Reprisal: Types of Requirements

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Reprisal: Types of Requirements"

Transcription

1 Standards, d Certification and Regulations Reprisal: Types of Requirements Functional requirements: requirements that specify a function that a system or system component must be able to perform The watch shall display the time. Nonfunctional requirements: not specifically concerned with the functionality of a system but place restrictions on the product being developed User visible aspects of the system not directly related to functional behavior Usability; reliability; privacy; security; availability; performance Best to translate non-functional to measurable. The response time must be less than 1 second Constraints ( Pseudo requirements ): not user-visible; imposed by the client that restricts the implementation of the system or the development process The implementation language must be Java. Unit tests must be written in JUnit.

2 Topics Standards/Frameworks [voluntary] ISO 9001 CMMI Certification [voluntary] CCHIT (Healthcare) Regulations [law] HIPAA [see Privacy lecture] Sarbanes Oxley (SOX) What is ISO and ISO 9001? "ISO", the abbreviation for the "International Organization for Standardization" The ISO is a worldwide federation of ~150 national standards bodies Strives to promote the growth of manufacturing, trade and communication through the development of generic quality standards ISO 9001 is the most widely recognized ISO standard ISO 9001 defines the minimum elements an organization needs to implement in order to establish an effective Quality Management System The latest version of this standard was published in December 2000

3 ISO 9001 is not just for software Areas Must establish policies and procedures to address each of these Management responsibility Quality systems Contract review Design control Document and data control Product identification and traceability Process control Inspection and testing Inspection and testing Corrective and preventative action Control of quality records Internal quality audits

4 The principles behind ISO 9000 DECLARE WHAT YOU DO Standards & Procedures DEMONSTRATE IT Certification Records RECORD WHAT YOU DID DO WHAT YOU DECLARE Responsibility ISO : Measures degree to which an organization Says what they do, and does what they say ISO "Will this process help you achieve your stated objectives? Is it a good process or is there a way to do it better?" ISO 9001 Certification Performed by external, independent, trained auditor Not done by ISO itself Countries have accreditation bodies to authorize certification bodies, which audit organizations applying for ISO 9001 compliance certification. Organizations desire the competitive advantage of being able to say they are ISO certified. Danger: organizations sometimes don t want to change (improve) their process once they are certified.

5 Topics Standards/Frameworks [voluntary] ISO 9001 CMMI Certification [voluntary] CCHIT (Healthcare) Regulations [law] HIPAA [see Privacy lecture] Sarbanes Oxley (SOX)

6 Capability Maturity Model Integration (CMMI) Creation of the Software Engineering Institute (SEI) at Carnegie Mellon University The quality of a system or product is highly influenced by the quality of the process used to develop and maintain it. Process improvement approach Collection of best practices Framework for organizing and prioritizing activities Organized into levels... Capability Maturity Model Levels (Staged Representation) 5 4 Focus on process improvement Process measured and controlled Optimizing Quantitatively Managed Process characterized for the organization and is proactive Process characterized for projects and is often reactive Process unpredictable, poorly controlled and reactive Performed Managed Defined Source: Phillips, Mike CMMI V1.1 and Appraisal Tutorial, FEB by Carnegie Mellon University

7 Process Areas by Maturity Level (staged) Level 5 Optimizing Focus Continuous process improvement Process Areas Organizational Innovation and Deployment Causal Analysis and Resolution 4 Quantitatively Managed 3 Defined 2 Managed 1 Performed Quantitative management Process standardization Basic project management Organizational Process Performance Quantitative Project Management Requirements Development Technical Solution Product Integration Verification Validation Organizational Process Focus Organizational Process Definition Organizational Training Integrated Project Management Integrated Supplier Management Risk Management Decision i Analysis and Resolution Organizational Environment for Integration Integrated Teaming Requirements Management Project Planning Project Monitoring and Control Supplier Agreement Management Measurement and Analysis Process and Product Quality Assurance Configuration Management Source: Phillips, Mike CMMI V1.1 and Appraisal Tutorial, F 2004 by Carnegie Mellon Universi CMM Levels Some organizations must attain a certain CMMI level to be considered as a contractor. Especially to be a contractor for the (US) government. Organizations prioritize process improvement activities to attain a CMMI level. Organizations must be appraised by a SEI- trained and certified CMMI appraiser to officially have attained a CMMI level.

8 Maturity Profile by All Reporting USA and Non-USA Organizations 100% 90% 80% USA: 100 % = 498 Non-USA: 100 % = 879 % of Organizations 70% 60% 50% 40% 30% 20% 10% 0% Not Given Performed Initial Managed Defined Quantitatively Managed 271 Based on 498 USA organizations and 879Non-USA organizations Optimizing Source: Phillips, Mike Cost Benefits Industry Examples

9 Topics Standards/Frameworks [voluntary] ISO 9001 CMMI Certification [voluntary] CCHIT (Healthcare) Regulations [law] HIPAA [see Privacy lecture] Sarbanes Oxley (SOX) CCHIT Certification body nonprofit organization with the sole public mission of accelerating the adoption of robust, interoperable health information technology (HIT) by creating a credible, efficient certification process comprehensive, practical definition of what capabilities were needed in [electronic health records systems Current: Functional requirement oriented 2011: also Security and Reliability criteria; interoperability criteria

10 Example Certified Products Topics Standards/Frameworks [voluntary] ISO 9001 CMMI Certification [voluntary] CCHIT (Healthcare) Regulations [law] HIPAA [see Privacy lecture] Sarbanes Oxley (SOX)

11 Sarbanes Oxley (SOX) Executive management of publicly held companies reporting $75 million revenue dollars or more to the SEC must be compliant with the Sarbanes-Oxley Act of 2002 (SOX) legislation. SOX enacted after high profile corporate/accounting scandals such as Enron, WorldCom, Authur Anderson and others. Mandates strict rules relating to corporate transactions and operating practices. Independent corporate auditors examine if an organizations is SOX compliant. Sarbanes-Oxley 2002 Requires management to demonstrate knowledge of underlying process of the business Must be able to describe how transactions are authorized or accepted for input into processing Identify critical data files used during processing Separation of duties. Developers cannot have write access to production system. Define key reports resulting from processing Ongoing process to monitor internal controls while continuously evaluating and improving their effectiveness

12 Useful Links ISO Main Page SEI CMMI Main Page: CCHIT CMMI Models: Sarbanes Oxley

CMMI for Development Introduction & Implementation Roadmap

CMMI for Development Introduction & Implementation Roadmap www.businessbeam.com CMMI for Development Introduction & Implementation Roadmap Business Beam (Pvt.) Limited Today 1 About CMMI for Development 2 Implementation Roadmap 3 CMMI & Business Beam 2 About CMMI

More information

A Report on The Capability Maturity Model

A Report on The Capability Maturity Model A Report on The Capability Maturity Model Hakan Bayraksan hxb07u 29 November 2009 G53QAT Table of Contents Introduction...2 The evolution of CMMI...3 CMM... 3 CMMI... 3 The definition of CMMI... 4 Level

More information

Distributed and Outsourced Software Engineering. The CMMI Model. Peter Kolb. Software Engineering

Distributed and Outsourced Software Engineering. The CMMI Model. Peter Kolb. Software Engineering Distributed and Outsourced Software Engineering The CMMI Model Peter Kolb Software Engineering SEI Trademarks and Service Marks SM CMM Integration SCAMPI are service marks of Carnegie Mellon University

More information

SW Process Improvement and CMMI. Dr. Kanchit Malaivongs Authorized SCAMPI Lead Appraisor Authorized CMMI Instructor

SW Process Improvement and CMMI. Dr. Kanchit Malaivongs Authorized SCAMPI Lead Appraisor Authorized CMMI Instructor SW Process Improvement and CMMI Dr. Kanchit Malaivongs Authorized SCAMPI Lead Appraisor Authorized CMMI Instructor Topics of Presentation Why improvement? What is CMMI? Process Areas and Practices in CMMI

More information

SEI's Capability Maturity Model Integrated (CMMI) Relative to ICM's CMII (Rev B)

SEI's Capability Maturity Model Integrated (CMMI) Relative to ICM's CMII (Rev B) W H I T E P A P E R SEI's Capability Maturity Model Integrated (CMMI) Relative to ICM's CMII (Rev B) SUMMARY CMMI is built on a set of integrated processes and includes CM as a supporting process. The

More information

Developing CMMI in IT Projects with Considering other Development Models

Developing CMMI in IT Projects with Considering other Development Models Developing CMMI in IT Projects with Considering other Development Models Anahita Ahmadi* MSc in Socio Economic Systems Engineering Organizational Process Development Engineer, International Systems Engineering

More information

Certified Software Quality Assurance Professional VS-1085

Certified Software Quality Assurance Professional VS-1085 Certified Software Quality Assurance Professional VS-1085 Certified Software Quality Assurance Professional Certified Software Quality Assurance Professional Certification Code VS-1085 Vskills certification

More information

Capability Maturity Model Integration (CMMI SM ) Fundamentals

Capability Maturity Model Integration (CMMI SM ) Fundamentals Capability Maturity Model Integration (CMMI SM ) Fundamentals Capability Maturity Model Integration and CMMI are are service marks of Carnegie Mellon University 2008, GRafP Technologies inc. 1 What is

More information

CMS Policy for Capability Maturity Model Integration (CMMI)

CMS Policy for Capability Maturity Model Integration (CMMI) Chief Information Officer Office of Information Services Centers for Medicare & Medicaid Services CMS Policy for Capability Maturity Model Integration (CMMI) December 2006 Document Number: CMS-CIO-POL-CMMI01-01

More information

Leveraging CMMI framework for Engineering Services

Leveraging CMMI framework for Engineering Services Leveraging CMMI framework for Engineering Services Regu Ayyaswamy, Mala Murugappan Tata Consultancy Services Ltd. Introduction In response to Global market demand, several OEMs adopt Global Engineering

More information

Software Engineering. Standardization of Software Processes. Lecturer: Giuseppe Santucci

Software Engineering. Standardization of Software Processes. Lecturer: Giuseppe Santucci Software Engineering Standardization of Software Processes Lecturer: Giuseppe Santucci Summary Introduction to Process Models The Capability Maturity Model Integration The ISO 12207 standard for software

More information

Steve Masters (SEI) SEPG North America March 2011. 2011 Carnegie Mellon University

Steve Masters (SEI) SEPG North America March 2011. 2011 Carnegie Mellon University Using Organizational Business Objectives to Guide a Process Improvement Program Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 (SEI) SEPG North America March 2011 Agenda

More information

Process Improvement -CMMI. Xin Feng

Process Improvement -CMMI. Xin Feng Process Improvement -CMMI Xin Feng Objectives History CMMI Why CMMI CMMI representations 4/11/2011 Software Engineering 2 Process Improvement Achieve both qualityand productivity ( 生 产 力 ) It is not necessary

More information

Foredragfor Den Norske Dataforening, den 08.10.2003

Foredragfor Den Norske Dataforening, den 08.10.2003 Foredragfor Den Norske Dataforening, den 08.10.2003 CMM, CMMI and ISO 15504 (SPICE) Bruk av modenhetsmodeller under programmvareutvikling, er det nøkkelen til suskess? Malte Foegen, Jürgen Richter IT Maturity

More information

What Should IS Majors Know About Regulatory Compliance?

What Should IS Majors Know About Regulatory Compliance? What Should IS Majors Know About Regulatory Compliance? Working Paper Series 08-12 August 2008 Craig A. VanLengen Professor of Computer Information Systems/Accounting Northern Arizona University The W.

More information

International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research)

International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) International Journal of Engineering, Business and Enterprise

More information

A Lightweight Supplier Evaluation based on CMMI

A Lightweight Supplier Evaluation based on CMMI A Lightweight Supplier Evaluation based on CMMI Stefan Böcking, Pavlos Makridakis, Gerhard Koller, Frank Meisgen Vodafone Holding GmbH Global Web Enablement Mannesmannufer 2 40213 Düsseldorf Stefan.Boecking@vodafone.com

More information

Creating an SQA Program at NREL A DOE FFRDC Program based on the NDIA/DoD Sponsored CMMI

Creating an SQA Program at NREL A DOE FFRDC Program based on the NDIA/DoD Sponsored CMMI Creating an SQA Program at NREL A DOE FFRDC Program based on the NDIA/DoD Sponsored CMMI CMMI Conference 2011 Tim Kasse 16 November 2011 NREL is a national laboratory of the U.S. Department of Energy,

More information

Software Quality Assurance: VI Standards

Software Quality Assurance: VI Standards Software Quality Assurance: VI Standards Room E 3.165 Tel. 60-3321 Email: hg@upb.de Outline I Introduction II Software Life Cycle III Quality Control IV Infrastructure V Management VI Standards VII Conclusion

More information

Process Improvement. Objectives

Process Improvement. Objectives Process Improvement Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 28 Slide 1 Objectives To explain the principles of software process improvement To explain how software process factors

More information

Case Study of CMMI implementation at Bank of Montreal (BMO) Financial Group

Case Study of CMMI implementation at Bank of Montreal (BMO) Financial Group Case Study of CMMI implementation at Bank of Montreal (BMO) Financial Group Background Started in 1817, Bank of Montreal - BMO Financial Group (NYSE, TSX: BMO) is a highly diversified financial services

More information

Lecture 8 About Quality and Quality Management Systems

Lecture 8 About Quality and Quality Management Systems Lecture 8 About Quality and Quality Management Systems Kari Systä 10.03.2014 10.03.2014 TIE-21100/21106; K.Systä 1 Content of today s lecture Two weeks ago we discussed about testing and inspections, that

More information

CAPABILITY MATURITY MODEL INTEGRATION

CAPABILITY MATURITY MODEL INTEGRATION CAPABILITY MATURITY MODEL INTEGRATION Radu CONSTANTINESCU PhD Candidate, University Assistant Academy of Economic Studies, Bucharest, Romania E-mail: radu.constantinescu@ie.ase.ro Web page: http:// www.raduconstantinescu.ase.ro

More information

Your Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc.

Your Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc. February 2013 1 Executive Summary Adnet is pleased to provide this white paper, describing our approach to performing

More information

Process Improvement. From the Software Engineering Institute:

Process Improvement. From the Software Engineering Institute: Process Improvement From the Software Engineering Institute: The Software Capability Maturity Model (SW-CMM, CMMI) (Especially CMMI V1.1 Tutorial) The Personal Software Process (PSP) (Also see The Team

More information

Contrasting CMMI and the PMBOK. CMMI Technology Conference & User Group November 2005

Contrasting CMMI and the PMBOK. CMMI Technology Conference & User Group November 2005 Contrasting CMMI and the PMBOK CMMI Technology Conference & User Group November 2005 Wayne Sherer U.S. Army ARDEC Sandy Thrasher, PMP Anteon Corporation Agenda Purpose & Overview Considerations for Comparison

More information

Capability Maturity Model Integration (CMMI)

Capability Maturity Model Integration (CMMI) COPYRIGHT 2011 IJCIT, ISSN 2078-5828 (PRINT), ISSN 2218-5224 (ONLINE), VOLUME 02, ISSUE 01, MANUSCRIPT CODE: IJCIT-110748 Capability Maturity Model Integration (CMMI) Anasis Majumdar, Muhammad Ashiqe-Ur-Rouf,

More information

Software Engineering CSCI 4490. Class 50 Software Process Improvement. December 1, 2014

Software Engineering CSCI 4490. Class 50 Software Process Improvement. December 1, 2014 Class 50 Software Process Improvement December 1, 2014 ~Improving the Process of Software Development Our Focus: The role of the Capability Maturity Model Integration (CMMI) in improving the software development

More information

Life Cycle Models, CMMI, Lean, Six Sigma Why use them?

Life Cycle Models, CMMI, Lean, Six Sigma Why use them? Life Cycle Models, CMMI, Lean, Six Sigma Why use them? John Walz IEEE Computer Society, VP for Standards QuEST Forum Best Practices Conference Track 3 What, Where, How & Why Monday, 24-Sep-07, 4:30 5:30

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

AN OVERVIEW OF INFORMATION SECURITY STANDARDS AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

Software Engineering III B.Tech IT SEM-I

Software Engineering III B.Tech IT SEM-I Software Engineering III B.Tech IT SEM-I Term: 2014-2015 Unit-1 PPT SLIDES Text Books:1.Software Engineering, A practitioner s approach Roger s. Pressman 6 th edition McGraw-Hill 2.Software Engineering

More information

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive

More information

Software Quality Standards and. from Ontological Point of View SMEF. Konstantina Georgieva

Software Quality Standards and. from Ontological Point of View SMEF. Konstantina Georgieva SMEF 10-11 June, 2010 Software Quality Standards and Approaches from Ontological Point of View Konstantina Georgieva Otto-von-Guericke University Magdeburg Department of Computer Science, Software Engineering

More information

Quality Systems Frameworks. SE 350 Software Process & Product Quality 1

Quality Systems Frameworks. SE 350 Software Process & Product Quality 1 Quality Systems Frameworks 1 What is a Quality System? An organization uses quality systems to control and improve the effectiveness of the processes used to deliver a quality product or service A Quality

More information

AlienVault for Regulatory Compliance

AlienVault for Regulatory Compliance AlienVault for Regulatory Compliance Overview of Regulatory Compliance in Information Security As computers and networks have become more important in society they and the information they contain have

More information

Sarbanes Oxley and IT

Sarbanes Oxley and IT Sarbanes Oxley and IT Threat or Opportunity? Lee Thornbury J.D. Sarbanes Oxley and IT Threat or Opportunity? By Lee Thornbury J.D. In 2002, Congress passed, and the president signed into law, a House bill

More information

Capability Maturity Model Integrated (CMMI)

Capability Maturity Model Integrated (CMMI) When the Outcome Matters Capability Maturity Model Integrated (CMMI) Configuration Management Considerations Gerard Dache Gerard.dache@psgs.com 703-560-9477 Agenda SEI Overview Capability Maturity Models

More information

Literature. 9. Quality Control. Quality control tries to eliminate coincidence Quality control makes achieving quality repeatable FBI Sentinel Project

Literature. 9. Quality Control. Quality control tries to eliminate coincidence Quality control makes achieving quality repeatable FBI Sentinel Project CHAPTER 9 Quality Control Literature Introduction When, Why and What? Product & Process Attributes Internal & External Attributes Typical Quality Attributes Overview Definitions Quality Assurance Quality

More information

CMMI: Adapting to SEI's New Integrated CMM

CMMI: Adapting to SEI's New Integrated CMM CMMI: Adapting to SEI's New Integrated CMM Richard E. Biehl, CQA, CSQE Data-Oriented Quality Solutions Please note that CMM, CMMI, and Capability Maturity Model are registered trademarks of Carnegie Mellon

More information

Synergism of the CMMI Development and Services Constellations in a Hybrid Organization

Synergism of the CMMI Development and Services Constellations in a Hybrid Organization Overview Presentation Synergism of the CMMI Development and Services Constellations in a Hybrid Organization SM CMMI (Capability Maturity Model Integration) and SCAMPI (Standard CMMI Appraisal Method for

More information

Software Process Improvement Software Business. Casper Lassenius

Software Process Improvement Software Business. Casper Lassenius Software Process Improvement Software Business Casper Lassenius Topics covered ² The process process ² Process measurement ² Process analysis ² Process change ² The CMMI process framework 2 Process ² Many

More information

The Information Security Management System According ISO 27.001 The Value for Services

The Information Security Management System According ISO 27.001 The Value for Services I T S e r v i c e M a n a g e m e n t W h i t e P a p e r The Information Security Management System According ISO 27.001 The Value for Services Author: Julio José Ballesteros Garcia Introduction Evolution

More information

Comply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan

Comply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan Comply, Improve, Transform: Regulatory Compliance Management for Software Development Jim Duggan You Can Offset the Costs of Compliance! Complexity Drives Cost UP Sarbanes-Oxley HIPAA EPA Basel II M&A

More information

Regulatory Compliance and its Impact on Software Development

Regulatory Compliance and its Impact on Software Development Regulatory Compliance and its Impact on Software Development Abdelwahab Hamou-Lhadj Software Compliance Research Group Department of Electrical and Computer Engineering Concordia University 1455 de Maisonneuve

More information

MTAT.03.243 Software Engineering Management

MTAT.03.243 Software Engineering Management MTAT.03.243 Software Engineering Management Lecture 17: Other SPI Frameworks and QM Systems Dietmar Pfahl Spring 2014 email: dietmar.pfahl@ut.ee Structure of Lecture 17 Other SPI Frameworks People CMM

More information

CMMI Version 1.2. SCAMPI SM A Appraisal Method Changes

CMMI Version 1.2. SCAMPI SM A Appraisal Method Changes Pittsburgh, PA 15213-3890 CMMI Version 1.2 SCAMPI SM A Appraisal Method Changes SM CMM Integration, IDEAL, and SCAMPI are service marks of Carnegie Mellon University. Capability Maturity Model, Capability

More information

Software Quality Management

Software Quality Management Software Lecture 9 Software Engineering CUGS Spring 2011 Kristian Sandahl Department of Computer and Information Science Linköping University, Sweden A Software Life-cycle Model Which part will we talk

More information

Using COSO Small Business Guidance for Assessing Internal Financial Controls

Using COSO Small Business Guidance for Assessing Internal Financial Controls Using COSO Small Business Guidance for Assessing Internal Financial Controls By János Ivanyos, Memolux Ltd. (H), IIA Hungary Introduction New generation of general models referring to either IT or Internal

More information

CMMI KEY PROCESS AREAS

CMMI KEY PROCESS AREAS CMMI KEY PROCESS AREAS http://www.tutorialspoint.com/cmmi/cmmi-process-areas.htm Copyright tutorialspoint.com A Process Area is a cluster of related practices in an area that, when implemented collectively,

More information

EASPI EASPI. The Integrated CMMI-based Improvement Framework for Test and Evaluation. Jeffrey L. Dutton Principal Consultant

EASPI EASPI. The Integrated CMMI-based Improvement Framework for Test and Evaluation. Jeffrey L. Dutton Principal Consultant The Integrated CMMI-based Improvement Framework for Test and Evaluation Jeffrey L. Dutton Principal Consultant Engineering and Services Performance Improvement LLC 22 Copyrights and Service Marks CMMI

More information

How SUSE Manager Can Help You Achieve Regulatory Compliance

How SUSE Manager Can Help You Achieve Regulatory Compliance White Paper Server How SUSE Manager Can Help You Achieve Regulatory Compliance Table of Contents page Why You Need a Compliance Program... 2 Compliance Standards: SOX, HIPAA and PCI... 2 What IT Is Concerned

More information

Future of CMM and Quality Improvement. Roy Ko Hong Kong Productivity Council

Future of CMM and Quality Improvement. Roy Ko Hong Kong Productivity Council Future of CMM and Quality Improvement Roy Ko Hong Kong Productivity Council 1 Agenda Future Development of CMMI CMMI and Small Organizations CMMI and Agile Development Good Enough Quality CMMI and Other

More information

SOFTWARE QUALITY & SYSTEMS ENGINEERING PROGRAM. Quality Assurance Checklist

SOFTWARE QUALITY & SYSTEMS ENGINEERING PROGRAM. Quality Assurance Checklist SOFTWARE QUALITY & SYSTEMS ENGINEERING PROGRAM Quality Assurance Checklist The following checklist is intended to provide system owners, project managers, and other information systems development and

More information

Engineering Standards in Support of

Engineering Standards in Support of The Application of IEEE Software and System Engineering Standards in Support of Software Process Improvement Susan K. (Kathy) Land Northrop Grumman IT Huntsville, AL susan.land@ngc.com In Other Words Using

More information

Practical IT Service Management: Rapid ITIL Without Compromise

Practical IT Service Management: Rapid ITIL Without Compromise W H I T E P A P E R Practical IT Service : Rapid ITIL Without Compromise John Custy IT Service Consultant and Managing Consutant JPC Group Executive Summary All businesses face challenges providing the

More information

Benefits to the Quality Management System in implementing an IT Service Management Standard ISO/IEC 20000-1

Benefits to the Quality Management System in implementing an IT Service Management Standard ISO/IEC 20000-1 Benefits to the Quality System in implementing an IT Standard ISO/IEC 20000-1 Presentation to: ASQ North Jersey September 15, 2010 Subrata Guha Director IT s UL DQS Inc. A New Global Alliance for Systems

More information

Delivering a CMMI Compliant Project Plan in 30 minutes

Delivering a CMMI Compliant Project Plan in 30 minutes 1 Delivering a CMMI Compliant Project Plan in 30 minutes Kevin Schaaff Booz Allen Hamilton schaaff_kevin@bah.com Mike Busak Select Business Solutions mike.busak@selectbs.com SEPG 2005 2 Booz Allen Hamilton

More information

Results Oriented Change Management

Results Oriented Change Management Results Oriented Change Management Validating Change Policy through Auditing Abstract Change management can be one of the largest and most difficult tasks for a business to implement, monitor and control

More information

A FRAMEWORK FOR INTEGRATING SARBANES-OXLEY COMPLIANCE INTO THE SOFTWARE DEVELOPMENT PROCESS

A FRAMEWORK FOR INTEGRATING SARBANES-OXLEY COMPLIANCE INTO THE SOFTWARE DEVELOPMENT PROCESS A FRAMEWORK FOR INTEGRATING SARBANES-OXLEY COMPLIANCE INTO THE SOFTWARE DEVELOPMENT PROCESS Sushma Mishra Virginia Commonwealth University mishras@vcu.edu Heinz Roland Weistroffer Virginia Commonwealth

More information

Capability Maturity Model Integration (CMMI ) Overview

Capability Maturity Model Integration (CMMI ) Overview Pittsburgh, PA 15213-3890 Capability Maturity Model Integration ( ) Overview SM CMM Integration, SCAMPI, SCAMPI Lead Appraiser, and SEI are service marks of Carnegie Mellon University., Capability Maturity

More information

With the dawn of the 21st century, a new era of

With the dawn of the 21st century, a new era of Copyright 2007 ISACA. All rights reserved. www.isaca.org. Auditing CMMI Maturity and Sarbanes-Oxley Compliance By Laurent Janssens, CISA, and Peter Leeson With the dawn of the 21st century, a new era of

More information

Using Rational Software Solutions to Achieve CMMI Level 2

Using Rational Software Solutions to Achieve CMMI Level 2 Copyright Rational Software 2003 http://www.therationaledge.com/content/jan_03/f_cmmi_rr.jsp Using Rational Software Solutions to Achieve CMMI Level 2 by Rolf W. Reitzig Founder, Cognence, Inc. Over the

More information

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO

More information

CMMI for Development Quick Reference

CMMI for Development Quick Reference CAUSAL ANALYSIS AND RESOLUTION SUPPORT (ML5) The purpose of Causal Analysis and Resolution (CAR) is to identify causes of selected outcomes and take action to improve process performance. SG 1 Root causes

More information

0. INTRODUCTION 1. SCRUM OVERVIEW

0. INTRODUCTION 1. SCRUM OVERVIEW Scrum and CMMI: A High level assessment of compatibility Srinivas Chillara 1 and Pete Deemer 2 Abstract: This article s purpose is to assess the compatibility of Scrum with CMMI and also provide a base

More information

University of Missouri Kansas City. Financial Sub-Certification

University of Missouri Kansas City. Financial Sub-Certification University of Missouri Kansas City Financial Sub-Certification What is Financial Certification? Process where individuals within the organization provides assurance to verify that the financial statements

More information

CSC 408F/CSC2105F Lecture Notes

CSC 408F/CSC2105F Lecture Notes CSC 408F/CSC2105F Lecture Notes These lecture notes are provided for the personal use of students taking CSC 408H/CSC 2105H in the Fall term 2004/2005 at the University of Toronto. Copying for purposes

More information

2. What do people mean when they say "Sarbanes-Oxley"?

2. What do people mean when they say Sarbanes-Oxley? SARBANES-OXLEY: WHAT IT MEANS TO NONPROFITS Marcus S. Owens Caplin & Drysdale, Chartered One Thomas Circle, NW, Suite 1100 Washington, DC 20005 202-862- 5020/mso(a),capdale.com 1. Introduction On July

More information

Software Process Improvement

Software Process Improvement Software Process Improvement V. Paúl Pauca Department of Computer Science Wake Forest University CSC 331-631 Fall 2013 Software Process Improvement I Management of the software process identified as important

More information

The Information Assurance Process: Charting a Path Towards Compliance

The Information Assurance Process: Charting a Path Towards Compliance The Information Assurance Process: Charting a Path Towards Compliance A white paper on a collaborative approach to the process and activities necessary to attain compliance with information assurance standards.

More information

Surviving SOX with Scrum. Integrating Scrum in IT Governance at Allianz

Surviving SOX with Scrum. Integrating Scrum in IT Governance at Allianz Surviving SOX with Scrum Integrating Scrum in IT Governance at Allianz 1 Who are we? Simon Roberts MBA and Dr. Christoph Mathis Independent Scrum coaches and trainers; Scrum since 2002, XP since late 1990s

More information

Creating a Process Map for Incident Management

Creating a Process Map for Incident Management Creating a Process Map for Incident Management CERT Coordination Center Networked Systems Survivability Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 2004 Carnegie

More information

Implementing Models and Standards for Software Development Benefits and Risks

Implementing Models and Standards for Software Development Benefits and Risks Implementing Models and Standards for Software Development Benefits and Risks Tsvetelina Kovacheva, Quality Manager Musala Soft June 19, 2007 Agenda Difference between Model and Standard Software Development

More information

Towards a new approach of continuous process improvement based on CMMI and PMBOK

Towards a new approach of continuous process improvement based on CMMI and PMBOK www.ijcsi.org 160 Towards a new approach of continuous process improvement based on CMMI and PMBOK Yassine Rdiouat 1, Naima Nakabi 2, Khadija Kahtani 3 and Alami Semma 4 1 Department of Mathematics and

More information

How can I be agile and still satisfy the auditors?

How can I be agile and still satisfy the auditors? How can I be agile and still satisfy the auditors? Welcome & Introductions Steve Ropa Steven.ropa@versionone.com Agile Coach Certified Scrum Master Certified Scrum Product Owner 19 years software development

More information

March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve

March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve HIPAA, SOX, PCI, GLBA...In today's corporate environment, businesses are facing increasing regulation affecting the corporation

More information

CMMi and Application Outsourcing

CMMi and Application Outsourcing White Paper CMMi and Application Outsourcing Abstract A lot of applications outsourcing providers in the market today are claiming for being assessed in different maturity levels of CMMi. But it is important

More information

HDI Support Center Certification: A Pragmatic Approach to Verifying Core ITIL Process Maturity

HDI Support Center Certification: A Pragmatic Approach to Verifying Core ITIL Process Maturity White Paper HDI Support Center Certification: A Pragmatic Approach to Verifying Core ITIL Process Maturity Paul M. Dooley Optimal Connections, LLC www.optimalconnections.com Sept 21, 2006 The Situation

More information

engage. empower. evolve. SARBANES-OXLEY COMPLIANCE

engage. empower. evolve. SARBANES-OXLEY COMPLIANCE engage. empower. evolve. SARBANES-OXLEY COMPLIANCE engage. empower. evolve. OVERVIEW OF THE SARBANES-OXLEY ACT The Sarbanes-Oxley Act of 2002 is the single most important piece of legislation affecting

More information

Incorporate CMMI with Corporate Governance Using Enterprise Software Change Management Solutions

Incorporate CMMI with Corporate Governance Using Enterprise Software Change Management Solutions Incorporate CMMI with Corporate Governance Using Enterprise Software Change Management Solutions Tim Ruzbacki, Sr. Process Consultant MKS Software Inc. 4 th Annual CMMI Technology Conference, Denver CO

More information

Making Compliance Work for You

Making Compliance Work for You white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by

More information

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process Proceedings of FIKUSZ 13 Symposium for Young Researchers, 2013, 67-76 pp The Author(s). Conference Proceedings compilation Obuda University Keleti Faculty of Business and Management 2013. Published by

More information

Sarbanes-Oxley (SOX) The Migration from Project to Process. Practical Actions for Getting Started. Jim DeLoach, Managing Director.

Sarbanes-Oxley (SOX) The Migration from Project to Process. Practical Actions for Getting Started. Jim DeLoach, Managing Director. Sarbanes-Oxley (SOX) The Migration from Project to Process Practical Actions for Getting Started Jim DeLoach, Managing Director November 7, 2006 The Results So Far? Source: AuditAnalytics.com May 2006

More information

Security Engineering Best Practices. Arca Systems, Inc. 8229 Boone Blvd., Suite 750 Vienna, VA 22182 703-734-5611 ferraiolo@arca.com.

Security Engineering Best Practices. Arca Systems, Inc. 8229 Boone Blvd., Suite 750 Vienna, VA 22182 703-734-5611 ferraiolo@arca.com. Tutorial: Instructor: Topics: Biography: Security Engineering Best Practices Karen Ferraiolo, Arca Systems, Inc. 8229 Boone Blvd., Suite 750 Vienna, VA 22182 703-734-5611 ferraiolo@arca.com This tutorial

More information

Software Engineering: Analysis and Design - CSE3308

Software Engineering: Analysis and Design - CSE3308 CSE3308/DMS/2004/25 Monash University - School of Computer Science and Software Engineering Software Engineering: Analysis and Design - CSE3308 Software Quality CSE3308 - Software Engineering: Analysis

More information

Moving from ISO9000 to the Higher Levels of the Capability Maturity Model (CMM)

Moving from ISO9000 to the Higher Levels of the Capability Maturity Model (CMM) Moving from ISO9000 to the Higher Levels of the Capability Maturity Model (CMM) Pankaj Jalote 1 Infosys Technologies Ltd. Bangalore 561 229 Fax: +91-512-590725/590413 Jalote@iitk.ernet.in, jalote@iitk.ac.in

More information

Manoo Ordeedolchest Chairman ICT Policy Committee Sripatum University Microsoft Software Development Life Cycle Management of Enterprise June 5, 2007

Manoo Ordeedolchest Chairman ICT Policy Committee Sripatum University Microsoft Software Development Life Cycle Management of Enterprise June 5, 2007 Manoo Ordeedolchest Chairman ICT Policy Committee Sripatum University Microsoft Software Development Life Cycle Management of Enterprise June 5, 2007 New ICT technologies makes software development more

More information

Managing Software Quality

Managing Software Quality Managing Software Quality Main Issues Quality cannot be added as an afterthought Metrics for measuring quality are necessary Quality can mean different things Quality needs to be implemented both in the

More information

Match point: Who will win the game, ITIL or CMMI-SVC? NA SEPG 2011 Paper Presentation

Match point: Who will win the game, ITIL or CMMI-SVC? NA SEPG 2011 Paper Presentation Match point: Who will win the game, ITIL or CMMI-SVC? NA SEPG 2011 Paper Presentation Anju Saxena John Maher IT Process and Service Management Global Consulting Practice ITIL is a Registered Trade Mark,

More information

The Compelling Case For CMMI-SVC: CMMI-SVC, ITIL & ISO20000 demystified

The Compelling Case For CMMI-SVC: CMMI-SVC, ITIL & ISO20000 demystified The Compelling Case For CMMI-SVC: CMMI-SVC, ITIL & ISO20000 demystified T: 01748 821824 E: marketing@lamri.com Agenda What is CMMI-SVC? How Does CMMI-SVC Relate to Existing Models? CMMI-SVC and ISO 20000

More information

Chap 1. Software Quality Management

Chap 1. Software Quality Management Chap 1. Software Quality Management Part 1.1 Quality Assurance and Standards Part 1.2 Software Review and Inspection Part 1.3 Software Measurement and Metrics 1 Part 1.1 Quality Assurance and Standards

More information

Software Development as a Service. Project vs Service Orientations

Software Development as a Service. Project vs Service Orientations Software Development as a Service Dr. Mark C. Paulk Carnegie Mellon University Project vs Service Orientations Custom software development has traditionally been project-oriented. government contracting

More information

SOFTWARE QUALITY ASSURANCE IN CAPABILITY MATURITY MODEL INTEGRATION

SOFTWARE QUALITY ASSURANCE IN CAPABILITY MATURITY MODEL INTEGRATION SOFTWARE QUALITY ASSURANCE IN CAPABILITY MATURITY MODEL INTEGRATION Rajnipriya Dhawan Information Technology, DAV Institute of Management, Faridabad, (India) ABSTRACT With increasing demand for software

More information

Medicare Health Support: Technology Accomplishments and Challenges

Medicare Health Support: Technology Accomplishments and Challenges Medicare Health Support: Technology Accomplishments and Challenges Dawn Hawkins Johnson, Director, Division of Chronic Care Improvement Programs, PBG, CMM, Centers for Medicare & Medicaid Services (CMS)

More information

Integrating Quality Assurance into the Software Development Life Cycle

Integrating Quality Assurance into the Software Development Life Cycle Integrating Quality Assurance into the Software Development Life Cycle Leslie Tierstein, STR LLC Hilary Benoit, W R Systems W R Systems, Ltd. 1 Overview (1) Why bother with QA? QA and the SEI CMM/CMMI

More information

AS9100 B to C Revision

AS9100 B to C Revision AS9100 B to C Revision Key: Additions Deletions Clarifications 1.2 Application AS9100C Key Additions This standard is intended for use by organizations that design, develop and/or produce aviation, space

More information

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience Management Model (CERT-RMM), both developed at Carnegie

More information

Software Quality Management II

Software Quality Management II Software II Lecture 13 Software Engineering CUGS Kristian Sandahl Department of Computer and Information Science Linköping University, Sweden kristian.sandahl@ida.liu.se A Software Life-cycle Model Which

More information

Practical IT Governance - Using MKS's Enterprise Software Change Management Solution for Greater Auditability and Control

Practical IT Governance - Using MKS's Enterprise Software Change Management Solution for Greater Auditability and Control Practical IT Governance - Using MKS's Enterprise Software Change Management Solution for Greater Auditability and Control Tim Ruzbacki, Process Consultant Craig Hale, Application Engineer 2004 MKS Inc.

More information