ISO 9001 for Software Industry

-- updated quarterly (ISO 9000-3, TickIT,...) --
"Quality will always win if you give it a chance." -- Small Business 2000
Tantara offers easy access to ISO 9001 information (ISO 9000-3, TickIT,...) that is specific to improving a software organization's process effectiveness and product/service potential.
See Tantara's main hotlist for other information.

When reading information on the internet, take note of the standard/model's edition being discussed/compared. Click here for a list depicting the current edition of key standards/models.
Click here for a quick view of the world's maturity regarding software quality and software process capability.

Resources:

Guidelines for application of ISO 9001 to software development: This web page summarizes ISO 9000-3:1991.

ISO 9000-3:1991 guidelines translated in plain english: Praxiom summarizes their interpretation of ISO 9000-3:1997 and highlights their main points.

ISO 9000-3:1991 checklist: Suggestions and a list of questions to determine whether requirments are met.

ISO 9001 explained clause-by-clause (both 2000 & 1994 editions): This is a good summary of how to interprete the ISO 9001 standard.

ISO 9001:2000 guidance: Lots of guidance here from ISO themselves.

ISO standards for the software industry: Enter software in the keyword field of the form -- if you prefer to view all computing specific standards, enter "information technology" in the keyword field. Then, click the SEARCH button to see the list of ISO standards.

ISO 9001:2000 translated in plain english: Praxiom summarizes their interpretation of ISO 9001:2000 and highlights their main points.

Trillium capability (area 5) - Quality System: Refer to this model's capability area #5 for a phase (level) approach to implementing an ISO 9001 compliant quality system for software development.
Articles:

Applicability of ISO 9001 to software development: How is ISO 9001:1994 relevant to software development organizations? What is the role of ISO 9000-3:1997?

Briefing--ISO 9000:1994 series: In light of the software development challenge, a briefing on the ISO 9000 series of standards (presented in March 1996).

History and relationship of process standards/models: Software process improvement is often influenced by process related standards/models and thus, it is important that a "change agent" understands the history and relationships of these standards/models.

TickIT description: TickIT is an ISO 9001 scheme for the software industry. Discover the principles and objectives of this scheme.

TickIT--providing confidence in ISO 9001:1994 certification: This paper traces the events that led up to the TickIT initiative, outlines TickIT, and discusses the issues that were outstanding in 1995.
Documents and Reports:

Report: Comparison of ISO 9001:1994 and SEI's SE-CMM V1.1 [pdf]: This is a top level summary of the comparison between the Systems Engineering Capability Maturity Model and ISO 9001.

Report: Comparison of ISO 9001:1987 and SEI's SW-CMM V1.1 [pdf]: M. Paulk's comparison report for SEI, report released in 1994. Comparison is version 1.1 of SEI's Capability Maturity Model for Software (SW-CMM) against the initial release (1987 edition) of ISO 9001. Also see M.Paulk's January 1996 IEEE Software feature article "How ISO 9001:1994 Compares with the CMM V1.1".

Report: Executive overview - TickIT for ISO 9001:2000 [pdf]: This is a quick four page overview of the revised TickIT guide for ISO 9001:2000.
Registered Software Organizations and their Registrars:

Quality Digest's search for ISO 9001 registered organizations: A form is presented; to view all software development organizations registered to ISO 9001in North America, enter "9001" in the "Standards" field and "software" in the "Scope of Registration" field -- leave all other fields blank. -- Note: Click here to purchase a complete directory of all ISO 9000 registered companies in North America.

Registrar Accreditation Board (RAB) accredited ISO 9000 registrars: Enter "33-Information Technology" in the scope field of the form presented at the bottom of this page. Click SUBMIT button to see a list of RAB accredited "ISO 9000 registrars for the software industry".

Standards Council of Canada (SCC) accredited ISO 9000 registrars: This is the current list of SCC accredited ISO 9000 registrars.
Governing agents for ISO 9001 and related software industry schemes:

ISO: The home (web) site for the International Organization for Standardization.

ISO Members: This is a list of all ISO Members--view this list to determine who is the ISO Member representative for your country.

ISO's Technical Sub-Committee #176-SC2 (re: Quality Management/Assurance): This site is provided for work specific to ISO 9001 and 9004 -- checkout this site for the many guidelines regarding transitioning ISO 9001:1994 to ISO 9001:2000

ISO's Technical Committee #176 (oversees Quality Management/Assurance): This site is for the TC176 committee members who oversee work pertaining to the ISO 9000 series and related standards/guidelines (e.g., ISO 10000 serries...)

TickIT: The home (web) site for the United Kingdom's TickIT scheme.
If you found this hotlist helpful, imagine what Tantara can do "in person" (consulting / training).
Why consider Tantara's consulting/training?
Tantara is one of the few firms that has proven experience in both software process improvement and ISO 9001 (ISO 9000-3, TickIT, AS 3563).
more

Moving up the ladder from ISO 9001

go here

Software Testing

The main objective of testing is to find defects in requirements, design, documentation, and code as early as possible. The test process should be such that the software product that will be delivered to the customer is defect less. All Tests should be traceable to customer requirements.Test cases must be written for invalid and unexpected, as well as for valid and expected input conditions. A necessary part of a test case is a definition of the expected output or result. A good test case is one that has high probability of detecting an as-yet undiscovered error.Eight Basic Principles of Testing· Define the expected output or result.· Don't test your own programs.· Inspect the results of each test completely.· Include test cases for invalid or unexpected conditions.· Test the program to see if it does what it is not supposed to do as well as what it is supposed to do.· Avoid disposable test cases unless the program itself is disposable.· Do not plan tests assuming that no errors will be found.The probability of locating more errors in any one module is directly proportional to the number of errors already found in that module.Best Testing Practices to be followed during testing· Testing and evaluation responsibility is given to every member, so as to generate team responsibility among all.· Develop Master Test Plan so that resource and responsibilities are understood and assigned as early in the project as possible.· Systematic evaluation and preliminary test design are established as a part of all system engineering and specification work.· Testing is used to verify that all project deliverables and components are complete, and to demonstrate and track true project progress.· A-risk prioritized list of test requirements and objectives (such as requirements-based, design-based, etc) are developed and maintained. · Conduct Reviews as early and as often as possible to provide developer feedback and get problems found and fixed as they occur.
Posted by expert at 12:38 AM 0 comments
Older Posts

more

List of software companies certified for quality

go here

Application software threat analysis

Buggy and insecure software applications are the top factor in security breaches.
The majority of data breaches are caused by attackers that exploit application software vulnerabilities. Attackers are not limited to Islamic cyber-terror groups like Team Evil, that exploited a known vulnerability in the Invision Power Board Web application. Software vulnerabilities are increasingly exploited by threats from trusted insiders such as contract programmers who have access to the source control repositories of company projects.
We improve software security with software quality

Software defect reduction is a highly economical way of preventing data breaches. You may be able to save hundreds of thousands of dollars in your security budget by decisive, focused software defect reduction.

We carry out a systematic threat analysis on critical business and Internet-facing Web applications after choosing a particular business unit and application functions. You get a cost-effective risk mitigation plan that shows you where and how you should remove software defects and how best to maintain reliable software.

The process requires executive level sponsorship that will later on, need to buy into implementation of the risk mitigation plan. The team members are chosen at a preliminary planning meeting with the lead consultant and the project's sponsor. There are typically 4-8 active participants with relevant knowledge of the business and the software. The team is lead by 2-4 expert Software Associates consultants that have the domain expertise, people skills and patience to guide a chaotic process.

The threat analysis follows a 7 step process: Set scope, Identify business assets, Identify software components, Classify vulnerabilties, build a system threat model, build the risk-mitigation plan and validate findings. Since there is normally a great deal of shared information between process steps, control flows asynchronously between steps.
Companies that perform software application threat analysis receive a clear picture of where to focus their software quality and application patching efforts.

Contact us today for a free consultationUS: +1 301-841-7122Israel: +972 (0)3 610 9750Sales AT software DOT co DOT il

More professional services from Software Associates
Digital Asset Protection
Business vulnerability assessment
Risk control optimization
Featured research articles
Software security assessment of production systems
The 7 step process for software threat analysis
Practical threat analysis in software development
10 questions your CEO should be able to answer



Next >

more

Capability Maturity Model Integration CMMI

Capability Maturity Model® Integration (CMMI®) is a process improvement approach that provides organizations with the essential elements of effective processes.[1] CMMI best practices are published in documents called models, which each address a different area of interest. There are now two areas of interest covered by CMMI models: Development and Acquisition.

The current release of CMMI is Version 1.2. There are two version 1.2 models now available:
CMMI for Development (CMMI-DEV), Version 1.2 was released in August 2006. It addresses product and service development processes.

CMMI for Acquisition (CMMI-ACQ), Version 1.2 was released in November 2007. It addresses supply chain management, acquisition, and outsourcing processes in government and industry.
Regardless of which model you choose, CMMI best practices should be adapted to each individual organization according to its business objectives. Organizations cannot be CMMI "certified." Instead, an organization is appraised (e.g., using an appraisal method like SCAMPI) and is awarded a 1-5 level rating. The rating results of such an appraisal can be published if released by the appraised organization.[2]

Contents
1 Process Areas
2 History
3 Appraisal
4 Benefits
5 CMMI Concepts
6 References
7 Footnotes
8 See also
9 External links
//
more

List of CMM Level 5 Certified companies in India

go here

Configuration Management and ISO 9001

Robert Bamford, William J. Deibler II Software Systems Quality Consulting, http://www.ssqc.com/

Configuration management is about managing change of the multiple items composing an information system. This article puts in reference the configuration management function and the ISO 9001 standard. This standard offers a wide range of advice on how to deal with this important, but often neglected, aspect of software engineering.

The software engineering practices associated with software configuration management (SCM or CM) offer a number of opportunities to address requirements found in the International Standard, ISO 9001. From a management perspective, the principles and practices of CM represent an accepted and understood foundation for implementing ISO-compliant processes in software engineering organizations. In addition, the growing number of tools for automating CM practices is chance for improving the efficiency and effectiveness of these processes.

This article begins with brief, general definitions of configuration management and of ISO 9001.
Configuration Management
While there is no single definition of CM, there are three widely disseminated views from three different sources: the Institute of Electrical and Electronics Engineers (IEEE), The International Organisation for Standardisation (ISO), and the Software Engineering Institute (SEI) at Carnegie Mellon University.


The IEEE perspective on CM
A most widely understood description of the practices associated with configuration management is found in the IEEE Standard 828-1990, Software Configuration Management Plans.
[Numbers in brackets are added]

"SCM activities are traditionally grouped into four functions: [1] configuration identification, [2] configuration control, [3] status accounting, and [4] configuration audits and reviews."
IEEE Standard 828-1990 goes on to list specific activities associated with each of the four functions (the number of the paragraph containing the reference appears in parentheses):
Identification: identify, name, and describe the documented physical and functional characteristics of the code, specifications, design, and data elements to be controlled for the project. (Paragraph 2.3.1)

Control: request, evaluate, approve or disapprove, and implement changes (Paragraph 2.3.2)
Status accounting: record and report the status of project configuration items [initial approved version. status of requested changes, implementation status of approved changes] (Paragraph 2.3.3)

Audits and reviews: determine to what extent the actual configuration item reflects the required physical and functional characteristics (Paragraph 2.3.4)

This list is similar to the set of activities noted by Pressman:
"Software configuration management is an umbrella activity ... developed to (1) identify change, (2) control change, (3) ensure that change is being properly implemented, and (4) report change to others who may have an interest."


The ISO perspective on CM
In the guideline document, ISO 9000-3:1991 Guidelines for the application of ISO 9001 to the development, supply and maintenance of software, the International Organisation for Standardisation identifies a similar set of practices as CM:
"Configuration management provides a mechanism for identifying, controlling and tracking the versions of each software item. In many cases earlier versions still in use must also be maintained and controlled.


"The [CM] system should
"a) identify uniquely the versions of each software item;
"b) identify the versions of each software item which together constitute a specific version of a complete product;
"c) identity the build status of software products in development or delivered and installed;
"d) control simultaneous updating of a given software item by more than one person;
"e) provide coordination for the updating of multiple products in one or more locations as required;
"f) identify and track all actions and changes resulting from a change request, from initiation ... to release."

The SEI perspective on CM
Based on a review of currently available tools and an evolving understanding of the organizational role of CM, the SEI advocates a broader definition of CM in SEI-92-TR-8:
"The standard definition for CM taken from IEEE standard 729-1983 [updated as IEEE Std 610.12-1990] includes:
"Identification: identifying the structure of the product, its components and their type, and making them unique and accessible in some form
"Control: controlling the release of product and changes to it throughout the life cycle …
"Status Accounting: recording and reporting the status of components and change requests, and gathering vital statistics about components in the product
"Audit and review: validating the completeness of a product and maintaining consistency among the components …


"[The IEEE] definition of CM … needs to be broadened to encompass … :
"Manufacturing: managing the construction and building of the product
"Process management: ensuring the correct execution of the organization's procedures, policies, and life-cycle model
"Team work: controlling the work and interactions between multiple developers on a product."

more

more

Advice on Configuration Management

Software Validation

Software validation is a critical tool used to assure the quality of device software and software automated operations. Software validation can increase the usability and reliability of the device, resulting in decreased failure rates, fewer recalls and corrective actions, less risk to patients and users, and reduced liability to device manufacturers.

Software validation can also reduce long term costs by making it easier and less costly to reliably modify software and revalidate software changes. Software maintenance can represent a very large percentage of the total cost of software over its entire life cycle. An established comprehensive software validation process helps to reduce the long-term cost of software by reducing the cost of validation for each subsequent release of the software.

Table of Contents
SECTION 1. PURPOSE
SECTION 2. SCOPE
2.1. Applicability
2.2. Audience
2.3. THE LEAST BURDENSOME APPROACH
2.4. Regulatory Requirements for Software Validation
2.4. Quality System Regulation vs Pre-Market Submissions
SECTION 3. CONTEXT FOR SOFTWARE VALIDATION
3.1. Definitions and Terminology
3.1.1 Requirements and Specifications
3.1.2 Verification and Validation
3.1.3 IQ/OQ/PQ
3.2. Software Development as Part of System Design
3.3. Software is Different from Hardware
3.4. Benefits of Software Validation
3.5 Design Review
SECTION 4. PRINCIPLES OF SOFTWARE VALIDATION
4.1. Requirements
4.2. Defect Prevention
4.3. Time and Effort
4.4. Software Life Cycle
4.5. Plans
4.6. Procedures
4.7. Software Validation After a Change
4.8. Validation Coverage
4.9. Independence of Review
4.10. Flexibility and Responsibility
SECTION 5. ACTIVITIES AND TASKS
5.1. Software Life Cycle Activities
5.2. Typical Tasks Supporting Validation
5.2.1. Quality Planning
5.2.2. Requirements
5.2.3. Design
5.2.4. Construction or Coding
5.2.5. Testing by the Software Developer
5.2.6. User Site Testing
5.2.7. Maintenance and Software Changes
SECTION 6. VALIDATION OF AUTOMATED PROCESS EQUIPMENT AND QUALITY SYSTEM SOFTWARE
6.1. How Much Validation Evidence Is Needed?
6.2. Defined User Requirements
6.3. Validation of Off-the-Shelf Software and Automated Equipment
APPENDIX A - REFERENCES
Food and Drug Administration References
Other Government References
International and National Consensus Standards
Production Process Software References
General Software Quality References
APPENDIX B - DEVELOPMENT TEAM

more

more

Software Quality Basics

'Quality' is a relative term and it is generally used with reference to the end use of the product. The word 'quality' has variety of meanings including fitness for purpose, grade, degree of preference, degree of excellence & fulfillment of promises.

It may also be defined as a degree of conformance of design and specifications. American Heritage Dictionary defines Quality as "A characteristics or attribute of something". When we examine an item based on its measurable characteristics, two kinds of quality may be encountered:1.Quality of design2.Quality of conformanceThe quality of design of a product is concerned with the tightness of the specifications for manufacture of the product. It depends on the type of customers in the market, capital goods, profit consideration of the organization & special requirements of the product. The quality of conformance is concerned with how well the manufactured product conforms to the quality of design. To achieve this, the incoming raw materials have to be of adequate quality, selection of the process should be proper, operators need to be trained and experienced & proper care should be taken during shipment and storage of finished goods. A proper inspection program & feedback mechanism should exist, both for internal inspection & for the customers.The quality of performance is concerned with how well the manufactured product gives its performance t depends upon the quality of design & the quality of conformance.The cost of carrying out the company's quality functions (meeting the quality needs of the customers) are known as costs of quality. It provides baseline for the current cost of quality and identifies opportunities for reducing the cost of quality in the future. A quality cost committee of the American Society for Quality Control has recommended that quality cost be defined in four categories:

more

debugging and testing

Debugging is a methodical process of finding and reducing the number of bugs, or defects, in a computer program or a piece of electronic hardware thus making it behave as expected. Debugging tends to be harder when various subsystems are tightly coupled, as changes in one may cause bugs to emerge in another.
Contents[hide]
1 Origin
2 Tools
3 Basic steps
3.1 Recognize a bug exists
3.2 Isolate source of bug
3.3 Identify cause of bug
3.4 Determine fix for bug
3.5 Fix and test
4 Steps to reduce debugging
4.1 The correct mindset
4.2 Start at the source
4.3 Treat user input with suspicion
4.4 Use of log files
4.5 Test suites
4.6 Change one thing at a time
4.7 Back out changes that have no effect
4.8 Think of similar situations
5 See also
6 References
7 External links

more




Freeware Debugging Freeware Download Shareware Download ...
Download freeware Debugging freeware download Debugging shareware download software Debugging software directory provide Software Developer :: Debugging ...www.brothersoft.com/Software_Developer_Debugging_Download_List_1.html - 57k - Cached - Similar pages


Testing and Debugging Software
Readers chose VMware Workstation as the Best Testing and Debugging Software.www.windowsitpro.com/Articles/Index.cfm?ArticleID=40181 - Similar pages


New Approaches to Software Debugging
The long term goal of our research is to investigate more effective, general methods of debugging complicated software systems. We are investigating new ...www.cs.purdue.edu/AnnualReports/95/AR95Book-126.html - 4k - Cached - Similar pages


Software debugging, testing, and verification
IBM Systems Journal issue 41-1, Software Testing and Verification - Software debugging, testing, and verification - Feature paper.www.research.ibm.com/journal/sj/411/hailpern.html - 53k - Cached - Similar pages


Software Debugging Process: How it goes and how to improve it ...
The process of debugging: formalization & improvement.www.codeproject.com/Purgatory/debugprocess.asp - 31k - Cached - Similar pages


Chipping software for faster debugging
If you've spent some time doing software development, you know that debugging and testing consume more time than writing code, especially on large projects. ...www.primidi.com/2007/10/06.html - 26k - Cached - Similar pages


Deshpande Center - Complex Systems and Communications Projects
This project is applying a novel technology to the problems of understanding, evolving, testing, and debugging software systems. The technology will be able ...web.mit.edu/deshpandecenter/proj_ernst.html - 17k - Cached - Similar pages


Linux software debugging with GDB
Most flavours of Linux come with the GNU debugger, or gdb to the shell. Gdb lets you see the internal structure of a program, print out variable values, ...www.ibm.com/developerworks/library/l-gdb/ - 53k - Cached - Similar pages


! Aware: default selections: Software Debugging and Testing
Debugging can be just as disciplined, systematic, and quantifiable as any other area of software engineering--which means that we should eventually be able ...www.rocketaware.com/spec/softdev/debug/ - 50k - Cached - Similar pages

Applicability of ISO 9001 to Software Development

go here

ISO 9000-3 1997 Guidelines in Plain English
go here

ISO 9000-3 1997 is now OBSOLETE. It has been replaced by ISO IEC 90003 2004.

How to ensure EVM operates well for software projects

go here

Configuration Management

FAQ's
go here

SPICE (ISO/IEC 15504) VS SEI CMMI

Acceptance of ISO/IEC 15504
ISO/IEC 15504 has been successful as:

In 2006 GM and Chrysler have started phasing out CMMI in favor of SPICE as they relocate their engineering centers to Europe.
ISO/IEC 15504 is publicly available through National Standards Bodies.
It has the support of the international community
Over 4000 assessments have been performed to date
Major sectors are leading the pace such as automotive, space and medical systems with industry relevant variants
Domain-specific models like Automotive SPICE can be derived from it
There have been many international initiatives to support take-up such as SPICE for small companies.

more



Adding SPICE whiile preserving the CMM

ISO/IEC 15504 - SPICE

Contents: What is ISO/IEC 15504?What does the SEI plan to do to be compliant to this standard? How will the SEI help the community prepare to meet this standard?How does ISO/IEC 15504 relate to the Software CMM and to ISO 9001?Will the software community have to choose between 15504 and their current model of choice?What are the considerations in determining whether 15504 conformance is important to my business?How can I obtain more information about 15504?

http://www.sei.cmu.edu/cmmi/faq/15504-faq.html




ISO/IEC 15504 (all parts) provides a framework for the assessment of processes. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services.

ISO/IEC 15504-3:2004 provides guidance on meeting the minimum set of requirements for performing an assessment contained in ISO/IEC 15504-2.

It provides an overview of process assessment and interprets the requirements through the provision of guidance on:

performing an assessment;
the measurement framework for process capability;
process reference models and process assessment models;
selecting and using assessment tools;
competency of assessors;
verification of conformity.

ISO/IEC 15504-3:2004 also provides an exemplar documented assessment process that conforms to the requirements of 4.2 in ISO/IEC 15504-2.
Corrigenda, Amendments and other parts
ISO/IEC 15504-1:2004
ISO/IEC 15504-2:2003
ISO/IEC 15504-4:2004
ISO/IEC 15504-5:2006

http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=37454


There are a variety of ISO standards addressing various aspects of process improvement.
ISO 9000 is a set of standards for quality management systems that is accepted around the world. Currently more than 800,000 organizations in 161 countries have adopted ISO 9000 as national standards. When you purchase a product or service from an organization that is registered to the appropriate ISO 9000 standard, you have important assurances that the quality of what you receive will be as you expect. In addition, with the year 2000 revision of the standard, quality objectives, continual improvement, and monitoring of customer satisfaction provide the customer with increased assurances that their needs and expectations will be met. There is significant overlap between ISO 9000 and SW-CMM® Level 2. A comparison of the two is documented in A Comparison of ISO 9001 and the SW-CMM® [download is cmm9001.pdf] Note that the document was scanned in reverse order, so the first page you see is actually the last page of the document.
ISO 15504 (SPICE) SPICE (ISO/IEC 15504) is a major international initiative to develop a Standard for Software Process Appraisal. The project is carried out under the auspices of the International Committee on Software Engineering Standards ISO/IEC JTC 1/SC 7, through its Working Group on Software Process Appraisal (WG10). Since 1993, the SPICE (ISO/IEC 15504) (Software Process Improvement and Capability Determination) project, launched within the ISO has been developing a framework standard for software process Appraisal, bringing together the major suppliers and users of Appraisal methods. Field trials of SPICE-based Appraisal commenced in January 1995, and will continue until ISO/IEC 15504 is published as a full International Standard, scheduled by 2002.
ISO 12207 offers a framework for software life-cycle processes from concept through retirement. It is especially suitable for acquisitions because it recognizes the distinct roles of acquisitor and supplier. In fact, the standard is intended for two-party use where an agreement or contract defines the development, maintenance, or operation of a software system. It is not applicable to the purchase of commercial-off-the-shelf (COTS) software products. ISO 12207 provides a structure of processes using mutually accepted terminology, rather than dictating a particular life-cycle model or software development method. Since it is a relatively high-level document, 12207 does not specify the details of how to perform the activities and tasks comprising the processes. Nor does it prescribe the name, format, or content of documentation. Therefore, organizations seeking to apply 12207 may want to use additional standards or procedures that specify those details.
CMMI® version 1.2 is coming. Are you ready?
CMMI® version 1.1 will be sunsetted as of August 31, 2007, and version 1.1 of the Introduction to the CMMI® will not be offered after December 31, 2006. MDM will provide the new version 1.2 of the CMMI® introduction class, along with training on SCAMPISM version 1.2.
Learn MoreLearn about the L2 QuickStart Workshop.




Purpose Driven Process ImprovementSM is designed to:

improve quality
reduce costs
improve morale
reduce cycle times
increase productivity
improve project control

Is process improvement right for you?

-->
http://www.mdmaturity.com/models.php

ISO 15504

ISO/IEC 15504 also known as SPICE (Software Process Improvement and Capability dEtermination) is a "framework for the assessment of processes" developed by the Joint Technical Subcommittee between ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission).
ISO/IEC 15504 initially was derived from process lifecycle standard ISO 12207 and the ideas of capability maturity in SW CMM.
Contents
1 Overview
2 The ISO/IEC 15504 standard
2.1 Reference model
2.1.1 Processes
2.1.2 Capability levels and process attributes
2.2 Assessments
2.2.1 Assessment process
2.2.2 Assessment model
2.2.3 Tools used in the assessment
2.3 Assessor qualifications and competency
2.4 Uses of ISO/IEC 15504
2.4.1 Process improvement
2.4.2 Capability determination
3 History
4 Acceptance of ISO/IEC 15504
5 References
6 External links

more

what you get as you head towards CMMI Level 5

go here


FAQ's

Optimising the software delivery cycle **** A ZDNet UK discussion panel ****
Quality software delivery is a perennial challenge for anyone involved in the software delivery process, from CIOs to developers.
There is a rolling pressure to deliver, within a fixed time frame and a very fixed budget, high quality, robust software that can both support and help grow the business.
How can you best deliver quality software on time and to budget?
Discover how some of the big software development houses do it in this ZDNet UK panel discussion.
Watch the panel discussion

http://www.zdnet.co.uk/zdnetuk/resources/articles/0,1000001991,39287689,00.htm

[Methods & Tools] [Links]






Martinig & Associates has conducted software process evaluation based on the Capability Maturity Model (CMM ( CMMI) between 1993 and 2001 using a questionnaire based the first version of the assessment questionnaire produced by the Software Engineering Institute (SEI) in 1987. These assessments evaluated the quality of the software development process of organisations. There are more than 200 organisations assessed in our database from all over the world.

Software Process Assessments Results
ISO 9000 and CMM usage
CMM (1987 questionnaire) Maturity levels and key process area results
CMM (1987 questionnaire) Technology usage results
Articles
Does training influence the quality of the software development process?
Assessing Readiness for (Software) Process Improvement
Don't Write Another Process
Process Improvement – Is it a Lottery?
Software Development Articles - Software Process Improvement area
Resources
External links page

http://www.martinig.ch/ae/process.php

Journey from ISO 9001 to SW CMM Level 5

[PDF]
Two stage journey from ISO 9001 to CMM Level 5, an Experience
File Format: PDF/Adobe Acrobat - View as HTMLSyntel (India) Ltd. Journey from ISO 9001 to SW CMM Level 5. Page 1 of. 8. Journey from ISO 9001 to SW CMM Level 5. (A Two Stage Journey Experience) ...www.softwaredioxide.com/channels/Content/Syntel_Journey_ISO_to_CMM.pdf - Similar pages
AmitySoft receives ISO 9001 millennium version
With the certification, AmitySoft has achieved the distinction of being one of the first set of software companies in India to be ISO 9001:2000 compliant. ...amitysoft.com/press9.aspx - 13k - Cached - Similar pages

FAQ;s

Table of Contents Software QA and Testing Frequently-Asked-Questions Part 1, covers the following:
What is 'Software Quality Assurance'?
What is 'Software Testing'?
What are some recent major computer system failures caused by software bugs?
Does every software project need testers?
Why does software have bugs?
How can new Software QA processes be introduced in an existing organization?
What is verification? validation?
What is a 'walkthrough'?
What's an 'inspection'?
What kinds of testing should be considered?
What are 5 common problems in the software development process?
What are 5 common solutions to software development problems?
What is software 'quality'?
What is 'good code'?
What is 'good design'?
What is SEI? CMM? CMMI? ISO? Will it help?
What is the 'software life cycle'?
Software QA and Testing Frequently-Asked-Questions Part 2, covers the following:
What makes a good Software Test engineer?
What makes a good Software QA engineer?
What makes a good QA or Test manager?
What's the role of documentation in QA?
What's the big deal about 'requirements'?
What steps are needed to develop and run software tests?
What's a 'test plan'?
What's a 'test case'?
What should be done after a bug is found?
What is 'configuration management'?
What if the software is so buggy it can't really be tested at all?
How can it be known when to stop testing?
What if there isn't enough time for thorough testing?
What if the project isn't big enough to justify extensive testing?
How does a client/server environment affect testing?
How can World Wide Web sites be tested?
How is testing affected by object-oriented designs?
What is Extreme Programming and what's it got to do with testing? Software QA and Testing Less-Frequently-Asked-Questions, covers the following:
Why is it often hard for organizations to get serious about quality assurance?
Who is responsible for risk management?
Who should decide when software is ready to be released?
What can be done if requirements are changing continuously?
What if the application has functionality that wasn't in the requirements?
How can QA processes be implemented without reducing productivity?
What if an organization is growing so fast that fixed QA processes are impossible?
Will automated testing tools make testing easier?
What's the best way to choose a test automation tool?
How can it be determined if a test environment is appropriate?
What's the best approach to software test estimation?
Other Software QA and Testing Resources
Top 5 List
Software QA and Testing-related Organizations and Certifications
Links to QA and Testing-related Magazines/Publications
General Software QA and Testing Resources
Web QA and Testing Resources
Web Security Testing Resources
Web Usability Resources
Software QA and Test Tools
Test tools
CM tools and PM tools
Web site test and management tools
Web Site Test Tools and Site Management Tools
Load and performance test tools
Java test tools
HTML Validators
Link Checkers
Free On-the-Web HTML Validators and Link Checkers
PERL and C Programs for Validating and Checking
Web Functional/Regression Test Tools
Web Site Security Test Tools
External Site Monitoring Services
Web Site Management Tools
Log Analysis Tools
Other Web Test Tools
Jobs and News
Web Job Boards useful to QA and Test Engineers
Latest News Headlines -- Technology, Software Development, Computer Security, Tech Stocks, more...
Software QA and Testing Bookstore
Software Testing Books
Software Test Automation Books
Software Quality Assurance Books
Software Requirements Engineering Books
Software Metrics Books
Configuration Management Books
Software Risk Management Books
Software Engineering Books
Software Project Management Books
Technical Background Basics Books
Other Books

http://www.softwareqatest.com/

Vendor Selection

for software outsourcing
http://72.14.235.104/search?q=cache:7o8W9ifNxbsJ:www.oobp.org/Vendor/Downloads_GetFile.aspx%3Fid%3D540+copc+or+cobit&hl=en&ct=clnk&cd=5&gl=in

for esourcing


eSourcing Capability Models
Quality models and certification for IT and ITES organizations
With the continued growth of IT services and ITES (Information Technology Enabled Services), organizations are striving to reach higher levels of performance and capability. In these relationships, service providers use information technology as a key component of, or as an enabler for, delivering their services. Technology alone does not provide complete solutions, as the eSourcing relationships between clients and their service providers must overcome many challenges to be successful.
The eSourcing relationship challenges include:
Clients often have little experience in outsourcing and have no standard criteria for selecting a provider.
Success criteria for the relationship are not well understood or agreed upon from inception by both parties.
Clients’ expectations often change as the nature of the services change, due to rapid shifts in technology and tools, and providers are not always able to keep up with those changes
The necessary trade-offs between the service’s quality, speed, and cost are not always articulated and understood.
The transfer of personnel, equipment, and knowledge between the client and service provider is often problematic.
Service providers often have trouble analyzing and reporting their progress in terms that are meaningful for clients.
Types of sourcing services
The IT Services Qualification Center (ITSqc) at Carnegie Mellon University has created “best practices” capability models for both sides of the eSourcing relationship. The eSourcing Capability Model for Service Providers (eSCM-SP) v2 was released in April 2004. The eSourcing Capability Model for Client Organizations (eSCM-CL) is being released in 2006.
eSCM for Service Providers
The eSCM-SP v2 offers ITES providers a framework to improve their capability to deliver consistently high quality services. It also assists them in establishing, managing, and continually improving relationships with clients. The intent of the eSCM is to present service providers with a set of best practices that help them effectively manage sourcing relationships. Besides, it presents clients with a way to evaluate and compare service provider’s capabilities.
ITSqc developed the eSCM-SP for three purposes. First, it helps ITES providers appraise and improve their ability to provide high quality sourcing services. Second, it gives them a way to differentiate themselves from the competition. Third, prospective clients can evaluate service providers based on their eSCM-SP level of certification and Practice Satisfaction Profile.
Each of the Model’s 84 Practices is distributed along three dimensions: Sourcing Life-cycle, Capability Areas, and Capability Levels. While most quality models focus only on delivery capabilities, the eSCM-SP’s Sourcing Life-cycle includes delivery, as well as initiation and completion of contracts where many commonly encountered problems arise.
The eSCM-SP offers a five-level improvement path that service providers can travel to enhance value and sustain excellence over time. By grouping the practices into increasing levels of capability, the eSCM-SP describes an improvement path for a service provider. Providers may advance from a minimal level of delivering services, to the highest level, where they are proactively enhancing value for clients, regardless of the requirements or scope of sourcing efforts.
The eSCM-SP has been designed to complement existing quality models so that service providers can capitalize on their previous improvement efforts. The Model’s structure complements most existing quality models such as ISO 9001, ISO 20000-1, ISO 27001, the CMMs®, COBIT® and COPC-2000®. Therefore it can be implemented in parallel with these other frameworks. A series of documents comparing the eSCM-SP with other models and standards is in production and available from the ITSqc Web site.
eSCM for Client Organizations
In order to address both aspects of the eSourcing relationship, the ITSqc has developed the eSCM for Client Organizations (eSCM-CL), which addresses the challenges of sourcing relationships from client’s perspective. Existing frameworks do not comprehensively address the best practices needed by client organizations to successfully source and manage ITES. Actions of the client organization and of the service provider in these sourcing relationships are critical for the success.
Many other frameworks focus on delivery, although the roots of many sourcing difficulties often lie elsewhere. The 95 Practices of the eSCM-CL cover the full sourcing life cycle. This best practice model begins with the client’s strategy for eSourcing, moving through initiation into delivery and, eventually, into completion activities. It allows client organizations to continuously evolve, improve, and innovate their capabilities to develop stronger, longer term, and more trusting relationships with their service providers. It also ensures that their sourcing activities provide true business value to the organization. Key aspects of the eSCM-CL that are not covered by many other standards include organizational change management and value management practices to ensure that the organization successfully manages its sourcing transformation, and that its sourcing activities return appropriate value and align with the organization’s objectives.
In addition, eSCM-CL enables client organizations to appraise and improve their capability to foster the development of more effective relationships, better manage these relationships, and experience fewer failures in their client-service provider relationship.
The eSCM-SP v2
The 84 eSCM-SP v2 Practices are arranged within three dimensions: Sourcing Life-cycle, Capability Areas, and Capability Levels.
The eSCM-CL
The Sourcing Life-cycle addressed by the eSCM-CL extends earlier than the Phases of the Sourcing Life-cycle covered by the eSCM-SP. Its 95 Practices address the sourcing activities of the client organization dealing with its sourcing strategy and analysis of its operations and potential sourcing opportunities during the Analysis Phase.
ITSqc and UL
Carnegie Mellon University’s ITSqc is a multidisciplinary group of researchers, practitioners, and organizations that addresses the needs of ITES providers and their clients. To that end, the ITSqc develops quality models and qualification methods for organizations involved in eSourcing. eSCM, a set of complimentary best practices for the IT-Sourcing Market, is fast becoming the standard for sourcing relationships on both sides of the service relationship. For more information about the eSCM Models or eSCM-certified organizations, visit http://www.itsqc.cmu.edu/. These documents and all Model documents are available at itsqc.cmu.edu/downloads.
UL is an ITSqc-authorized provider of independent, third-party eSCM appraisals and evaluations, which can lead to certification by the ITSqc at Carnegie Mellon University.
For more information about eSourcing Capability Model, please contact Dr. Hefley at Hefley@cmu.edu or JC Sekar, General Manager, Management System Registration Services (Asia Pacific, Middle East and Africa) at Jc.sekar@sg.ul.com.

http://www.ul-asia.com/news_nl/2006-Issue20/page6.htm

SEI Authorized Lead Assessor

How to become an SEI Partner
http://www.sei.cmu.edu/partners/lead-assessor.html

SEI Partner Network Directory: SEI Partner Directory Search
http://partner-directory.sei.cmu.edu/



Index of FAQs
Appraisal Program
CERT Coordination Center
CMMI Frequently Asked Questions
Education and Training
Intellectual Property
INTRo
IPRC
ISO/IEC 15504 [0.03MB PDF]
OCTAVE
Open Systems
People Capability Maturity Model
Risk Management
SEI Partner Network
SEIR
Software Product Line Acquisition
Sunset of the Software CMM
TSP and PSP
Publications

http://www.sei.cmu.edu/about/faq-list.html



People Capability Maturity Model (People CMM)
This topic contains questions and answers about the People CMM.
http://www.sei.cmu.edu/cmm-p/version2/faq.html#Q204

Contents: What is the People Capability Maturity Model (People CMM)?What are the plans for People CMM in the coming year?How do I become a People CMM Lead Appraiser?How do I get more information about the People CMM?My organization is planning an appraisal soon, and we have been guiding our improvement program with Version 1 of the People CMM; can we still conduct the appraisal with version 1?Why isn't there a continuous representation of People CMM version 2?Will People CMM version 2 be integrated into CMMI?How does People CMM version 2 support integrated product development teams?Where can I obtain training on the People CMM?When will you release People CMM version 3?How do I find an authorized People CMM Lead Appraiser?

What is the People Capability Maturity Model (People CMM)?
The People Capability Maturity Model (People CMM) is a maturity framework that focuses on continuously improving the management and development of the human assets of an organization. It describes an evolutionary improvement path from ad hoc, inconsistently performed practices, to a mature, disciplined, and continuously improving development of the knowledge, skills, and motivation of the workforce that enhances strategic business performance. The People CMM provides guidance to organizations in selecting immediate improvement actions that help organizations
characterize the maturity of their workforce practices
set priorities for immediate action
integrate workforce development with process improvement
become an employer of choice
With the help of the Capability Maturity Model Integration (CMMI) and Capability Maturity Model for Software (SW-CMM), many organizations have made valuable improvements in their software and systems processes and practices. These organizations have also discovered that their continued improvement requires significant changes in the way they manage and develop their people. The People CMM can be coupled with CMM-based software process improvement programs or used on its own to guide improvements in workforce practices or to address strategic human capital objectives.
return to top

What are the plans for People CMM in the coming year?
The People CMM team is migrating to SCAMPI for People CMM Appraisals. Six pilot SCAMPI A appraisals were completed from 2004 to 2006. An interpretive gui