CMS Policy for Capability Maturity Model Integration (CMMI)



Similar documents
CMS Policy for Information Technology (IT) Investment Management & Governance

Software Quality Assurance: VI Standards

CMMI Version 1.2. SCAMPI SM A Appraisal Method Changes

CMS Policy for Configuration Management

Software Engineering CSCI Class 50 Software Process Improvement. December 1, 2014

The Advantages of ISO 9001 Certification

CMS Operational Policy for VPN Access to 3-Zone Admin and Development /Validation Segments

Using Rational Software Solutions to Achieve CMMI Level 2

Manage the acquisition of products from suppliers for which there exists a formal agreement.

CMMI for Development, Version 1.3

CMMI for Development, Version 1.3

A Lightweight Supplier Evaluation based on CMMI

SW Process Improvement and CMMI. Dr. Kanchit Malaivongs Authorized SCAMPI Lead Appraisor Authorized CMMI Instructor

Frameworks for IT Management

Capability Maturity Model Integration (CMMI SM ) Fundamentals

Engineering Standards in Support of

Leveraging CMMI framework for Engineering Services

A Report on The Capability Maturity Model

SOFTWARE QUALITY & SYSTEMS ENGINEERING PROGRAM. Quality Assurance Checklist

Distributed and Outsourced Software Engineering. The CMMI Model. Peter Kolb. Software Engineering

CMS Operational Policy for Data Access Management

A. This Directive applies throughout DHS, unless exempted by statutory authority.

Capability Maturity Model Integration (CMMI ) Overview

CMMI for Acquisition, Version 1.3

CMS Operational Policy for Separation of Duties for System Security Administration and Auditing

CMS Operational Policy for Firewall Administration

Capability Maturity Model Integrated (CMMI)

NODIS Library Program Formulation(7000s) Search

Lecture 8 About Quality and Quality Management Systems

Process Improvement -CMMI. Xin Feng

Your Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc.

CMS Operational Policy for Infrastructure Router Security

Foredragfor Den Norske Dataforening, den

Developing CMMI in IT Projects with Considering other Development Models

Capability Maturity Model Integration (CMMI ) Version 1.2 Overview

SOFTWARE ASSURANCE STANDARD

Software Process Improvement CMM

How To Understand And Understand The Cmm

HHS OCIO Policy for Information Technology (IT) Enterprise Performance Life Cycle (EPLC)

Software Quality. Process Quality " Martin Glinz. Chapter 5. Department of Informatics!

CMMI for Development Introduction & Implementation Roadmap

Process In Execution Review (PIER) and the SCAMPI B Method

CMS POLICY FOR THE INFORMATION SECURITY PROGRAM

ClOP CHAPTER Departmental Information Technology Governance Policy TABLE OF CONTENTS. Section 39.1

The Information Security Management System According ISO The Value for Services

The Capability Road Map a framework for managing quality and improving process capability

Concept of Operations for the Capability Maturity Model Integration (CMMI SM )

Audit of Veterans Health Administration Blood Bank Modernization Project

Capability Maturity Model Integratoin (CMMI) and its Assessment Process

CMMI: What do we need to do in Requirements Management & Engineering?

Mature Agile with a twist of CMMI

Software Process Maturity Model Study

CMMI Practitioners: How Can We Improve the Skill-set?

CAPABILITY MATURITY MODEL INTEGRATION

Software Quality Standards and. from Ontological Point of View SMEF. Konstantina Georgieva

Implementing CMMI for High-Performance

Using CMM with DO-178B/ED-12B for Airborne System Development

UML Modeling of Five Process Maturity Models

Integrating BCM and Development Life Cycles

EASPI EASPI. The Integrated CMMI-based Improvement Framework for Test and Evaluation. Jeffrey L. Dutton Principal Consultant

Quality Systems Frameworks. SE 350 Software Process & Product Quality 1

The Compelling Case For CMMI-SVC: CMMI-SVC, ITIL & ISO20000 demystified

Introduction to the CMMI Acquisition Module (CMMI-AM)

Risk Repository. Prepare for Risk Management (SG 1) Mitigate Risks (SG 3) Identify and Analyze Risks (SG 2)

LUXOFT ADVANTAGES. International Quality Standards

Synergism of the CMMI Development and Services Constellations in a Hybrid Organization

Certified Software Quality Assurance Professional VS-1085

Procedia Computer Science

CMMI 100 Success Secrets

How To Write A Contract For Software Quality Assurance

Using the Agile Methodology to Mitigate the Risks of Highly Adaptive Projects

PART ONE. About CMMI for Development

Software and Systems Engineering. Software and Systems Engineering Process Improvement at Oerlikon Aerospace

A common core ITIL Version 3.0 and CMMi-SVC

Software Engineering. Standardization of Software Processes. Lecturer: Giuseppe Santucci

Treasury Board of Canada Secretariat (TBS) IT Project Manager s Handbook. Version 1.1

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

EPA Classification No.: CIO P-02.1 CIO Approval Date: 08/06/2012 CIO Transmittal No.: Review Date: 08/06/2015

Software Engineering. Christopher Simpkins Chris Simpkins (Georgia Tech) CS 2340 Objects and Design CS / 16

The Capability Maturity Model for Software, Version 1.1

September 2005 Report No FDIC s Information Technology Configuration Management Controls Over Operating System Software

The IT Infrastructure Library (ITIL)

Transcription:

Chief Information Officer Office of Information Services Centers for Medicare & Medicaid Services CMS Policy for Capability Maturity Model Integration (CMMI) December 2006 Document Number: CMS-CIO-POL-CMMI01-01

TABLE OF CONTENTS 1. PURPOSE...1 2. BACKGROUND...1 3. SCOPE...2 4. POLICY...2 5. ROLES AND RESPONSIBILITIES...2 5.A. CMS IT CONTRACTORS... 3 5.B. CMS CONTRACTING OFFICERS... 3 5.C. CMS PROJECT OFFICERS... 3 6. APPLICABLE LAWS/GUIDANCE...3 7. INFORMATION AND ASSISTANCE...4 8. EFFECTIVE DATE/IMPLEMENTATION...4 9. APPROVED...4 10. ATTACHMENTS...4 GLOSSARY...4 CMS Policy for Capability Maturity Model Integration (CMMI) i

1. PURPOSE The purpose of this Centers for Medicare & Medicaid Services (CMS) policy is to ensure that CMS Information Technology (IT) contractors possess an adequate level of maturity in their organizational processes that is in accordance with the Carnegie Mellon Software Engineering Institute (SEI) Capability Maturity Model Integration (CMMI ), as applicable. This policy is a first issuance establishing the requirements for adherence to SEI CMMI by CMS IT contractors subsequent to the effective date of this document. 2. BACKGROUND CMS, like many organizations today, is in a position of needing to deliver more complex products and services better, faster, and cheaper. The business problems that CMS addresses today involve enterprise-wide solutions that require an integrated approach and effective management of organizational resources to achieve the Agency s business objectives. In the current marketplace, there are maturity models, standards, methodologies, and guidelines that can help an organization improve the way it does business. The SEI asserts that the quality of a system or product is highly influenced by the quality of the process used to develop and maintain it. This belief is demonstrated worldwide in quality movements, such as the CMMI and the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) body of standards. The CMMI is a process improvement approach that provides organizations with the essential elements of effective processes. It can be used to guide process improvement across a project, a division, or an entire organization. CMMI helps integrate traditionally separate organizational functions, set process improvement goals and priorities, provide guidance for quality processes, and provide a point of reference for appraising current processes. The CMMI is the successor of the Capability Maturity Model (CMM ). CMM was developed from 1987 until 1997. In 2002, Version 1.1 of the CMMI was released; Version 1.2 followed in August 2006. The goal of the CMMI is to improve usability of maturity models for software engineering and other disciplines, by integrating many different models into one framework. It was created by members of industry, government and the SEI. SEI advocates that CMMI should be adapted to each individual organization or company, therefore organizations or companies are not "certified." A company is appraised at a certain level of CMMI. There are three different types of CMMI appraisals: Class A, Class B, and Class C. The Standard CMMI Appraisal Method for Process Improvement (SCAMPI SM ) is the official SEI method to provide benchmark-quality ratings relative to CMMI models, and is the only appraisal method that meets all of the requirements of a Class A appraisal. CMS Policy for Capability Maturity Model Integration (CMMI) 1 of 4

SCAMPI SM appraisals are used to identify strengths and weaknesses of current processes, reveal development/acquisition risks, and determine capability and maturity level ratings. They are mostly used either as a part of a process improvement program or for rating prospective suppliers. While CMS recognizes that there are other, similar disciplines that may be substituted as an appropriate equivalent to the SEI CMMI, such as the ISO 9001:2000 family of standards, CMS closely follows the CMMI that was developed by the SEI. 3. SCOPE This policy applies to all CMS IT contractors who provide development and/or maintenance support for system/application software, system integration, and/or engineering and technical support solutions. IT Contractors who provide limited support for only a particular task element of the CMS system life cycle (e.g., requirements analysis, training, testing, independent verification and validation (IV&V), etc.) may be exempt from the requirements of this policy. 4. POLICY IT Contractor compliance with maturity standards and methodologies such as CMMI signifies a greater level of effort and capability to perform software development and integration activities in a repeatable and consistent high quality manner. To that end, all CMS IT contractors shall have and maintain throughout the life of their contract with CMS, a mature software process discipline that is based on the SEI CMMI. CMS IT contractors shall demonstrate their recognized level of CMMI maturity by providing CMS with the results of an independently prepared SCAMPI SM appraisal that was led by an SEI- Authorized Lead Appraiser. All SCAMPI SM appraisals must apply down to the lowest organizational level or business unit that will actually be performing the work for a specific contract. In addition, CMS reserves the right to conduct its own independent evaluation and/or other quality inspections. All CMS IT contractors providing system/application software development and/or maintenance, system integration, and/or engineering and technical support solutions shall possess SCAMPI SM appraisal results at a minimum of Level 3 CMMI for CMS payment systems and a minimum of Level 2 CMMI for all other systems. By calendar year 2012, all CMS IT contractors providing development and/or maintenance support, system integration, and/or engineering and technical support solutions for CMS payment systems shall be at Level 4 CMMI. 5. ROLES AND RESPONSIBILITIES The following entities have responsibilities related to the implementation of this policy: CMS Policy for Capability Maturity Model Integration (CMMI) 2 of 4

5.A. CMS IT Contractors CMS IT Contractors who provide system/application software development and/or maintenance, system integration, and/or engineering and technical support solutions are responsible for the following: Providing CMS with SCAMPI SM appraisal results that demonstrate the CMMI maturity level of the organization or business unit that will be providing its services to CMS; Ensuring the continued maintenance and/or upgrading of their organization s CMMI maturity level for the life of their contract with CMS; and Providing CMS or its designated agent with data and/or access requested in order to verify SCAMPI SM appraisal status and to validate the processes that the organization has in place that will be used in providing services to CMS. 5.B. CMS Contracting Officers CMS Contracting Officers are responsible for ensuring that the requirements of this policy are incorporated into the IT contracts that CMS awards and/or providing waivers as appropriate. 5.C. CMS Project Officers CMS Project Officers are responsible for the following: Ensuring CMS IT contractors comply with this policy as appropriate; and Determining if follow-up SCAMPI SM appraisals or other assessments are needed. 6. APPLICABLE LAWS/GUIDANCE The following laws and guidance are applicable to this policy: Government Performance and Results Act (GPRA) of 1993 Paperwork Reduction Act of 1995 Clinger-Cohen Act of 1996 Capability Maturity Model Integration (CMMI ), Carnegie Mellon Software Engineering Institute, Version 1.2, August 2006 Appraisal Requirements for CMMI, Version 1.2, August 25, 2006 CMS Policy for Capability Maturity Model Integration (CMMI) 3 of 4

7. INFORMATION AND ASSISTANCE Contact the Director of the Division of Resource and Acquisition Management within the Enterprise Architecture and Strategy Group (EASG) of the Office of Information Services (OIS) for further information regarding this policy. 8. EFFECTIVE DATE/IMPLEMENTATION This policy becomes effective on the date that CMS Chief Information Officer (CIO) signs it and remains in effect until officially superseded or cancelled by the CIO. 9. APPROVED /s/ 12/12/2006 Julie C. Boughn CMS Chief Information Officer and Director, Office of Information Services Date of Issuance 10. ATTACHMENTS There are no documents that currently augment this policy. GLOSSARY Business Unit - any segment of an organization, or an entire business organization that is not divided into segments. Segment - one of two or more divisions, product departments, plants, or other subdivisions of an organization reporting directly to a home office, usually identified with responsibility for profit and/or producing a product or service. CMS Policy for Capability Maturity Model Integration (CMMI) 4 of 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information