Presentation is loading. Please wait.

Presentation is loading. Please wait.

1/ Spring 2008 / EDS INTERNAL 11 April 2007 CMM, ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufacturing Services.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1/ Spring 2008 / EDS INTERNAL 11 April 2007 CMM, ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufacturing Services."— Presentation transcript:

1 1/ Spring 2008 / EDS INTERNAL 11 April 2007 CMM, ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufacturing Services

2 2/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Agenda Who Am I - EDS ISO CMM Sarbanes Oxley

3 3/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Who Am I VISTA Volunteer Industrial Engineer Chief Industrial Engineer Manager Production Planning & Control Inventory Control Manager Shift Supervisor Materials Manager Consultant Project Manager Team Leader Managing Consultant Engineering and Manufacturing Services Applications Service Delivery EDS Internal ISO Auditor

4 4/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

5 5/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Process To Develop Software and Systems You Need A Process Anything goes Defined Structured

6 6/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

7 7/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

8 8/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

9 9/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Common Misconceptions I don’t need defined processes I have: –Really good people –Advanced Technology –An experienced manager Defined Processes: –Interfere with creativity –Equals bureaucracy + regimentation –Isn’t needed when building prototypes –Is only useful on large projects –Hinders agility in fast moving projects –Costs too much

10 10/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Why We Need Standard Processes Estimating (History) Scope Cost Time Tools Deliver the Product to Estimate (Visibility) Time Cost Quality Handling/Controlling Changes Planned Unplanned Scope Creep

11 11/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley How to Achieve Quality Processes ISO CMM

12 12/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley ISO – CMM Differences ISO9001:2000CMMI International standard, applies to all types of organizations, supports both product and service oriented organizations Written specifically for software development companies A brief document – about 25 pages long, identifying the minimal requirements for a quality system A detailed document – over 500 pages long Emphasizes on a management of continuous improvement process, based on the PDCA (Plan-Do-Check- Act) model Emphasizes on achieving “maturity” and improving its process continuously One level of standard. The standard is based on recommendation Defines 5 maturity levels of the organization, covering 25 process areas (PAs) Netta Dotan, Quality Assurance & project management, Ronkal Office Technologies

13 13/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley ISO – CMM Differences – My View ISO 9000SW-CMMI Outwardly focusedInwardly focused Minimum requirements with implied continuous improvements Explicit continuous quality improvement Registration DocumentNo documentation Certification audit for a 50 employee organization will be executed by -12 auditors during one day Certification audit for a 50 employee organization will be executed by 4 auditors during 4-5 days Netta Dotan, Quality Assurance & project management, Ronkal Office Technologies

14 14/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Both require the organization be explicit about what their processes and quality systems are Say what you do; do what you say The organization records and tracks data for objective analysis Require strong management support to succeed Provide a structured and measured approach to quality improvement Require an outside audit for “certification” Both are refined/improved over time ISO – CMM Similarities

15 15/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Meet ISO ISO (International Organization for Standardization) is the world's largest developer and publisher of International Standards. ISO is a network of the national standards institutes of 157 countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system. ISO is a non-governmental organization that forms a bridge between the public and private sectors. On the one hand, many of its member institutes are part of the governmental structure of their countries, or are mandated by their government. On the other hand, other members have their roots uniquely in the private sector, having been set up by national partnerships of industry associations. Therefore, ISO enables a consensus to be reached on solutions that meet both the requirements of business and the broader needs of society.

16 16/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley What are standards? Standards are documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose. For example, the format of the credit cards, phone cards, and "smart" cards that have become commonplace is derived from an ISO International Standard. Adhering to the standard, which defines such features as an optimal thickness (0,76 mm), means that the cards can be used worldwide. International Standards thus contribute to making life simpler, and to increasing the reliability and effectiveness of the goods and services we use. Last modified 2002-07-17

17 17/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley The ISO 9000 and ISO 14000 families are among ISO's best known standards ever. ISO 9001:2000 and ISO 14001 (1996 and 2004 versions) are implemented by over 1,000,000 organizations in 161 countries. The ISO 9000 family addresses "quality management". This means what the organization does to fulfill: the customer's quality requirements and applicable regulatory requirements, while aiming to enhance customer satisfaction, and achieve continual improvement of its performance in pursuit of these objectives. The ISO 14000 family addresses "environmental management". This means what the organization does to: minimize harmful effects on the environment caused by its activities, and to achieve continual improvement of its environmental performance. ISO 9000 and ISO 14000 ( Management Systems )

18 18/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley ISO’s Impact In the global economy ISO 9001:2000 and ISO 14001:2004 have become thoroughly integrated with the world economy. ISO 9001:2000 is now firmly established as the globally accepted standard for providing assurance about the quality of goods and services in supplier-customer relations. The positive roles played in globalization by ISO’s standards for quality and environmental management systems include the following: a unifying base for global businesses and supply chains – such as the automotive and oil and gas sectors a technical support for regulation – as, for example, in the medical devices sector) a tool for major new economic players to increase their participation in global supply chains, in export trade and in business process outsourcing; a tool for regional integration – as shown by their adoption by new or potential members of the European Union In the rise of services in the global economy – nearly 33 % of ISO 9001:2000 certificates in 2005 went to organizations in the service sectors.

19 19/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley SectorStandardsPages Generalities, Infrastructure and Sciences1,48254,929 Health, Safety and Environment68424,062 Engineering Technologies4,659202,370 Electronics, Information Technology and Telecommunications 2,739181,455 Transport and Distribution of Goods1,83549,435 Agriculture and Food Technology99722,495 Materials Technology4,166101,731 Construction34112,447 Special Technologies1383,416 Total17,041652,340 Where are the Standards (12/31/07)

20 20/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley The ISO family includes: ISO 9000:2000 – Quality Management Systems – Fundamentals and vocabulary ISO 9001:2000 – Quality Management Systems - Requirements ISO 9004:2000 – Quality Management Systems – Guidelines for performance improvement ISO 19011 – Guidelines on quality and/or environmental management systems auditing. ISO 10012 Measurement control system Which ISO Standards

21 21/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Quality System Documentation QualityManual Level 1 Defines Approach and Responsibility Procedures Level 2 Defines Who, What, When Work/JobInstructions Level 3 Answers How Records/Documentation Level 4 Results: shows that the system is operating

22 22/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley ISO 9001:2000 Structure 4.Quality Management System 4.1 General requirements 4.2 Document requirements 5. Management Responsibility 5.1 Management commitment 5.2 Customer focus 5.3 Quality policy 5.4 Planning 5.5 Responsibility, authority, communication 5.6 Management review 6.Resource Management 6.1 Provision of resources 6.2 Human resources 6.3 Infrastructure 6.4 Work environment 7.Product realization 7.1 Planning of product realization 7.2 Customer-related processes 7.3 Design and development 7.4 Purchasing 7.5 Production and service provision 7.6 Control of monitoring and measuring devices 8.Measurement, Analysis & Improvement 8.1 General 8.2 Monitoring and measurement 8.3 Control of nonconforming product 8.4 Analysis of data 8.5 Improvement

23 23/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Meet CMM CMM – Capability Maturity Model The Capability Maturity models have been developed by the Software Engineering Institute (SEI) The Carnegie Mellon SEI is a federally funded (US Department of Defense) research and development center that provides the technical leadership to advance the practice of software engineering so that software intensive systems can be acquired and sustained with predictable and improved cost, schedule and quality.

24 24/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

25 25/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

26 26/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

27 27/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Process Areas Requirements ManagementOrganizational Process Definition Project PlanningOrganizational Training Project Monitoring & ControlIntegrated Project Management Supplier Agreement ManagementRisk Management Measurement & AnalysisIntegrated Teaming Process & Product Quality Assurance Integrated Supplier Management Configuration ManagementDecision Analysis & Resolution Requirements DevelopmentOrganizational Environment for Integration Technical SolutionOrganizational Process Performance Product IntegrationQuantitative Project Management VerificationOrganizational Innovation & Deployment ValidationCausal Analysis & Resolution Organizational Process Focus

28 28/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

29 29/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

30 30/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

31 31/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

32 32/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

33 33/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

34 34/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

35 35/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

36 36/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

37 37/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

38 38/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley

39 39/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley StagedProcess AreaContinuous L2Requirements ManagementEngineering L2Project PlanningProject Mgmt L2Project Monitoring and ControlProject Mgmt L2Supplier Agreement ManagementProject Mgmt L2Measurement and AnalysisSupport L2Process and Product Quality AssuranceSupport L2Configuration ManagementSupport L3Requirements DevelopmentEngineering L3Technical SolutionEngineering L3Product IntegrationEngineering L3VerificationEngineering L3ValidationEngineering L3Organizational Process FocusProcess Mgmt. L3Organizational Process DefinitionProcess Mgmt. L3Organizational TrainingProcess Mgmt. L3Integrated Project ManagementProject Mgmt L3Risk ManagementProject Mgmt L3Integrated TeamingProject Mgmt L3Integrated Supplier ManagementProject Mgmt L3Decision Analysis and ResolutionSupport L3Organizational Environment for IntegrationSupport L4Organizational Process PerformanceProcess Mgmt. L4Quantitative Project ManagementProject Mgmt L5Organizational Innovation and DeploymentProcess Mgmt. L5Causal Analysis and ResolutionSupport CMM Process Areas

40 40/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Examples of CMMI Impact: ROI 5:1 ROI for quality activities (Accenture) 13:1 ROI calculated as defects avoided per hour spent in training and defect prevention (Northrop Grumman Defense Enterprise Systems) Avoided $3.72 M in costs due to better cost performance (Raytheon North Texas Software Engineering) as the organization improved from SW-CMM level 4 to CMMI level 5 2:1 ROI over 3 years (Siemens Information Systems Ltd, India) 2.5:1 ROI over 12st year, with benefits amortized over less than 6 months (reported under non disclosure) (reported by the American Society for Quality)

41 41/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Sarbanes-Oxley Implications With its more than 300 discrete points of enforceable law, this is the most significant piece of account legislation passed since the formation of the SEC in 1933 SOX was passed with the specific intent of increasing accountability and attempting to install ethical behavior in financial reporting and business operations. With this increase spotlight on reporting, companies must invest resources and focus into their internal control process The Act created the Public Company Accounting Oversight Board (PCAOB) to oversee the activities of the auditing profession and mandated reforms to enhance corporate and criminal fraud accountability. A goal of SOX legislation is to continually improve the transparency of financial and business events that can impact the accuracy and future validity of financial statements. Projects to improve processes and regular review of controls will become common-place activities as compliance evolves. Tools that simplify project completion and track status will better enable organization to cost-effectively undertake these projects.

42 42/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley SOX Major Section 302 – Corporate Responsibility for Financial Reports Requires Executives to certify the accuracy of corporate financial reports 404 – Management Assessment of Internal Controls Requires executives and auditors to confirm the effectiveness of internal controls for financial reporting 409 – Real Time Issuers Disclose Requires any material changes in financial state of issuer be communicated quickly and with supporting data to the public

43 43/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley Implications for IT Configuration management is now a must Change controls must be handled more carefully Security, security, security All system changes must be verifiable by a clear audit trail Reduce reliance on batch processing, update data warehouse more frequently Interfaces from any financial system must be documented and controlled IT activities must be aligned with the company’s governance and risk policies

Download ppt "1/ Spring 2008 / EDS INTERNAL 11 April 2007 CMM, ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufacturing Services."

Similar presentations

Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
More CMM Part Two : Details.

More CMM Part Two : Details.
How ISO9001 Compares with CMM Mark C. Paulk JAN,1995 CMM version 1.1 ISO9001 July 1994 presented by Zhilan Zhou.

How ISO9001 Compares with CMM Mark C. Paulk JAN,1995 CMM version 1.1 ISO9001 July 1994 presented by Zhilan Zhou.
CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.

CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.
1/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufactuing Services.

1/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufactuing Services.
11 April 2007 CMM vs. ISO David S. Craft CIRM, PMP.

11 April 2007 CMM vs. ISO David S. Craft CIRM, PMP.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
1/ November 2007 / EDS INTERNAL 11 April 2007 CMM, ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufacturing Services.

1/ November 2007 / EDS INTERNAL 11 April 2007 CMM, ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufacturing Services.
Software Quality Processes – Part II CSSE 376, Software Quality Assurance Rose-Hulman Institute of Technology March 19, 2007.

Software Quality Processes – Part II CSSE 376, Software Quality Assurance Rose-Hulman Institute of Technology March 19, 2007.
Chapter 3 Global Supply Chain Quality and

Chapter 3 Global Supply Chain Quality and
ISO 9000 and Total Quality: The Relationship Eng. Basel F. Qandeel.

ISO 9000 and Total Quality: The Relationship Eng. Basel F. Qandeel.
ISO 9000:2000 Quality system standards adopted in 1987 by International Organization for Standardization; revised in 1994 and 2000 Technical specifications.

ISO 9000:2000 Quality system standards adopted in 1987 by International Organization for Standardization; revised in 1994 and 2000 Technical specifications.
Agenda Review homework Final Exam requirments ISO 9000 Baldridge

Agenda Review homework Final Exam requirments ISO 9000 Baldridge
Www.iso.org International Organization for Standardization www.isoukas.com AIMS MANAGEMENT CONSULTANTS Vijay Garg 011 64147411, 9212293916.

International Organization for Standardization AIMS MANAGEMENT CONSULTANTS Vijay Garg ,
How ISO 9001 Fits Into The Software World? Management of Software Projects and Personnel CIS 6516 March 6, 2006 Prepared by Olgu Yilmaz Swapna Mekala.

How ISO 9001 Fits Into The Software World? Management of Software Projects and Personnel CIS 6516 March 6, 2006 Prepared by Olgu Yilmaz Swapna Mekala.
Software Process Improvement Initiative

Software Process Improvement Initiative
11 April 2007 CMMI vs. ISO David S. Craft CIRM, PMP.

11 April 2007 CMMI vs. ISO David S. Craft CIRM, PMP.
ISO 9000 Implementation Imran Hussain.

ISO 9000 Implementation Imran Hussain.
OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Software Quality assurance (SQA) SWE 333 Dr Khalid Alnafjan

OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Software Quality assurance (SQA) SWE 333 Dr Khalid Alnafjan

Similar presentations

Ads by Google