Presentation is loading. Please wait.

Presentation is loading. Please wait.

1/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufactuing Services.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufactuing Services."— Presentation transcript:

1 1/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufactuing Services

2 2/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Agenda Who Am I CMM ISO Similarities And Differences Sarbanes Oxley

3 3/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Who Am I VISTA Volunteer Industrial Engineer Chief Industrial Engineer Manager Production Planning & Control Inventory Control Manager Shift Supervisor Materials Manager Consultant Project Manager Information Specialist, Senior Team Leader Managing Consultant Engineering and Manufacturing Services Applications Service Delivery Internal ISO Auditor

4 4/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

5 5/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

6 6/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

7 7/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

8 8/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Federal government cannot distinguish between competing bids for software development Early 1980’s - Federal Government (Congress) awards a contract to establish the Software Engineering Institute (SEI) at Carnegie Mellon University (sponsored by the DOD) 1988 - SEI begins work on a Process Maturity Framework for judging a company’s capability to produce software The Process Maturity Framework evolves into the Capability Maturity Model (CMM) August 1991 – SW-CMM Version 1 released SE-CMM developed by the Enterprise Process Improvement Collaboration (EPIC) 1992 - CMM Version 1.1 released 1999 - Begin developing CMMI (CMM Integrated) 2002 – CMMI SE/SW/IPPD/SS Version 1.1 introduced 200? - CMMI Version 1.2 Released CMMI History

9 9/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

10 10/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

11 11/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

12 12/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

13 13/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

14 14/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

15 15/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

16 16/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

17 17/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

18 18/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

19 19/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

20 20/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

21 21/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

22 22/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

23 23/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

24 24/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

25 25/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

26 26/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

27 27/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Began with British Military standards ISO organization was established in 1947 Headquartered in Geneva, Switzerland Currently composed of 148 National Standard Bodies and 2,981 technical bodies As of 12/31/05 there are 15,649 International Standards embodied in 573,494 pages of English text ISO History

28 28/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley What are standards? Standards are documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose. For example, the format of the credit cards, phone cards, and "smart" cards that have become commonplace is derived from an ISO International Standard. Adhering to the standard, which defines such features as an optimal thickness (0,76 mm), means that the cards can be used worldwide. International Standards thus contribute to making life simpler, and to increasing the reliability and effectiveness of the goods and services we use. Last modified 2002-07-17

29 29/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley SectorStandard s Pages Generalities, Infrastructure and Sciences1,40649,761 Health, Safety and Environment65820,252 Engineering Technologies4,099169,843 Electronics, Information Technology and Telecommunications 2,447161,132 Transport and Distribution of Goods1,71044,918 Agriculture and Food Technology95420,335 Materials Technology3,94393,121 Construction31111,068 Special Technologies1213,064 Total15,649573,494 Where are the Standards (12/31/05)

30 30/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley The ISO family includes: ISO 9000:2000 – Quality Management Systems – Fundamentals and vocabulary ISO 9001:2000 – Quality Management Systems - Requirements ISO 9004:2000 – Quality Management Systems – Guidelines for performance improvement ISO 19011 – Guidelines on quality and/or environmental management systems auditing. ISO 10012 Measurement control system Which ISO Standards

31 31/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Quality System Documentation Procedures Records/Documentation QualityManual Work/JobInstructions Level 1 Defines Approach and Responsibility Level 2 Defines Who, What, When Level 3 Answers How Level 4 Results: shows that the system is operating

32 32/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley ISO 9001:2000 Structure 4.Quality Management System 4.1 General requirements 4.2 Document requirements 5. Management Responsibility 5.1 Management commitment 5.2 Customer focus 5.3 Quality policy 5.4 Planning 5.5 Responsibility, authority, communication 5.6 Management review 6.Resource Management 6.1 Provision of resources 6.2 Human resources 6.3 Infrastructure 6.4 Work environment 7.Product realization 7.1 Planning of product realization 7.2 Customer-related processes 7.3 Design and development 7.4 Purchasing 7.5 Production and service provision 7.6 Control of monitoring and measuring devices 8.Measurement, Analysis & Improvement 8.1 General 8.2 Monitoring and measurement 8.3 Control of nonconforming product 8.4 Analysis of data 8.5 Improvement

33 33/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Both require the organization be explicit about what their processes and quality systems are Say what you do; do what you say The organization records and tracks data for objective analysis Require strong management support to succeed Provide a structured and measured approach to quality improvement Require an outside audit for “certification” Both are refined/improved over time Similarities

34 34/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Differences ISO 9000SW-CMMI Outwardly focusedInwardly focused Minimum requirements with implied continuous improvements Explicit continuous quality improvement Not specific to any one industry or service Software focus Registration DocumentNo documentation Continual AuditsNo follow up audits

35 35/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Sarbanes-Oxley Implications With its more than 300 discrete points of enforceable law, this is the most significant piece of account legislation passed since the formation of the SEC in 1933 SOX was passed with the specific intent of increasing accountability and attempting to install ethical behavior in financial reporting and business operations. With this increase spotlight on reporting, companies must invest resources and focus into their internal control process The Act created the Public Company Accounting Oversight Board (PCAOB) to oversee the activities of the auditing profession and mandated reforms to enhance corporate and criminal fraud accountability. A goal of SOX legislation is to continually improve the transparency of financial and business events that can impact the accuracy and future validity of financial statements. Projects to improve processes and regular review of controls will become common-place activities as compliance evolves. Tools that simplify project completion and track status will better enable organization to cost-effectively undertake these projects.

36 36/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

Download ppt "1/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufactuing Services."

Similar presentations

Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Welcome to ISO 9000 for Managers

Welcome to ISO 9000 for Managers
How ISO9001 Compares with CMM Mark C. Paulk JAN,1995 CMM version 1.1 ISO9001 July 1994 presented by Zhilan Zhou.

How ISO9001 Compares with CMM Mark C. Paulk JAN,1995 CMM version 1.1 ISO9001 July 1994 presented by Zhilan Zhou.
Comparative Analysis of IT Control Frameworks in the Context of SOX By: Malik Datardina, CA, CISA University of Waterloo.

Comparative Analysis of IT Control Frameworks in the Context of SOX By: Malik Datardina, CA, CISA University of Waterloo.
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 1998 by Carnegie Mellon.

Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1998 by Carnegie Mellon.
Low Defect Potentials (< 1 per function point)

Low Defect Potentials (< 1 per function point)
Sarbanes Oxley & CMMI Mazars / Lamri

Sarbanes Oxley & CMMI Mazars / Lamri
CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.

CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Sarbanes-Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation
1 Quality Management Standards. 2 THE ISO 9000 FAMILY ISO 9000: 2005 Identifies the fundamentals and vocabulary for Quality Management Systems (QMS) ISO.

1 Quality Management Standards. 2 THE ISO 9000 FAMILY ISO 9000: 2005 Identifies the fundamentals and vocabulary for Quality Management Systems (QMS) ISO.
11 April 2007 CMM vs. ISO David S. Craft CIRM, PMP.

11 April 2007 CMM vs. ISO David S. Craft CIRM, PMP.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Quality Management Systems Chapter 10. Introduction ISO- International Organization for Standardization Founded in 1946, in Geneva, Switzerland Main function.

Quality Management Systems Chapter 10. Introduction ISO- International Organization for Standardization Founded in 1946, in Geneva, Switzerland Main function.
TERMINOLOGY OF ISO 9001:2000 By KOESWIDIJONO. ISO ISO : THE INTERNATIONAL ORGANIZATION FOR STANDARDIZATION IS A WORLDWIDE FEDERATION OF NATIONAL STANDARDS.

TERMINOLOGY OF ISO 9001:2000 By KOESWIDIJONO. ISO ISO : THE INTERNATIONAL ORGANIZATION FOR STANDARDIZATION IS A WORLDWIDE FEDERATION OF NATIONAL STANDARDS.
1 HUMAN RESOURCES: SOCIAL RESPONSIBILITY AND BUSINESS ETHICS.

1 HUMAN RESOURCES: SOCIAL RESPONSIBILITY AND BUSINESS ETHICS.
1/ November 2007 / EDS INTERNAL 11 April 2007 CMM, ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufacturing Services.

1/ November 2007 / EDS INTERNAL 11 April 2007 CMM, ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufacturing Services.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Similar presentations

Ads by Google