPI) models in a real organization.
Online Computing Reviews Service
Access critical reviews of Computing literature here
Colomo-Palacios RMikkelsplass SSimensen J(2023)Software and Systems Engineers in ICS SecurityInternational Journal of Human Capital and Information Technology Professionals10.4018/IJHCITP.33385714:1(1-17)Online publication date: 17-Nov-2023
Rodriguez MVerdugo JPino FDelgado BPiattini M(2021)Software Development Process Assessment With MMIS v.2, an ISO/IEC 33000-Based ModelIT Professional10.1109/MITP.2021.306794423:6(17-23)Online publication date: 1-Nov-2021
Barafort BMesquida AMas A(2017)Integrating risk management in IT settings from ISO standards and management systems perspectivesComputer Standards & Interfaces10.1016/j.csi.2016.11.01054:P3(176-185)Online publication date: 1-Nov-2017
Perry DOlson BBlessner PBlackburn T(2016)Evaluating the Systems Engineering Problem Management Process for Industrial Manufacturing ProblemsSystems Engineering10.1002/sys.2134019:2(133-145)Online publication date: 1-Mar-2016
Larrucea XSantamaría IColomo-Palacios R(2016)Assessing ISO/IEC29110 by means of ITMarkJournal of Software: Evolution and Process10.1002/smr.179528:11(969-980)Online publication date: 1-Nov-2016
Eito-Brun R(2014)Mapping of improvement models as a risk reduction strategyInnovations in Systems and Software Engineering10.1007/s11334-014-0236-010:4(283-295)Online publication date: 1-Dec-2014
Kowalczyk MSteinbach S(2012)Managing process model compliance in multi-standard scenarios using a tool-supported approachProceedings of the 13th international conference on Product-Focused Software Process Improvement10.1007/978-3-642-31063-8_28(355-360)Online publication date: 13-Jun-2012
