1/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufactuing Services

1 / 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley

CMM vs. ISODavid S. Craft CIRM, PMP

Engineering & Manufactuing Services


11 April 2007


Agenda

Who Am I

CMM

ISO

Similarities And Differences

Sarbanes Oxley


11 April 2007


Who Am I

VISTA Volunteer

Industrial Engineer

Chief Industrial EngineerManager Production Planning & Control

Inventory Control ManagerShift Supervisor

Materials Manager

Consultant

Project Manager

Information Specialist, Senior

Team Leader

Managing Consultant Engineering and Manufacturing ServicesApplications Service Delivery

Internal ISO Auditor


11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007


Federal government cannot distinguish between competing bids for software development

Early 1980’s - Federal Government (Congress) awards a contract to establish the Software Engineering Institute (SEI) at Carnegie Mellon University (sponsored by the DOD)

1988 - SEI begins work on a Process Maturity Framework for judging a company’s capability to produce software

The Process Maturity Framework evolves into the Capability Maturity Model (CMM)

August 1991 – SW-CMM Version 1 released

SE-CMM developed by the Enterprise Process Improvement Collaboration (EPIC)

1992 - CMM Version 1.1 released

1999 - Begin developing CMMI (CMM Integrated)

2002 – CMMI SE/SW/IPPD/SS Version 1.1 introduced

200? - CMMI Version 1.2 Released

CMMI HistoryCMMI History


11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007



11 April 2007


Began with British Military standards

ISO organization was established in 1947

Headquartered in Geneva, Switzerland

Currently composed of 148 National Standard Bodies

and 2,981 technical bodies

As of 12/31/05 there are 15,649 International Standards

embodied in 573,494 pages of English text

ISO History


11 April 2007


What are standards?

Standards are documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose.

For example, the format of the credit cards, phone cards, and "smart" cards that have become commonplace is derived from an ISO International Standard. Adhering to the standard, which defines such features as an optimal thickness (0,76 mm), means that the cards can be used worldwide.

International Standards thus contribute to making life simpler, and to increasing the reliability and effectiveness of the goods and services we use.

Last modified 2002-07-17


11 April 2007


Sector Standards

Pages

Generalities, Infrastructure and Sciences 1,406 49,761

Health, Safety and Environment 658 20,252

Engineering Technologies 4,099 169,843

Electronics, Information Technology and Telecommunications

2,447 161,132

Transport and Distribution of Goods 1,710 44,918

Agriculture and Food Technology 954 20,335

Materials Technology 3,943 93,121

Construction 311 11,068

Special Technologies 121 3,064

Total 15,649 573,494

Where are the Standards (12/31/05)


11 April 2007


The ISO family includes:• ISO 9000:2000 – Quality Management Systems –

Fundamentals and vocabulary• ISO 9001:2000 – Quality Management Systems -

Requirements• ISO 9004:2000 – Quality Management Systems –

Guidelines for performance improvement• ISO 19011 – Guidelines on quality and/or

environmental management systems auditing.• ISO 10012 Measurement control system

Which ISO Standards


11 April 2007


Quality System Documentation

ProceduresProcedures

Records/DocumentationRecords/Documentation

QualityQualityManualManual

Work/JobWork/JobInstructionsInstructions

Level 1Level 1DefinesDefines

Approach andApproach andResponsibilityResponsibility

Level 2Level 2DefinesDefines

Who, What, WhenWho, What, When

Level 3Level 3Answers Answers

HowHow

Level 4Level 4Results: shows that Results: shows that

the system is the system is operatingoperating


11 April 2007


ISO 9001:2000 Structure

4. Quality Management System4.1 General requirements4.2 Document requirements

5. Management Responsibility

5.1 Management commitment

5.2 Customer focus5.3 Quality policy5.4 Planning5.5 Responsibility, authority,

communication5.6 Management review

6. Resource Management6.1 Provision of resources6.2 Human resources6.3 Infrastructure6.4 Work environment

7. Product realization7.1 Planning of product realization7.2 Customer-related processes7.3 Design and development7.4 Purchasing7.5 Production and service provision7.6 Control of monitoring and

measuring devices

8. Measurement, Analysis & Improvement8.1 General8.2 Monitoring and measurement8.3 Control of nonconforming product8.4 Analysis of data8.5 Improvement


11 April 2007


Both require the organization be explicit about what their processes and quality systems are

Say what you do; do what you say

The organization records and tracks data for objective analysis

Require strong management support to succeed

Provide a structured and measured approach to quality improvement

Require an outside audit for “certification”

Both are refined/improved over time

Similarities


11 April 2007


Differences

ISO 9000 SW-CMMI

Outwardly focused Inwardly focused

Minimum requirements with implied continuous improvements

Explicit continuous quality improvement

Not specific to any one industry or service

Software focus

Registration Document No documentation

Continual Audits No follow up audits


11 April 2007


Sarbanes-Oxley Implications

With its more than 300 discrete points of enforceable law, this is the most significant piece of account legislation passed since the formation of the SEC in 1933

SOX was passed with the specific intent of increasing accountability and attempting to install ethical behavior in financial reporting and business operations.

With this increase spotlight on reporting, companies must invest resources and focus into their internal control process

The Act created the Public Company Accounting Oversight Board (PCAOB) to oversee the activities of the auditing profession and mandated reforms to enhance corporate and criminal fraud accountability.

A goal of SOX legislation is to continually improve the transparency of financial and business events that can impact the accuracy and future validity of financial statements. Projects to improve processes and regular review of controls will become common-place activities as compliance evolves. Tools that simplify project completion and track status will better enable organization to cost-effectively undertake these projects.


11 April 2007


Documents

1/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufactuing Services