Systematic process improvement using ISO 9001:2000 and CMMI
Systematic process improvement using ISO 9001:2000 and CMMI
Systematic process improvement using ISO 9001:2000 and CMMI
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
7.4 Third phase: Establishing 221<br />
nitely advantageous to implement CM in its entirety as soon as practical.<br />
Many configuration management tools are currently available to support<br />
implementation. CM SG 2 is invoked in step 12.<br />
This step addresses two of the six documented procedures required by<br />
the <strong>ISO</strong> st<strong>and</strong>ard, although they are not necessarily required by the <strong>CMMI</strong> ® .<br />
These are a procedure for controlling records (4.2.3) <strong>and</strong> a procedure for<br />
controlling storage, protection, retrieval, retention time, <strong>and</strong> disposition of<br />
records (4.2.4).<br />
Although the spirit of those procedures may be adequately covered in<br />
the corresponding <strong>process</strong> descriptions <strong>and</strong> plans, organizations that aspire<br />
to <strong>ISO</strong> registration may be advised to explicitly write those procedures. This<br />
will satisfy the letter of the <strong>ISO</strong> st<strong>and</strong>ard <strong>and</strong> avoid potential misunderst<strong>and</strong>ings.<br />
Step 6: Although <strong>ISO</strong> does not explicitly require a QA function, we recommend<br />
establishing such a function by implementing the PPQA PA generic<br />
practices. PPQA specific practices will be implemented <strong>and</strong> executed in step<br />
12. The <strong>CMMI</strong> ® PPQA PA encompasses not only the audits required by <strong>ISO</strong><br />
8.2.2, but also provides visibility into, <strong>and</strong> feedback on, <strong>process</strong>es <strong>and</strong> products<br />
throughout the life of the project. Here again, <strong>ISO</strong> requires organizations<br />
to define a procedure addressing responsibilities <strong>and</strong> requirements for<br />
planning <strong>and</strong> conducting audits, <strong>and</strong> for reporting results <strong>and</strong> maintaining<br />
records (8.2.2). If such a procedure is not developed during PPQA implementation,<br />
it will have to be specifically written to satisfy this <strong>ISO</strong> requirement.<br />
Some of the <strong>ISO</strong> 8.2.2 requirements, such as internal <strong>process</strong> audits, were<br />
already addressed when implementing OPF. In this step, the organization<br />
may also establish the verification <strong>and</strong> validation environment <strong>and</strong> evaluation<br />
criteria.<br />
Step 7: Next, an organization has to establish a measurement <strong>and</strong> analysis<br />
function by implementing the MA PA to support all of its management<br />
information needs. By implementing this PA, the organization will satisfy a<br />
majority of the <strong>ISO</strong> Section 8 requirements. [Control of nonconforming<br />
product (8.3) <strong>and</strong> <strong>improvement</strong> (8.5) are addressed in steps 6 <strong>and</strong> 1, respectively.]<br />
SG 2 of this PA will be invoked in step 12.<br />
To address the statistical techniques indicated by <strong>ISO</strong> (8.1), an organization<br />
may establish some aspects of QPM. However, the QPM PA is more<br />
dem<strong>and</strong>ing than many organizations are able to sustain. Therefore, we suggest<br />
<strong>using</strong> QPM for guidance only (as opposed to fully implementing its<br />
specific <strong>and</strong> generic practices). Similarly, to analyze results to prevent problems<br />
from recurring, some aspects of the CAR PA may be implemented.<br />
Because CAR is a maturity level 5 PA (in the staged representation), it too<br />
should be used as a guideline only.