Friday, November 09, 2007

Configuration Management and ISO 9001

Robert Bamford, William J. Deibler II Software Systems Quality Consulting,

Configuration management is about managing change of the multiple items composing an information system. This article puts in reference the configuration management function and the ISO 9001 standard. This standard offers a wide range of advice on how to deal with this important, but often neglected, aspect of software engineering.

The software engineering practices associated with software configuration management (SCM or CM) offer a number of opportunities to address requirements found in the International Standard, ISO 9001. From a management perspective, the principles and practices of CM represent an accepted and understood foundation for implementing ISO-compliant processes in software engineering organizations. In addition, the growing number of tools for automating CM practices is chance for improving the efficiency and effectiveness of these processes.

This article begins with brief, general definitions of configuration management and of ISO 9001.
Configuration Management
While there is no single definition of CM, there are three widely disseminated views from three different sources: the Institute of Electrical and Electronics Engineers (IEEE), The International Organisation for Standardisation (ISO), and the Software Engineering Institute (SEI) at Carnegie Mellon University.

The IEEE perspective on CM
A most widely understood description of the practices associated with configuration management is found in the IEEE Standard 828-1990, Software Configuration Management Plans.
[Numbers in brackets are added]

"SCM activities are traditionally grouped into four functions: [1] configuration identification, [2] configuration control, [3] status accounting, and [4] configuration audits and reviews."
IEEE Standard 828-1990 goes on to list specific activities associated with each of the four functions (the number of the paragraph containing the reference appears in parentheses):
Identification: identify, name, and describe the documented physical and functional characteristics of the code, specifications, design, and data elements to be controlled for the project. (Paragraph 2.3.1)

Control: request, evaluate, approve or disapprove, and implement changes (Paragraph 2.3.2)
Status accounting: record and report the status of project configuration items [initial approved version. status of requested changes, implementation status of approved changes] (Paragraph 2.3.3)

Audits and reviews: determine to what extent the actual configuration item reflects the required physical and functional characteristics (Paragraph 2.3.4)

This list is similar to the set of activities noted by Pressman:
"Software configuration management is an umbrella activity ... developed to (1) identify change, (2) control change, (3) ensure that change is being properly implemented, and (4) report change to others who may have an interest."

The ISO perspective on CM
In the guideline document, ISO 9000-3:1991 Guidelines for the application of ISO 9001 to the development, supply and maintenance of software, the International Organisation for Standardisation identifies a similar set of practices as CM:
"Configuration management provides a mechanism for identifying, controlling and tracking the versions of each software item. In many cases earlier versions still in use must also be maintained and controlled.

"The [CM] system should
"a) identify uniquely the versions of each software item;
"b) identify the versions of each software item which together constitute a specific version of a complete product;
"c) identity the build status of software products in development or delivered and installed;
"d) control simultaneous updating of a given software item by more than one person;
"e) provide coordination for the updating of multiple products in one or more locations as required;
"f) identify and track all actions and changes resulting from a change request, from initiation ... to release."

The SEI perspective on CM
Based on a review of currently available tools and an evolving understanding of the organizational role of CM, the SEI advocates a broader definition of CM in SEI-92-TR-8:
"The standard definition for CM taken from IEEE standard 729-1983 [updated as IEEE Std 610.12-1990] includes:
"Identification: identifying the structure of the product, its components and their type, and making them unique and accessible in some form
"Control: controlling the release of product and changes to it throughout the life cycle …
"Status Accounting: recording and reporting the status of components and change requests, and gathering vital statistics about components in the product
"Audit and review: validating the completeness of a product and maintaining consistency among the components …

"[The IEEE] definition of CM … needs to be broadened to encompass … :
"Manufacturing: managing the construction and building of the product
"Process management: ensuring the correct execution of the organization's procedures, policies, and life-cycle model
"Team work: controlling the work and interactions between multiple developers on a product."



Advice on Configuration Management

Saturday, November 03, 2007

Software Validation

Software validation is a critical tool used to assure the quality of device software and software automated operations. Software validation can increase the usability and reliability of the device, resulting in decreased failure rates, fewer recalls and corrective actions, less risk to patients and users, and reduced liability to device manufacturers.

Software validation can also reduce long term costs by making it easier and less costly to reliably modify software and revalidate software changes. Software maintenance can represent a very large percentage of the total cost of software over its entire life cycle. An established comprehensive software validation process helps to reduce the long-term cost of software by reducing the cost of validation for each subsequent release of the software.

Table of Contents
2.1. Applicability
2.2. Audience
2.4. Regulatory Requirements for Software Validation
2.4. Quality System Regulation vs Pre-Market Submissions
3.1. Definitions and Terminology
3.1.1 Requirements and Specifications
3.1.2 Verification and Validation
3.1.3 IQ/OQ/PQ
3.2. Software Development as Part of System Design
3.3. Software is Different from Hardware
3.4. Benefits of Software Validation
3.5 Design Review
4.1. Requirements
4.2. Defect Prevention
4.3. Time and Effort
4.4. Software Life Cycle
4.5. Plans
4.6. Procedures
4.7. Software Validation After a Change
4.8. Validation Coverage
4.9. Independence of Review
4.10. Flexibility and Responsibility
5.1. Software Life Cycle Activities
5.2. Typical Tasks Supporting Validation
5.2.1. Quality Planning
5.2.2. Requirements
5.2.3. Design
5.2.4. Construction or Coding
5.2.5. Testing by the Software Developer
5.2.6. User Site Testing
5.2.7. Maintenance and Software Changes
6.1. How Much Validation Evidence Is Needed?
6.2. Defined User Requirements
6.3. Validation of Off-the-Shelf Software and Automated Equipment
Food and Drug Administration References
Other Government References
International and National Consensus Standards
Production Process Software References
General Software Quality References



Software Quality Basics

'Quality' is a relative term and it is generally used with reference to the end use of the product. The word 'quality' has variety of meanings including fitness for purpose, grade, degree of preference, degree of excellence & fulfillment of promises.

It may also be defined as a degree of conformance of design and specifications. American Heritage Dictionary defines Quality as "A characteristics or attribute of something". When we examine an item based on its measurable characteristics, two kinds of quality may be encountered:1.Quality of design2.Quality of conformanceThe quality of design of a product is concerned with the tightness of the specifications for manufacture of the product. It depends on the type of customers in the market, capital goods, profit consideration of the organization & special requirements of the product. The quality of conformance is concerned with how well the manufactured product conforms to the quality of design. To achieve this, the incoming raw materials have to be of adequate quality, selection of the process should be proper, operators need to be trained and experienced & proper care should be taken during shipment and storage of finished goods. A proper inspection program & feedback mechanism should exist, both for internal inspection & for the customers.The quality of performance is concerned with how well the manufactured product gives its performance t depends upon the quality of design & the quality of conformance.The cost of carrying out the company's quality functions (meeting the quality needs of the customers) are known as costs of quality. It provides baseline for the current cost of quality and identifies opportunities for reducing the cost of quality in the future. A quality cost committee of the American Society for Quality Control has recommended that quality cost be defined in four categories:


debugging and testing

Debugging is a methodical process of finding and reducing the number of bugs, or defects, in a computer program or a piece of electronic hardware thus making it behave as expected. Debugging tends to be harder when various subsystems are tightly coupled, as changes in one may cause bugs to emerge in another.
1 Origin
2 Tools
3 Basic steps
3.1 Recognize a bug exists
3.2 Isolate source of bug
3.3 Identify cause of bug
3.4 Determine fix for bug
3.5 Fix and test
4 Steps to reduce debugging
4.1 The correct mindset
4.2 Start at the source
4.3 Treat user input with suspicion
4.4 Use of log files
4.5 Test suites
4.6 Change one thing at a time
4.7 Back out changes that have no effect
4.8 Think of similar situations
5 See also
6 References
7 External links


Freeware Debugging Freeware Download Shareware Download ...
Download freeware Debugging freeware download Debugging shareware download software Debugging software directory provide Software Developer :: Debugging - 57k - Cached - Similar pages

Testing and Debugging Software
Readers chose VMware Workstation as the Best Testing and Debugging - Similar pages

New Approaches to Software Debugging
The long term goal of our research is to investigate more effective, general methods of debugging complicated software systems. We are investigating new - 4k - Cached - Similar pages

Software debugging, testing, and verification
IBM Systems Journal issue 41-1, Software Testing and Verification - Software debugging, testing, and verification - Feature - 53k - Cached - Similar pages

Software Debugging Process: How it goes and how to improve it ...
The process of debugging: formalization & - 31k - Cached - Similar pages

Chipping software for faster debugging
If you've spent some time doing software development, you know that debugging and testing consume more time than writing code, especially on large projects. - 26k - Cached - Similar pages

Deshpande Center - Complex Systems and Communications Projects
This project is applying a novel technology to the problems of understanding, evolving, testing, and debugging software systems. The technology will be able - 17k - Cached - Similar pages

Linux software debugging with GDB
Most flavours of Linux come with the GNU debugger, or gdb to the shell. Gdb lets you see the internal structure of a program, print out variable values, - 53k - Cached - Similar pages

! Aware: default selections: Software Debugging and Testing
Debugging can be just as disciplined, systematic, and quantifiable as any other area of software engineering--which means that we should eventually be able - 50k - Cached - Similar pages

Thursday, October 11, 2007

Applicability of ISO 9001 to Software Development

go here

ISO 9000-3 1997 Guidelines in Plain English
go here

ISO 9000-3 1997 is now OBSOLETE. It has been replaced by ISO IEC 90003 2004.

Thursday, August 23, 2007

Thursday, June 28, 2007


Acceptance of ISO/IEC 15504
ISO/IEC 15504 has been successful as:

In 2006 GM and Chrysler have started phasing out CMMI in favor of SPICE as they relocate their engineering centers to Europe.
ISO/IEC 15504 is publicly available through National Standards Bodies.
It has the support of the international community
Over 4000 assessments have been performed to date
Major sectors are leading the pace such as automotive, space and medical systems with industry relevant variants
Domain-specific models like Automotive SPICE can be derived from it
There have been many international initiatives to support take-up such as SPICE for small companies.


Adding SPICE whiile preserving the CMM


Contents: What is ISO/IEC 15504?What does the SEI plan to do to be compliant to this standard? How will the SEI help the community prepare to meet this standard?How does ISO/IEC 15504 relate to the Software CMM and to ISO 9001?Will the software community have to choose between 15504 and their current model of choice?What are the considerations in determining whether 15504 conformance is important to my business?How can I obtain more information about 15504?

ISO/IEC 15504 (all parts) provides a framework for the assessment of processes. This framework can be used by organizations involved in planning, managing, monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services.

ISO/IEC 15504-3:2004 provides guidance on meeting the minimum set of requirements for performing an assessment contained in ISO/IEC 15504-2.

It provides an overview of process assessment and interprets the requirements through the provision of guidance on:

performing an assessment;
the measurement framework for process capability;
process reference models and process assessment models;
selecting and using assessment tools;
competency of assessors;
verification of conformity.

ISO/IEC 15504-3:2004 also provides an exemplar documented assessment process that conforms to the requirements of 4.2 in ISO/IEC 15504-2.
Corrigenda, Amendments and other parts
ISO/IEC 15504-1:2004
ISO/IEC 15504-2:2003
ISO/IEC 15504-4:2004
ISO/IEC 15504-5:2006

There are a variety of ISO standards addressing various aspects of process improvement.
ISO 9000 is a set of standards for quality management systems that is accepted around the world. Currently more than 800,000 organizations in 161 countries have adopted ISO 9000 as national standards. When you purchase a product or service from an organization that is registered to the appropriate ISO 9000 standard, you have important assurances that the quality of what you receive will be as you expect. In addition, with the year 2000 revision of the standard, quality objectives, continual improvement, and monitoring of customer satisfaction provide the customer with increased assurances that their needs and expectations will be met. There is significant overlap between ISO 9000 and SW-CMM® Level 2. A comparison of the two is documented in A Comparison of ISO 9001 and the SW-CMM® [download is cmm9001.pdf] Note that the document was scanned in reverse order, so the first page you see is actually the last page of the document.
ISO 15504 (SPICE) SPICE (ISO/IEC 15504) is a major international initiative to develop a Standard for Software Process Appraisal. The project is carried out under the auspices of the International Committee on Software Engineering Standards ISO/IEC JTC 1/SC 7, through its Working Group on Software Process Appraisal (WG10). Since 1993, the SPICE (ISO/IEC 15504) (Software Process Improvement and Capability Determination) project, launched within the ISO has been developing a framework standard for software process Appraisal, bringing together the major suppliers and users of Appraisal methods. Field trials of SPICE-based Appraisal commenced in January 1995, and will continue until ISO/IEC 15504 is published as a full International Standard, scheduled by 2002.
ISO 12207 offers a framework for software life-cycle processes from concept through retirement. It is especially suitable for acquisitions because it recognizes the distinct roles of acquisitor and supplier. In fact, the standard is intended for two-party use where an agreement or contract defines the development, maintenance, or operation of a software system. It is not applicable to the purchase of commercial-off-the-shelf (COTS) software products. ISO 12207 provides a structure of processes using mutually accepted terminology, rather than dictating a particular life-cycle model or software development method. Since it is a relatively high-level document, 12207 does not specify the details of how to perform the activities and tasks comprising the processes. Nor does it prescribe the name, format, or content of documentation. Therefore, organizations seeking to apply 12207 may want to use additional standards or procedures that specify those details.
CMMI® version 1.2 is coming. Are you ready?
CMMI® version 1.1 will be sunsetted as of August 31, 2007, and version 1.1 of the Introduction to the CMMI® will not be offered after December 31, 2006. MDM will provide the new version 1.2 of the CMMI® introduction class, along with training on SCAMPISM version 1.2.
Learn MoreLearn about the L2 QuickStart Workshop.

Purpose Driven Process ImprovementSM is designed to:

improve quality
reduce costs
improve morale
reduce cycle times
increase productivity
improve project control

Is process improvement right for you?


ISO 15504

ISO/IEC 15504 also known as SPICE (Software Process Improvement and Capability dEtermination) is a "framework for the assessment of processes" developed by the Joint Technical Subcommittee between ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission).
ISO/IEC 15504 initially was derived from process lifecycle standard ISO 12207 and the ideas of capability maturity in SW CMM.
1 Overview
2 The ISO/IEC 15504 standard
2.1 Reference model
2.1.1 Processes
2.1.2 Capability levels and process attributes
2.2 Assessments
2.2.1 Assessment process
2.2.2 Assessment model
2.2.3 Tools used in the assessment
2.3 Assessor qualifications and competency
2.4 Uses of ISO/IEC 15504
2.4.1 Process improvement
2.4.2 Capability determination
3 History
4 Acceptance of ISO/IEC 15504
5 References
6 External links


what you get as you head towards CMMI Level 5

go here

Optimising the software delivery cycle **** A ZDNet UK discussion panel ****
Quality software delivery is a perennial challenge for anyone involved in the software delivery process, from CIOs to developers.
There is a rolling pressure to deliver, within a fixed time frame and a very fixed budget, high quality, robust software that can both support and help grow the business.
How can you best deliver quality software on time and to budget?
Discover how some of the big software development houses do it in this ZDNet UK panel discussion.
Watch the panel discussion,1000001991,39287689,00.htm

Thursday, May 31, 2007

[Methods & Tools] [Links]

Martinig & Associates has conducted software process evaluation based on the Capability Maturity Model (CMM ( CMMI) between 1993 and 2001 using a questionnaire based the first version of the assessment questionnaire produced by the Software Engineering Institute (SEI) in 1987. These assessments evaluated the quality of the software development process of organisations. There are more than 200 organisations assessed in our database from all over the world.

Software Process Assessments Results
ISO 9000 and CMM usage
CMM (1987 questionnaire) Maturity levels and key process area results
CMM (1987 questionnaire) Technology usage results
Does training influence the quality of the software development process?
Assessing Readiness for (Software) Process Improvement
Don't Write Another Process
Process Improvement – Is it a Lottery?
Software Development Articles - Software Process Improvement area
External links page

Journey from ISO 9001 to SW CMM Level 5

Two stage journey from ISO 9001 to CMM Level 5, an Experience
File Format: PDF/Adobe Acrobat - View as HTMLSyntel (India) Ltd. Journey from ISO 9001 to SW CMM Level 5. Page 1 of. 8. Journey from ISO 9001 to SW CMM Level 5. (A Two Stage Journey Experience) - Similar pages
AmitySoft receives ISO 9001 millennium version
With the certification, AmitySoft has achieved the distinction of being one of the first set of software companies in India to be ISO 9001:2000 compliant. - 13k - Cached - Similar pages

Sunday, May 20, 2007


Table of Contents Software QA and Testing Frequently-Asked-Questions Part 1, covers the following:
What is 'Software Quality Assurance'?
What is 'Software Testing'?
What are some recent major computer system failures caused by software bugs?
Does every software project need testers?
Why does software have bugs?
How can new Software QA processes be introduced in an existing organization?
What is verification? validation?
What is a 'walkthrough'?
What's an 'inspection'?
What kinds of testing should be considered?
What are 5 common problems in the software development process?
What are 5 common solutions to software development problems?
What is software 'quality'?
What is 'good code'?
What is 'good design'?
What is SEI? CMM? CMMI? ISO? Will it help?
What is the 'software life cycle'?
Software QA and Testing Frequently-Asked-Questions Part 2, covers the following:
What makes a good Software Test engineer?
What makes a good Software QA engineer?
What makes a good QA or Test manager?
What's the role of documentation in QA?
What's the big deal about 'requirements'?
What steps are needed to develop and run software tests?
What's a 'test plan'?
What's a 'test case'?
What should be done after a bug is found?
What is 'configuration management'?
What if the software is so buggy it can't really be tested at all?
How can it be known when to stop testing?
What if there isn't enough time for thorough testing?
What if the project isn't big enough to justify extensive testing?
How does a client/server environment affect testing?
How can World Wide Web sites be tested?
How is testing affected by object-oriented designs?
What is Extreme Programming and what's it got to do with testing? Software QA and Testing Less-Frequently-Asked-Questions, covers the following:
Why is it often hard for organizations to get serious about quality assurance?
Who is responsible for risk management?
Who should decide when software is ready to be released?
What can be done if requirements are changing continuously?
What if the application has functionality that wasn't in the requirements?
How can QA processes be implemented without reducing productivity?
What if an organization is growing so fast that fixed QA processes are impossible?
Will automated testing tools make testing easier?
What's the best way to choose a test automation tool?
How can it be determined if a test environment is appropriate?
What's the best approach to software test estimation?
Other Software QA and Testing Resources
Top 5 List
Software QA and Testing-related Organizations and Certifications
Links to QA and Testing-related Magazines/Publications
General Software QA and Testing Resources
Web QA and Testing Resources
Web Security Testing Resources
Web Usability Resources
Software QA and Test Tools
Test tools
CM tools and PM tools
Web site test and management tools
Web Site Test Tools and Site Management Tools
Load and performance test tools
Java test tools
HTML Validators
Link Checkers
Free On-the-Web HTML Validators and Link Checkers
PERL and C Programs for Validating and Checking
Web Functional/Regression Test Tools
Web Site Security Test Tools
External Site Monitoring Services
Web Site Management Tools
Log Analysis Tools
Other Web Test Tools
Jobs and News
Web Job Boards useful to QA and Test Engineers
Latest News Headlines -- Technology, Software Development, Computer Security, Tech Stocks, more...
Software QA and Testing Bookstore
Software Testing Books
Software Test Automation Books
Software Quality Assurance Books
Software Requirements Engineering Books
Software Metrics Books
Configuration Management Books
Software Risk Management Books
Software Engineering Books
Software Project Management Books
Technical Background Basics Books
Other Books

Vendor Selection

for software outsourcing

for esourcing

eSourcing Capability Models
Quality models and certification for IT and ITES organizations
With the continued growth of IT services and ITES (Information Technology Enabled Services), organizations are striving to reach higher levels of performance and capability. In these relationships, service providers use information technology as a key component of, or as an enabler for, delivering their services. Technology alone does not provide complete solutions, as the eSourcing relationships between clients and their service providers must overcome many challenges to be successful.
The eSourcing relationship challenges include:
Clients often have little experience in outsourcing and have no standard criteria for selecting a provider.
Success criteria for the relationship are not well understood or agreed upon from inception by both parties.
Clients’ expectations often change as the nature of the services change, due to rapid shifts in technology and tools, and providers are not always able to keep up with those changes
The necessary trade-offs between the service’s quality, speed, and cost are not always articulated and understood.
The transfer of personnel, equipment, and knowledge between the client and service provider is often problematic.
Service providers often have trouble analyzing and reporting their progress in terms that are meaningful for clients.
Types of sourcing services
The IT Services Qualification Center (ITSqc) at Carnegie Mellon University has created “best practices” capability models for both sides of the eSourcing relationship. The eSourcing Capability Model for Service Providers (eSCM-SP) v2 was released in April 2004. The eSourcing Capability Model for Client Organizations (eSCM-CL) is being released in 2006.
eSCM for Service Providers
The eSCM-SP v2 offers ITES providers a framework to improve their capability to deliver consistently high quality services. It also assists them in establishing, managing, and continually improving relationships with clients. The intent of the eSCM is to present service providers with a set of best practices that help them effectively manage sourcing relationships. Besides, it presents clients with a way to evaluate and compare service provider’s capabilities.
ITSqc developed the eSCM-SP for three purposes. First, it helps ITES providers appraise and improve their ability to provide high quality sourcing services. Second, it gives them a way to differentiate themselves from the competition. Third, prospective clients can evaluate service providers based on their eSCM-SP level of certification and Practice Satisfaction Profile.
Each of the Model’s 84 Practices is distributed along three dimensions: Sourcing Life-cycle, Capability Areas, and Capability Levels. While most quality models focus only on delivery capabilities, the eSCM-SP’s Sourcing Life-cycle includes delivery, as well as initiation and completion of contracts where many commonly encountered problems arise.
The eSCM-SP offers a five-level improvement path that service providers can travel to enhance value and sustain excellence over time. By grouping the practices into increasing levels of capability, the eSCM-SP describes an improvement path for a service provider. Providers may advance from a minimal level of delivering services, to the highest level, where they are proactively enhancing value for clients, regardless of the requirements or scope of sourcing efforts.
The eSCM-SP has been designed to complement existing quality models so that service providers can capitalize on their previous improvement efforts. The Model’s structure complements most existing quality models such as ISO 9001, ISO 20000-1, ISO 27001, the CMMs®, COBIT® and COPC-2000®. Therefore it can be implemented in parallel with these other frameworks. A series of documents comparing the eSCM-SP with other models and standards is in production and available from the ITSqc Web site.
eSCM for Client Organizations
In order to address both aspects of the eSourcing relationship, the ITSqc has developed the eSCM for Client Organizations (eSCM-CL), which addresses the challenges of sourcing relationships from client’s perspective. Existing frameworks do not comprehensively address the best practices needed by client organizations to successfully source and manage ITES. Actions of the client organization and of the service provider in these sourcing relationships are critical for the success.
Many other frameworks focus on delivery, although the roots of many sourcing difficulties often lie elsewhere. The 95 Practices of the eSCM-CL cover the full sourcing life cycle. This best practice model begins with the client’s strategy for eSourcing, moving through initiation into delivery and, eventually, into completion activities. It allows client organizations to continuously evolve, improve, and innovate their capabilities to develop stronger, longer term, and more trusting relationships with their service providers. It also ensures that their sourcing activities provide true business value to the organization. Key aspects of the eSCM-CL that are not covered by many other standards include organizational change management and value management practices to ensure that the organization successfully manages its sourcing transformation, and that its sourcing activities return appropriate value and align with the organization’s objectives.
In addition, eSCM-CL enables client organizations to appraise and improve their capability to foster the development of more effective relationships, better manage these relationships, and experience fewer failures in their client-service provider relationship.
The eSCM-SP v2
The 84 eSCM-SP v2 Practices are arranged within three dimensions: Sourcing Life-cycle, Capability Areas, and Capability Levels.
The Sourcing Life-cycle addressed by the eSCM-CL extends earlier than the Phases of the Sourcing Life-cycle covered by the eSCM-SP. Its 95 Practices address the sourcing activities of the client organization dealing with its sourcing strategy and analysis of its operations and potential sourcing opportunities during the Analysis Phase.
ITSqc and UL
Carnegie Mellon University’s ITSqc is a multidisciplinary group of researchers, practitioners, and organizations that addresses the needs of ITES providers and their clients. To that end, the ITSqc develops quality models and qualification methods for organizations involved in eSourcing. eSCM, a set of complimentary best practices for the IT-Sourcing Market, is fast becoming the standard for sourcing relationships on both sides of the service relationship. For more information about the eSCM Models or eSCM-certified organizations, visit These documents and all Model documents are available at
UL is an ITSqc-authorized provider of independent, third-party eSCM appraisals and evaluations, which can lead to certification by the ITSqc at Carnegie Mellon University.
For more information about eSourcing Capability Model, please contact Dr. Hefley at or JC Sekar, General Manager, Management System Registration Services (Asia Pacific, Middle East and Africa) at

Tuesday, February 20, 2007

SEI Authorized Lead Assessor

How to become an SEI Partner

SEI Partner Network Directory: SEI Partner Directory Search

Index of FAQs
Appraisal Program
CERT Coordination Center
CMMI Frequently Asked Questions
Education and Training
Intellectual Property
ISO/IEC 15504 [0.03MB PDF]
Open Systems
People Capability Maturity Model
Risk Management
SEI Partner Network
Software Product Line Acquisition
Sunset of the Software CMM

People Capability Maturity Model (People CMM)
This topic contains questions and answers about the People CMM.

Contents: What is the People Capability Maturity Model (People CMM)?What are the plans for People CMM in the coming year?How do I become a People CMM Lead Appraiser?How do I get more information about the People CMM?My organization is planning an appraisal soon, and we have been guiding our improvement program with Version 1 of the People CMM; can we still conduct the appraisal with version 1?Why isn't there a continuous representation of People CMM version 2?Will People CMM version 2 be integrated into CMMI?How does People CMM version 2 support integrated product development teams?Where can I obtain training on the People CMM?When will you release People CMM version 3?How do I find an authorized People CMM Lead Appraiser?

What is the People Capability Maturity Model (People CMM)?
The People Capability Maturity Model (People CMM) is a maturity framework that focuses on continuously improving the management and development of the human assets of an organization. It describes an evolutionary improvement path from ad hoc, inconsistently performed practices, to a mature, disciplined, and continuously improving development of the knowledge, skills, and motivation of the workforce that enhances strategic business performance. The People CMM provides guidance to organizations in selecting immediate improvement actions that help organizations
characterize the maturity of their workforce practices
set priorities for immediate action
integrate workforce development with process improvement
become an employer of choice
With the help of the Capability Maturity Model Integration (CMMI) and Capability Maturity Model for Software (SW-CMM), many organizations have made valuable improvements in their software and systems processes and practices. These organizations have also discovered that their continued improvement requires significant changes in the way they manage and develop their people. The People CMM can be coupled with CMM-based software process improvement programs or used on its own to guide improvements in workforce practices or to address strategic human capital objectives.
return to top

What are the plans for People CMM in the coming year?
The People CMM team is migrating to SCAMPI for People CMM Appraisals. Six pilot SCAMPI A appraisals were completed from 2004 to 2006. An interpretive guidance document, Interpreting SCAMPI for a People CMM Appraisal at Tata Consultancy Services has been published and is available on the SEI's Web site at
An Intermediate Concepts of the People CMM Course is available to the public. Information about that course and the necessary prerequisites can be found at
A People CMM Instructor Training course is available for those who wish to become SEI-authorized Introduction to People CMM instructors. Information about the course and the prerequisites for taking it can be found at
A SCAMPI for People CMM course will be available in 2007.
return to top

How do I become a People CMM Lead Appraiser?
Organizations that become SEI Partners for SCAMPI (Standard CMMI Appraisal Method for Process Improvement) with People CMM appraisal services can sponsor candidates to become SEI-authorized SCAMPI Lead Appraisers. Candidates who successfully complete the process outlined below will be authorized to train appraisal teams and lead appraisals on behalf of SEI Partner organizations.
Individuals who wish to become Authorized SCAMPI with People CMM Lead Appraisers must meet the following requirements:
ensure that their organizations have applied to become transition partners for SCAMPI appraisal services, have been accepted, and have signed the applicable Carnegie Mellon University/SEI agreement
have a signed Code of Professional Conduct for SEI Services in place
have successfully completed the application process to become an Authorized People CMM SCAMPI Lead Appraiser that consists of
participation as an appraisal team member on at least one SCAMPI A appraisal with People CMM within the prior 24 months
at least ten years of management, human resources, or organizational development experience
a minimum of two years of experience managing technical personnel
an advanced degree in a related management area or equivalent experience
have successfully completed the Introduction to People CMM course
have successfully completed the Intermediate Concepts of People CMM course
have successfully completed the SCAMPI Lead Appraiser Training for People CMM
have successfully been observed leading a SCAMPI Appraisal with People CMM
return to top

How do I get more information about the People CMM?
Direct links to all People CMM products and services can be found at Questions about the Introduction to the People CMM course can be directed to Course Information e-mail: Questions about interpreting the People CMM should be directed to Sally Miller, e-mail to Additionally, the Software Engineering Information Repository (SEIR) contains a People CMM section where users of the model have contributed implementation guidance. You can access the SEIR at
return to top

My organization is planning an appraisal soon, and we have been guiding our improvement program with Version 1 of the People CMM; can we still conduct the appraisal with version 1?
Appraisals against People CMM version 1 are no longer accepted. All organizations should use version 2 of the model for guiding improvement programs and appraisal because of its improvements and greater consistency with CMMI.
return to top

Why isn't there a continuous representation of People CMM version 2?
People CMM version 2 is only produced in a staged representation. After lengthy review of the literature and experience gathered from implementers on programs to improve workforce practices, the authors determined that these programs often fail when workforce practices are not introduced as a system, but rather are deployed in isolation. For instance, efforts to install empowered teams are likely to fail if compensation practices continue to reward individual performance without recognizing contribution to team performance and team success.
return to top

Will People CMM version 2 be integrated into CMMI?
There are no existing plans to integrate the People CMM into CMMI, either directly or by extensions. Currently, the CMMs that have been integrated in CMMI all concern behavior performed in or on behalf of projects, whereas the People CMM concerns behavior performed regularly throughout the organization. Nevertheless, People CMM Version 2 has adopted some of the advances made in the CMMI Framework and has tried to ensure that People CMM improvement programs would integrate with improvement programs guided by CMMI. Enhancing the focus on process abilities in workforce competencies at maturity level 3 and quantitative performance management practices at maturity level 4 will make integrating these various models much easier.
return to top

How does People CMM version 2 support integrated product development teams?
Because of its inherent subject matter, the People CMM presents a more detailed model for the evolutionary development of workgroups or teams. Nevertheless, the CMMI-DEV+IPPD model and People CMM both focus on process-based workgroup development at maturity level 3, and this was one motivation for creating People CMM version 2. The IPPD materials in CMMI-DEV+IPPD are supported by several process areas in People CMM Version 2 as follows:
Integrated Project Management (IPPD)Specific Goal 3 - Apply IPPD Principles
Competency Analysis (level 3)Communication and Coordination (level 2)Workgroup Development (level 3)
Organization Process Definition (OPD) Specific Goal 2 - Enable IPPD Management
Work Environment (level 2)Communication and Coordination (level 2)Compensation (level 2)Workgroup Development (level 3)Participatory Culture (level 3)Workforce Planning (level 3)Competency Development (level 3)Competency-Based Practices (level 3)
Additional People CMM guidance for integrated product development teams can be found in Competency Integration (level 4), Empowered Workgroups (level 4), and Continuous Capability Improvement (level 5). These are high maturity process areas within a staged model, so care should be taken to ensure that an organization has the proper foundation (maturity level 2 and 3) in place to manage successful implementation.
return to top

Where can I obtain training on the People CMM?
The SEI-authorized Introduction to the People CMM , Intermediate Concepts of the People CMM, People CMM Instructor Training and SCAMPI for People CMM courses are offered by the SEI. For more information on these courses and for a list of scheduled dates, see the SEI Web site at
The SEI-authorized Introduction to the People CMM course is also available from SEI Partner organizations.
return to top

When will you release People CMM version 3?
Currently there are no plans for a version 3. Version 2 was not released for review until six years after the release of version 1 in 1995. We do not anticipate accelerating the revision cycle unless there is evidence from People CMM improvement programs that significant additions or changes need to be made to the model.
return to top

How do I find an authorized People CMM Lead Appraiser?
The list of SEI-authorized SCAMPI for People CMM Lead Appraisers will appear in the online Partner Directory in November 2006.
The listing of authorized People CMM Lead Assessors who are still using the soon to be sunsetted People CMM Appraisal Method can be found at
return to top

ISO/IEC 15504 FAQ's