 |
What is the Capability Maturity Model? |
 |
Capability Maturity Model (CMM) broadly
refers to a process improvement approach that is based on a process
model. CMM also refers specifically to the first such model, developed
by the Software Engineering Institute (SEI)
in the mid-1980s, as well as the family of process models that
followed. A process model is a structured collection of practices that
describe the characteristics of effective processes; the practices
included are those proven by experience to be effective.
CMM can be used to assess an organization against a scale of five
process maturity levels. Each level ranks the organization according
to its standardization of processes in the subject area being
assessed. The subject areas can be as diverse as software engineering,
systems engineering, project management, risk management, system
acquisition, information technology (IT) services and personnel
management.
CMM was developed by the SEI at Carnegie Mellon University in
Pittsburgh. It has been used extensively for avionics software and
government projects, in North America, Europe, Asia, Australia, South
America, and Africa.Currently, some government departments require
software development contract organization to achieve and operate at a
level 3 standard. |
|
|
History
The Capability Maturity Model was initially funded by military
research. The United States Air Force funded a study at the
Carnegie-Mellon Software Engineering Institute to create a model
(abstract) for the military to use as an objective evaluation of
software subcontractors. The result was the Capability Maturity Model,
published as Managing the Software Process in 1989. The CMM is no
longer supported by the SEI and has been superseded by the more
comprehensive
Capability Maturity Model Integration (CMMI).
Maturity Model
The Capability Maturity Model (CMM) is a way to develop and refine an
organization's processes. The first CMM was for the purpose of developing
and refining software development processes. A maturity model is a
structured collection of elements that describe characteristics of
effective processes. A maturity model provides:
 |
|
 |
| |
 |
a place to start |
 |
|
|
|
the benefit of a community’s prior experiences |
|
|
|
|
|
a common language and a shared vision |
|
|
|
|
|
a framework for prioritizing actions |
|
|
|
|
|
a way to define what improvement means for your organization |
|
|
 |
|
 |
A maturity model can be used as a benchmark for assessing different
organizations for equivalent comparison. It describes the maturity of the
company based upon the project the company is dealing with and the clients
Context
In the 1970s, technological improvements made computers more widespread,
flexible, and inexpensive. Organizations began to adopt more and more
computerized information systems and the field of software development
grew significantly. This led to an increased demand for developers—and
managers—which was satisfied with less experienced professionals.
Unfortunately, the influx of growth caused growing pains; project failure
became more commonplace not only because the field of computer science was
still in its infancy, but also because projects became more ambitious in
scale and complexity. In response, individuals such as Edward Yourdon,
Larry Constantine, Gerald Weinberg, Tom DeMarco, and David Parnas
published articles and books with research results in an attempt to
professionalize the software development process.
Watts Humphrey's Capability Maturity Model (CMM) was described in the book
Managing the Software Process (1989). The CMM as conceived by Watts
Humphrey was based on the earlier work of Phil Crosby. Active development
of the model by the SEI began in 1986.
The CMM was originally intended as a tool to evaluate the ability of
government contractors to perform a contracted software project. Though it
comes from the area of software development, it can be, has been, and
continues to be widely applied as a general model of the maturity of
processes in IS/IT (and other)
organizations.
The model identifies five levels of process maturity for an organisation (see
below).
Within each of these maturity levels are KPAs (Key Process Areas) which
characterise that level, and for each KPA there are five definitions
identified:
|
|
|
|
| |
 |
1. Goals |
|
|
|
|
|
2. Commitment |
|
|
|
|
|
3. Ability |
|
|
|
|
|
4. Measurement |
|
|
|
|
|
5. Verification |
|
|
|
|
|
|
The KPAs are not necessarily unique to CMM, representing - as they do -
the stages that organizations must go through on the way to becoming
mature.
The assessment is supposed to be led by an authorised lead assessor. One
way in which companies are supposed to use the model is first to assess
their maturity level and then form a specific plan to get to the next
level. Skipping levels is not allowed.
Timeline
|
|
|
|
| |
|
|
1987 |
SEI-87-TR-24 (SW-CMM questionnaire), released. |
|
|
|
|
|
|
1989 |
Managing the Software Process, published. |
|
|
|
|
|
|
1991 |
SW-CMM v1.0, released. |
|
|
|
|
|
|
1993 |
SW-CMM v1.1, released. |
|
|
|
|
|
|
1997 |
SW-CMM revisions halted in support for CMMI. |
|
|
|
|
|
|
2000 |
CMMI v1.02, released. |
|
|
|
|
|
|
2002 |
CMMI v1.1, released. |
|
|
|
|
|
|
2006 |
CMMI v1.2, released. |
|
|
|
|
|
|
Current state
Although these models have proved useful to many organizations, the use of
multiple models has been problematic. Further, applying multiple models
that are not integrated within and across an organization is costly in
terms of training, appraisals, and improvement activities. The CMM
Integration project was formed to sort out the problem of using multiple
CMMs. The CMMI Product Team's mission was to combine three source models:
1. The Capability Maturity Model for Software (SW-CMM) v2.0 draft C
2. The Systems Engineering Capability Model (SECM)
3. The Integrated Product Development Capability Maturity Model (IPD-CMM)
v0.98
4. Supplier sourcing
CMMI is the designated successor of the three source models. The SEI has
released a policy to sunset the Software CMM and previous versions of the
CMMI. The same can be said for the SECM and the IPD-CMM; these models
were superseded by CMMI.
Future direction
With the release of the CMMI Version 1.2 Product Suite, the existing CMMI
has been renamed the CMMI for Development (CMMI-DEV), V1.2. Two other
versions are being developed, one for Services, and the other for Acquisitions.
In some cases, CMM can be combined with other methodologies. It is
commonly used in conjunction with the ISO 9001 standard, as well as with
the computer programming methodologies of Extreme Programming (XP),
and Six Sigma.
Levels of the CMM
There are five levels of the CMM:
|
|
|
|
| |
|
|
Level 1 - Initial |
|
|
|
|
|
Processes are usually ad hoc and the organization
usually does not provide a stable environment. Success in these
organizations depends on the competence and heroics of the people in the
organization and not on the use of proven processes. In spite of this ad
hoc, chaotic environment, maturity level 1 organizations often produce
products and services that work; however, they frequently exceed the
budget and schedule of their projects.
Organizations are characterized by a tendency to over
commit, abandon processes in the time of crisis, and not be able to repeat
their past successes again.Software project success depends on having
quality people. |
|
|
|
|
|
Level 2 - Repeatable |
|
|
|
|
|
Software development successes are repeatable. The
processes may not repeat for all the projects in the organization. The
organization may use some basic project management to track cost and
schedule.
Process discipline helps ensure that existing practices are retained
during times of stress. When these practices are in place, projects are
performed and managed according to their documented plans.
Project status and the delivery of services are visible to management at
defined points (for example, at major milestones and at the completion of
major tasks).
Basic project management processes are established to track cost,
schedule, and functionality. The minimum process discipline is in place to
repeat earlier successes on projects with similar applications and scope.
There is still a significant risk of exceeding cost and time estimate. |
|
|
|
|
|
Level 3 - Defined |
|
|
|
|
|
The organization’s set of standard processes, which is the basis for level
3, is established and improved over time. These standard processes are
used to establish consistency across the organization. Projects establish
their defined processes by the organization’s set of standard processes
according to tailoring guidelines.
The organization’s management establishes process objectives based on the
organization’s set of standard processes and ensures that these objectives
are appropriately addressed.
A critical distinction between level 2 and level 3 is the scope of
standards, process descriptions, and procedures. At level 2, the
standards, process descriptions, and procedures may be quite different in
each specific instance of the process (for example, on a particular
project). At level 3, the standards, process descriptions, and procedures
for a project are tailored from the organization’s set of standard
processes to suit a particular project or organizational unit. |
|
|
|
|
|
Level 4 - Managed |
|
|
|
|
|
Using precise measurements, management can effectively control the
software development effort. In particular, management can identify ways
to adjust and adapt the process to particular projects without measurable
losses of quality or deviations from specifications. At this level
organization set a quantitative quality goal for both software process and
software maintenance.
Subprocesses are selected that significantly contribute to overall process
performance. These selected subprocesses are controlled using statistical
and other quantitative techniques.
A critical distinction between maturity level 3 and maturity level 4 is
the predictability of process performance. At maturity level 4, the
performance of processes is controlled using statistical and other
quantitative techniques, and is quantitatively predictable. At maturity
level 3, processes are only qualitatively predictable. |
|
|
|
|
|
Level 5 - Optimizing |
|
|
|
|
|
Focusing on continually improving process performance
through both incremental and innovative technological improvements.
Quantitative process-improvement objectives for the organization are
established, continually revised to reflect changing business objectives,
and used as criteria in managing process improvement. The effects of
deployed process improvements are measured and evaluated against the
quantitative process-improvement objectives. Both the defined processes
and the organization’s set of standard processes are targets of measurable
improvement activities.
Process improvements to address common causes of process variation and
measurably improve the organization’s processes are identified, evaluated,
and deployed.
Optimizing processes that are nimble, adaptable and innovative depends on
the participation of an empowered workforce aligned with the business
values and objectives of the organization. The organization’s ability to
rapidly respond to changes and opportunities is enhanced by finding ways
to accelerate and share learning.
A critical distinction between maturity level 4 and maturity level 5 is
the type of process variation addressed. At maturity level 4, processes
are concerned with addressing special causes of process variation and
providing statistical predictability of the results. Though processes may
produce predictable results, the results may be insufficient to achieve
the established objectives. At maturity level 5, processes are concerned
with addressing common causes of process variation and changing the
process (that is, shifting the mean of the process performance) to improve
process performance (while maintaining statistical probability) to achieve
the established quantitative process-improvement objectives. |
|
|
|
|
|
|
The most beneficial elements of CMM Level 2 and 3:
|
|
|
|
| |
|
|
Creation of Software Specifications, stating
what is going to be developed, combined with formal sign off,
an executive sponsor and approval mechanism. This is NOT a
living document, but additions are placed in a deferred or out
of scope section for later incorporation into the next cycle
of software development. |
|
|
|
|
|
A Technical Specification, stating how
precisely the thing specified in the Software Specifications
is to be developed will be used. This is a living document. |
|
|
|
|
|
Peer Review of Code (Code Review) with metrics
that allow developers to walk through an implementation, and
to suggest improvements or changes. Note - This is problematic
because the code has already been developed and a bad design
can not be fixed by "tweaking", the Code Review gives complete
code a formal approval mechanism. |
|
|
|
|
|
Version Control - a very large number of
organizations have no formal revision control mechanism or
release mechanism in place. |
|
|
|
|
|
The idea that there is a "right way" to build
software, that it is a scientific process involving
engineering design and that groups of developers are not there
to simply work on the problem du jour. |
|
|
|
|
|
|
|
|
Learn More |
|
To find out more about how Select Business Solutions can help you
Contact Us today.
|
|
|
