Systematic process improvement using ISO 9001:2000 and CMMI
Systematic process improvement using ISO 9001:2000 and CMMI
Systematic process improvement using ISO 9001:2000 and CMMI
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
7.4 Third phase: Establishing 223<br />
ment, tracking, reviewing, <strong>and</strong> auditing infrastructure that can support execution<br />
of all specific practices in those PAs.<br />
In this step, PPQA specific practices are executed to provide an objective<br />
view into <strong>process</strong> <strong>and</strong> product implementation. This contrasts with the VER<br />
<strong>and</strong> VAL practices, which ensure that the product requirements are satisfied.<br />
In addition, PPQA also enables GP 2.8. GPs 2.6, 2.8, 2.9, <strong>and</strong> 2.10 further<br />
institutionalize the selected <strong>process</strong>es.<br />
Implementation of the PMC PA satisfies many <strong>ISO</strong> measurement requirements.<br />
The <strong>ISO</strong> st<strong>and</strong>ard does not specify the measurements to be collected<br />
but does require that <strong>process</strong>es be measured to the extent necessary for them<br />
to produce quality outputs. In PMC SG 1, Monitor Project Against Plan, the<br />
<strong>CMMI</strong> ® lists project performance measurements (such as monitoring planning<br />
parameters, project commitments, project risks, <strong>and</strong> data management)<br />
<strong>and</strong> provides additional guidelines in each PA by invoking GP 2.8. In the<br />
MA PA, the <strong>CMMI</strong> ® provides guidelines for specifying measures such as<br />
earned value, reliability, <strong>and</strong> quality measures. Grouping all measurement<br />
<strong>and</strong> review <strong>process</strong>es together avoids duplication of certain practices defined<br />
across the <strong>CMMI</strong> ® .<br />
CM SG 2, Track <strong>and</strong> Control Changes, <strong>and</strong> SG 3, Establish Integrity, are<br />
invoked in this step. To address prevention activities, SG 1, Determine Causes<br />
of Defects, in the CAR PA may have to be invoked.<br />
Two more <strong>ISO</strong>-required procedures, for corrective <strong>and</strong> preventive actions<br />
(<strong>ISO</strong> 8.5.2 <strong>and</strong> 8.5.3), are not found in the <strong>CMMI</strong> ® <strong>and</strong> will have to be<br />
written.<br />
Step 13: This step addresses those <strong>ISO</strong> requirements not covered in the<br />
<strong>CMMI</strong> ® but needed for <strong>ISO</strong> registration. Although the h<strong>and</strong>ling of the customer<br />
property (7.5.4) can be accomplished by implementing the CM PA,<br />
special care should be taken when addressing intellectual property, customer<br />
supplied data needed for testing, <strong>and</strong> customer sensitive or secret data.<br />
Two additional procedures for preserving the product during internal<br />
<strong>process</strong>ing (7.5.5) <strong>and</strong> for h<strong>and</strong>ling of nonconforming product (8.3) have<br />
to be addressed.<br />
Two <strong>CMMI</strong> ® PAs were not invoked in the steps above, namely, RSKM<br />
<strong>and</strong> DAR. Similarly, some PA goals were also lightly represented, such as<br />
SG 3 in PP <strong>and</strong> SG 1 in PMC. An organization executing all of the listed steps<br />
would most probably attain level 2 maturity. To achieve level 3 maturity, it<br />
would also have to implement the RSKM <strong>and</strong> DAR PAs. Specifically, RSKM<br />
would be established in step 8 <strong>and</strong> then periodically invoked in step 12.<br />
DAR can also be established in step 8 <strong>and</strong> then invoked whenever a decision<br />
is required, for example, when selecting a supplier.