CSC303 Software Engineering II

CMMCMM

SEI/Capability Maturity Model

Background Originally studied as a software

management method [Gilb, 1988; Humphrey, 1989 etc. ]

CMM & ISO 9000 marks software engineering process as a new discipline (also known as process-based software engineering)

Definition The software engineering process is a set

of sequential practices that are functionally coherent and reusable for software engineering organization, implementation, and management.

It is usually referred as the software process or simply the process.

Models The CMM Model

18 Areas, 5 Level process capability scale The ISO 9001/ISO 9000-3 Model

20 areas, 177 management issues The BOOTSTRAP Model (Extension of CMM)

3 categories, 201 quality system attributes. The ISO/IEC 15504 (SPICE) Model

5 categories, 35 processes, 201 base practices The SEPRM: Software Engineering Process

Reference Model Complete process reference model

Models & StandardsMaturity Assessment

&

Process Improvement

SEI’s SW-CMM

ISO 15504 (SPICE)

UK/Europe’s Bootstrap

SEI’s PSP

Quality

ISO 9001/ISO 9000-3

ISO 12207

USA DoD

IEEE

Project Management

PMI’s PMBoK

SEPRM: Target a Complete Reference Model

CMM

SPICE Bootstrap

ISO 9001

SEPRM

Who “owns” them? Software Engineering Institute (SEI) - formed 1984

(USA) International Standards Organization (ISO) - formed 1947 Institute of Electrical & Electronics Engineers (IEEE) USA Department of Defense (DoD): gov’t/military Project Management Institute (PMI): formed 1969; non-

profit, professional org. There are many other standards “owned” by commercial,

professional or industrial associations (e.g., aviation, pharmaceutical, etc.)

Who “recognizes” them?

Individuals Organizations Associations Countries (Governments) Customers

SEI’s Capability Maturity Models First one was initially just called CMM; now

called “CMM for Software” (SW-CMM); v1.1 Others:

SE-CMM (Systems Engineering) SSE-CMM (Security Systems Engineering) SA-CMM (System Architecture) P-CMM (People) Team-CMM ...

External Quality Standards (some of the“significant” ones for swr dev.)

ISO 9001 (1994) for QA in Design, Development, Production,

Installation, Servicing

ISO 9000-3 (1997) guidelines to apply ISO 9001 to development,

supply, and maintenance of software

ISO 12207 (1995) IT Software Life Cycle Processes Standard

also IEEE and US military standards

SEI/Capability Maturity Model

Understanding the CMM and its Role in Software Development Maturity

Swr Development Maturity Models

They describe a progression towards disciplined, successful software processes

Are a framework for assessing the software process (what level of maturity have you achieved?) regardless of what lifecycle model is used

Are often used as a guide for process improvement

Organizational Maturity Immature Organizations

software processes improvised reactionary management schedules and budgets are routinely overrun,

partly due to poor estimates no objective basis for judging product quality or

for solving product/process problems … making product quality unpredictable

time pressures reduce emphasis on reviews and testing

Organizational Maturity Mature Organizations

work carried out according to planned process clearly defined roles and responsibilities managers monitor quality of software products and

customer satisfaction quantitative basis for judging quality and

analyzing problems schedules & budgets based on past performance performance measures usually achieved

Capability Maturity Model (CMM)

CMM is a “management model” Framework for Continuous Process

Improvement Created by Software Engineering Institute

(Carnegie Mellon University) Version 1.0 released by SEI in 1991 CMM is not prescriptive, does not tell how

SEI’s Capability Maturity Models First one was initially just called CMM; now

called “CMM for Software” (SW-CMM); v1.1

Others: SE-CMM (Systems Engineering) SSE-CMM (Security Systems Engineering) SA-CMM (System Architecture) P-CMM (People) Team-CMM ...

SW-CMM Maturity Levels

Initial(1)

Repeatable(2)

Defined(3)

Managed(4)

Optimizing(5)

DisciplinedProcess

Standard ,Consistent

Process

PredictableProcess

ContinuouslyImproving

Process

Capability Maturity Model Overview

LEVEL CHARACTERISTIC KEY PROCESS AREA RESULTS5

OptimizingImprovement fed back into

processProcess change managementTechnology innovationDefect prevention

4Managed

(Quantitative)Measured process

Quality managementProcess measurement & analysis

3Defined

(Qualitative)Process defined and

institutionalized

Peer reviewsIntergroup coordinationSoftware product engineeringIntegrated software managementTraining programOrganization process definitionOrganization process focus

2Repeatable

(Intuitive)Process dependent on

individuals

Software configuration managementSoftware quality assuranceSoftware project tracking & oversightSoftware subcontract managementSoftware project planningRequirements management

1Initial

(Ad hoc/chaotic) Survival

Productivity and quality

Risk

The CMM Structure

Maturity levelsMaturity levels

Key processareas

Key processareas

Commonfeatures

Commonfeatures

Key practicesKey practices

Activities or infrastructureActivities or infrastructure

Implementation orinstitutionalizationImplementation orinstitutionalization

GoalsGoals

ProcesscapabilityProcesscapability

Indicate

Achieve

Address

Describe

Contain

Contain

Organized by

Common Features

Commitment to Perform (e.g. organizational policies, senior management sponsorship)

Ability to Perform (e.g. resources, training, organizational structures, tools)

Activities Performed (e.g. plans & procedures, performing the work, tracking it, taking corrective action as necessary)

Common Features

Measurement and Analysis (e.g. examples of the measurements that could be taken to determine status and effectiveness of the activities performed feature)

Verifying Implementation (e.g. reviews and audits by management and SQA)

KPAs by Maturity LevelDefect preventionTechnology change managementProcess change management

Quantitative process managementSoftware quality management

Organization process focusOrganization process definitionTraining programIntegrated software managementSoftware product engineeringIntergroup coordinationPeer reviews

Managed

Requirements managementSoftware project planningSoftware project tracking and oversightSoftware subcontract managementSoftware quality assuranceSoftware configuration management

Optimized

Defined

Repeatable

Initial

SW-CMM KPAs for Levels 2 and 3

Level 2 Requirements Management Swr Project Planning Swr Project Tracking &

Oversight Swr Subcontract

Management Swr Quality Assurance Swr Configuration

Management

Level 3 Swr Product Engineering Peer Reviews Integrated Swr Management Intergroup Coordination Organization Process Focus Organization Process

Definition Training Program

KPAs Level 2: Repeatable (1 of 6)

Requirements Management to establish a common understanding between

the customer and the software project of the customer’s requirements to be addressed by the project

this agreement with the customer is the basis for planning and managing the software project

KPAs Level 2: Repeatable (2 of 6)

Software Project Planning to establish reasonable plans for performing the

software engineering and for managing the software project

reasonable plans based on developing realistic estimates for the work and establishing necessary commitments to perform the work

begins with SOW and constraints and goals that define and bound the project

KPAs Level 2: Repeatable (3 of 6)

Software Project Tracking and Oversight to establish adequate visibility of actual progress

so that management can take effective actions when the software project’s performance deviates significantly from the software plans

Management of the project based on the software development plan

KPAs Level 2: Repeatable (4 of 6)

Software Subcontract Management to select qualified software subcontractors and

manage them effectively subcontractor selected on ability to perform the

work other factors include strategic business alliances,

process capability, technical considerations, ...

KPAs Level 2: Repeatable (5 of 6)

Software Quality Assurance to provide management with appropriate visibility

into the process being used by the software project and of the products being built

visibility achieved by reviewing and auditing the software products and activities to verify that they comply with the applicable standards and procedures

KPAs Level 2: Repeatable (6 of 6)

Software Configuration Management to establish and maintain the integrity of the

products of the software project throughout the project’s software life cycle

identifies configuration of the software at given points in time, systematically controlling changes to the configuration, and maintaining the integrity and traceability of the configuration through the software life cycle

KPAs Level 3: Defined (1 of 7)

Organization Process Focus to establish the organizational responsibility for

software process activities that improve the organization’s overall software process capability

sustained process improvement involves developing and maintaining an understanding of software processes and coordinating the activities to assess, develop, maintain and improve these processes

KPAs Level 3: Defined (2 of 7)

Organization Process Definition to develop and maintain a usable set of software

process assets that improve process performance across the projects and provide a basis for defining meaningful data for quantitative process management

KPAs Level 3: Defined (3 of 7)

Training Program to develop the skills and knowledge of

individuals so they can perform their roles effectively and efficiently

training is organization’s responsibility, but software projects are responsible for identifying needed skills and providing necessary training

KPAs Level 3: Defined (4 of 7)

Integrated Software Management to integrate the software engineering and

management activities into a coherent, defined software process that is tailored from the organization’s standard software process and related process assets

KPAs Level 3: Defined (5 of 7)

Software Product Engineering to perform consistently a well-defined

engineering process that integrates all the software engineering activities to produce correct, consistent software products effectively and efficiently

KPAs Level 3: Defined (6 of 7)

Intergroup Coordination to establish a means for the software engineering

group to participate actively with the other engineering groups so the project is better able to satisfy the customer’s needs effectively and efficiently

KPAs Level 3: Defined (7 of 7)

Peer Reviews to remove defects from the software work

products early and efficiently to develop better understanding of the software

work products and of the defects that can be prevented

implementable through inspections, structured walkthroughs, or other collegial review methods

KPAs Level 4: Managed (1 of 2)

Quantitative Process Management to control the process performance of the

software project quantitatively (SPC?) random variation exists in any process with stable process, performance is normally

within known bounds (quantitative process capability)

performance outside those bounds due to “special causes” of variation

KPAs Level 4: Managed (2 of 2)

Software Quality Management to develop a quantitative understanding of the

quality of the project’s software products and achieve specific quality goals

quantitative goals based on needs of organization, the customer, and the end user

“Software Quality Management” is product focused while “Quantitative Process Management” is process focused

KPAs Level 5: Optimizing (1 of 3)

Defect Prevention analyzes defects, identifies causes, and takes

action to prevent them from recurring a mechanism for incrementally improving

software process in an evolutionary way

KPAs Level 5: Optimizing (2 of 3)

Technology Change Management to identify beneficial new technologies (i.e. tools,

methods, and processes) and transfer them into the organization in an orderly manner

technology transition implies identifying, selecting, and evaluating new technologies, and incorporating effective technologies into the organization to improve software quality

KPAs Level 5: Optimizing (3 of 3)

Process Change Management to improve continually the software processes used

in the organization with the intent of improving software quality, increasing productivity, and decreasing the cycle time for product development

The CMM Structure

Maturity levelsMaturity levels

Key processareas

Key processareas

Commonfeatures

Commonfeatures

Key practicesKey practices

Activities or infrastructureActivities or infrastructure

Implementation orinstitutionalizationImplementation orinstitutionalization

GoalsGoals

ProcesscapabilityProcesscapability

Indicate

Achieve

Address

Describe

Contain

Contain

Organized by

Software Quality Assurance (Level 2 KPA)

Level 2:Repeatable

Maturity Level

Software Quality Assurance

Key Process Area

Disciplined Process

Process Capability

to provide management with appropriate visibility

into the process being used by the software project andof the products being

built

Goals

containsindicates

achieves

Eight Step Process Improvement Model

1. Define the problem.2. Identify, analyze, and document process.3. Measure current performance.4. Understand why process is performing as is.5. Develop alternative solutions and select best.6. Develop strategy for implementation and

implement chosen solution.7. Evaluate results of new process.8. Commit to continuous improvement of process.

Capability Maturity Model Overview

LEVEL CHARACTERISTIC KEY PROCESS AREA RESULTS 5

Optimizing

Improvement fed back into process

Process change management Technology innovation Defect prevention

4 Managed

(Quantitative) Measured process

Quality management Process measurement & analysis

3 Defined

(Qualitative) Process defined and

institutionalized

Peer reviews Intergroup coordination Software product engineering Integrated software management Training program Organization process definition Organization process focus

2 Repeatable

(Intuitive) Process dependent on

individuals

Software configuration management Software quality assurance Software project tracking & oversight Software subcontract management Software project planning Requirements management

1 Initial

(Ad hoc/chaotic) Survival

Productivity and quality Risk

Maturity Levels in Industry ~73 - 80% at Level 1

~10-15% at Level 2 & 3 ~1-3% at Levels 4 or 5

often, an organization’s processes are at different maturity levels

often, different projects within the organization are at different levels

a specific Level (other than 1) cannot be attached to an organization until all key process areas are stable at that particular Level

SW-CMM’s Biggest Benefits moving from Level 1 to Levels 2 and 3

Estimated vs. Actual Cost and Schedule have been shown to get very close by Level 3

Productivity improvement can be 100 - 200% Post-release defects can be reduced by 10% -

94%

can take 1-2+ years to move up a Level