IT QUALITY ASSURANCE AND INFORMATION AUDIT

MIM Third Year (2015 - 2018)
IT QUALITY ASSURANCE AND
INFORMATION AUDIT
JBIMS MIM SEM V 2015-2018
MUFADDAL NULLWALA– 15-I-131

ISO 9001:2015 & CMMI in IT
CMMI ISO 9001:2015
What is CMMI Introduction To ISO 9001:2015
Objectives of CMMI Developments of ISO
CMMI Representations Structure of ISO 9001:2015
CMMI Maturity Levels Key revisions of ISO 9001:2015
CMMI Capability Levels Benefits of ISO 9001:2015
CMMI Process Areas ISO 9001:2015 Model
CMMI Appraisals The Principals behind ISO 9001:2015
TOPICS TO BE COVERED

What is CMM?
● CMM stands for Capability Maturity Model
● It is a method to evaluate and measure the maturity of the software
development process of an organization
● CMM v1.3 was developed by the Software Engineering Institute (SEI) at
Carnegie Mellon University in Pittsburgh, USA
● Measures the maturity of the software development process on a scale of 1
to 5
● CMM was originally developed for Software Development and
Maintenance but later it was developed for :
1. Systems Engineering
2. Supplier Sourcing
3. Integrated Product and Process Development
4. People CMM
5. Software Acquisition

What is Maturity?
● Mature Processes are:
1. Well-defined
2. Repeatable
3. Measured
4. Analyzed
5. Improved
6. Effective
● CMM helps to solve the maturity problem by defining a set of practices
and providing a general framework for improving them. The focus of
CMM is on identifying key process areas and the exemplary practices
that may comprise a disciplined software process

Mature VS Immature Organizations
Immature Organizations Mature Organizations
Process improvised during project Inter-group communication and
coordination
Approved processes being ignored Work accomplished according to
plan
Reactive, not proactive Practices consistent with processes
Unrealistic budget and schedule Processes updated as necessary
Quality sacrificed for schedule Well-defined roles/responsibilities
Minimal objective measure of
quality
Management formally commits

Objectives of CMMI
● Produce quality products or services
● Create value for the stakeholders
● Enhance customer satisfaction
● Increase market share
● Gain an industry-wide recognition for excellence
● CMMI for Development - DEV
● CMMI for Acquisition - ACQ
● CMMI for Services - SVC
3 Flavors CMMI – “CONSTELLATIONS”

CMMI - Representations
● A representation allows an organization to pursue different
improvement objectives. An organization can go for one of the
following two improvement paths.
● Staged Representation
● Continuous Representation

Staged Representation
● It is an approach that uses
predefined sets of process areas
to define an improvement path
for an organization
● Uses maturity level to measure
process improvement
● Predefined & proven path with
case-study and ROI data
● Focuses on organisationnel
improvement

Continuous Representation
● The continuous representation
enables the organization to
choose the focus of its process
improvement efforts by choosing
those process areas, or sets of
interrelated process areas, that
best benefit the organization and
its business objectives.
● Improvement is measured using
capability levels

Maturity Levels
● Levels are used in CMMI solutions to describe evolutionary paths recommended for
organizations that wish to improve their processes used to acquire, develop, and deliver
products and services
● Maturity levels provide a staging of processes for improvement across your organization
from maturity level 1 to maturity level 5. This improvement involves achieving the goals of
the process areas at each maturity level. Process areas can be grouped by maturity level,
indicating which process areas to implement to achieve each maturity level. Maturity levels
are illustrated by a single number (e.g., maturity level 3)
● To reach a particular level, an organization satisfies all of the goals of the process area or
set of process areas that are targeted for improvement, regardless of whether it is a
capability or a maturity level. Both are valid ways to improve your processes to achieve
business objectives; and both provide the same essential content and use the same model
components.
● Your process improvement goals should always be based on your business objective.
Experience has shown that organizations benefit from achieving a level only when the
focus of improvement is on shared higher-level objectives, not a focus on achieving the
level itself. When the focus is on achieving business objectives, the levels result naturally.
● Maturity levels apply to your organization’s process improvement achievement in multiple
process areas. These levels are a means of improving the processes corresponding to a
given set of process areas (i.e., maturity level). The five maturity levels are numbered 1
through 5. The maturity level applies to the scope of the organization that was appraised
(e.g., three projects, a department, a division).

IT QUALITY ASSURANCE AND INFORMATION AUDIT

Capability Levels
● A capability level is a well-defined evolutionary plateau describing the
organization's capability relative to a process area. A capability level
consists of related specific and generic practices for a process area that
can improve the organization's processes associated with that process
area. Each level is a layer in the foundation for continuous process
improvement
● Thus, capability levels are cumulative, i.e., a higher capability level
includes the attributes of the lower levels
● In CMMI models with a continuous representation, there are six
capability levels designated by the numbers 0 through 5

Process Areas
● A Process Area is a cluster of related practices in an area that, when
implemented collectively, satisfy a set of goals considered important for
making significant improvement in that area
● All CMMI process areas are common to both continuous and staged
representations
● The CMMI Process Areas (PAs) can be grouped into the following four
categories to understand their interactions and links with one another
regardless of their defined level:
➢ Process Management
➢ Project Management
➢ Engineering
➢ Support

CMMI Appraisals
● The CMMI Appraisal is an examination of one or more processes by a
trained team of professionals using an appraisal reference model as the
basis for determining strengths and weaknesses of an organization.
● Appraisals consider three categories of model components as defined
in the CMMI:
➢ Required: specific and generic goals only
➢ Expected: specific and generic practices only
➢ Informative: includes sub practices and typical work products

CMMI for Development (CMMI-DEV)
● CMMI - DEV model is collection of best practices meant for
Software Development & Support Companies to improve their products and as a result to
improve customer satisfaction.
● CMMI-DEV offers a possibility to eliminate or avoid the barriers,
problems faced by many organizations worldwide.
● CMMI-DEV comprises of best practices that address development activities
applicable to products and services developed by an organization.
● It also comprises practices that include the product’s lifecycle covering from beginning
to delivery and maintenance.
● There are four broad process areas for CMMi-Dev. These are
(i) Process management
(ii) Project Management
(iii) Engineering Process Management and
(iv) Support processes

Process Areas
A process area is a group of relevant practices (known as Specific Practices), when
implemented together, satisfies a set of goals (Specific Goals) considered significant to
make improvement in that particular area. The 22 process areas are presented in
alphabetical order by acronym:
The Process Areas under Process Management include:
1. Organization Process Definition (OPD) ML3: Is CMMI Maturity Level 3
Process Area under the Process Management category. It helps in
establishment and maintenance of the process assets, work environment
guidelines/standards, and rules and guidelines for teams at organizational
level.
2. Organization Process Focus (OPF) ML3: The purpose of Organizational
Process Focus (OPF) is to plan, implement, and deploy organizational
process improvements based on a thorough understanding of current
strengths and weaknesses of the organization’s processes and process
assets.
3. Organization Training (OT) ML3 : Organizational Training addresses
training provided to support the organization’s strategic business
objectives and to meet the tactical training needs that are common across
projects and support groups.

Process Areas
4. Organizational Process Performance (OPP) ML4: The purpose of
Organizational Process Performance (OPP) (CMMI-DEV) is to
establish and maintain a quantitative understanding of the
performance of selected processes in the organization's set of standard
processes in support of achieving quality and process performance
objectives, and to provide process performance.
5. Organizational Performance Management (OPM) ML5 : Process area
enables the organization to manage organizational performance by
iteratively analyzing aggregated project data, identifying gaps in
performance against the business objectives, and selecting and
deploying improvements to close the gaps.

The Process Areas under Project Management include:
1. Project Monitoring and Control (PMC) ML2: The purpose of Project
Monitoring and Control (PMC) is to provide an understanding of the project’s
progress so that appropriate corrective actions can be taken when the project’s
performance deviates significantly from the plan.
2. Project Planning (PP) ML2: Helps in establishing the plans for the project task
and activities. Project Planning is an important process area that helps in
setting the foundation of the whole project.
3. Requirements Management (REQM) ML2: The purpose of Requirements
Management (REQM) is to manage requirements of products and product
components of the project and to ensure the management of requirements
with the project plans.
4. Supplier Agreement Management (SAM) ML2: The purpose of Supplier
Agreement Management (SAM) (CMMI-DEV) is to manage the acquisition of
products and services from suppliers.
Process Areas

The Process Areas under Project Management include:
6. Integrated Project Management (IPM) ML3: ): The purpose of Integrated
Project Management (IPM) (CMMI-DEV) is to establish and manage the
project and the involvement of relevant stakeholders according to an
integrated and defined process that is tailored from the organization’s set of
standard processes.
7. Risk Management (RSKM) ML3: Risk Management (RSKM) helps in identifying
potential problem as said and managing / mitigating / eliminating them before
they occur.
8. Quantitative Project Management (QPM) ML4 : Establishing and maintaining
the project's quality and process performance objectives. Composing a defined
process for the project to help to achieve the project's quality and process
performance objectives.
Process Areas

The Process Areas under Engineering Process Management include:
1. Product Integration (PI) ML3: Is one of the core Engineering Process Areas within
CMMi, this process is concerned with assembly of product components to build
the finished software product.
2. Requirements Development (RD) ML3: The purpose of Requirements
Development (RD) (CMMI-DEV) is to elicit, analyze, and establish customer,
product, and product component requirements.
3. Technical Solution (TS) ML3 : The purpose of Technical Solution (TS) is to help in
the selection of the design and implementing solution to requirements. Technical
Solution involves working with product, product components, lifecycle model
selection etc.
4. Validation (VAL) ML3: The purpose of Validation (VAL) is to demonstrate that a
product or product component fulfills its intended use when placed in its intended
environment.
5. Verification (VER) ML3: The purpose of Verification (VER) is to ensure that
selected work products meet their specified requirements.
Process Areas

The Process Areas under Support Process Management include:
1. Configuration Management (CM) ML2: It is a systems engineering process for
establishing and maintaining consistency of a product's performance, functional,
and physical attributes with its requirements, design, and operational information
throughout its life.
2. Measurement and Analysis (MA) ML2: Is a Level 2 support process area within the
Capability Maturity Model Integration (CMMI) process. The purpose of MA is to
provide management information necessary to implement monitoring and control
of various required processes.
3. Process and Product Quality Assurance (PPQA) ML2: Process area supports the
delivery of high-quality products by providing project staff and managers at all
levels with appropriate visibility into, and feedback on, processes and associated
work products throughout the life of the project.
4. Decision Analysis and Resolution (DAR) ML3: The purpose of Decision Analysis
and Resolution (DAR) is to analyze possible decisions using a formal evaluation
process that evaluates identified alternatives against established criteria.
5. Causal Analysis and Resolution (CAR) ML5: The Causal Analysis and Resolution
process area involves the following activities: Identifying and analyzing causes of
selected outcomes. The selected outcomes can represent defects and problems that
can be prevented from happening in the future or successes that can be
implemented in projects or the organization.
Process Areas

Introduction to ISO
● Non-governmental organization established in 1947, based
in Geneva, Switzerland
● Has a membership of 163 national standards institutes from
countries in all regions of the world

About ISO
● Developed more than 18,000 standards for all dimensions of suitable
development: Economic, Environmental & Societal
➢ ISO 9001 – Quality Management Systems (QMS)
➢ ISO 14001 – Environmental Management Systems (EMS)
➢ ISO 27001 – Information Security Management Systems (ISMS)
➢ ISO 22301 - Business Continuity Management (BCMS)
➢ ISO 20000 - Information Technology Service Management System
(SMS)

What is ISO 9001?
● ISO 9001 is one of the standards within the range of ISO
9000 standards
● It’s most popular and commonly used Standard for Quality
Management Systems (QMS)
● International Consensus on good management practices
● Focuses on meeting Customer, Stakeholders requirements &
expectations
● Suitable for all sizes and types of organisations, whatever its
Products or services

Why was ISO 9001:2008 revised?
● All ISO standards must undergo review and possible
amendments by the technical committee every 5 years
● To comply with ISO Directive 2012 Annex SL
● To adopt changing world
● To meet customers expectations
● To sustain the increasingly complex Business Environments

Differences ISO 9001 & CMMi
ISO 9001 CMMi
1. Audit 1. Appraisal
2. Closed – Compliance with ISO
Framework is obligatory
2. Open – Situational compliance
3 Every year Audit 3. Every 3 years appraisal
4. There are different bodies under the
main body of ISO, which have the
authority of certifying the
organization(Third party certification)
4. There is only one govern body which
certifies the organization(Certified by the
CMMi institute)
5. Open to multi sector 5. IT/ITES
6. Outwardly Focus 6. Inwardly Focus

Structure
ISO 9001:2008 Vs. ISO 9001:2015

ISO 9001:2015 Clauses 4-10
● 4. Context of the Organization - Determine external
and internal issues, the needs and expectations of
interested parties, quality management system scope and
its processes
● 5. Leadership - Top management to demonstrate
leadership and commitment, establish and communicate
a quality policy, and ensure responsibilities and
authorities are assigned, communicated and understood.

ISO 9001:2015 - Clauses
● 6. Planning - Organizational Quality Management
System Planning to address organizational risks,
opportunities, changes and quality objectives
● 7. Support - Provide resource needs, ensure
employees are competent and aware, and include
documented information to support your quality
management system.

ISO 9001:2015 - Clauses
● 8. Operation - Plan and control processes needed to meet the
requirements for products and services (Design and development,
external providers, production and service provision, release of
products and services, nonconforming outputs).
● 9. Performance Evaluation - Monitor, measure, analyze, and
evaluate your quality management system.
● 10. Improvement - Select opportunities for improvement, take
action against nonconformities, implement corrective actions as
necessary, and continually improve your quality management
system.

Key Revisions of ISO 9001:2015
● More emphasis on top management’s responsibility
and accountability
● Documents & records are now collectively referred as
documented information
● Preventive action clause is deleted
● Supplies are now known as external providers
● The format of the ISO 9001:2015 now follows Annex
SL, ISO Directive 2012

Continue
● The Standard now based on 7 quality principals against 8 in
9001:2008
● Normative reference is now ISO 9001:2015
● Introduction of Risk Based Thinking (RBT) in Quality
management system
● The terms Product or Service are distinguish from each other
● Organizations will now have to understand their External &
Internal environments, identify associated risks and opportunities
and take appropriate actions

Benefits of ISO 9001 or QMS
● Creditability & Trust (Performance & QA)
● Prevent legal disputes, penalty
● Reduce Rework (Time & Cost)
● Value for Money
● Retain clients
● Competitive Edge

The Principles behind ISO 9001

ISO 9001 builds on seven quality management principles. Following these principles
will ensure the organization or business is set up to consistently create value for its
customers. With these seven pillars firmly in place, implementing a quality
management system will be much easier.
● Customer focus – Understand current and future customer needs. You should meet
customer requirements and strive to exceed customer expectations.
● Leadership - Leaders establish unity of purpose and the direction of the
organization. Leaders should create and maintain an environment where people can
become fully involved in achieving the organization's objectives.
● Involvement of People - People at all levels are the essence of an organization and
their full involvement enables their abilities to be used for the organization's benefit
ISO 9001 Clause Structure

● Process Approach - Desired result is achieved more efficiently when
activities and related resources are managed as a process
● Continual Improvement - Continually improving organization's
overall performance should be a permanent objective
● Factual approach to Decision making - Effective decisions are based
on the analysis of data and information
● Mutually beneficial Supplier relationships - An organization and
its suppliers are interdependent and a mutually beneficial relationship
enhances the ability of both to create value

ISO 9001:2015 – Process Approach

Quality management for Software Development
and Services
● ISO 9001 is for quality management for Both Software Product and
Software Services.
● Quality management means what the organization does “BEST”
● Quality refers to all those features of a product (or service) which
are required by the customer and comply as per the Quality
Standards
● Ensure that its products or services satisfy the customer's quality
requirements.
● Comply with any regulations applicable to those products or
services

ISO 9001 for Software Product/Services
● ISO 9001 is the one of the basic ISO 9000 series of standards for Quality Assurance
● The standard requires:
a) Say what you do- have documented procedures for performing the work that
affects product or service quality
b) Do what you say- carry out the work with the written procedure
c) Record what is done- retain records of activities, providing objective evidence of
compliance to auditors
d) Improve, based on results- compare to what has actually happened to what was
planned. Use this information to identify and correct shortcomings in the quality
system

IT QUALITY ASSURANCE AND INFORMATION AUDIT

More Related Content

What's hot (20)

Similar to IT QUALITY ASSURANCE AND INFORMATION AUDIT (20)

More from Mufaddal Nullwala (20)

Recently uploaded (20)

IT QUALITY ASSURANCE AND INFORMATION AUDIT