Upload
lamcong
View
217
Download
0
Embed Size (px)
Citation preview
CSC303 Software Engineering II
CMMCMM
SEI/Capability Maturity Model
Background Originally studied as a software
management method [Gilb, 1988; Humphrey, 1989 etc. ]
CMM & ISO 9000 marks software engineering process as a new discipline (also known as process-based software engineering)
Definition The software engineering process is a set
of sequential practices that are functionally coherent and reusable for software engineering organization, implementation, and management.
It is usually referred as the software process or simply the process.
Models The CMM Model
18 Areas, 5 Level process capability scale The ISO 9001/ISO 9000-3 Model
20 areas, 177 management issues The BOOTSTRAP Model (Extension of CMM)
3 categories, 201 quality system attributes. The ISO/IEC 15504 (SPICE) Model
5 categories, 35 processes, 201 base practices The SEPRM: Software Engineering Process
Reference Model Complete process reference model
Models & StandardsMaturity Assessment
&
Process Improvement
SEI’s SW-CMM
ISO 15504 (SPICE)
UK/Europe’s Bootstrap
SEI’s PSP
Quality
ISO 9001/ISO 9000-3
ISO 12207
USA DoD
IEEE
Project Management
PMI’s PMBoK
SEPRM: Target a Complete Reference Model
CMM
SPICE Bootstrap
ISO 9001
SEPRM
Who “owns” them? Software Engineering Institute (SEI) - formed 1984
(USA) International Standards Organization (ISO) - formed 1947 Institute of Electrical & Electronics Engineers (IEEE) USA Department of Defense (DoD): gov’t/military Project Management Institute (PMI): formed 1969; non-
profit, professional org. There are many other standards “owned” by commercial,
professional or industrial associations (e.g., aviation, pharmaceutical, etc.)
Who “recognizes” them?
Individuals Organizations Associations Countries (Governments) Customers
SEI’s Capability Maturity Models First one was initially just called CMM; now
called “CMM for Software” (SW-CMM); v1.1 Others:
SE-CMM (Systems Engineering) SSE-CMM (Security Systems Engineering) SA-CMM (System Architecture) P-CMM (People) Team-CMM ...
External Quality Standards (some of the“significant” ones for swr dev.)
ISO 9001 (1994) for QA in Design, Development, Production,
Installation, Servicing
ISO 9000-3 (1997) guidelines to apply ISO 9001 to development,
supply, and maintenance of software
ISO 12207 (1995) IT Software Life Cycle Processes Standard
also IEEE and US military standards
SEI/Capability Maturity Model
Understanding the CMM and its Role in Software Development Maturity
Swr Development Maturity Models
They describe a progression towards disciplined, successful software processes
Are a framework for assessing the software process (what level of maturity have you achieved?) regardless of what lifecycle model is used
Are often used as a guide for process improvement
Organizational Maturity Immature Organizations
software processes improvised reactionary management schedules and budgets are routinely overrun,
partly due to poor estimates no objective basis for judging product quality or
for solving product/process problems … making product quality unpredictable
time pressures reduce emphasis on reviews and testing
Organizational Maturity Mature Organizations
work carried out according to planned process clearly defined roles and responsibilities managers monitor quality of software products and
customer satisfaction quantitative basis for judging quality and
analyzing problems schedules & budgets based on past performance performance measures usually achieved
Capability Maturity Model (CMM)
CMM is a “management model” Framework for Continuous Process
Improvement Created by Software Engineering Institute
(Carnegie Mellon University) Version 1.0 released by SEI in 1991 CMM is not prescriptive, does not tell how
SEI’s Capability Maturity Models First one was initially just called CMM; now
called “CMM for Software” (SW-CMM); v1.1
Others: SE-CMM (Systems Engineering) SSE-CMM (Security Systems Engineering) SA-CMM (System Architecture) P-CMM (People) Team-CMM ...
SW-CMM Maturity Levels
Initial(1)
Repeatable(2)
Defined(3)
Managed(4)
Optimizing(5)
DisciplinedProcess
Standard ,Consistent
Process
PredictableProcess
ContinuouslyImproving
Process
Capability Maturity Model Overview
LEVEL CHARACTERISTIC KEY PROCESS AREA RESULTS5
OptimizingImprovement fed back into
processProcess change managementTechnology innovationDefect prevention
4Managed
(Quantitative)Measured process
Quality managementProcess measurement & analysis
3Defined
(Qualitative)Process defined and
institutionalized
Peer reviewsIntergroup coordinationSoftware product engineeringIntegrated software managementTraining programOrganization process definitionOrganization process focus
2Repeatable
(Intuitive)Process dependent on
individuals
Software configuration managementSoftware quality assuranceSoftware project tracking & oversightSoftware subcontract managementSoftware project planningRequirements management
1Initial
(Ad hoc/chaotic) Survival
Productivity and quality
Risk
The CMM Structure
Maturity levelsMaturity levels
Key processareas
Key processareas
Commonfeatures
Commonfeatures
Key practicesKey practices
Activities or infrastructureActivities or infrastructure
Implementation orinstitutionalizationImplementation orinstitutionalization
GoalsGoals
ProcesscapabilityProcesscapability
Indicate
Achieve
Address
Describe
Contain
Contain
Organized by
Common Features
Commitment to Perform (e.g. organizational policies, senior management sponsorship)
Ability to Perform (e.g. resources, training, organizational structures, tools)
Activities Performed (e.g. plans & procedures, performing the work, tracking it, taking corrective action as necessary)
Common Features
Measurement and Analysis (e.g. examples of the measurements that could be taken to determine status and effectiveness of the activities performed feature)
Verifying Implementation (e.g. reviews and audits by management and SQA)
KPAs by Maturity LevelDefect preventionTechnology change managementProcess change management
Quantitative process managementSoftware quality management
Organization process focusOrganization process definitionTraining programIntegrated software managementSoftware product engineeringIntergroup coordinationPeer reviews
Managed
Requirements managementSoftware project planningSoftware project tracking and oversightSoftware subcontract managementSoftware quality assuranceSoftware configuration management
Optimized
Defined
Repeatable
Initial
SW-CMM KPAs for Levels 2 and 3
Level 2 Requirements Management Swr Project Planning Swr Project Tracking &
Oversight Swr Subcontract
Management Swr Quality Assurance Swr Configuration
Management
Level 3 Swr Product Engineering Peer Reviews Integrated Swr Management Intergroup Coordination Organization Process Focus Organization Process
Definition Training Program
KPAs Level 2: Repeatable (1 of 6)
Requirements Management to establish a common understanding between
the customer and the software project of the customer’s requirements to be addressed by the project
this agreement with the customer is the basis for planning and managing the software project
KPAs Level 2: Repeatable (2 of 6)
Software Project Planning to establish reasonable plans for performing the
software engineering and for managing the software project
reasonable plans based on developing realistic estimates for the work and establishing necessary commitments to perform the work
begins with SOW and constraints and goals that define and bound the project
KPAs Level 2: Repeatable (3 of 6)
Software Project Tracking and Oversight to establish adequate visibility of actual progress
so that management can take effective actions when the software project’s performance deviates significantly from the software plans
Management of the project based on the software development plan
KPAs Level 2: Repeatable (4 of 6)
Software Subcontract Management to select qualified software subcontractors and
manage them effectively subcontractor selected on ability to perform the
work other factors include strategic business alliances,
process capability, technical considerations, ...
KPAs Level 2: Repeatable (5 of 6)
Software Quality Assurance to provide management with appropriate visibility
into the process being used by the software project and of the products being built
visibility achieved by reviewing and auditing the software products and activities to verify that they comply with the applicable standards and procedures
KPAs Level 2: Repeatable (6 of 6)
Software Configuration Management to establish and maintain the integrity of the
products of the software project throughout the project’s software life cycle
identifies configuration of the software at given points in time, systematically controlling changes to the configuration, and maintaining the integrity and traceability of the configuration through the software life cycle
KPAs Level 3: Defined (1 of 7)
Organization Process Focus to establish the organizational responsibility for
software process activities that improve the organization’s overall software process capability
sustained process improvement involves developing and maintaining an understanding of software processes and coordinating the activities to assess, develop, maintain and improve these processes
KPAs Level 3: Defined (2 of 7)
Organization Process Definition to develop and maintain a usable set of software
process assets that improve process performance across the projects and provide a basis for defining meaningful data for quantitative process management
KPAs Level 3: Defined (3 of 7)
Training Program to develop the skills and knowledge of
individuals so they can perform their roles effectively and efficiently
training is organization’s responsibility, but software projects are responsible for identifying needed skills and providing necessary training
KPAs Level 3: Defined (4 of 7)
Integrated Software Management to integrate the software engineering and
management activities into a coherent, defined software process that is tailored from the organization’s standard software process and related process assets
KPAs Level 3: Defined (5 of 7)
Software Product Engineering to perform consistently a well-defined
engineering process that integrates all the software engineering activities to produce correct, consistent software products effectively and efficiently
KPAs Level 3: Defined (6 of 7)
Intergroup Coordination to establish a means for the software engineering
group to participate actively with the other engineering groups so the project is better able to satisfy the customer’s needs effectively and efficiently
KPAs Level 3: Defined (7 of 7)
Peer Reviews to remove defects from the software work
products early and efficiently to develop better understanding of the software
work products and of the defects that can be prevented
implementable through inspections, structured walkthroughs, or other collegial review methods
KPAs Level 4: Managed (1 of 2)
Quantitative Process Management to control the process performance of the
software project quantitatively (SPC?) random variation exists in any process with stable process, performance is normally
within known bounds (quantitative process capability)
performance outside those bounds due to “special causes” of variation
KPAs Level 4: Managed (2 of 2)
Software Quality Management to develop a quantitative understanding of the
quality of the project’s software products and achieve specific quality goals
quantitative goals based on needs of organization, the customer, and the end user
“Software Quality Management” is product focused while “Quantitative Process Management” is process focused
KPAs Level 5: Optimizing (1 of 3)
Defect Prevention analyzes defects, identifies causes, and takes
action to prevent them from recurring a mechanism for incrementally improving
software process in an evolutionary way
KPAs Level 5: Optimizing (2 of 3)
Technology Change Management to identify beneficial new technologies (i.e. tools,
methods, and processes) and transfer them into the organization in an orderly manner
technology transition implies identifying, selecting, and evaluating new technologies, and incorporating effective technologies into the organization to improve software quality
KPAs Level 5: Optimizing (3 of 3)
Process Change Management to improve continually the software processes used
in the organization with the intent of improving software quality, increasing productivity, and decreasing the cycle time for product development
The CMM Structure
Maturity levelsMaturity levels
Key processareas
Key processareas
Commonfeatures
Commonfeatures
Key practicesKey practices
Activities or infrastructureActivities or infrastructure
Implementation orinstitutionalizationImplementation orinstitutionalization
GoalsGoals
ProcesscapabilityProcesscapability
Indicate
Achieve
Address
Describe
Contain
Contain
Organized by
Software Quality Assurance (Level 2 KPA)
Level 2:Repeatable
Maturity Level
Software Quality Assurance
Key Process Area
Disciplined Process
Process Capability
to provide management with appropriate visibility
into the process being used by the software project andof the products being
built
Goals
containsindicates
achieves
Eight Step Process Improvement Model
1. Define the problem.2. Identify, analyze, and document process.3. Measure current performance.4. Understand why process is performing as is.5. Develop alternative solutions and select best.6. Develop strategy for implementation and
implement chosen solution.7. Evaluate results of new process.8. Commit to continuous improvement of process.
Capability Maturity Model Overview
LEVEL CHARACTERISTIC KEY PROCESS AREA RESULTS 5
Optimizing
Improvement fed back into process
Process change management Technology innovation Defect prevention
4 Managed
(Quantitative) Measured process
Quality management Process measurement & analysis
3 Defined
(Qualitative) Process defined and
institutionalized
Peer reviews Intergroup coordination Software product engineering Integrated software management Training program Organization process definition Organization process focus
2 Repeatable
(Intuitive) Process dependent on
individuals
Software configuration management Software quality assurance Software project tracking & oversight Software subcontract management Software project planning Requirements management
1 Initial
(Ad hoc/chaotic) Survival
Productivity and quality Risk
Maturity Levels in Industry ~73 - 80% at Level 1
~10-15% at Level 2 & 3 ~1-3% at Levels 4 or 5
often, an organization’s processes are at different maturity levels
often, different projects within the organization are at different levels
a specific Level (other than 1) cannot be attached to an organization until all key process areas are stable at that particular Level
SW-CMM’s Biggest Benefits moving from Level 1 to Levels 2 and 3
Estimated vs. Actual Cost and Schedule have been shown to get very close by Level 3
Productivity improvement can be 100 - 200% Post-release defects can be reduced by 10% -
94%
can take 1-2+ years to move up a Level