View
218
Download
1
Tags:
Embed Size (px)
Citation preview
1 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
CMM vs. ISODavid S. Craft CIRM, PMP
Engineering & Manufactuing Services
2 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
Agenda
Who Am I
CMM
ISO
Similarities And Differences
Sarbanes Oxley
3 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
Who Am I
VISTA Volunteer
Industrial Engineer
Chief Industrial EngineerManager Production Planning & Control
Inventory Control ManagerShift Supervisor
Materials Manager
Consultant
Project Manager
Information Specialist, Senior
Team Leader
Managing Consultant Engineering and Manufacturing ServicesApplications Service Delivery
Internal ISO Auditor
4 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
5 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
6 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
7 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
8 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
Federal government cannot distinguish between competing bids for software development
Early 1980’s - Federal Government (Congress) awards a contract to establish the Software Engineering Institute (SEI) at Carnegie Mellon University (sponsored by the DOD)
1988 - SEI begins work on a Process Maturity Framework for judging a company’s capability to produce software
The Process Maturity Framework evolves into the Capability Maturity Model (CMM)
August 1991 – SW-CMM Version 1 released
SE-CMM developed by the Enterprise Process Improvement Collaboration (EPIC)
1992 - CMM Version 1.1 released
1999 - Begin developing CMMI (CMM Integrated)
2002 – CMMI SE/SW/IPPD/SS Version 1.1 introduced
200? - CMMI Version 1.2 Released
CMMI HistoryCMMI History
9 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
10 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
11 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
12 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
13 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
14 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
15 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
16 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
17 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
18 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
19 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
20 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
21 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
22 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
23 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
24 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
25 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
26 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
27 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
Began with British Military standards
ISO organization was established in 1947
Headquartered in Geneva, Switzerland
Currently composed of 148 National Standard Bodies
and 2,981 technical bodies
As of 12/31/05 there are 15,649 International Standards
embodied in 573,494 pages of English text
ISO History
28 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
What are standards?
Standards are documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose.
For example, the format of the credit cards, phone cards, and "smart" cards that have become commonplace is derived from an ISO International Standard. Adhering to the standard, which defines such features as an optimal thickness (0,76 mm), means that the cards can be used worldwide.
International Standards thus contribute to making life simpler, and to increasing the reliability and effectiveness of the goods and services we use.
Last modified 2002-07-17
29 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
Sector Standards
Pages
Generalities, Infrastructure and Sciences 1,406 49,761
Health, Safety and Environment 658 20,252
Engineering Technologies 4,099 169,843
Electronics, Information Technology and Telecommunications
2,447 161,132
Transport and Distribution of Goods 1,710 44,918
Agriculture and Food Technology 954 20,335
Materials Technology 3,943 93,121
Construction 311 11,068
Special Technologies 121 3,064
Total 15,649 573,494
Where are the Standards (12/31/05)
30 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
The ISO family includes:• ISO 9000:2000 – Quality Management Systems –
Fundamentals and vocabulary• ISO 9001:2000 – Quality Management Systems -
Requirements• ISO 9004:2000 – Quality Management Systems –
Guidelines for performance improvement• ISO 19011 – Guidelines on quality and/or
environmental management systems auditing.• ISO 10012 Measurement control system
Which ISO Standards
31 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
Quality System Documentation
ProceduresProcedures
Records/DocumentationRecords/Documentation
QualityQualityManualManual
Work/JobWork/JobInstructionsInstructions
Level 1Level 1DefinesDefines
Approach andApproach andResponsibilityResponsibility
Level 2Level 2DefinesDefines
Who, What, WhenWho, What, When
Level 3Level 3Answers Answers
HowHow
Level 4Level 4Results: shows that Results: shows that
the system is the system is operatingoperating
32 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
ISO 9001:2000 Structure
4. Quality Management System4.1 General requirements4.2 Document requirements
5. Management Responsibility
5.1 Management commitment
5.2 Customer focus5.3 Quality policy5.4 Planning5.5 Responsibility, authority,
communication5.6 Management review
6. Resource Management6.1 Provision of resources6.2 Human resources6.3 Infrastructure6.4 Work environment
7. Product realization7.1 Planning of product realization7.2 Customer-related processes7.3 Design and development7.4 Purchasing7.5 Production and service provision7.6 Control of monitoring and
measuring devices
8. Measurement, Analysis & Improvement8.1 General8.2 Monitoring and measurement8.3 Control of nonconforming product8.4 Analysis of data8.5 Improvement
33 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
Both require the organization be explicit about what their processes and quality systems are
Say what you do; do what you say
The organization records and tracks data for objective analysis
Require strong management support to succeed
Provide a structured and measured approach to quality improvement
Require an outside audit for “certification”
Both are refined/improved over time
Similarities
34 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
Differences
ISO 9000 SW-CMMI
Outwardly focused Inwardly focused
Minimum requirements with implied continuous improvements
Explicit continuous quality improvement
Not specific to any one industry or service
Software focus
Registration Document No documentation
Continual Audits No follow up audits
35 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
Sarbanes-Oxley Implications
With its more than 300 discrete points of enforceable law, this is the most significant piece of account legislation passed since the formation of the SEC in 1933
SOX was passed with the specific intent of increasing accountability and attempting to install ethical behavior in financial reporting and business operations.
With this increase spotlight on reporting, companies must invest resources and focus into their internal control process
The Act created the Public Company Accounting Oversight Board (PCAOB) to oversee the activities of the auditing profession and mandated reforms to enhance corporate and criminal fraud accountability.
A goal of SOX legislation is to continually improve the transparency of financial and business events that can impact the accuracy and future validity of financial statements. Projects to improve processes and regular review of controls will become common-place activities as compliance evolves. Tools that simplify project completion and track status will better enable organization to cost-effectively undertake these projects.
36 / 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley