Upload
tad-glenn
View
54
Download
1
Tags:
Embed Size (px)
DESCRIPTION
ISO 9000 and SEI CMM. What ISO 9000 Mandates. - PowerPoint PPT Presentation
Citation preview
What ISO 9000 MandatesWhat ISO 9000 MandatesThe requirements for a quality system have been standardized - but many organizations like to think of themselves as unique. So how does ISO 9001:2008 allow for the diversity of say, on the one hand, a "Mr. and Mrs." enterprise, and on the other, to a multinational manufacturing company with service components, or a public utility, or a government administration?
The answer is that ISO 9001:2008 lays down what requirements your quality system must meet, but does not dictate how they should be met in any particular organization. This leaves great scope and flexibility for implementation in different business sectors and business cultures, as well as in different national cultures.
-- ISO
Insuring ComplianceInsuring Compliance1. The standard requires the organization itself to audit its quality
system to verify that it is managing its processes effectively - or, to put it another way, to check that it is fully in control of its activities.
2. In addition, the organization may invite its clients to audit the quality system in order to give them confidence that the organization is capable of delivering products or services that will meet their requirements.
3. Lastly, the organization may engage the services of an independent quality system certification body to obtain an ISO ISO 9001:2008 Certificate of Conformity9001:2008 Certificate of Conformity. This last option has proved extremely popular in the market-place because of the perceived credibility of an independent assessment.
-- ISO
ISO 9001 ContentsISO 9001 ContentsSection 4 General Requirements
Section 5 Management Responsibility
Section 6 Resource Management
Section 7 Product Realization
Section 8 Measurement, Analysis and Improvement
ISO 90003 ISO 90003 Section 7 - Product RealizationSection 7 - Product Realization
7.1 Product Realization Planning
7.2 Customer Processes7.2.2 Review of Software Product Requirements7.2.2.1 Review Product Requirements related to Customer Contract
7.3 Software Design and Development
7.4 Purchasing Parts and Components
7.5 Product and Service Provisionstracking builds, deliveries, releases
7.6 Monitoring and Measuring
http://www.praxiom.com/iso-90003.htm
ISO 90003 ISO 90003 Section 8 - Measurement, Analysis, and ImprovementSection 8 - Measurement, Analysis, and Improvement
8.1 Carry out remedial processes Plan how monitoring, measuring, and analytical processes will be used to
demonstrate conformity.Use monitoring, measuring, and analytical processes to demonstrate
conformance.
8.2 Monitor and measure quality 8.2.1 Monitor and measure customer satisfaction.8.2.2 Plan and perform regular internal audits.8.2.3 Monitor and measure quality processes.8.2.4 Monitor and measure product characteristics.
8.3 Control your nonconforming software products Prevent the delivery or use of nonconforming software products.
8.4 Analyze quality information
8.5 Take required remedial actionshttp://www.praxiom.com/iso-90003.htm
9001 Required Documents9001 Required Documents1. Quality Policy2. Control of Documents 3. Control of Records4. Internal Audits5. Control of Nonconforming Product / Service6. Corrective Action 7. Preventive Action
These may go in a single "Quality Manual".
http://en.wikipedia.org/wiki/ISO_9000
Quality Policyintended for all levels of employeeslinked to business plan, marketing plan, customer
needsmeasurable objectives
Recordsallows problems to be traced back to causesincludes
test results, customer comments, etc. actions taken to improve
Internal Auditsis the system working?what improvements can be made?
Reality CheckReality CheckDoes ISO 9001 actually improve software quality?independent studies indicate yes
ISO 9001 creates a climate of quality
or is this a self-selecting group that only applied for ISO certification because they were already interested in and doing QA?
Not always a good ideaGood business judgment is needed to
determine ISO9001's proper role for a company.
Is certification important to the marketing plans of the company? If not, do not rush to certification.
Even without certification, companies should utilize the ISO 9001 model as a benchmark to assess the adequacy of its quality programs.
-- Frank Barnes
CMM HistoryCMM History1986 - Effort started by SEI and MITRE
Corporation assess capability of DoD contractors
First version published in 1991
closely related to TQM goal is customer satisfaction
not required that customer be "delighted"
Some Fundamental IdeasProcess improvement is based on small
steps, rather than revolutionary innovation.
CMM is not exhaustive or dictatorial.
CMM focuses on processes that are of value across the organization.
LevelsLevels1. Initial2. Repeatable3. Defined4. Managed5. Optimizing
http
://w
ww
.est
yles
oft.c
om/p
ictu
res/
cmm
_lev
el3.
CC
C6E
28B
8902
407D
8B1A
A60
8D92
EF
004.
gif
Level 1 : The Initial Levelad hoc, sometimes chaotic
overcommitment leads to a series of crises
during a crisis, projects abandon plans
capability is characteristic of individuals, not the organization
when a good manager leaves, the success leaves with them
Level 2 : The Repeatable LevelPlanning is based on experience with
similar projects past successes can be repeated
Policies for Managing and Implementation installed basic management controls track costs and schedules notice and deal with problems as they arise
Level 3 : The Defined LevelStandard Processes defined across the
organization and used by all projects standard set of roles, activities, quality tracking, etc each project uses a tailored version of this standard
process
Training Program is in place to ensure everyone has the skills required for their assigned role
Level 4 : The Managed LevelQuantitative Quality Goals
for both Products and Processes
Organization-wide Process Database meaningful variations in process performance
can be distinguished from random noise actions are then taken to correct the situation
Products are of predictably high quality
Level 5 : The Optimizing LevelOrganization has the means to identify
weaknesses and strengthen the process proactively
teams analyze defects to determine their cause, and disseminate lessons learned throughout the organization
major focus on eliminating waste e.g. reduce amount of rework
Defect preventionTechnology change managementProcess change management
Quantitative process managementSoftware Quality Management
Organization process focusOrganization process definitionTraining programIntegrated software managementSoftware product engineeringIntergroup coordinationPeer Reviews
Requirements managementSoftware project planningSoftware project tracking and oversightSoftware subcontract managementSoftware quality assuranceSoftware Configuration management
Key Process AreasKey Process Areasby maturity level
This is a somewhat handy
hierarchy of activities.
Don't skip levelsFor example,
collecting detailed data (level 4) is meaningless unless the data is from projects that use a consistent process (level 3)
Level Comparison - RiskLevel 1
Just do it
Level 2problems are recognized and corrected as they
occur
Level 3problems are anticipated and prevented, or
impacts minimized
Levels 4 and 5sources of problems are understood and
eliminated
Level Comparison - PeopleLevel 1
success depends on individual heroicsfire fighting is the way of life
Level 2success depends on individualsefforts are supported by management
Level 3people are trained for their role(s)groups work together
Levels 4strong sense of teamwork in every project
Level 5strong sense of teamwork across the organizationeveryone does process improvement
Level Comparison - MeasurementLevel 1
ad hoc (if any) data collection and analysis
Level 2 individual projects use planning data
Level 3data collected for all processesdata shared across projects
Levels 4data standardized across the organization
Level 5data used for process improvement
Defect preventionTechnology change managementProcess change management
Quantitative process managementSoftware Quality Management
Organization process focusOrganization process definitionTraining programIntegrated software managementSoftware product engineeringIntergroup coordinationPeer Reviews
Requirements management
Software project planningSoftware project tracking and oversightSoftware subcontract managementSoftware quality assuranceSoftware Configuration management
Key Process AreasKey Process Areasby maturity level
Software Project Planning Goals Goals
1. Software estimates are documented for use in planning and tracking the software project.
2. Software Project activities and commitments are planned and documented.
3. Affected groups and individuals agree to their commitments related to the software project.
Software Project Planning1. Commitment to PerformCommitment 1 -- A project software
manager is designated to be responsible for negotiating commitments and developing the project's software development plan.
Commitment 2 -- The project follows a written organizational policy for planning a software project.
This policy typically specifies that:
1. The system requirements allocated to software are used as the basis for planning the software project.
2. The software project's commitments are negotiated between: the project manager, the project software manager, and the other software managers.
3. Involvement of other engineering groups in the software activities is negotiated with these groups and is documented.
4. Affected groups review the software project's: software size estimates, effort and cost estimates, schedules, and other commitments.
5. Senior management reviews all software project commitments made to individuals and groups external to the organization.
6. The project's software development plan is managed and controlled.
Software Project Planning2. Ability to Perform
Ability 1 -- A documented and approved statement of work exists for the software project.
Ability 2 -- Responsibilities for developing the software development plan are assigned.
Ability 3 -- Adequate resources and funding are provided for planning the software project.
Ability 4 -- The software managers, software engineers, and other individuals involved in the software project planning are trained in the software estimating and planning procedures applicable to their areas of responsibility.
The statement of work covers: scope of the work, technical goals and objectives, identification of customers and end users, imposed standards, assigned responsibilities, cost and schedule constraints and goals, dependencies between the software project and other organizations, resource constraints and goals, and other constraints and goals for development and/or maintenance.
The statement of work is reviewed by: the project manager, the project software manager, the other software managers, and other affected groups.
The statement of work is managed and controlled.
Software Project Planning3. Activities Performed
Activity 1 -- The software engineering group participates on the project proposal team.Activity 2 -- Software project planning is initiated in the early stages of, and in parallel with,
the overall project planning.Activity 3 -- The software engineering group participates with other affected groups in the
overall project planning throughout the project's life.Activity 4 -- Software project commitments made to individuals and groups external to the
organization are reviewed with senior management according to a documented procedure.Activity 5 -- A software life cycle with predefined stages of manageable size is identified or
defined.Activity 6 -- The project's software development plan is developed according to a documented
procedure.Activity 7 -- The plan for the software project is documented.Activity 8 -- Software work products that are needed to establish and maintain control of the
software project are identified.Activity 9 -- Estimates for the size of the software work products (or changes to the size of
software work products) are derived according to a documented procedure.Activity 10 -- Estimates for the software project's effort and costs are derived according to a documented
procedure.Activity 11 -- Estimates for the project's critical computer resources are derived according to a
documented procedure.Activity 12 -- The project's software schedule is derived according to a documented procedure.Activity 13 -- The software risks associated with the cost, resource, schedule, and technical aspects of the
project are identified, assessed, and documented.Activity 14 -- Plans for the project's software engineering facilities and support tools are prepared.Activity 15 -- Software planning data are recorded.
Software Project Planning4. Measurement and Analysis
Measurement 1 -- Measurements are made and used to determine the status of the software planning activities.
Examples of measurements include: completions of milestones for the software project
planning activities compared to the plan; and work completed, effort expended, and funds
expended in the software project planning activities compared to the plan.
Software Project Planning5. Verifying Implementation
Verification 1 -- The activities for software project planning are reviewed with senior management on a periodic basis.
Verification 2 -- The activities for software project planning are reviewed with the project manager on both a periodic and event-driven basis.
Verification 3 -- The software quality assurance group reviews and/or audits the activities and work products for software project planning and reports the results.
The full lists of activities can be found athttp://www2.umassd.edu/swpi/sei/tr25f/tr25.html