ISO-CMM

advertisement
CMM vs. ISO
David S. Craft CIRM, PMP
Engineering &
Manufactuing Services
11 April 2007
CMM vs. ISO, Sarbanes Oxley
1
/ 10 April 2007 / EDS INTERNAL
Agenda
Who Am I
CMM
ISO
Similarities And Differences
Sarbanes Oxley
11 April 2007
CMM vs. ISO, Sarbanes Oxley
2
/ 10 April 2007 / EDS INTERNAL
Who Am I
Managing Consultant
Engineering and Manufacturing Services
Applications Service Delivery
Shift Supervisor
Team Leader
Inventory Control Manager
Industrial Engineer
Internal ISO Auditor
Materials Manager
Information Specialist, Senior
VISTA Volunteer
Consultant
Manager Production Planning & Control
Chief Industrial Engineer
Project Manager
11 April 2007
CMM vs. ISO, Sarbanes Oxley
3
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
4
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
5
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
6
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
7
/ 10 April 2007 / EDS INTERNAL
CMMI History
Federal government cannot distinguish between
competing bids for software development
Early 1980’s - Federal Government (Congress) awards a
contract to establish the Software Engineering
Institute (SEI) at Carnegie Mellon University
(sponsored by the DOD)
1988 - SEI begins work on a Process Maturity
Framework for judging a company’s capability to
produce software
The Process Maturity Framework evolves into the
Capability Maturity Model (CMM)
August 1991 – SW-CMM Version 1 released
SE-CMM developed by the Enterprise Process
Improvement Collaboration (EPIC)
1992 - CMM Version 1.1 released 11 April 2007
1999 - Begin developing CMMI (CMM Integrated)
CMM vs. ISO, Sarbanes Oxley
2002 – CMMI SE/SW/IPPD/SS Version
8
/ 10 1.1
April 2007introduced
/ EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
9
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
10
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
11
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
12
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
13
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
14
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
15
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
16
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
17
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
18
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
19
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
20
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
21
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
22
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
23
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
24
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
25
/ 10 April 2007 / EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
26
/ 10 April 2007 / EDS INTERNAL
ISO History
Began with British Military standards
ISO organization was established in 1947
Headquartered in Geneva, Switzerland
Currently composed of 148 National Standard Bodies
and 2,981 technical bodies
As of 12/31/05 there are 15,649 International
Standards embodied in 573,494 pages of English text
11 April 2007
CMM vs. ISO, Sarbanes Oxley
27
/ 10 April 2007 / EDS INTERNAL
What are standards?
Standards are documented agreements containing technical specifications
or other precise criteria to be used consistently as rules, guidelines, or
definitions of characteristics, to ensure that materials, products, processes
and services are fit for their purpose.
For example, the format of the credit cards, phone cards, and "smart" cards
that have become commonplace is derived from an ISO International
Standard. Adhering to the standard, which defines such features as an
optimal thickness (0,76 mm), means that the cards can be used worldwide.
International Standards thus contribute to making life simpler, and to
increasing the reliability and effectiveness of the goods and services we
use.
Last modified 2002-07-17
11 April 2007
CMM vs. ISO, Sarbanes Oxley
28
/ 10 April 2007 / EDS INTERNAL
Where are the Standards (12/31/05)
Sector
Standard
s
Generalities, Infrastructure and Sciences
Pages
1,406
49,761
658
20,252
Engineering Technologies
4,099
169,843
Electronics, Information Technology and
Telecommunications
2,447
161,132
Transport and Distribution of Goods
1,710
44,918
954
20,335
3,943
93,121
311
11,068
121
3,064
15,649
573,494
Health, Safety and Environment
Agriculture and Food Technology
Materials Technology
Construction
Special Technologies
11 April 2007
Total
CMM vs. ISO, Sarbanes Oxley
29
/ 10 April 2007 / EDS INTERNAL
Which ISO Standards
The ISO family includes:
• ISO 9000:2000 – Quality Management Systems –
Fundamentals and vocabulary
• ISO 9001:2000 – Quality Management Systems Requirements
• ISO 9004:2000 – Quality Management Systems –
Guidelines for performance improvement
• ISO 19011 – Guidelines on quality and/or
environmental management systems auditing.
• ISO 10012 Measurement control system
11 April 2007
CMM vs. ISO, Sarbanes Oxley
30
/ 10 April 2007 / EDS INTERNAL
Quality System Documentation
Level 1
Quality
Manual
Defines
Approach and
Responsibility
Level 2
Procedures
Defines
Who, What, When
Level 3
Work/Job
Instructions
Answers
How
Level 4
Records/Documentation
11 April 2007
Results: shows that
the system is
operating
CMM vs. ISO, Sarbanes Oxley
31
/ 10 April 2007 / EDS INTERNAL
ISO 9001:2000 Structure
4.
5.
6.
Quality Management System
4.1 General requirements
4.2 Document requirements
Management
Responsibility
5.1 Management
commitment
5.2 Customer focus
5.3 Quality policy
5.4 Planning
5.5 Responsibility, authority,
communication
5.6 Management review
Resource Management
6.1 Provision of resources
6.2 Human resources
6.3 Infrastructure
6.4 Work environment
7.
Product realization
7.1 Planning of product realization
7.2 Customer-related processes
7.3 Design and development
7.4 Purchasing
7.5 Production and service provision
7.6 Control of monitoring and
measuring devices
8.
Measurement, Analysis &
Improvement
8.1 General
8.2 Monitoring and measurement
8.3 Control of nonconforming product
8.4 Analysis of data
8.5
Improvement
11 April
2007
CMM vs. ISO, Sarbanes Oxley
32
/ 10 April 2007 / EDS INTERNAL
Similarities
Both require the organization be explicit about what
their processes and quality systems are
Say what you do; do what you say
The organization records and tracks data for objective
analysis
Require strong management support to succeed
Provide a structured and measured approach to quality
improvement
Require an outside audit for “certification”
Both are refined/improved over time
11 April 2007
CMM vs. ISO, Sarbanes Oxley
33
/ 10 April 2007 / EDS INTERNAL
Differences
ISO 9000
SW-CMMI
Outwardly focused
Inwardly focused
Minimum requirements with
implied continuous improvements
Explicit continuous quality
improvement
Not specific to any one industry or
service
Software focus
Registration Document
No documentation
Continual Audits
No follow up audits
11 April 2007
CMM vs. ISO, Sarbanes Oxley
34
/ 10 April 2007 / EDS INTERNAL
Sarbanes-Oxley Implications
With its more than 300 discrete points of enforceable
law, this is the most significant piece of account
legislation passed since the formation of the SEC in
1933
SOX was passed with the specific intent of increasing
accountability and attempting to install ethical behavior
in financial reporting and business operations.
With this increase spotlight on reporting, companies
must invest resources and focus into their internal
control process
The Act created the Public Company Accounting
Oversight Board (PCAOB) to oversee the activities of the
auditing profession and mandated reforms to enhance
corporate and criminal fraud accountability.
11 April 2007
A goal of SOX legislation is to continually improve the
transparency of financial and business events that can
CMM vs. ISO, Sarbanes Oxley
impact the accuracy and future validity
35
/ 10 Aprilof
2007financial
/ EDS INTERNAL
11 April 2007
CMM vs. ISO, Sarbanes Oxley
36
/ 10 April 2007 / EDS INTERNAL
Download