Professional Documents
Culture Documents
ISO
David S. Craft CIRM, PMP
Engineering &
Manufactuing Services
11 April 2007
Agenda
Who Am I
CMM
ISO
Similarities And Differences
Sarbanes Oxley
11 April 2007
Who Am I
Managing Consultant
Engineering and Manufacturing Services
Applications Service Delivery
Shift Supervisor
Team Leader
Materials Manage
Information Specialist, SeniorVISTA Volunteer
Consultant
Manager Production Planning &
Chief Industrial Engineer
Project Manager
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
CMMI History
Federal government cannot distinguish between competing bids for software
development
Early 1980s - Federal Government (Congress) awards a contract to establish
the Software Engineering Institute (SEI) at Carnegie Mellon University
(sponsored by the DOD)
1988 - SEI begins work on a Process Maturity Framework for judging a
companys capability to produce software
The Process Maturity Framework evolves into the Capability Maturity Model
(CMM)
August 1991 SW-CMM Version 1 released
SE-CMM developed by the Enterprise Process Improvement Collaboration
(EPIC)
1992 - CMM Version 1.1 released
1999 - Begin developing CMMI (CMM Integrated)
2002 CMMI SE/SW/IPPD/SS Version 1.1 introduced
200? - CMMI Version 1.2 Released
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
11 April 2007
ISO History
Began with British Military standards
ISO organization was established in 1947
Headquartered in Geneva, Switzerland
Currently composed of 148 National Standard Bodies
and 2,981 technical bodies
As of 12/31/05 there are 15,649 International
Standards embodied in 573,494 pages of English text
11 April 2007
11 April 2007
Standard
s
Pages
1,406
49,761
658
20,252
Engineering Technologies
4,099
169,843
2,447
161,132
1,710
44,918
954
20,335
3,943
93,121
Construction
311
11,068
Special Technologies
121
3,064
15,649
573,494
11 April 2007
Total
CMM vs. ISO, Sarbanes Oxley
29
Requirements
11 April 2007
Level 1
Quality
Manual
Defines
Approach and
Responsibility
Level 2
Procedures
Defines
Who, What, When
Work/Job
Instructions
Level 3
Answers
How
Level 4
Records/Documentation
11 April 2007
5.
6.
Management
Responsibility
5.1 Management
commitment
5.2 Customer focus
5.3 Quality policy
5.4 Planning
5.5 Responsibility, authority,
communication
5.6 Management review
Resource Management
6.1 Provision of resources
6.2 Human resources
6.3 Infrastructure
6.4 Work environment
7.
Product realization
7.1 Planning of product realization
7.2 Customer-related processes
7.3 Design and development
7.4 Purchasing
7.5 Production and service provision
7.6 Control of monitoring and
measuring devices
8.
Similarities
Both require the organization be explicit about what
their processes and quality systems are
Say what you do; do what you say
The organization records and tracks data for objective
analysis
Require strong management support to succeed
Provide a structured and measured approach to quality
improvement
Require an outside audit for certification
Both are refined/improved over time
11 April 2007
Differences
ISO 9000
SW-CMMI
Outwardly focused
Inwardly focused
Software focus
Registration Document
No documentation
Continual Audits
No follow up audits
11 April 2007
Sarbanes-Oxley Implications
With its more than 300 discrete points of enforceable law, this is the most
significant piece of account legislation passed since the formation of the
SEC in 1933
SOX was passed with the specific intent of increasing accountability and
attempting to install ethical behavior in financial reporting and business
operations.
With this increase spotlight on reporting, companies must invest resources
and focus into their internal control process
The Act created the Public Company Accounting Oversight Board (PCAOB)
to oversee the activities of the auditing profession and mandated reforms to
enhance corporate and criminal fraud accountability.
A goal of SOX legislation is to continually improve the transparency of
financial and business events that can impact the accuracy and future
validity of financial statements. Projects to improve processes and regular
review of controls will become common-place activities as compliance
evolves. Tools that simplify project completion and track status will better
enable organization to cost-effectively undertake these projects.
11 April 2007
11 April 2007