For the customer, it is quite difficult to recognize how effective and how well a company works just by observation. To make it easier for people to recognize how mature a company is, some metrics were developed, which allude to the quality of production:
-
CMMI model – rating the maturity of a company
-
ISO 9000 standards – rating of product quality
Every company tries to optimize its inner processes to be more effective, work better, and minimize resource waste. By obtaining a certification of fulfilling some ISO standard or some CMMI level, a company proves it is able to work at some specific level. This can be the factor that makes it easier for the customer to decide to hire a company over another.
Trying to reach those certifications can be, first, a good marketing tactic, secondly, it can save money for the company by optimizing its processes, and thirdly, it can be used as a benchmark to assess the adequacy of its quality programs.
This chapter is dedicated to a short introduction of the two above-mentioned metrics and their influence on issue tracking.
2.3.1Capability Maturity Model Integration (CMMI)
Capability Maturity Model Integration (CMMI) is a set of products used to improve business processes. It was developed by the Software Engineering Institute (SEI) at Carnegie-Mellon University in 1991. It consists of CMMI models, methods for evaluation, and educational materials. CMMI allows the firm to set objectives and priorities for improving processes.
[MIT-WIK1]
The CMMI model contains a set of “best practices,” which covers the life cycle from design, through development, delivery, and maintenance. It is designed primarily for organizations engaged in the production and implementation of software; however, it is such a general model, that it can be applied to a wide variety of processes in different enterprises.
The “best practices” say what to do, but do not say how to do it and who shall do it. For example, in the requirements management area, it is recommended to monitor changes in requirements, but the specific methods of monitoring and determining the responsibilities are not explicitly recommended in the model.
CMMI helps organizations to set goals for improving the processes and their priorities. It improves processes, and advises how to ensure stable and capable and mature processes.
[MIT-IBA] [MIT-PRO] [MIT-WIK]
Process area, goals and practices
Individual practices of similar characteristics in CMMI models are concentrated into so-called Process Areas, e.g. requirements management, project planning. A Process Area has 1 to 4 goals and each goal is comprised of practices.
Those goals and practices which are specific to a single process area are called specific goals and practices. An additional set of goals and practices applies across all of the process areas; this set is called generic goals and practices.
[MIT-IBA]
Figure : CMMI schema
[MIT-IBA]
Staged and Continuous representation of CMMI
CMMI exists in two representations: continuous and staged. Representations allow the organization to monitor the various objectives while improving the processes. Representations are different in structure, but their content is same.
Staged representation – 5 levels of maturity of companies
Staged representation offers a proven set of steps aimed at improving the processes in the organization. Each step is the basis for further improvement. Staged representation uses 5 maturity levels of companies. Each maturity level contains an exact amount of Process Areas. To achieve the level, it is necessary to handle all its Process Areas. It is not possible to skip the levels, because the handling processes at a lower level is a precondition for achieving a higher level. The advantage of representation is that it allows an overall comparison between organizations based on the level of maturity.
Figure : Staged representation of CMMI and Process Areas
[MIT-IBA]
As mentioned above, the CMMI model recognizes 5 degrees of maturity of a company:
-
Initial: Organizations on the first degree of maturity do not depend on the processes. Problems are solved "ad-hoc", there are almost no long term plans. These organizations usually operate through "heroic performance" of individuals. Answers to questions concerning the duration of some task, etc. are merely estimates. There is no systematic procedure and no data which could provide accurate answers to these questions.
-
Managed: On the second level of maturity, the organization tries to define its core and the most used processes. The organization is, therefore, focused only on description of specific processes, how much and what kind of processes is decided arbitrarily by the management.
-
Defined: Organizations on the third level of maturity already have most of the processes defined. They have not created models of their business processes, but they understand how operation and support of these processes work . From the process architecture, one can determine how the organization works. In the case of a problem, the process can be easily and quickly, which could cause the problem, and also the solution to the problem can be quite easily proposed.
-
Quantitatively managed: Organizations on the fourth level of maturity have finished the phase of defining processes. These organizations have managers who collect data on processes performance characteristics and on the satisfaction of customers. They use this data to make decisions on how to optimize processes.
-
Optimizing: Organizations on the fifth degree of maturity have processes built in a way that reflects their essence. Processes are defined and managed. In addition, there is a system of their constant progressive improvement wherever it is possible.
[MIT-IBA] [MIT-WIB] [MIT-XIN]
Figure : CMMI staged maturity levels
[MIT-XIN]
Continuous representation - 6 levels of capability in process areas in companies
Continuous representation allows the organization to adapt the processes improvement process in such a way, so it best suits the company’s business objectives and so it allows one to focus on risk mitigation in problem areas. Continuous representation allows the rating of each process individually and establishes 6 capability levels of processes for the rating:
-
Incomplete process: A process that is either not performed or partially performed. One or more of the specific goals of the process area are not satisfied, and no generic goals exist for this level, since there is no reason to institutionalize a partially performed process.
-
Performed process: A capability level 1 process is a process that satisfies the specific goals of the process area. It supports and enables the work needed to produce work products.
Characteristics:
-
chaotic process;
-
unpredictable cost, schedule, and quality;
-
Managed process: A capability level 2 process is a performed (capability level 1) process that has the basic infrastructure in place to support the process. It is planned and executed in accordance with policy; employs skilled people who have adequate resources to produce controlled outputs; involves relevant stakeholders; is monitored, controlled, and reviewed; and is evaluated for adherence to its process description. The process discipline reflected by capability level 2 helps to ensure that existing practices are retained during times of stress.
Characteristics:
-
intuitive;
-
cost and quality are highly variable;
-
the plan is under conscious control;
-
informal methods and procedures;
To achieve capability level 2, the following must be met:
-
controlled collection of requirements;
-
subcontracts for the software are controlled;
-
software quality assurance;
-
software configuration management;
-
Defined process: A managed (capability level 2) process that is tailored from the organization’s set of standard processes according to the organization’s tailoring guidelines, and contributes work products, measures, and other process improvement information to the organizational process assets. It is about synchronization of processes in the organization according to predefined conventions. Processes can be managed between them in accordance with established policies.
Characteristics:
-
focused on quality;
-
reliable cost expectations and time plans;
-
improving, but still unpredictable profit of quality assurance system;
Key elements to achieve this level:
-
organization process definition;
-
organization process improvement;
-
training program;
-
integrated software management;
-
application of engineering methods in software product;
-
coordination between working groups;
-
detailed examination and testing;
-
Quantitatively managed process: Such an advanced process satisfies the conditions defined in the preceding stage, and in addition it uses quantitative analytical techniques for its control. To measure the quality of the process, there are defined measurable objectives, which are also used for management of process performance.
Characteristics:
-
quantitative;
-
statistically well-controlled quality of the product;
Key elements to achieve this level:
-
measurement and quantitative management of the production process;
-
quality management;
-
Optimizing process: The highest level of maturity involves measurably controlled processes, which are also changed and developed, so as to permit the performance of current and planned business objectives of the organization.
Characteristics:
-
focus is on continually improving the process performance through both incremental and innovative technological changes or improvements;
Key elements to achieve this level:
-
prevention of errors;
-
technology innovation;
-
driven changes of production processes;
This representation allows a comparison between the organizations, only on the basis of Process Areas. Process Areas in the continuous representation are divided into four categories: Project Planning, Support, Engineering, and Process Management.
[MIT-IBA] [MIT-WIB] [MIT-XIN]
Area
|
Maturity level
|
Process Area
|
Abbreviation
|
Project Management
|
2
|
Project Planning
|
PP
|
2
|
Project Monitoring and Control
|
PMC
|
3
|
Integrated Project Management
|
IPM
|
3
|
Risk Management
|
RSKM
|
4
|
Quantitative Project Management
|
QPM
|
Engineering
|
2
|
Requirements Management
|
REQM
|
3
|
Requirements Development
|
RD
|
3
|
Technical Solution
|
TS
|
3
|
Product Integration
|
PI
|
3
|
Verification
|
VER
|
3
|
Validation
|
VAL
|
Support
|
2
|
Configuration Management
|
CM
|
2
|
Process and Product Quality Assurance
|
PPQM
|
2
|
Measurement and Analysis
|
MA
|
3
|
Decision Analysis and Resolution
|
DAR
|
Process Management
|
3
|
Organizational Process Definition
|
OPD
|
3
|
Organizational Process Focus
|
OPF
|
3
|
Organizational Training
|
OT
|
4
|
Organizational Process Performance
|
OPP
|
Table : CMMI Process Areas categories
[MIT-XIN]
2.3.2ISO standards (concerned with software development) ISO 9000 standards – quality management systems
ISO 9000 is a family of standards for quality management systems. There are three major ISO 900x standards important for software development:
-
ISO 9000:2000 – Quality management systems – Fundamentals and vocabulary.
Covers the basics of what quality management systems are and also contains the core language of the ISO 9000 series of standards. A guidance document, not used for certification purposes, but an important reference document to understand terms and vocabulary related to quality management systems. In the year 2005, a revised ISO 9000:2005 standard was published; therefore, it is now advised to refer to the standard as ISO 9000:2005.
-
ISO 9001:2000 – Quality management systems
Requirements are intended for use in any organization which designs, develops, manufactures, installs and/or services any product, or provides any form of service. It provides a number of requirements which an organization must fulfill if it is to achieve customer satisfaction through consistent products and services, which meet customer expectations. It includes a requirement for the continual (i.e. planned) improvement of the Quality Management System, for which ISO 9004:2000 provides many hints.
-
ISO 9004:2000 – Quality management systems - Guidelines for performance improvements
ISO 9004 covers continual improvement. It gives advice on what could be done to enhance a mature system. This standard very specifically states that it is not intended as a guide to implementation.
[MIT-WIK5]
Because ISO standards are not readable documents, here is a citation of summary of content of ISO 9001:2000 from Wikipedia:
-
The quality policy is a formal statement from management, closely linked to the business and marketing plan and to customer needs. The quality policy is understood and followed at all levels and by all employees. Each employee needs measurable objectives to work towards.
-
Decisions about the quality system are made based on recorded data and the system is regularly audited and evaluated for conformance and effectiveness.
-
Records should show how and where raw materials and products were processed, to allow products and problems to be traced to the source.
-
[One] need[s] a documented procedure to control quality documents in your company. Everyone must have access to up-to-date documents and be aware of how to use them.
-
To maintain the quality system and produce conforming product, [one] need[s] to provide suitable infrastructure, resources, information, equipment, measuring and monitoring devices, and environmental conditions.
-
[One] need[s] to map out all key processes in your company; control them by monitoring, measurement and analysis; and ensure that product quality objectives are met. If [one] can’t monitor a process by measurement, then [one must] make sure the process is well enough defined that … adjustments [can be made] if the product does not meet user needs.
-
For each product [the] company makes, [one] need[s] to establish quality objectives; plan processes; and document and measure results to use as a tool for improvement. For each process, [one must] determine what kind of procedural documentation is required (note: a “product” is hardware, software, services, processed materials, or a combination of these).
-
[One] need[s] to determine key points where each process requires monitoring and measurement, and ensure that all monitoring and measuring devices are properly maintained and calibrated.
-
[One] need[s] to have clear requirements for purchased product.
-
[One] need[s] to determine customer requirements and create systems for communicating with customers about product information, inquiries, contracts, orders, feedback and complaints.
-
When developing new products, [one] need[s] to plan the stages of development, with appropriate testing at each stage. [One] need[s] to test and document whether the product meets design requirements, regulatory requirements and user needs.
-
[One] need[s] to regularly review performance through internal audits and meetings. [One must] determine whether the quality system is working and what improvements can be made. [One must] deal with past problems and potential problems. [One should] keep records of these activities and the resulting decisions, and monitor their effectiveness (note: … documented procedure for internal audits [are required]).
-
[One] need[s] documented procedures for dealing with actual and potential nonconformance (problems involving suppliers or customers, or internal problems). [One should] make sure no one uses bad product, determine what to do with bad product, deal with the root cause of the problem and keep records to use as a tool to improve the system.
[MIT-WIK5]
ISO 20000 is the international standard for IT Service management. It is based on, and is intended to supersede, the earlier British Standard, BS 15000. The standard actually is comprised of two parts:
-
ISO 20000-1 is the 'Specification for Service Management’, and this is what is used to certify organizations. It is comprised of ten sections:
Figure : ISO 20000 sections schema
[MIT-LIV]
-
ISO 20000-2 is the 'Code of practice for Service Management', and describes best practices, and the requirements of Part 1.
ISO 20000 is a common reference standard for all companies (regardless of sector, size and type of organization) that provide IT services for internal and/or external customers. On the basis of a common terminology for service providers (the IT Service Management Organization), customers, and suppliers, the integrated process approach is consistently regarded as a factor for success.
[MIT-LIV]
2.3.3Issue tracking role within CMMI and ISO standards
Within all methods, there are areas, more or less, coupled with Issue tracking.
In CMMI, we can find the following Process Areas (up to and including level 4):
-
Configuration Management
-
Measurement and Analysis
-
Project Monitoring and Control
-
Project Planning
-
Requirements Management
-
Verification
-
Validation
ISO 20000 introduces the following sections to handle:
-
Change Management
-
Configuration Management
-
Incident Management
-
Planning & Implementing new or changed services
-
Problem Management
-
Release Management
ISO 9001 speaks about the following items, which should be fulfilled:
-
Decisions about the quality system are made based on recorded data and the system is regularly audited and evaluated for conformance and effectiveness.
-
To maintain the quality system and produce a conforming product, you need to provide suitable infrastructure, resources, information, equipment, measuring, and monitoring devices, and environmental conditions.
-
One must determine customer requirements and create systems for communicating with customers about product information, inquiries, contracts, orders, feedback and complaints.
The above-mentioned methods all mention so-called Configuration Management. Configuration Management is the process of controlling and documenting change to a developing system.
The key part of Configuration Management is Requirements Management. Requirements Management involves establishing and maintaining agreements between customer and developer on both technical and non-technical requirements. This agreement forms the basis for estimating, planning, performing, and tracking project activities throughout the project and for maintaining and enhancing developed software. Key activities include:
-
planning the requirements phase;
-
establishing the requirements process;
-
controlling requirements changes;
-
minimizing the addition of new requirements (scope creep);
-
tracking progress;
-
resolving issues with customers and developers; and
-
holding requirements reviews.
Problem management, Incident management, and Change management are just special cases of Requirements Management.
Release management involves splitting projects into iterations. One must plan which requirements can be published to production, and which cannot. To be able to do this, one must determine if they are implemented or not. This is just one of many subtasks of Project monitoring and control. To be able to control and decide about the project, the actual state of all its parts must be known, but not only this – people also need to see various statistics – estimated and real work times on the features, etc., which can help them to make better estimates, and which enable them to evaluate the price of the work, or help with decisions about splitting work. People need tools, which collect the data above, which in turn, allows them to do their measurements and analysis.
[MIT-LUD] [MIT-PRF] [MIT-WIK2]
Dostları ilə paylaş: |
