Capability Maturity Model The Software Process Framework example essay topic

7,585 words
The SEI is often identified with its CMM (R) work. Over the years, the SEI has developed six Capability Maturity Model products. Some are new and build on the work of the older ones. CMMs that the SEI is currently involved in developing, expanding, or maintaining are o CMMI (R) (Capability Maturity Model Integration) o P-CMM (People Capability Maturity Model) o SA-CMM (Software Acquisition Capability Maturity Model) Legacy CMMs that have been incorporated into CMMI models, and therefore are no longer maintained are Capability Maturity Model for Software (SW-CMM) o Systems Engineering Capability Maturity Model (SE-CMM) o Integrated Product Development Capability Maturity Model (IPD-CMM) SEI work that is very closely related to the development, support, and maintenance of CMMs includes o Publishing appraisal results - in the Maturity Profile Working with standards organizations to help further the cause of for software process improvement o Improving and supporting CMM-based appraisals of organizations The SEI's goals in developing CMMs include o addressing software engineering and other disciplines that have an affect on software development and maintenance o providing integrated process improvement reference model so building broad community consensus o harmonizing with related standard so enabling efficient improvement across disciplines relevant to software development and maintenance Extreme Programming and the Capability Maturity Model Ron Jeffries 01/01/2000 A discussion on comp. software-eng asked what people thought of eXtreme Programming, suggesting that it might be approximately an SEI Level 1 process. In these pages, we " ll look at the descriptions of the CMM levels and at some corresponding aspects of eXtreme Programming as practiced on the Chrysler C 3 project. My assessment overall is that XP has some characteristics in common with the higher SEI levels, up to and including level 5.

However, I would not assert that an XP team is a level 5 team. It takes a lot more documentation and 'proving' going on in CMM than we recommend for XP. XP is in some ways a 'vertical's lice through the SEI levels 2 through 5. Comments are welcome via wiki, or email. In the following, sections in italics are quotations from The Capability Maturity Model, CMU / SEI, Paul et al, Addison-Wesley, 1995, ISBN 0-201-54664-7. [ Level 1 ] [ Level 2 ] [ Level 3 ] [ Level 4 ] [ Level 5 ] SEI Level One At the Initial Level, the organization typically does not provide a stable environment for developing and maintaining software.

Overcommitment is a characteristic of Level 1 organizations, and such organizations frequently have difficulty making commitments that the staff can meet with an orderly engineering process, resulting in a series of crises. During a crisis, projects typically abandon planned procedures, and refer t to coding and testing. Success depends on having an exceptional manager and a seasoned and effective software team. Success in Level 1 organizations depends on the competence and heroics of the people in the organization and cannot be repeated unless the same competent individuals are assigned to the next project. Thus, at Level 1, capability is a characteristic of the individuals, not of the organization. Extreme Programming specifically prescribes two levels of scheduling, which make up the Planning Game.

These levels, called Commitment Schedule and Iteration Plan, are based on developers' own estimates for the production of the necessary software. The joint Commitment Schedule process results in a comprehensive estimate of what will be produced, and when. The joint Iteration Plan schedules a short interval, and results of each iteration feed back into the Commitment Schedule to refine the schedule. C 3 progress is in no way characterized by a series of crises. The C 3 team specifically prohibits heroics, and works almost no overtime. Instead, the team treats a desire for heroics as an indication that there is something wrong with the process.

They dig in and determine what is going wrong, and fix the process. While the C 3 team members are quite competent, they are generally not exceptional. The team's Pair Programming practice brings two good minds to bear on each problem: this is generally better than bringing one excellent mind to bear. The team manager offers no exceptional support. Rather, he serves only to track progress, and to interface to management, with all technical decisions and assignments being done jointly by the team and by a volunteer process.

A second Extreme Programming project, with a new team, has not yet been attempted at Chrysler, so we cannot yet speak to how well the success will be replicated. Our thoughtful opinion, however, is that it is our process, not us as individuals, that is making C 3 work so well. SEI Level Two - Repeatable At the Repeatable Level, ... projects implement effective processes that are defined, documented, practiced, trained, measured, enforced, and improvable. Extreme Programming clearly specifies a number of practices (Extreme Programming Rules). These are well-defined, and are documented. The team has been trained at the beginning of the project, has a full-time coach, and trains new members in the team practices.

Practices are generally measured and enforced by the shared responsibility of the team. Pair Programming and an open process ensure that all developers know what is happening all over the system. In the rare instances where a developer may violate one of the team's practices, the offending developer will be advised, reprimanded, or, in rare cases, allowed to work on some other project. The practices are improvable, and in fact (see SeiLevelFive) are improved as we go along... managers for a project track software costs, schedules, and functionality; problems in meeting commitments are identified as they arise. In Extreme Programming, we track Four Variables, Resources, Scope, Quality, and Time. These variables let us determine whether we are meeting the schedule, with the desired quality, as we go along.

We report these variables uniformly, from ourselves all the way to the top of the organization. SEI Level Three - Defined At the Defined Level... a defined software process contains a coherent, integrated set of well-defined software engineering and management processes... characterized as including readiness criteria, inputs, standards and procedures for completing the work, verification mechanisms... , outputs, and completion criteria. Because the software process is well-defined, management has good insight into technical progress on the project. Extreme Programming's rules encompass the readiness criteria (e.g. completion of User Stories, presence of key resources), inputs (User Stories), standards and procedures (the many 'Extreme Programming Rules'), verification mechanisms (Unit Tests and Functional Tests), outputs (the software plus anything else defined in the User Stories), and completion criteria (user-acceptable scores on the Functional Tests).

Using the Four Variables, Extreme Programming provides management with simple and clear insight into actual project performance. SEI Level Four - Managed At the Managed Level, the organization sets quantitative quality goals for both software products and processes. Extreme Programming requires that quality goals for products be set via the Functional Tests. We require Unit Tests to be at 100% all the times, so that's not very interesting as a statistic. We measure our Load Factor, which relates elapsed time to developers' estimates of difficulty. We have not set quantitative goals for this figure, but we do use changes in Load Factor as a cue to look into the process and see where we can improve.

When the schedule is tracking and test scores are good, we have not found it necessary to track other quantitative values. Some candidates to consider would be: number of unit tests vs. number of system classes; rate of change of test creation; number of system classes; class / method /code lines ratios, and so on. Looking at XP through CMM eyes, especially if XP were being done throughout an entire large organization, we would expect that more measurement might be needed than we require in a single project. An interesting question in those circumstances is how much to invest in measurement 'in case we need it'. The XP advice would be to measure only things that have low cost, and start measuring when you see the need.

We would advise recording additional (low-cost) measures but (literally) not looking at them unless and until there is a perceived use for the figures. Otherwise you " re just wasting time that could be used writing more software - which is, after all, the point. SEI Level Five - Optimizing At the Optimizing Level... software teams analyze defects to determine their causes. They evaluate software processes to prevent known types of defects from recurring and [they] disseminate lessons learned throughout the organization.

Extreme Programming practice is to meet every defect by implementing tests that display the defect, then fixing the software so that the tests run. Other tests are to be built in the same or related areas, to catch similar or related problems. It is fair to say that the C 3 team, being human, sometimes falls a bit short in terms of creating tests for things that are outside our current scope. This is an area that needs continual attention from the Extreme Coach, and it may need shoring up in some other way as well. Extreme Programming teams prefer to implement software to check for and detect errors, whether in the base software or in process, rather than to set up involved procedures which leave open the possibility of human error or laziness. Thus, an XP team will write software to make sure that changes are not stepped on by subsequent developers, rather than set up a more involved release procedure.

SEI Capability Maturity Model The CMM describes the principles and practices underlying software process maturity. It is intended to help software organizations improve the maturity of their software processes in terms of an evolutionary path from ad how, chaotic processes to mature, disciplined software processes. The focus is on identifying key process areas and the exemplary practices that may comprise a disciplined software process. The maturity framework provided by CMM establishes a context in which: o Practices can be repeated, if you don't repeat an activity there is no reason to improve it.

There are policies, procedures, and practices that commit the organization to implementing and performing consistently. o Best practices can be rapidly transferred across groups. Practices are defined sufficiently to allow for transfer across project boundaries, thus providing some standardization for the organization. o Variations in performing best practices are reduced. Quantitative objectives are established for tasks; and measures are established, taken, and maintained to form a base-line from which an assessment is possible. o Practices are continuously improved to enhance capability (optimizing). Structure of CMM Maturity Levels A layered framework providing a progression to the discipline needed to engage in continuous improvement (It is important to state here that an organization develops the ability to assess the impact of a new practice, technology, or tool on their activity. Hence it is not a matter of adopting these, rather it is a matter of determining how innovative efforts influence existing practices. This really empowers projects, teams, and organizations by giving them the foundation to support reasoned choice.) Key Process Areas Key process area (KPA) identifies a cluster of related activities that, when performed collectively, achieve a set of goals considered important.

Goals The goals of a key process area summarize the states that must exist for that key process area to have been implemented in an effective and lasting way. The extent to which the goals have been accomplished is an indicator of how much capability the organization has established at that maturity level. The goals signify the scope, boundaries, and intent of each key process area. Common Features Common features include practices that implement and institutionalize a key process area. These five types of common features include: Commitment to Perform, Ability to Perform, Activities Performed, Measurement and Analysis, and Verifying Implementation. Key Practices The key practices describe the elements of infrastructure and practice that contribute most effectively to the implementation and institutionalization of the key process areas.

Framework for CMM Process Definition Criteria are the set of information that must be included in a software process description for it to be usable by the people performing the process. To establish the criteria you are asking the question - 'What software process information do I need to document?' Process Element Answers Purpose Why is a process performed? Input What work products are used? Output What work products are produced? Role Who (or what) performs the activities?

Activity What is done? Entry criteria When (under what circumstances) can processes begin? Exit criteria When (under what circumstances) can processes be considered complete? Procedure How are activities implemented? Other process elements: o Reviews and audits performed. o Work products that are to be managed and controlled (or placed under configuration management). o Measurements to be made. o Training. o Tools.

Operational FrameworkInformationType Description Policy The laws and regulations that govern or constrain operations Standards The operational definitions or acceptance criteria for final and interim products. Process Describe what happens within the organization to build products that conform to standards in accord with policies. Procedures Describes how-to or step-by-step instructions that implement a process. Training Knowledge and / or skills required to use a procedure.

Tools Automated support needed to implement the procedures. Software Process Framework for SEI " capability Maturity Model The software process framework documented is intended to guide those wishing to assess an organization / projects consistency with the CMM. For each maturity level there are five checklist types: Type Description Policy Describes the policy contents and KPA goals recommended by the CMM. Standard Describes the recommended content of select work products described in the CMM. Process Describes the process information content recommended by the CMM. The process checklists are further refined into checklists for: o roles o entry criteria o inputs o activities o outputs o exit criteria o reviews and audits o work products managed and controlled o measurements o documented procedures o training o tools Procedure Describes the recommended content of documented procedures described in the CMM.

Level Overview Provides an overview of an entire maturity level. The level overview checklists are further refined into checklists for: o KPA purposes (Key Process Areas) o KPA goals o policies o standards o process descriptions o procedures o training o tools o reviews and audits o work products managed and controlled o measurements See also the People Capability Maturity Model. ReferencesBemberger, J. (June 1997) Essence of the Capability Maturity Model. I Computer, p. 112-114. Olson, T.G., N.R. Reimer, & J.W. Over (1994) A Software Process Framework for the SEI Capability Maturity Model. Documents and Checklists for a Software Process Framework for CMM.

The Capability Maturity Model: A Tutorial. A set of slides from SEI describing CMM and the underlying structure. Capability Maturity Model The term you selected is being presented by search CIO. com, a Tech Target site for CIO professionals. The Capability Maturity Model (CMM) is a methodology used to develop and refine an organization's software development process. The model describes a five-level evolutionary path of increasingly organized and systematically more mature processes.

CMM was developed and is promoted by the Software Engineering Institute (SEI), a research and development center sponsored by the U.S. Department of Defense (DoD). SEI was founded in 1984 to address software engineering issues and, in a broad sense, to advance software engineering methodologies. More specifically, SEI was established to optimize the process of developing, acquiring, and maintaining heavily software-reliant systems for the DoD. Because the processes involved are equally applicable to the software industry as a whole, SEI advocates industry-wide adoption of the CMM. The CMM is similar to ISO 9001, one of the ISO 9000 series of standards specified by the International Organization for Standardization (ISO). The ISO 9000 standards specify an effective quality system for manufacturing and service industries; ISO 9001 deals specifically with software development and maintenance.

The main difference between the two systems lies in their respective purposes: ISO 9001 specifies a minimal acceptable quality level for software processes, while the CMM establishes a framework for continuous process improvement and is more explicit than the ISO standard in defining the means to be employed to that end. CMM's Five Maturity Levels of Software Processes At the initial level, processes are disorganized, even chaotic. Success is likely to depend on individual efforts, and is not considered to be repeatable, because processes would not be sufficiently defined and documented to allow them to be replicated. o At the repeatable level, basic project management techniques are established, and successes could be repeated, because the requisite processes would have been made established, defined, and documented. o At the defined level, an organization has developed its own standard software process through greater attention to documentation, standardization, and integration. o At the managed level, an organization monitors and controls its own processes through data collection and analysis. o At the optimizing level, processes are constantly being improved through monitoring feedback from current processes and introducing innovative processes to better serve the organization's particular needs. Find products and vendors related to Capability Maturity Model.

Read more about it: SEI provides more information on their page, 'Capability Maturity Model (SW-CMM) for Software. ' Here's a look at 'How ISO 9001 compares with the CMM. ' RELEVANT SPONSORED LINKS CMM (R) /CMMI (R) Training On-site & public training classes on SEI CMM / CMMI Models web is CMM? Free SEI CMM tutorials, best practices, directory, FAQ, Info. outsource king. comet CMMI Compliance Award Winning tool Select Process Director guides you to your goal web in Software Eng. Start Earning Your Masters Online. NCA Accredited - Contact Us Today! web Mentoring In 9 months, we hit CMMI level 2.

Do you want it, too? Let us help. web Maturity Model Background. The Capability Maturity Model (CMM) was developed by the Software Engineering Institute (SEI), Carnegie Mellon University, Pittsburgh, PA beginning in 1986. This effort was initiated in response to the request of the U.S. Government to provide a method for assessing the capability of its contractors. The initial release of the CMM, Version 1.0, was reviewed and used extensively during 1991 and 1992. Many improvements were made, and the current release, Version 1.1, was made available in February 1993.

Purpose of the CMM. The CMM is a framework that describes the key elements of an effective process. It provides a foundation for process improvement. The CMM describes an evolutionary improvement path from an ad how, immature process to a mature, disciplined process. The process below describes the CMM. It shows the five levels of progressive process maturity (Initial, Repeatable, Defined, Managed, and Optimizing), and indicates the Process Areas (PA) that are addressed at each level.

The CMM covers practices for planning, engineering, and managing development and maintenance activities. When followed, these key practices improve the ability of organizations to meet goals for cost, schedule, functionality, and product quality. The goal is to improve efficiency, return on investment, and effectiveness. The CMM establishes a yardstick against which it is possible to judge, in a repeatable way, the maturity of an organization's process and compare it to the state of the practice of the industry. The CMM is also used extensively by organizations to identify process improvement needs, to plan and prioritize improvements, and to evaluate improvement progress. The CMM has become a de facto industry standard for assessing and improving processes.

Through the CMM, the SEI and community have put in place an effective means for modeling, defining, and measuring the maturity of the processes used by process engineering and development professionals. The CMM has been widely adopted and used by the U.S. Government, industry, and academia. Process Areas By Maturity Level Level 1-2 (Repeatable) - Configuration Management- Quality Assurance- Subcontract Management- Project Tracking and Oversight- Subcontract Management- Project Planning- Requirements Management Level 3 (Defined) - Peer Reviews- Intergroup Coordination- Product Engineering- Integrated Software Management- Training Program- Organization Process Definition- Organizational Process Focus Level 4 (Managed) - Quality Management- Process Measurement and Analysis Level 5 (Optimizing) - Process Change Management- Technology Change Management- Defect Prevention Note. Level 1-2 is the disciplined process; Level 2-3 is the standard consistent practice; Level 3-4 is the predictable process; and Level 4-5 is the continuously improving process. CMM: 5 evolutionary stages in managing organizational processes Capability Maturity Model (CMM) The Capability Maturity Model model is an organizational model that describes 5 evolutionary stages (levels) in which an organization manages its processes. CMM describes 5 evolutionary stages in which an organization manages its processes.

The thought behind the Capability Maturity Model, originally developed for software development, is that an organization should be able to absorb and carry its software applications. The model also provides specific steps and activities to get from one level to the next. The 5 stages of the Capability Maturity Model are: 1. Initial (processes are ad-how, chaotic, or actually few processes are defined) 2. Repeatable (basic processes are established and there is a level of discipline to stick to these processes) 3.

Defined (all processes are defined, documented, standardized and integrated into each other) 4. Managed (processes are measured by collecting detailed data on the processes and their quality) 5. Optimizing (continuous process improvement is adopted and in place by quantitative feedback and from piloting new ideas and's technologies) The Capability Maturity Model is useful not only for software development, but also for describing evolutionary levels of organizations in general and in order to describe the level of Value Based Management that an organization has realized or wants to aim for. Misconceptions of the Capability Maturity Model Karl E. WiegersProcess Impact web organizations are striving to improve their software development processes with the help of the Capability Maturity Models (the CMMS) for software.

Most people who have heard of the CMM know three things: It describes five levels of process maturity, higher is supposed to be better, and most of us are presently at Level 1. However, people hold many common misconceptions about the CMM: how it is structured, how it should be applied, how to advance from one maturity level to the next, and so on. While using the CMM to guide software process improvement efforts, I have heard software engineers and managers express as facts a variety of misinterpretations about the CMM. The purpose of this article is to clarify some of these common points of confusion. The model really makes quite a bit of sense, but it is not intuitively obvious, and it's not easy to find all the right answers in the standard CMM documentation. Let's begin by reviewing the overall structure of the CMM.

Overview of the CMM The CMM was developed by the Software Engineering Institute (SEI), a federally-funded research and development center operated by Carnegie Mellon University. The definitive resource is The Capability Maturity Model: Guidelines for Improving the Software Process, (Carnegie Mellon University / Software Engineering Institute), published in 1995 by Addison-Wesley. The CMM serves two major purposes: to guide process improvement efforts in a software organization, and to assist with identifying contracting organizations that are qualified to perform software work. The five maturity levels (Initial, Repeatable, Defined, Managed, and Optimizing) represent evolutionary plateaus on the road to a high level of software process capability. Each maturity level, except the first, defines several key process areas or KPAs-groups of related software practices-all of which must be satisfied in order for an organization to attain that level (Table 1). Each KPA has two to four goals, all of which must be achieved in order to satisfy the objectives of that KPA.

In addition, each KPA describes a number of key practices that typically lead to achieving that KPA's goals. These practices are grouped into five 'common features. ' The key practices of the common feature called Activities Performed define technical and managerial activities that typically lead to satisfying the KPA goals, thereby establishing a specific process capability in that key process area. Table 1. Key Process Areas of the Capability Maturity Model. Maturity Level Key Process Area 1: Initial None 2: Repeatable Requirements Management, Software Project Planning, Software Project Tracking and Oversight, Software Subcontract Management, Software Quality Assurance, Software Configuration Management 3: Defined Organization Process Focus, Organization Process Definition, Training Program, Integrated Software Management, Software Product Engineering, Intergroup Coordination, Peer Reviews 4: Managed Quantitative Process Management, Software Quality Management 5: Optimizing Defect Prevention, Technology Change Management, Process Change Management The other four common features relate to institutionalization of the practices performed in a software organization.

Institutionalization means that a practice is routinely applied across the organization, even in times of crisis. Application of that practice has been ingrained in the group's culture, and it is supported with an infrastructure of policies, tools, training, and standards. Without effective institutionalization, process improvements may turn out to be temporary. The institutionalizing common features are: o Commitment to Perform (encompasses the presence of an organizational policy pertaining to the KPA and specifically assigning key responsibilities) o Ability to Perform (includes training, resources, and other prerequisites) o Measurement and Analysis (describes the status and quality measures that are used to control and improve the process) o Verifying Implementation (describes steps taken to ensure that activities are performed according to established processes and procedures) Several common themes run through the key process areas of the CMM. For starters, written organizational policies state management expectations around the practice of each KPA. Status and issues are to be reviewed periodically with senior management.

A recurrent expectation is that practitioners are trained to perform the activities expected of them. Most activities are to be performed according to documented procedures (in contrast to the oral history of many software cultures). Appreciating such philosophical and practical themes of the CMM is as important as remembering the nuances of each KPA. As organizations attempt to apply the CMM framework to their software process improvement activities, it's easy to get confused by incomplete or erroneous interpretations of the CMM.

Let's clarify some of the misconceptions I have heard about this process improvement model. Misconceptions About Maturity Levels Misconception #1: If you are at Level 1, you are pond scum. One problem with the term 'process maturity' is that if you are on the low end of the scale, you are 'immature' by definition. Some people object to the term 'maturity' in this context because it sounds like a value judgment, rather than being an objective appraisal of process capability. The fact is that most software organizations are operating at the Initial level of the CMM today, yet some of them are successful by many commonly accepted measures (profitability, market share, customer satisfaction). However, other organizations are struggling, delivering poor quality products (or nothing) with substantial cost and schedule overruns.

Being Level 1 does not mean that the members of a software organization are barely breathing (as one manager put it). It does mean that the organization's projects are likely to have less predictability, more rework, more defects, and more schedule slippage than those in a higher maturity organization. The CMM is concerned with organizational process capability; it does not pass judgment on the performance or capabilities of individual software practitioners. Misconception #2: Level 2 is mostly about software engineering activities, such as requirements analysis, design, coding, and testing. Actually, the Repeatable Level addresses practices that relate to planning, managing, and tracking several fundamental aspects of a software project (see Table 1). The standard software engineering tasks of analysis, design, coding, testing, and documentation are all included in a large KPA called Software Product Engineering at Level 3.

For an organization to have a repeatable process, the project management controls and discipline that are provided by the Level 2 KPAs must first be established. Without a foundation of disciplined project management, even effective software engineering procedures may be abandoned during times of schedule pressure or rapidly changing requirements. Misconception #3: You have to perform all of the activities and practices defined at some maturity level in order to achieve that level. Over 120 key practices are defined for the Repeatable Level alone, counting the activities, commitments, abilities, measurements, and verification steps. You do not have to perform every one of these practices in order to achieve Level 2. However, you do need to demonstrate that you are satisfying all of the goals that are defined for the applicable Level 2 KPAs.

(If an organization does not engage in subcontracting, the Software Subcontract Management KPA is not applicable.) You may have alternative practices that accomplish the goals of a KPA, but which are not mentioned in the CMM. The key practices are only a guideline-not a requirement-for determining whether goals are satisfied. Misconception #4: Software measurement is not required until you are approaching Level 4. People having a superficial knowledge of the CMM may be aware that the Managed Level addresses the quantitative measurement of software products and processes. These people sometimes are surprised to learn that measurement is a part of every KPA at every maturity level. The Measurement and Analysis common feature provides a hint to this effect.

Most of these measurements determine the status of activities associated with application of the KPA. Consider the Requirements Management KPA. You should measure the status of each requirement, the effort spent on requirements management activities, and requirements stability (the frequency of change of the requirements). At the higher maturity levels, metrics are increasingly used to monitor progress and manage projects proactively. However, software groups at all maturity levels should begin incorporating fundamental software metrics into their routine operating practices. Misconception #5: The SEI certifies an organization at a specific maturity level.

There is no such thing as being 'SEI-certified,' and there is no certification associated with achieving a specific CMM maturity level. Perhaps this misunderstanding arises because some people erroneously refer to CMM-based process appraisals as 'audits,' and certain audits do result in a certification of some sort. The SEI maintains a database of accumulated results from formal process appraisals, but it will not divulge the results for any specific organization. Misconceptions About Practices Misconception #6: The CMM requires that you use specific software development practices, tools, and methodologies.

The CMM does not stipulate how you must perform software development or management activities. It does require that you document the processes you use, that you follow these processes, and that they be technically sound. The CMM's KPAs define general areas of performance that must be satisfied in order to move to a higher maturity level, but they do not specify all of the techniques to be used. For example, the Software Project Planning KPA requires that you derive estimates for a software project's effort and costs according to a documented procedure.

However, it is your documented procedure, which should contain whatever estimating techniques work for you. The CMM does not dictate estimating algorithms, CASE tools, development methodologies, or standards that you have to apply. Provided your practices in each KPA consistently and verifiably satisfy the goals of that KPA, you can apply any methods that you find to be effective. Misconception #7: The CMM mandates a waterfall life cycle model. The CMM does require that 'a software life cycle with predefined stages of manageable size is identified or defined. ' However, the CMM does not specify (nor even imply) the life cycle to be used.

Indeed, the CMM explicitly states that 'there is no intent either to encourage or preclude the use of any particular software life cycle. ' However, the CMM does impose discipline on the selection and application of each project's life cycle model. The issue of life cycle models is most fully addressed in the Defined Level. The key points are: descriptions of approved software life cycles are documented as part of an organization's standard software process; a project must select one of those life cycles; and the project can modify the selected life cycle if necessary according to specified tailoring guidelines. Misconception #8: The Software Quality Assurance KPA is mostly about testing. Many newcomers to the CMM fall into this trap, since the term 'quality assurance's o frequently refers to defect detection activities like testing and reviews.

Actually, the word 'testing' does not appear anywhere in the text of the Software Quality Assurance KPA; testing is addressed in the Level 3 Software Product Engineering KPA. The CMM states that 'the purpose of Software Quality Assurance is to provide management with appropriate visibility into the process being used by the software project and of the products being built. ' This visibility is provided through audits and reviews that determine whether work products comply with applicable standards, and whether processes conform to documented procedures. To some, this application of quality assurance turns SQA practitioners into 'process police. ' This negative interpretation should be balanced by the intent for SQA to help software developers consistently use the most effective practices to create high quality products. A group's culture has a lot to do with whether SQA is viewed as a value-added support function, or as a spy agency.

Misconception #9: The CMM requires that you perform software inspections to achieve Level 3. The Defined Level includes a Peer Reviews KPA. The purpose of peer reviews is to remove defects from software work products by having the author's technical peers methodically examine the products. Inspections are certainly one effective way to do this. However, as with other KPAs that deal directly with software engineering practices, the CMM does not dictate the specific review techniques to be used. This KPA primarily addresses the implementation of the organization's peer review activities, including: o A written policy about peer reviews is required. o Resources, funding, and training must be provided. o Peer reviews must be planned. o The peer review procedures to be used must be documented.

Misconception #10: Having a 'tailor able' process really means that you can do whatever you want. Anyone making this claim may be trying to weasel out of following a disciplined process. At the Defined Level, you develop a standard process for the software organization, as well as guidelines and criteria for tailoring this standard process for each project. You can't just do whatever you feel like, since each project's defined process must be adapted in a structured way from the broader organizational software process. Misconception #11: Requirements management is the same thing as requirements engineering. Requirements management, a Level 2 KPA, focuses on establishing and maintaining an agreement between the customer and the software project team on the software requirements.

Activities include having the software group review the requirements, using requirements as the basis for software plans and activities, and managing changes to the requirements in a controlled way. However, this KPA does not deal with requirements engineering, the tasks of gathering the right requirements from customers, documenting them, analyzing them, and so forth. Virtually every aspect of requirements engineering that the CMM addresses is found in Activity 2 of the Software Product Engineering KPA at the Defined Level. Misconceptions About Application Misconception #12: You cannot work on improving KPAs more than one maturity level higher than your current level. You can tackle process improvements in any area you feel will help your group, whether covered by the CMM or not, since the CMM doesn't address every issue that makes a software project successful.

It's important to understand that while you can choose to practice, say, peer reviews, while you are still at Level 1, you must satisfy the CMM's goals around peer reviews in order to achieve Level 3. The CMM's structure is based on the concept that you must stabilize the practices defined at Level 2 before you can be sure of sustaining any process improvements you might make on KPAs from the higher levels. Once the Repeatable Level KPAs (focusing at the individual project level) have been institutionalized, they provide a solid foundation for implementing the organization-wide KPAs at the higher levels. It's hard to create an organization's standard software process if the individual projects are still doing whatever they want in an ad how and undocumented fashion. While you cannot skip maturity levels (say, jump directly from Level 1 to Level 3), you can certainly choose to work on improvements in practices found at the higher levels.

Just recognize the risk that you may not be able to sustain those improvements over time or during periods of crisis. Misconception #13: The CMM mandates bureaucracy and wasteful paperwork. In their zeal to apply the CMM, process enthusiasts sometimes forget to scale the procedures they create to the size of the problem being addressed. The CMM speaks frequently about performing an activity according to a documented procedure.

This doesn't mean that you need a shelf full of procedures for every project you undertake. Defined processes are not intended to be barriers to productivity. They are intended to let practitioners apply the best available technical and managerial methods in a disciplined, repeatable, and efficient fashion. As you develop processes, make them scale able. As an example, a very simple project plan should be written for a 16-hour project, with specific additional planning components to be added for projects up to 160 hours. Plans for larger projects should contain still more detail to increase the chance of success.

Adapt the guidance provided by the CMM to the magnitude and risk of the project, but always write a project plan! Rather than dogmatically applying every detail in the CMM to every project, use the CMM to help you identify those activities that will add the most value to each project. Misconception #14: The CMM is a quick fix for short-term problems. If anyone believes the CMM is the long-sought software silver bullet, call me right away. I have some prime swamp land in Florida I just know you " re going to love.

Sorry, but adopting the CMM will not instantly double your productivity or melt away those unsightly defects while you sleep. It takes time to incorporate improved practices into your current development process and see the benefits. However, a sustained commitment to software process improvement, using the CMM or any other approach, will gradually improve your quality, productivity, and team morale (except for the coding cowboys, who just might ride into the sunset). Karl's Conceptions About the CMM The framework for process improvement provided by the CMM can go a long way toward improving the ability of a software organization to be successful on project after project.

However, the CMM is not a religion. You should use it as a guide to help you focus your improvement energies where they will likely pay off, rather than simply racing up the maturity scale as fast as you can. Attack your projects' real points of process pain, instead of treating the CMM as a sure-fire prescription for curing what ails you. All projects are different, but most can benefit from improvements in the Level 2 key process areas. Your software process improvement efforts should run in parallel with your software people improvement activities: hiring, teamwork, skill-building, work environment, recognition, and enlightened management. The best software results come from a sensible balance of people, process, and technology; don't neglect any one of these vital components.

(This paper was originally published in Software Development, November 1996. It is reprinted (with modifications) with permission from Software Development magazine. Capability Maturity Model and CMM are service marks of Carnegie Mellon University) capability maturity model integration (cm mi) The Capability Maturity Model Integration for Software (CMMI or SW-CMMI) is a model for judging the maturity of the software processes of an organization and for identifying the key practices that are required to increase the maturity of these processes. The Software CMMI has become a de facto standard for assessing and improving software processes.

Through the SW-CMMI, the SEI and community have put in place an effective means for documenting, defining, and measuring the maturity of the processes used by software professionals. Whether you are aiming for CMMI 'certification' or purely improving your software development processes Select Business Solutions has specific tools to help you move up through each level of maturity. Until now, no project management tools were available to truly support the evolutionary progress of IT groups, as they mature through the different levels of CMMI. Select Process Director provides features that support and deliver practical CMMI benefits such as: CMMI Level 1 to 2; Pre-packaged methodology documentation and active mentoring CMMI Level 2 to 3; Process documentation, configuration and accelerated project management CMMI Level 3 to 4; Managed process through Metrics Capture in an XML process repository CMMI Level 4 to 5; Process feedback loop to enable process improvement. Solution breakdown: Increase the maturity of your software development process with Select Process Director Automate the review of your Select Component Architect Business Process Modeling, Unified Model Language and Data Models with Reviewer for Select Component Architect Automate the review of your Rose Models with Reviewer for Rose Mentor and train your staff, to move up the CMMI The Maturity Maturity Model TM (M 3) Guidelines for Improving the Maturity Process By Lee Copeland Summary: Over the years our industry has witnessed an explosion of maturity models.

You can see a list of thirty-four of them at the end of this column. Unfortunately, until now, we have been lacking a maturity model to evaluate our own maturity-thus the need for the development of the 'Maturity Maturity Model (M 3). ' Based on the seminal works of Mahatma Kane Jeeves, Ph. D., as elucidated in his best-selling books Did Too-Did Not and You " re Not the Boss Boss of Me, the Maturity Maturity Model guides us in understanding the maturity of our own maturity. To clarify, the dictionary defines maturity as 'the state or quality of being mature.

' As with all other maturity models, the Maturity Maturity Model has five levels. They are designated: Oblivious At this maturity level, people are oblivious to even the idea of maturity. They say and do as they feel. Ideas of duty, responsibility, peer approval, societal norms, benefits, or ethics do not influence their behaviors.

(Dang, that sounds like fun.) Peter Pan At this maturity level, people acknowledge the existence of 'maturity' but want nothing to do with it. They simply refuse to grow up. Father William J. O'Malley describes this level as 'the commitment to non-commitment. ' The business mogul, Buffett (that is, Jimmy Buffett), calls it the 'growing older but not up' level.

(Dang, that sounds like fun too.) Anal At this maturity level, people seem to have their heads stuck somewhere. At this level people are sticklers, but no one knows what for. This level is better discussed in private. Management by Objective At this maturity level, people are fighting for their survival-clawing up the corporate mountain / molehill toward ever-retreating material success. They yearn for, clutch at, and then cling to arbitrary rules of behavior as a coping mechanism against the post-neo-ex-modern angst that envelops them. Rewards and punishments guide their every action.

Anxiety (both stranger and separation) rule their mid-brains (in the seventh house). They are hypersensitive to hypocrisy and often cranky (see dilbert. com). Five At this final maturity level, people become reflective about the ethical, moral, and religious values they attach to their behaviors. They easily conform their behaviors to those values.

Note that no one actually achieves this level unless they reside in a monastic cave carved into the east side of a mountain in southeast Mars. Thus, the Maturity Maturity Model holds the key to understanding all other maturity models, and to increasing our own maturity through its clearly defined maturation-saturation process.