CMMI: Bringing Organizational Excellence to Software QA, and Beyond
CMMI stands for Capability Maturity Model Integration. Sounds like a complex term the first time you hear it, doesn’t it? Let’s break it down and see what each component means.
First Capability/Maturity Models were developed through the 1990’s for the U.S. Department of Defence to assess the quality of software engineering contractors. CMM models rated organizations according to their level of process maturity and performance capability. In the beginning, there were multiple CMM models in use that were later combined into a single, integrated model – hence the integration part in the CMMI acronym. Over time, the CMMI framework expanded beyond software engineering. It can now be used to address performance issues in organizations and/or projects in any industry.
CMMI is now being further developed and managed by ISACA’s CMMI Institute. That’s where one finds certified CMMI partners, training courses, information on the appraisal process, and more.
CMMI levels and their definitions
The latest version of CMMI offers five levels of organizational maturity and three levels of capability.
Five organizational maturity levels:
Level 0 – Incomplete (The service provider lacks organizational structure.)
Level 1 – Initial (The processes are reactive and ad-hoc.)
Level 2 – Managed (There is some planning and organization going on.)
Level 3 – Defined (There is even more proactivity and standardization.)
Level 4 – Quantitatively managed (Characterized by well-managed predictable processes and heavy utilization of data to improve processes.)
Level 5 – Optimizing (The org is both stable and flexible. There is a lot of predictability, but also a capacity to respond to change quickly. There is continuous improvement.)
Three performance capability levels:
Level 0 – Incomplete (There is no performance consistency at all.)
Level 1 – Initial (At least some performance issues are addressed.)
Level 2 – Managed (There are certain performance optimization practices in place.)
Level 3 – Defined (The org has clearly-defined performance objectives and organizational standards.)
CMMI’s Getting Started guide emphasizes that, while it’s easy to formally introduce CMMI standards and processes, it is difficult to change people’s habits and deal with resistance. With that said, one should strive for real performance improvements and not just for passing an audit or demonstrating compliance, when adopting CMMI principles.
Those who wish to use the Capability/Maturity Model for organizational improvement can benefit from CMMI appraisals. These are carried out by certified CMMI partner organizations, including partner sponsored individuals. CMMI Institute offers a searchable partner directory that will help you find a suitable appraiser.
The new integrated Capability/Maturity Model uses an improved appraisal method, applicable to a broad variety of markets, organizations, and types of work. The method supports appraisals in a variety of contexts:
- Internal performance and process improvement
- Process monitoring
- Supplier selection
- Risk reduction
In addition, the new method emphasizes a collaborative approach to identifying performance challenges by focusing on the process implementation versus personnel assessment.
Besides appraisals, ISACA-licensed partners can consult on implementing CMMI processes, deliver CMMI courses, and more.
While being structured and detailed, the CMMI model is also flexible and can be used in most scenarios where process or performance improvement/benchmarking is required.
Depending on the organization’s specific pain points, CMMI can prescribe concrete measures to address the shortcomings.
The CMMI model is not prescriptive; rather it describes what to do to improve an organization’s capabilities, not how to do it. This makes the model very flexible to meet the unique needs of any business.
CMMI and software quality assurance
In a paper that talks about the significance of SQA (software quality assurance) and its part in CMMI, the author aligns CMMI maturity levels with corresponding roles/functions QA performs at an organization at each level:
|Maturity level||QA role|
|2. Managed||Quality hurdle|
|3. Defined||Oversight, Metrics|
|4. Quantitatively managed||Process and Risk management|
|5. Optimizing||Reference, Oversight|
|Source: http://data.conferenceworld.in/SUSTECH/P1111-1119.pdf – we named maturity levels according to the latest CMMI model|
The higher the maturity level, the less it is about “putting out fires” and the more it is about preventing/predicting them via proper standardization and oversight.
Now let’s look at how CMMI-defined process areas align with SQA (software quality assurance) and SQC (software quality control) in the CMMI model:
Software engineering process areas where QA/QC play a part:
- Requirements development (Level 3)
- Requirements management (Level 2)
- Verification (Level 3)
- Validation (Level 3)
There is also one QA-specific process area in CMMI, and that is Process and Product QA (Level 2).
These should give you a general idea about how the framework can be used to improve the QA process.
QA/QC-related process areas under CMMI
And now let’s talk a little more in-depth about what each process area means.
Process and Product Quality Assurance
There are two specific goals within this process area:
- Objectively evaluate processes and work products
- Provide objective insight
The first goal is to measure carried-out processes and products-in-development against available process descriptions, standards and procedures.
When noncompliance issues are found, the second goal becomes to provide staff and management with objective (criteria-based) insight regarding said issues, while also documenting them and ensuring they are addressed in due time.
CMMI distinguishes between three types of requirements:
- Customer requirements
- Product requirements
- Product-component requirements
QA ensures that the documented standards/procedures are followed. QA also establishes software KPIs, e.g. the number of errors that can be traced back to incomplete or confusing requirements.
QC verifies requirements for clarity and completeness.
- Version control of the requirements
- Mapping requirements to test cases, planned project items, and deliverables
QA ensures that the documented standards/procedures are followed. QA also establishes software KPIs, e.g., the number of times the wrong requirements version was used, errors arising from insufficient test coverage, etc.
QC verifies accurate connections between the requirements and work products.
Verification is ensuring that “we have built it right”. It lies in checking that the delivered work products satisfy the requirements (mostly a QC role; QA provides oversight).
Verification is ensuring that “we have built the right thing”. Together with QC, end-product users perform acceptance testing to determine whether the product really serves its intended function.
If you are a large (or quickly-growing) organization and are noticing that your processes are chaotic and there are certain performance issues that need to be addressed, consider the CMMI model as a way to “tame” that chaos and make work outcomes plannable and predictable.
Full information on the framework and the organization supporting it can be found at https://cmmiinstitute.com.
with ObjectStyleSee our work