CMM vs. ISO

1
CMM vs. ISO

• David S. Craft CIRM, PMP
• Engineering Manufactuing Services

2
Agenda

• Who Am I
• CMM
• ISO
• Similarities And Differences
• Sarbanes Oxley

3
Who Am I
Managing Consultant Engineering and
Manufacturing Services Applications Service
Delivery
Inventory Control Manager
Shift Supervisor
Industrial Engineer
Team Leader
Internal ISO Auditor
Materials Manager
Information Specialist, Senior
VISTA Volunteer
Consultant
Manager Production Planning Control
Chief Industrial Engineer
Project Manager
4
(No Transcript)
5
(No Transcript)
6
(No Transcript)
7
(No Transcript)
8
CMMI History

• Federal government cannot distinguish between
  competing bids for software development
• Early 1980s - Federal Government (Congress)
  awards a contract to establish the Software
  Engineering Institute (SEI) at Carnegie Mellon
  University (sponsored by the DOD)
• 1988 - SEI begins work on a Process Maturity
  Framework for judging a companys capability to
  produce software
• The Process Maturity Framework evolves into the
  Capability Maturity Model (CMM)
• August 1991 SW-CMM Version 1 released
• SE-CMM developed by the Enterprise Process
  Improvement Collaboration (EPIC)
• 1992 - CMM Version 1.1 released
• 1999 - Begin developing CMMI (CMM Integrated)
• 2002 CMMI SE/SW/IPPD/SS Version 1.1 introduced
• 200? - CMMI Version 1.2 Released

9
(No Transcript)
10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
(No Transcript)
18
(No Transcript)
19
(No Transcript)
20
(No Transcript)
21
(No Transcript)
22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
(No Transcript)
26
(No Transcript)
27
ISO History

• Began with British Military standards
• ISO organization was established in 1947
• Headquartered in Geneva, Switzerland
• Currently composed of 148 National Standard
  Bodies and 2,981 technical bodies
• As of 12/31/05 there are 15,649 International
  Standards embodied in 573,494 pages of English
  text

28
What are standards?
29
Where are the Standards (12/31/05)
Sector Standards Pages
Generalities, Infrastructure and Sciences 1,406 49,761
Health, Safety and Environment 658 20,252
Engineering Technologies 4,099 169,843
Electronics, Information Technology and Telecommunications 2,447 161,132
Transport and Distribution of Goods 1,710 44,918
Agriculture and Food Technology 954 20,335
Materials Technology 3,943 93,121
Construction 311 11,068
Special Technologies 121 3,064
Total 15,649 573,494
30
Which ISO Standards

• The ISO family includes
• ISO 90002000 Quality Management Systems
  Fundamentals and vocabulary
• ISO 90012000 Quality Management Systems -
  Requirements
• ISO 90042000 Quality Management Systems
  Guidelines for performance improvement
• ISO 19011 Guidelines on quality and/or
  environmental management systems auditing.
• ISO 10012 Measurement control system

31
Quality System Documentation
Level 1 Defines Approach and Responsibility
Quality Manual
Level 2 Defines Who, What, When
Procedures
Work/Job Instructions
Level 3 Answers How
Level 4 Results shows that the system is
operating
Records/Documentation
32
ISO 90012000 Structure

• Quality Management System
• 4.1 General requirements
• 4.2 Document requirements

• Management Responsibility
• 5.1 Management commitment
• 5.2 Customer focus
• 5.3 Quality policy
• 5.4 Planning
• 5.5 Responsibility, authority, communication
• 5.6 Management review

• Product realization
• 7.1 Planning of product realization
• 7.2 Customer-related processes
• 7.3 Design and development
• 7.4 Purchasing
• 7.5 Production and service provision
• 7.6 Control of monitoring and measuring devices

• Measurement, Analysis Improvement
• 8.1 General
• 8.2 Monitoring and measurement
• 8.3 Control of nonconforming product
• 8.4 Analysis of data
• 8.5 Improvement

• Resource Management
• 6.1 Provision of resources
• 6.2 Human resources
• 6.3 Infrastructure
• 6.4 Work environment

33
Similarities

• Both require the organization be explicit about
  what their processes and quality systems are
• Say what you do do what you say
• The organization records and tracks data for
  objective analysis
• Require strong management support to succeed
• Provide a structured and measured approach to
  quality improvement
• Require an outside audit for certification
• Both are refined/improved over time

34
Differences
ISO 9000 SW-CMMI
Outwardly focused Inwardly focused
Minimum requirements with implied continuous improvements Explicit continuous quality improvement
Not specific to any one industry or service Software focus
Registration Document No documentation
Continual Audits No follow up audits
35
Sarbanes-Oxley Implications

• With its more than 300 discrete points of
  enforceable law, this is the most significant
  piece of account legislation passed since the
  formation of the SEC in 1933
• SOX was passed with the specific intent of
  increasing accountability and attempting to
  install ethical behavior in financial reporting
  and business operations.
• With this increase spotlight on reporting,
  companies must invest resources and focus into
  their internal control process
• The Act created the Public Company Accounting
  Oversight Board (PCAOB) to oversee the activities
  of the auditing profession and mandated reforms
  to enhance corporate and criminal fraud
  accountability.
• A goal of SOX legislation is to continually
  improve the transparency of financial and
  business events that can impact the accuracy and
  future validity of financial statements.
  Projects to improve processes and regular review
  of controls will become common-place activities
  as compliance evolves. Tools that simplify
  project completion and track status will better
  enable organization to cost-effectively undertake
  these projects.

36
(No Transcript)