1 SPICE International Standard for Software Process Assessment Marko Pyhäjärvi Helsinki, 31 st November 2004 Seminar on Quality Models for Software Engineering Department of Computer Science UNIVESITY OF HELSINKI
2 2 SPICE - International Standard for Software Process Assessment Marko Pyhäjärvi Seminar on Quality Models for Software Engineering Department of Computer Science UNIVESITY OF HELSINKI Helsinki, 31 st November 2004 Abstract While software projects have became large, industrial production processes, it has been noticed that process assessment can be a strong and effective driver for process improvement. Based on this, acquirers of large, critical softwareintensive systems have impeded for the use of international standard for process assessment. High-quality software is tightly connected to the process used to produce the software. To build high-quality software, organizations have to improve their production processes continuously. SPICE is an international standard for software process assessment and it can be used in process improvement and process capability determination.
3 3 Contents 1 INTRODUCTION SPICE DOCUMENT SUITE PART 1 CONCEPTS AND INTRODUCTORY GUIDE PART 2 A MODEL FOR PROCESS MANAGEMENT PART 3 RATING PROCESS PART 4 GUIDE TO CONDUCTING ASSESSMENT Process assessment Assessment guide PART 5 CONSTRUCTION, SELECTION AND USE OF ASSESSMENT INSTRUMENTS AND TOOLS Construction of an assessment instrument PART 6 QUALIFICATION AND TRAINING OF ASSESSORS PART 7 GUIDE FOR USE IN PROCESS IMPROVEMENT PART 8 GUIDE FOR USE IN DETERMINING SUPPLIER PROCESS CAPABILITY PART 9 VOCABULARY CONCLUSIONS REFERENCES... 20
4 4 1 Introduction SPICE is a major international initiative to support the development of an International Standard for Software Process Assessment. The project has three principal goals [SQI 2004]: To develop a working draft for a standard for software process assessment To conduct industry trials of the emerging standard To promote the technology transfer of software process assessment into the software industry world-wide The first goal was achieved on June 1995 when the version 1 (draft standard) was released. By the normal process of development of international standards, the SPICE documents have been published as ISO/IEC TR 15504: Software Process Assessment. WG10 is continuing the work to the ultimate goal, full international standard [SQI 2004]. The main focus of SPICE project is now on SPICE trials, which are independent trials of SPICE in various organizations. Companies and organizations can apply to register as SPICE trial via SPICE website. These trials provide a lot of information of practical execution of SPICE in various organizations [SQI 2004]. There are a lot of people involved in SPICE development from over 20 countries. The international efforts are coordinated by five international technical centers. This arrangement has brought together software, standards, process and many other developers and academics around the world. The ultimate goal of this international community is to develop a consistent and validated framework for software process assessment [SQI 2004]. Why an international standard is needed? To improve quality and productivity, management needs to somehow measure the process used in development. Process assessment can be a strong and effective driver for process improvement. An international standard will provide the following benefits to software industry [SQI 2004]: Software suppliers will submit to just one process assessment scheme (presently numerous schemes are used) Software development organizations will have a tool to initiate and sustain a continuous process improvement Program managers will have a means to ensure that their software development is aligned with, and supports, the business needs of the organization Practically it means that companies can get much better situation in the competitive world-wide markets when they use internationally standardized
5 5 software process assessment framework. Companies participating the SPICE development ensure that they are at the forefront of this technology when it will reach the international standard. This paper introduces the SPICE concept with its documents for software process assessment. All documents will be presented shortly, describing their purpose and the most important contents, in the subchapter of the chapter 2. 2 SPICE document suite SPICE provides a set of documents, which are used as a framework for the assessment of software process. Organizations can use these documents in various phases of production, for example in planning, managing, monitoring, controlling and improving acquisition, supply, development, operation, evolution and support of software [Sp1 v1.0]. Basically software process assessment examines the selected processes whether they are effective in achieving their goals, which is done by determining the capability of the selected processes. This structured approach for software process assessment helps an organization to improve its processes or to determine its capability for certain requirement, or to determine supplier s capability for certain requirement [Sp1 v1.0]. Process assessment provides information of the capability of the selected processes. Analysis results, from business point of view, identify strengths, weakness and risks inherent in the processes. By this, analysers are able to determine whether the processes are effective, and to identify significant causes of poor quality, or over runs in time or cost. After recognizing these kinds of issues, managers can prioritise improvements to processes [SQI 2004]. Process capability determination analyses the proposed capability of selected processes against a target process capability profile. By this, it tries to find out the risks involved in a project, if the project is run with the analysed processes [SQI 2004]. The document suite of SPICE contains nine different documents, which can be used in process assessment. These documents will be shortly described in the following subchapters. SPICE documents (see figure 1) from 1 to 6 mainly concentrate in addressing various aspects related to process assessment. Other documents, 7 and 8, address the use of process assessment for process improvement or for process capability determination. Document 9 acts as a vocabulary [SQI 2004].
6 6 Figure 1: SPICE document suite 2.1 Part 1 Concepts and introductory guide The purpose of the first document is to provide overall information of software process assessment and its use in two contexts, process improvement and process capability determination. It also describes how various parts of the suite fit together, and it provides guidance for the selection and usage of the documents [Sp1 v1.0]. Figure 2 shows how process assessment and process capability determination affects to process improvement. Basically a process is examined with an assessment, which leads to process capability determination and process improvement. Capability determination identifies the capability and risks of a process, and process improvement identifies the changes, which should be made to the process. Software capability determination generally motivates an organization to do process improvement.
7 7 Figure 2: Process assessment on high level [Sp1 v1.0] There are various benefits from using SPICE in an organization. Most important are listed below: For acquirers: An ability to determine the current and potential capability of a supplier's software processes For suppliers: An ability to determine the current and potential capability of their own software processes A ability to define areas and priorities for software process improvement A framework that defines a road map for software process improvement For assessors: A framework that defines all aspects of conducting assessments SPICE can be used in various contexts. Before using SPICE, the organization must first define the key determinant of why SPICE is needed. There are three choices: To understand the software process used To support process improvement To support process capability determination
8 8 Document 1 describes shortly all the documents in SPICE document set. This information is not presented in this paper, because all documents will be discussed in the following subchapters. 2.2 Part 2 A model for process management Document 2 provides the set of practices fundamental to good software engineering. This document defines various processes which can be used in various phases of production, named acquire, supply, development, support, evolve, and operate [Sp2 v1.0]. The model includes a set of practices, named basic practices and generic practices. Basic practices, grouped into processes and process categories, are essential activities of a specific process, while generic practices, applicable to any process, represent the activities necessary to manage a process and improve its capability to perform [Sp2 v1.0]. Processes, categorized into five process categories in the model, are described below: Customer-Supplier - processes that directly impact the customer, support development and transition of the software to the customer, and provide for its correct operation and use Engineering - processes that directly specify, implement, or maintain a system and software product and its user documentation Project - processes which establish the project, and co-ordinate and manage its resources to produce a product or provide a service which satisfies the customer Support - processes which enable and support the performance of the other processes on a project Organization - processes which establish the business goals of the organization and develop process, product, and resource assets which will help the organization achieve its business goals Proceses in the model are described by base practices, which are their unique software engineering or management activities. Process categories, processes, and base practices provide a grouping by type of activity. [Sp2 v1.0]. Process capability levels, common features, and generic practices are used in evolving process capability. A capability level basically consists of a set of common features (sets of activities), which provide enhancement in the capability
9 9 of performing a process. Compared to the predecessors, each level provide a major enhancement in capability of the performance of a process [Sp2 v1.0]. Capability levels provide two benefits: 1. Acknowledging dependencies among the practices of a process 2. Help an organization to identify which improvements it might perform first Capability levels are named as followed[sp2 v1.0] Level 0 Not performed Level 1 Performed informally Level 2 Planned and tracked Level 3 Well defined Level 4 Quantitatively controlled Level 5 Continuously improving 2.3 Part 3 Rating process Document 3 of SPICE document suite is used in defining the minimum set of requirements for conducting a software process assessment. These requirements are used to ensure that the outputs of the assessment are consistent, repeatable and representative of the process instances assessed [Sp3 v1.0]. A process assessment is practically done by assessing selected processes against the process model defined in document 2. The output of the assessment provides a set of capability level ratings for each process instance assessed [Sp3 v1.0]. This document is primarily addressed to the qualified assessor and other people, such as the sponsor of the assessment, who need to assure themselves that the requirements have been met. It may also be very valuable for developers of assessment methods and tools [Sp3 v1.0]. As part of the SPICE, this document establishes the requirements for a software process assessment, for rating, analysing and profiling an assessment, and defines the circumstances under which assessment results are comparable.
10 10 This document provides an assessment framework which: a) Encourages self-assessment b) Takes into account the context in which the assessed processes operate c) Produces a set of process ratings (a process profile) rather than a pass/fail result d) Through the generic practices, addresses the adequacy of the management of the assessed processes e) Is appropriate across all application domains and sizes of organization 2.4 Part 4 Guide to conducting assessment Process assessment basically means just collecting information describing the current capability of an organization s processes. It is initiated if there is a need to determine and/or improve the capability of these processes. SPICE document 4 provides guidance on interpreting the requirements set out in part 3 primarily for the use in a team-based assessment [Sp4 v1.0]. Although this guidance is directed at conducting a team-based assessment, the principles for rating processes can be used in a continuous, tool-based assessment. Nevertheless, in a continuous assessment the data collection is somehow different [Sp4 v1.0]. This document is primarily aimed at: The assessment team for preparing the assessment The participants in the assessment for understanding the assessment and interpreting the results All staff within organizations for understanding the details and benefits of performing process assessment Tool and method developers for developing tools or methods supporting the process assessment model Process assessment
11 11 Figure 3 describes how a process assessment can be initiated by the need for process improvement or process capability determination. Assessment input is collected with the help of assessment instrument, and the process model is used in assessment. Finally the output is used for process improvement or process capability determination. From process improvement or process cabapility determination Assessment input Assessment purpose Assessment scope Assessment constraints Assessment responsibilities Extended process definitions Additional information to be collected Assessment instrument Process indicators Process management indicators Process Assessment Process model (Part 2 of this International Standard) Process purpose Practices Assessment output Generic practice adequacy ratings Process capability level ratings Assessment record Figure 3: Process assessment context [Sp4 v1.0] To process improvement or process capability determination If process improvement is done, the output of the assessment provides the capability level ratings of the selected processes and the basis to plan, prepare, implement and evaluate specific improvement actions. This is described more detailed in part 7[Sp4 v1.0]. If process capability determination is done, the output of the assessment provides information for identifying, analyzing and quantifying the organization s strengths, weaknesses and risks. This is described more detailed in part 8 [Sp4 v1.0] Assessment guide The assessment contains eight stages, described in figure 4 below. The stages are: 1. Assessment input review 2. Process instance selection
12 12 3. Preparations 4. Information collection and verification 5. Determination of actual ratings 6. Determination of derived ratings 7. Rating validation 8. Presenting the assessment output Reviewing the assessment input Aligned to Presenting assessment output Selecting the process instances Validating the sample Validating the ratings Preparing for assessment Determining derived ratings Collecting and verifying information Determining actual ratings Assessment stages Figure 4 Eight assessment stages 2.5 Part 5 Construction, selection and use of assessment instruments and tools SPICE document 5 establishes the requirements for constructing an assessment instrument. In addition, it provides guidance on selection and usability characteristics associated with various types of assessment instruments [Sp5 v1.0]. An assessment instrument is defined as a tool (or set of tools) which is basically used in evaluation of the adequacy or existence of practices. An assessment instrument is needed to provide a consistent set of indicators as discriminators to help judge how well the practices have been implemented. An assessment instrument provides also a mechanism for recording the collected information [Sp5 v1.0]. This document [Sp5 v1.0]:
13 13 Sets out the minimum requirements to be met in the construction of an assessment instrument Defines a set of indicators to be included in an assessment instrument Provides guidance on the selection, construction and usability of assessment instruments This SPICE document is directed to [Sp5 v1.0]: Those responsible for the design and construction of assessment instruments, e.g. methodology providers, tool suppliers, assessors Assessors and assessment teams with responsibility for the selection and procurement of appropriate assessment instruments Assessors, sponsors or other parties responsible for assessing conformance of an assessment instrument to these requirements Construction of an assessment instrument It is not required in this standard that an assessment instrument should take any particular form or format. It can be, for example, a paper-based instrument containing forms, questionnaires or checklists, or it can be, for example, a computer-based instrument such as a spreadsheet, a data base system or an integrated CASE tool [Sp5 v1.0] Regardless of the form of the assessment instrument, its main objective is to help an assessor to perform an assessment in a consistent and repeatable manner, reducing assessor subjectivity and ensuring the validity, usability and comparability of the assessment results [Sp5 v1.0]. To creach this goal, an assessment instrument should be made according to the instructions defined in Annexes A, B, C and D. All indicators incorporated into an assessment instrument shall be traceable to a corresponding process, generic practice, or base practice in the process model in part 2 of this international standard, or to a practice in an extended process [Sp5 v1.0] Annexes, which provide the actual framework for instrument development, are not described in this paper. They can be found from the actual SPICE document Part 6 Qualification and training of assessors
14 14 When SPICE is used in assessment os a software process, the international standard assumes that the assessment team includes at least one qualified assessor. This qualified assessor is in primary responsibility of the assessment, ensuring that the requirements are met during the assessment. The result of the assessment obviously depends on the skilled judgement of the assessors. The achievement of an acceptable level of consistency, repeatability and reliability of results relies on competent assessors with appropriate skills, experience, and knowledge of the software process, of the model for processes described in document 2, and of the conduct of assessment and rating described in parts 3 and 4 [Sp6 v1.0]. A qualified assessor usually acts as a team leader for the assessment team. This person is in responsibility of ensuring that other team members have the right blend of specialized knowledge and assessment skills. This qualified assessor has to provide the necessary guidance and lead to the team, and help to moderate the judgements and ratings made by other team members to ensure the consistency of the results [Sp6 v1.0]. This document practically describes the assessor competencies and appropriate education, training and experience. The document also introduces mechanisms used in demonstrating the competence and validating the education, training and experience [Sp6 v1.0]. This document is directed to assessors, managers of assessors, and to sponsors of assessments, but it is also useful to organizations offering appropriate assessment training. Figure 5 below describes how a person can become a provisional and/or qualified assessor. Basically becoming a provisional assessor, one needs basic software education and assessor education. To become a qualified assessor, one needs more training and qualifications of education and training.
15 15 INTENDING ASSESSOR 1 Education General Education Software Education Assessor education 2 Training 3 Experience Software Training Assessor Training Software Experience Assessor Experience PROVISIONAL ASSESSOR 4 Assessment Training Training that satisfies the guidance in this document 5 Assessment Experience Assessments guided and supervised by qualified assessors PROVISIONAL ASSESSOR with assessment training and/or experience 6 7 Demonstration of Competence Validation of Education, Training and Experience QUALIFIED ASSESSOR 8 Maintenance of qualification Figure 5 Becoming a provisional or qualified assessor [Sp6 v1.0] In addition to technical skills, assessors should have also certain personal skills, like diplomacy, persistence and judgement. 2.7 Part 7 Guide for use in process improvement Document 7 acts as a guide on using process assessment to understand the current state of processes, and to create and prioritise the improvement plans. The document is primarily aimed at the management of an organization considering a software process improvement programme, members of improvement teams, software engineers, and external consultants [Sp7 v1.0].
16 16 This process improvement guide includes the following [Sp7 v1.0] An overview of process improvement the factors which drive software process improvement and general principles which underpin it A methodology for process improvement an eight step model for improving software processes within a continuous improvement cycle Cultural issues aspects of organizational culture that are critical for successful process improvement Management software process improvement from a management perspective including an overall framework for process measurement This guidance, used in software assessment for process improvement, covers the following: [Sp7 v1.0]: Invoking a software process assessment Using the results of a software process assessment Measuring software process effectiveness and improvement effectiveness Identifying improvement actions aligned to business goals Using the process model in document 2 as a route map for improvement Cultural issues in the context of software process improvement Dealing with management issues for software process improvement The guidance provided by this document, does not presume specific organizational structures, management philosophies, software life cycle models or software development methods. The guidance and principles are appropriate for different business needs, application domains and sizes of organization, so that they may be used by all types of software organizations to guide their improvement activities [Sp7 v1.0]. Figure 6 illustrates the steps for continuous software process improvement using the components of SPICE. A comprehensive process improvement programme may identify improvement goals to be attained over several iterations of the improvement cycle [Sp7 v1.0].
17 17 1 Examine organisation's needs Identified scope and priorities Software process improvement request Improvement initiation 2 Initiate process improvement Organisation's needs 8 Monitor performance Institutionalised improvements Re-assessment request 7 Sustain improvement gains 6 Validated improvement results Confirm the improvement Assessment request Preliminary process improvement programme plan (Parts 3 and 4) 3 Prepare and conduct process assessment Assessment results 4 Analysed re-assessment results Analyse results and derive action plan Approved action plan Implemented improvements 5 Implement improvements current assessed capability Industrial benchmarks Figure 6 Software process improvement steps Practice descriptions from process model (Part 2) (Part 8) Process improvement programme plan for capability determination Target capability profiles from capability determination 2.8 Part 8 Guide for use in determining supplier process capability Document 8 provides guidance on how to utilize process assessment for the purposes of process capability determination. A process capability determination is a systematic assessment and analysis of selected software processes within an organization, carried out with the aim of identifying the strengths, weaknesses and risks associated with deploying the processes to meet a particular specified requirement. This guidance is intended to be applicable across all software application domains, over all software organizational structures, within any software customer-supplier relationship, and to any organization wishing to determine the process capability of its own software processes [Sp8 v1.0].
18 18 This guide is primarily aimed at: The sponsor who initiates the process capability determination The organization whose process capability is to be determined The assessment team Tool and method developers In this guide, two alternative approaches to process capability determination are presented. Core process capability determination is a minimum, streamlined set of activities applicable whenever a single organization needs to identify its current process capability, without any partners or sub-contractors being involved. Extended process capability determination is applicable when an enhanced capability is needed to be done, or when consortia or sub-contractors are involved. Which case is ever selected, the conduct of process capability determination is described in three separate stages, named: [Sp8 v1.0] - Target definition stage - Response stage - Verification and Risk Analysis Stage 2.9 Part 9 Vocabulary Document nine works as a vocabulary. This document is not described more in this paper. For further information, see reference [Sp9 v1.0].
19 19 3 Conclusions This paper introduced the concept of SPICE, Software Process Improvement and Capability Determination. SPICE is a major international initiative to support the development of an International Standard for Software Process Assessment. It contains nine separated documents, which can be used for process improvement and/or process capability determination. This paper discussed those documents, their purpose and the most important contents.
20 20 4 References [SQI 2004] Software Quality Institute. Software Process Improvement and Capability determination. [Sp1 v1.0] SPICE Part 1: Concepts and introductory guide. Version 1.00 [Sp2 v1.0] SPICE Part 2: A model for process management. Version 1.00 [Sp3 v1.0] SPICE Part 3: Rating process. Version 1.00 [Sp4 v1.0] SPICE Part 4: Guide to conducting assessment. Version 1.00 [Sp5 v1.0] [Sp6 v1.0] [Sp7 v1.0] [Sp8 v1.0] SPICE Part 5: Construction, selection and use of assessment instruments and tools. Version 1.00 SPICE Part 6: Qualification and training of assessors. Version 1.00 SPICE Part 7: Guide for use in process improvement. Version 1.00 SPICE Part 8: Guide for use in determining supplier capability. Version 1.00 [Sp9 v1.0] SPICE Part 9: Vocabulary. Version 1.00
Implementing COBIT based Process Assessment Model for Evaluating IT Controls By János Ivanyos, Memolux Ltd. (H) Introduction New generations of governance models referring to either IT or Internal Control
r bulletin 107 august 2001 SPiCE for SPACE: A Process Assessment and Improvement Method for Space Software Development A. Cass, C. Völcker SYNSPACE AG, Binningen, Switzerland L. Winzer, J.M. Carranza Product
Using COSO Small Business Guidance for Assessing Internal Financial Controls By János Ivanyos, Memolux Ltd. (H), IIA Hungary Introduction New generation of general models referring to either IT or Internal
Table 1: FIDIC Quality Management COMPLIANCE Checklist Aspects related to Risk Management have been inserted and highlighted in light blue The aspects that are required by CESA to be complied with by Single
INTRODUCTION 16) QUALITY MANAGEMENT SYSTEMS The aim of this paper is to give a brief introduction to the idea of a quality management system and specifically in ISO 9001:2000: Quality Management System.
Central Page 284 of 296 Application of software product quality international standards through software development life cycle Mladen Hosni, Valentina Kirinić Faculty of Organization and Informatics University
Herstellerinitiative Software (OEM Initiative Software) Dr. Michael Daginnus Volkswagen AG Wolfsburg Dr. Dieter Marx Porsche AG Weissach Dr. Ralf Belschner Daimler AG Sindelfingen Kai Barbehön BMW AG München
GUIDE YVL A.3 / 2 June 2014 MANAGEMENT SYSTEM FOR A NUCLEAR FACILITY 1 Introduction 5 2 Scope of application 6 3 Management system 6 3.1 Planning, implementation, maintenance, and improvement of the management
Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction
Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, email@example.com Abstract: The term of scenario is used
Chapter 7 - Self Assessment TABLE OF CONTENTS Introduction...1 High Level Must Dos...1 Completing the Self Assessment...1 Format of the Self Assessment...2 Evidence to support Self Assessment...2 Making
Governance SPICE ISO/IEC 15504 for Internal Financial Controls and IT Management By János Ivanyos, Memolux Ltd. (H) 1. Evaluating Internal Controls against Governance Frameworks Corporate Governance is
Controlling Software Acquisition: Is Supplier s Software Process Capability Determination Enough? G.ami (Qualified Principal SPICE Assessor IntRSA) Istituto di Scienza e Tecnologie dell Informazione A.Faedo
CAUSAL ANALYSIS AND RESOLUTION SUPPORT (ML5) The purpose of Causal Analysis and Resolution (CAR) is to identify causes of selected outcomes and take action to improve process performance. SG 1 Root causes
Software Quality Assurance: VI Standards Room E 3.165 Tel. 60-3321 Email: firstname.lastname@example.org Outline I Introduction II Software Life Cycle III Quality Control IV Infrastructure V Management VI Standards VII Conclusion
Guide to CQI Qualifications for learners CQI Qualifications and Professional Recognition Quality management is about improving organisational performance in delivering product and service that meet customer
Software Process in Geant4 an overview Gabriele Cosmo CERN IT/API-SI Gabriele.Cosmo@cern.ch Outline Overview on Software Processes The area of application Life-cycle processes in Geant4 Assessment model
Version 6.3 Contact address: Global Food Safety Initiative Foundation c/o The Consumer Goods Forum 22/24 rue du Gouverneur Général Eboué 92130 Issy-les-Moulineaux France Secretariat email: email@example.com
Guidelines for Successful Competency and Training Management Simon Burtonshaw-Gunn and Mel Davies OUR COMPANY Risktec Solutions is an independent and specialist risk management consulting company which
The Software Quality Star: A conceptual model for the software quality curriculum Ronan Fitzpatrick School of Computing, Dublin Institute of Technology, Kevin Street, Dublin 8, Ireland. Tel: +353 (1) 4024835,
Implementing COSO based Process Assessment Model for Evaluating Internal Financial Controls By János Ivanyos, Memolux Ltd. (H) Introduction New generation of governance models referring to either IT or
Huge potential user base for ISO/IEC 90003 the state of the art for improving quality in software engineering ISO/IEC 90003:2004, Software engineering Guidelines for the application of ISO 9001: 2000 to
ECSS-M-ST-80C Space project management Risk management ECSS Secretariat ESA-ESTEC Requirements & Standards Division Noordwijk, The Netherlands Foreword This Standard is one of the series of ECSS Standards
Copyright Notice This document reproduces relevant material from ISO/IEC 15504:2003 Information Technology Process Assessment Part 2: Performing an assessment and ISO/IEC FCD 15504:2005 Information Technology
A Structured Methodology for Multimedia Product and Systems Development A STRUCTURED METHODOLOGY FOR MULTIMEDIA PRODUCT AND SYSTEMS DEVELOPMENT Cathie Sherwood and Terry Rout School of Computing and Information
Defining an EA Skillset EAPC Johannesburg March 2015 1 w w w. c s I n t e r a c t i v e T r a i n i n g. c o m www.csinteractivetraining.com Louw Labuschagne Louw is passionate about all aspects of information
BANK OF RUSSIA STANDARD STO BR IBBS-1.1-2007 INFORMATION SECURITY OF RUSSIAN BANKING INSTITUTIONS INFORMATION SECURITY AUDIT* Date enacted: 1 May 2007 Moscow 2007 2 STO BR IBBS-1.1-2007 Foreword 1. ADOPTED
What changes will ISO 9001:2015 bring? 1 Introduction This presentation will cover the following topics: The ISO 9001 Revision Process Key Inputs to ISO 9001:2015 The High Level Structure Key Changes in
CMMI KEY PROCESS AREAS http://www.tutorialspoint.com/cmmi/cmmi-process-areas.htm Copyright tutorialspoint.com A Process Area is a cluster of related practices in an area that, when implemented collectively,
SMEF 10-11 June, 2010 Software Quality Standards and Approaches from Ontological Point of View Konstantina Georgieva Otto-von-Guericke University Magdeburg Department of Computer Science, Software Engineering
AIPM PROFESSIONAL COMPETENCY STANDARDS FOR PROJECT MANAGEMENT PART B CERTIFIED PRACTISING PROJECT PRACTITIONER (CPPP) Copyright: Australian Institute of Project Management Document Information Document
Lecture 8 About Quality and Quality Management Systems Kari Systä 10.03.2014 10.03.2014 TIE-21100/21106; K.Systä 1 Content of today s lecture Two weeks ago we discussed about testing and inspections, that
What should I look for when I have an Inspection need? 3 How do I gain confidence in an 4 How can accreditation of the inspection body by an ILAC accreditation body member provide confidence? 6 How can
Small tech firms Seizing the benefits of software systems engineering stards by Claude Y. Laporte, Norm Séguin, Gisele Villas Boas Sanyakorn Buasung The ability of organizations to compete, adapt, survive
4 Guide to Developing a Quality Improvement Plan September 2013 Copyright The details of the relevant licence conditions are available on the Creative Commons website (accessible using the links provided)
GFMAM Competency Specification for an ISO 55001 Asset Management System Auditor/Assessor First Edition, Version 2 English Version PDF format only ISBN 978-0-9871799-5-1 Published April 2014 www.gfmam.org
INTERNATIONAL STANDARD ISO/IEC 38500 First edition 2008-06-01 Corporate governance of information technology Gouvernance des technologies de l'information par l'entreprise Reference number ISO/IEC 38500:2008(E)
UML Modeling of Five Process Maturity Models 1 UML Modeling of Five Process Maturity Models Version 1 LQL-2003-TR-02 2003 Simon Alexandre Naji Habra CETIC - FUNDP 2003 UML Modeling of Five Process Maturity
Evaluation and Integration of Risk Management in CMMI and ISO/IEC 15504 Dipak Surie, Email : firstname.lastname@example.org Computing Science Department Umea University, Umea, Sweden Abstract. During software development,
GUIDE 62 General requirements for bodies operating assessment and certification/registration of quality systems First edition 1996 ISO/IEC GUIDE 62:1996(E) Contents Pag e Section 1: General 1 1.1 Scope
University of Cambridge: Programme Specifications Every effort has been made to ensure the accuracy of the information contained in this programme specification. At the time of publication, the programme
Introduction to Procurement Why is procurement important? Client needs are unique and consequently each project meeting those needs has unique characteristics. This means that achieving the right project
This is a preprint of an article published in Software Process: Improvement and Practice, volume 6, issue 1, pp. 47-62, 2001, copyright John Wiley and Sons Ltd., 2001, http://www.interscience.wiley.com
PPM Competency Profiling 1 What we do... Our strength comes from the expertise of our people, the structure of our processes, the scale of our operation and our years of experience in providing learning
Implementation of a Quality Management System for Aeronautical Information Services -1- Implementation of a Quality Management System for Aeronautical Information Services Chapter IV, Quality Management
Quality Assurance Principles, Elements and Criteria December 1998 Publication code: A0798 Published by the Scottish Qualifications Authority Hanover House, 24 Douglas Street, Glasgow G2 7NQ, and Ironmills
FAT MEDIA QUALITY ASSURANCE STATEMENT NOTE 1: This is a CONTROLLED Document as are all quality system files on this server. Any documents appearing in paper form are not controlled and should be checked
ISO Revisions Latest update New and Revised Moving from ISO 9001:2008 to ISO 9001:2015 Transition Guide ISO 9001 - Quality Management System - Transition Guide Successful businesses understand the value
Publication Reference EA-7/01 EA Guidelines on the application Of EN 45012 PURPOSE The purpose of the document is to provide explanations with a view to harmonise the application of ISO/IEC Guide 62/EN
Design Specification for IEEE Std 1471 Recommended Practice for Architectural Description IEEE Architecture Working Group 0 Motivation Despite significant efforts to improve engineering practices and technologies,
Requirements Traceability Mirka Palo Seminar Report Department of Computer Science University of Helsinki 30 th October 2003 Table of Contents 1 INTRODUCTION... 1 2 DEFINITION... 1 3 REASONS FOR REQUIREMENTS
ISO 9001: 2008 Boosting quality to differentiate yourself from the competition xxxx November 2008 ISO 9001 - Periodic Review ISO 9001:2008 Periodic Review ISO 9001, like all standards is subject to periodic
Experiences Gained from Applying ISO/IEC 15504 to Small Software Companies in Brazil Alessandra Anacleto 1, Christiane Gresse von Wangenheim 1, Clênio F. Salviano 2, Rafael Savi 1 1 Universidade do Vale
1 The Capability Road Map a framework for managing quality and improving process capability Dr Kevin Daily, Improve QPI Ltd and Luis Joaquim, Critical Software SA Abstract Software developers and IT providers
PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3) 1st February 2006 Version 1.0 1 P3M3 Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce This is a Value
Concept of Operations for the Capability Maturity Model Integration (CMMI SM ) August 11, 1999 Contents: Introduction CMMI Overview Concept for Operational Use of the CMMI Migration to CMMI Models Concept
Internal Audit Quality Assessment Framework May 2013 Internal Audit Quality Assessment Framework May 2013 Crown copyright 2013 You may re-use this information (excluding logos) free of charge in any format
Quality Management System Manual This manual has been reviewed and approved for use by: Jack Zazulak President, Aurora Machine Limited March 07, 2011 Date - Copyright Notice - This document is the exclusive
Improving global standard to be a key driver of innovation Colin MacNee Caveat The views expressed are my own and do not represent BSI CQI IAF IBM IRCA ISO IT Governance Content Where we ve come from A
INSPEL 34(2000)3/4, pp. 210-226 THE INFORMATION AUDIT AS A FIRST STEP TOWARDS EFFECTIVE KNOWLEDGE MANAGEMENT: AN OPPORTUNITY FOR THE SPECIAL LIBRARIAN * By Susan Henczel Introduction Knowledge is universally
Report of External Evaluation and Review Quality Environmental Consulting Limited Confident in educational performance Confident in capability in self-assessment Date of report: 3 September 2014 Contents
Certification Services Division Newton Building, St George s Avenue Northampton, NN2 6JB United Kingdom Tel: +44(0)1604-893-811. Fax: +44(0)1604-893-868. E-mail: email@example.com CP14 ISSUE 5 DATED 1 st OCTOBER
Standards Initiatives for Software Product Line Engineering and within the International Organization for Standardization Timo Käkölä University of Jyväskylä Finland FiSMA 1 What is software product line
Practice guide quality assurance and IMProVeMeNt PrograM MarCh 2012 Table of Contents Executive Summary... 1 Introduction... 2 What is Quality?... 2 Quality in Internal Audit... 2 Conformance or Compliance?...
EIOPA-RP-13-096a 18 July 2013 Peer Reviews on Pre-application of Internal Models for NSAs and Colleges Final Report 1/17 Table of Contents 1. Introduction... 3 1.1 Reasons for the peer reviews... 3 1.2
Dr. Harold "Bud" Lawson 2004-10-13 1 (10) What is ISO/IEC 15288? (A Concise Introduction) What if all or the majority of the people of an organization (independent of their personal background and role)
Publication Reference EA IAF/ILAC-A4: 2004 EA IAF/ILAC Guidance on the Application of ISO/IEC 17020:1998 PURPOSE This guidance document is for ISO/IEC 17020: General Criteria for the operation of various
PROGRAMME SPECIFICATION 1 Awarding Institution Newcastle University 2 Teaching Institution Newcastle University 3 Final Award MSc 4 Programme Title Computer Security and Resilience 5 UCAS/Programme Code
INTERNATIONAL STANDARD ISO/IEC 27000 Third edition 2014-01-15 Information technology Security techniques Information security management systems Overview and vocabulary Technologies de l information Techniques
The Application of IEEE Software and System Engineering Standards in Support of Software Process Improvement Susan K. (Kathy) Land Northrop Grumman IT Huntsville, AL firstname.lastname@example.org In Other Words Using
Process models: Capability Maturity Model Integration (CMMI) Software Process Improvement and Capability Determination (SPICE) V-Model Standards: MISRA-C standard AUTOSAR Configuration management Product
HONG KONG INSTITUTE OF CERTIFIED PUBLIC ACCOUNTANTS ( HKICPA / the Institute ) Prospective Member s Record Practical Experience for Membership Admission Employment Summary Prospective Member Name Prospective
Foredragfor Den Norske Dataforening, den 08.10.2003 CMM, CMMI and ISO 15504 (SPICE) Bruk av modenhetsmodeller under programmvareutvikling, er det nøkkelen til suskess? Malte Foegen, Jürgen Richter IT Maturity
ISO/TC 176/SC2 Document N1223, July 2014 (Draft) Transition Planning Guidance for ISO 9001:2015 ISO 9001 Quality management systems Requirements is currently being revised. The revision work has reached
PROGRAMMME SPECIFICATION FOR MA in LEADERSHIP AND MANAGEMENT (HEALTH AND SOCIAL CARE SERVICES) MA in LEADERSHIP AND MANAGEMENT (HEALTH AND SOCIAL CARE SERVICES) 1. Award 2. Route Management (Health and
Nuclear Safety Council Instruction number IS-19, of October 22 nd 2008, on the requirements of the nuclear facilities management system Published in the Official State Gazette (BOE) number 270 of November
Guidelines on course accreditation Information for universities and colleges June 2015 1 Contents 1 Overview of Accreditation 04 1.1 Introduction 04 1.2 Scope 04 1.3 Scope of the curriculum 05 1.4 Programme
IAF Informative Document Transition Planning Guidance for ISO 9001:2015 Issue 1 (IAF ID 9:2015) Issue 1 Transition Planning Guidance for ISO 9001:2015 Page 2 of 10 The (IAF) facilitates trade and supports
INTERNATIONAL STANDARD ISO 9000 Third edition 2005-09-15 Quality management systems Fundamentals and vocabulary Systèmes de management de la qualité Principes essentiels et vocabulaire Reference number