Abstract Over the last three years, there are more than 300 formal appraisals using CMMI for Services as model reference. Over 70% of the appraised organizations belong to sectors that are not directly related to Information Technology. I have had the opportunity to evaluate businesses and services related to fund management, marketing campaigns, and billing services. The objective of this presentation is to show the generic aspects of CMMI for Services and give some examples of implementation in areas beyond the typical IT services. Biography Master in Business Administration (MBA) by ESADE Business School (Barcelona, Spain) and Systems Engineer by Pontificia Universidad Catolica del Peru (PUCP). Certified SCAMPI Lead Appraiser for CMMI for Development (DEV), Acquisitions (ACQ) & Services (SVC) by CMMI Institute. Managing Director in PIA Consultores since 2013. IT project manager with extensive experience in the Banking and Finance, in recent years has worked as Senior Consultant in the areas of quality processes for Information Technology and Services industry, having a wide experience in training, consulting and evaluation for improvement projects in Spain, Portugal and Latin America. He has worked as Senior Consultant in European Software Institute (ESI-Tecnalia) and Process Quality Engineering (ProQua), and SEPG Leader of Systems Division of the Banco de Credito del Peru (BCP) having achieved maturity level 3 of CMMI model. He has participating in Software Engineering Process Group Latin America Conferences (SEPG LA) as program committee member and speaker. He is also a member of the training staff in the PUCP and he has extensive training experience at universities and institutions. 1
Why do we need effective management of services? Throughout the latter half of the twentieth century, the service sector has been both the largest and the fastest growing g component of the U.S. economy. Fifty years ago, the service sector accounted for about sixty percent of U.S. output and employment. Today, the service sector s share of the U.S. economy has risen to roughly 80 percent. -The Role of Services in the Modern U.S. Economy, Office of Service Industries, January 1999 Services constitute the engine of economic growth of the EU, since they account for 70% of GDP and employment in most Member States. - Access to European Union: law, economics, policies., Nicholas Moussis, 19th updated edition, 2011 According to one study of DoD contracts, services constituted more than one-third of purchases in 1984, but 56% by 2003. - Outsourcing the Pentagon: Who benefits from the Politics and Economics of National Security?, Larry Makinson, September 2004 This increase is due, in part, because today the products have a higher service component than in previous decades. For example, large infrastructure vendors such as IBM, HP and Cisco, offer services that go beyond the sale of a particular product. 2
Why do we need effective management of services? Based on The Cost of Poor Customer Service: The Economic Impact of the Customer Experience and Engagement g in 16 Key Economies - Genesys Telecommunications Laboratories, Inc, November 2009: The associated cost with the poor customer service in 16 major world economies amounted to US$ 338.5 billions (= 250 thousand million). In virtually every country, customers ended at least one relationship per year due to poor service. Across all countries surveyed, about 7 in 10 consumers have ended a relationship. Nearly two-thirds of consumers who have ended relationships turn to a competitor, with the remainder lost or abandoned completely as consumers decide not to purchase from anyone. Consumers feel the most significant root causes of poor service are: Being trapped in automated self-service Being forced to wait too long for service Repeating themselves Representatives that lack the skills to answer their inquiry Nearly 8,800 consumers were surveyed, with a minimum sampling of 500 per country: Australia, Brazil, Canada, China, Czech Republic, France, Germany, India, Italy, Mexico, Netherlands, New Zealand, Poland, Russia, UK U.K., US U.S. 3
Why do we need effective management of services? IF causes of poor service delivery are corrected THEN customer satisfaction are increased. IF customer satisfaction are increase THEN customers become loyal and repeat their purchases. IF customers repeat purchases THEN they become communicators of good experiences to potential clients. Repeated purchases PLUS new customers EQUAL more turnover & increased economics benefits According to the Genesys Labs' study, customer satisfaction would increase when four key needs are met: Competency: staff with needed abilities and skills to provide the service Convenience: usefulness and suitability of the delivered services. Proactivity: initiative of providers to improve the service rather than reacting to incidents or questions of clients. Personalization: deliver different services to satisfy personal qualities or characteristics. These factors can be met if the service management is improved so that can be provided effectively and efficiently. There are many models and standards that are used as a basis to improve services management. Many of them are designed for specific industries and services. Some others do not offer a clear path for continuous service improvement. Services providers are confused about which could be more beneficial and appropriate for their business. 4
IT Services IT Service (ITILv3): A service provided to one or more customers, by an IT Service Provider. An IT service is based on the use of Information Technology and supports the customer's business process. An IT service is made up from a combination of people, processes and technology and should be defined in a Service Level Agreement. Gartner s Definition: IT services refers to the application of business and technical expertise to enable organizations in the creation, management and optimization of or access to information and business processes. The IT services market can be segmented by the type of skills that are employed to deliver the service (design, build, run). There are also different categories of service: business process services, application services and infrastructure services. If these services are outsourced, they are referred to as business process outsourcing (BPO), applications outsourcing (AO) and infrastructure outsourcing. "CEOs don t buy software anymore they buy service level agreements George Fischer, Global Technology & Software Executive, CA Technologies, SEPG Asia Pacific 2010 Examples: Software and application development Web development & hosting Management and support of applications Technical support and help desk Development and management of databases Telecommunications Infrastructure 5
Service industries (grouped into sectors) business functions (that apply to all organizations in general): consulting, customer service, human resources childcare cleaning, repair and maintenance services: janitors, gardeners, mechanics construction: carpentry, electricians, plumbing death care: coroners, funeral homes dispute resolution and prevention services: arbitration, courts of law, diplomacy, incarceration, law enforcement, lawyers, mediation, military, negotiation education: library, museum, school entertainment: gambling, movie theatres, performing arts productions, sexual services, sport, television fabric care: dry cleaning, self-service laundry financial services: accountancy, banks and building societies, real estate, stock brokerages, tax preparation foodservice industry personal grooming: hairdressing, manicurist/pedicurist, body hair removal, dental hygienist health care hospitality industry information services: data processing, database services, interpreting, translation risk management: insurance, security social services transport public utility: electric power, natural gas, telecommunications, waste management, water industry 6
CMMI for Services (CMMI-SVC) CMMI-SVC guides all types of service providers to establish, manage, and improve services to meet business goals. The Software Engineering Institute (SEI) published in 2009 the first version of CMMI for Services based on the success of CMMI model. The current version 1.3 was published in November 2010. At the beginning of 2013, the SEI has transferred CMMI-related products and activities to the CMMI Institute. Information Technology Services Capability Maturity Model (ITSCMM) Like every CMMI model, CMMI-SVC: helps to set process improvement goals and priorities, provide guidance for quality processes, and provide a point of reference for appraising current processes can be applied internally or externally works well with other frameworks represents the consensus of thousands of CMMI-SVC draws on concepts and practices practitioners about the essential elements of from CMMI and other service focused service delivery standards and models, including the following: can be used in whole or in part Information Technology Infrastructure Library (ITIL) ISO/IEC 20000: Information Technology Service Management Control Objectives for Information and related Technology (CobiT) CMMI-SVC addresses the needs of a wide range of service types by focusing on common processes. many existing models are designed for specific services or industries. other existing models do not provide a clear improvement path. 7
Example Use Cases & Scenarios by Industry Accounting services Aircraft maintenance Aluminum packaging manufacturer Ambulatory Auto service Auto insurance Banking Billing Call center Church administration Client staffing Database management Defense contractor Education Eldercare Electric generation and supply Employment Fertilizer manufacturer Fitness club Loan broker Logistics Maintenance Fitness equipment maintenance Management consulting Food services Military Gardening and lawn communications care support Genealogy Nuclear power Gutter maintenance Oilfield services Healthcare Organizational Home health h care performance improvement Home inspection Pharmaceutical Infrastructure management Process consulting Project management Internal process group Internet retail Providing PCs Public health Internet cable provider information ISO audits Publishing IT services Quality assurance Letting a holiday Recommending home technology Securities investment Software benchmarking service Software development Software testing Sports officiating Staff augmentation Stock trading Textiles Thermal diagnostics Training Training and other aviation services Training and technology deployment for COTS software Translation services Travel agency Travel services University Voice and data services 8
My own experience Three SCAMPI Class A for CMMI-SVC Maturity Level 2. SME organizations with less than 25 employees within the organizational unit. Two service types for each company, not necessarily IT Services. Examples: Mobile Campaign: is a campaign, usually marketing, advertising, or public relations-related, through which organizations contact their audience through SMS (text messaging). This form of campaigning allows organizations to reach out and establish relationships with an audience in a more individualized, intimate way. A campaign s goal can have varied consumer consumption objectives including flashing (showing an image), informing (informational text / product info) or engaging (response or click required). Electronic invoicing: Electronic invoicing is a form of electronic billing. E-invoicing methods are used by trading partners, such as customers and their suppliers, to present and monitor transactional documents between one another and ensure the terms of their trading agreement are being met. These documents include invoices, purchase orders, debit notes, credit notes, payment terms and instructions and remittance advices. Fund management: Financial management of funds of national and international organizations including obtaining donor funds, the investment of the assets received and their disbursed. 9
Service establishment 1. Service provider has an business idea for a new (or improved) service. 2. Service provider reviews available customer and end-user needs and data. 3. Service provider identifies the service delivery approach (service strategy) to achieve the objectives and provide the capabilities. 4. Service provider develops the work plan to prepare the service system operations 5. Service provider executes the work plan to implement the service and request management system. 6. Service provider ensures that the service and request management system fulfills the service requirements. 10
Service Delivery 1. Customers provide requirements to service provider for a new (or renewed) agreement. 2. A new (or renewed) service level agreement is defined, negotiated and reviewed by customers and service provider. 3. Service provider prepares the service system to enable the delivery of services. 4. Service provider confirms the readiness of the service and request management system. 5. End users provide service requests for their processing by service provider. 6. Service provider determines the actions to be taken to satisfy the service request. 7. Service provider operates the service system to deliver services in accordance with agreements. 8. Service provider monitors the status of service requests until they are fulfilled as described in the service agreement. 9. Service provider reviews service request status and resolution, and confirms results with relevant stakeholders. 10.Service provider collects customer satisfaction information after services are delivered or service requests are fulfilled. 11.Service provider maintains the service system to ensure the continuation of service delivery based on customer satisfaction information and maintenance requests. 11
Service Delivery (SD) Setting up agreements, taking care of service requests, and operating the service system. The Service Delivery process area focuses on the following: Establishing and maintaining service agreements Preparing and maintaining a service delivery approach Preparing for service delivery Delivering services Receiving and processing service requests Maintaining service systems 12
Requirements Management (REQM) Keeping clear with your customers and other stakeholders about the service you provide, and adjusting when you find inconsistencies or mismatched expectations. Requirements management processes manage all requirements received or generated by the work group, including both technical and nontechnical requirements as well as requirements levied on the work by the organization. The work group maintains a current and approved set of requirements over the life of the project by doing the following: Managing all changes to requirements Maintaining relationships among requirements, plans, and work products Ensuring alignment among requirements, plans, and work products Taking corrective action 13
Work Planning (WP) Estimating costs, effort, and schedules, figuring out how you ll provide the service, and involving the right people all while watching your risks and making sure you ve got the resources you need. Planning is one of the keys to effectively managing work. The Work Planning process area involves the following activities: Developing the work plan Interacting with relevant stakeholders appropriately Getting commitment to the plan Maintaining the plan 14
Work Monitoring and Control (WMC) Making sure what s supposed to be happening in your service work is happening, and fixing what isn t going as planned. A documented work plan is the basis for monitoring activities, communicating status, and taking corrective action. Progress or status is primarily determined by comparing actual work product and task attributes, effort, cost, and schedule to the plan at prescribed intervals, milestones, or control levels in the schedule or WBS. Appropriate visibility of progress enables timely corrective action to be taken when performance deviates significantly from the plan. A deviation is significant if, when left unresolved, it precludes the work activities from meeting its objectives. 15
Configuration Management (CM) Controlling changes to your crucial work products. CM involves: Identifying the configuration of selected work products that compose baselines at given points in time Controlling changes to configuration items Building or providing specifications to build work products from the configuration management system Maintaining the integrity of baselines Providing accurate status and current configuration data to developers, end users, and customers Measurement and Analysis (MA) Knowing what to count and measure to manage your service. MA involves: Specifying objectives of measurement and analysis so that they are aligned with identified information needs and work, organizational, or business objectives Specifying measures, analysis techniques, and mechanisms for data collection, data storage, reporting, and feedback Implementing the analysis techniques and mechanisms for data collection, data reporting, and feedback Providing objective results that can be used in making informed decisions and taking appropriate corrective action Process and Product Quality Assurance (PPQA) Checking to see that you are actually doing things the way you say you will in your policies, standards, and procedures. PPQA involves: Objectively evaluating performed processes and work products against applicable process descriptions, standards, and procedures Identifying and documenting noncompliance issues Providing feedback to work group staff and managers on the results of quality assurance activities Ensuring that noncompliance issues are addressed 16
Strategic Service Management (STSM) Deciding what services you should be providing, making them standard, and letting people know about them. Incident Resolution and Prevention (IRP) Handling what goes wrong and preventing it from going wrong if you can. Capacity and Availability Management (CAM) Making sure you have enough of the resources you need to deliver services and that they are available when needed at an appropriate cost. Service Continuity (SCON) Being ready to recover from a disaster and get back to delivering your service. Service System Development (SSD) Making sure you have everything you need to deliver services, including people, processes, consumables, and equipment. Service System Transition (SST) Getting new systems in place, changing existing systems, or retiring obsolete systems all while making sure nothing goes terribly wrong with the service. 17
Coverage of CMMI-SVC on ITIL The CMMI-SVC model is based on international models and standards such as ITIL and ISO 20000. Therefore, if we perform a high-level analysis, the process areas of maturity level 3 cover between 93% and 95% of organized processes both in the latest version of ITIL (v3 2011) and ISO 20000 (2011). In the ITIL case, three processes are not covered at 100%: Information Security Management (0%) The major disadvantage of CMMI in relationship with other models is the lack of a process area dedicated solely to information security. Process areas as Configuration Management or WP and WMC practices related to Data Management (SP2.3 and SP1.4 respectively) cover this process only tangentially but not directly. ITIL Information Security Management aims to ensure the confidentiality, integrity and availability of an organization's information, data and IT services. ITIL Security Management usually forms part of an organizational approach to security management which has a wider scope than the IT Service Provider. These are the Information Management subprocesses and their process objectives: Design of Security Controls: To design appropriate technical and organizational measures in order to ensure the confidentiality, integrity, security and availability of an organization's assets, information, data and services. Security Testing: To make sure that all security mechanisms are subject to regular testing. Management of Security Incidents: To detect and fight attacks and intrusions, and to minimize the damage incurred by security breaches. Security Review: To review if security measures and procedures are still in line with risk perceptions p from the business side, and to verify if those measures and procedures are regularly maintained and tested. Currently, CMMI Institute published a draft PA on security management out for use and comment. 18
Coverage of CMMI-SVC on ITIL Financial Management for IT Services (50%) CMMI-SVC has some practices related to financial management: WP SP1.5 Estimate effort and cost WP SP2.1 Establish the budget and schedule WMC SP1.1 Monitor work planning parameters (one of these parameters would be the budget) However it is clear that this ITIL process is broader and includes other activities such as accounting, billing requirements of the service provider, estimates and forecasts,... Access Management (50%) Although Access Management is closely related to Information Security Management, CMMI-SVC has some practices that support this process: CM SP1.2 Establish a configuration management system (including access and levels of control) WP SP1.3 Plan data management (establishing requirements and procedures to ensure the privacy and security of data) WMC SP1.4 Monitor data management However, aspects such Identity Management and Management of Rights and Privileges for groups and individuals are not covered. 19
Coverage ITIL/ISO20K on CMMI-SVC In the opposite case, the processes of ITIL and ISO 20000 can provide a coverage of 75% in the process areas of CMMI-SVC maturity levels 2 and 3. There are six process areas where it should be done an additional work: Requirements Management (50%) ML2 Mainly, there is a lack of the practice of bidirectional traceability of requirements. Difficulty of implementation: medium. Work Planning (50%) ML2 Aspects such as estimating and commitment to the work plan are missing (mainly the review of plans that affect the work and the reconciliation between estimates and available resources). Difficulty of implementation: medium. 20
Coverage ITIL/ISO20K on CMMI-SVC Process and Product Quality Assurance (0%) ML2 Practices associated with this process area are not directly linked to any process ISO; but the ISO standard considers both internal and external audits to assess the Service Management System. The same mechanism could be implemented at a lower level in order to review the adherence to processes in a continuous way. Difficulty of implementation: low. Organizational Training (0%) ML3 Not considered by ITIL/ISO; these practices usually are already implemented in most organizations and managed by Human Resources department. This process area organize activities related to organizational training in a better way; generally, it is necessary a few adjustments in the current methodology for achieving full implementation. Difficulty of implementation: low. Risk Management (0%) ML3 This process area is not directly linked to any ITIL process; but the ITIL model considers within the definition of each process a section for the management of risks. The management of event, incidents and problems are closely linked to the implementation of the practices of this process area. Difficulty of implementation: low. Decision Analysis and Resolution (0%) ML3 Not considered by ITIL/ISO; the formal decision-making is usually easy to implement, although its institutionalization can cost some effort. This is because decisions normally are taken daily naturally without to follow a formal process. Difficulty of implementation: low/medium. In summary, there is a high degree of coverage between CMMI-SVC and ITIL/ISO 20000. The missing points can be covered with extra effort, although not significant compared to the total effort of the implementation of each model or standard. 21
Do you prefer your mom or dad? Based on Match point: Who will win the game, ITIL or CMMI-SVC?, Anju Saxena & John Maher, TATA Consultancy Services, SEPG NA 2011: Complementary models provide leverage The CMMI suite can be augmented by ITIL An ITIL shop can benchmark with CMMI Together they offer a balance of improvement and management focus, detail and service cycle orientation, and effective implementation. An organization can begin to move toward full development / service integration using CMMI + ITIL to fulfill business goals. The choice of one model or another should be aligned with the needs, strategies and business objectives of the organization. 22
As of January 9, 2013, 301 formal SCAMPIs were reported in the SCAMPI Appraisal System (SAS). This represents a little more than 3 years of CMMI-SVC appraisals. For comparison, it took 5 years for the Software CMM to reach 100 appraisals. ISO20K 609 in the last three years. We have four ML5 appraisals. The first was also enterprise and multi model. We see an increase in CMMI-SVC appraisals quarter over quarter. More than 190 lead appraisers have been certified. More than 280 instructors have been certified. More than 6,500 students have been taught CMMI-SVC. 23
What are early users saying? Dramatic returns on investment from early adopters 13.5X income with one CMMI-SVC process area 3.5X capacity to deliver service with one CMMI-SVC practice Conversion from internal cost center to profit center Cost Center: is a division within a business which is financed from the profit margin adding to the cost of the organization, but contributing to its profit indirectly. Typical examples include research and development, marketing and customer service. Profit Center: is a section of a company treated as a separate business. Thus profits or losses for a profit center are calculated separately. Typical examples are a store, a sales organization and a consulting organization whose profitability can be measured. Combined use of CMMI-SVC and CMMI-DEV people using CMMI-SVC as their foundation, but adding the engineering PAs for large, complex service systems high maturity users of CMMI-DEV begin with ML3 of CMMI-SVC when they transition CMMI-SVC in use for development more than expected For example, companies that offer Software as a service (SaaS). SaaS is a software delivery model in which software and associated data are centrally hosted on the cloud. SaaS is typically accessed by users using a thin client via a web browser. Saas is supplied by Application Service Providers (ASPs) and also it is referred as "on-demand software. 24
What does the CMMI-SVC deliver? The CMMI-SVC offers a proven approach to maintaining competitiveness increasing revenue improving efficiency by strengthening service delivery and service management. Promotes assured, consistently high-quality service delivery that cements, retains, and increases customer loyalty Provides a roadmap for continuous service improvement: benchmark, set goals, prioritize activities, take action, measure progress Supports efficiency and reduces complexity through an enterprise-wide common service improvement vocabulary that is critical for multi model use and outsourcing Reduces time-to-market (or field) delivery of new services to customers Enables the rapid fine-tuning of existing service performance and quality Fosters stronger employee motivation and better retention, as they participate in making service coordination and delivery better Can be the basis for regional and global strategies, as all work becomes service 25
PIA Consultores Who we are? Professionals with more than 20 years of experience and recognized prestige in the sector. What we do? We help to optimize the processes of production of our clients Where we are? Basque Country, Spain What are our services? Official training and evaluation of CMMI models (Development, Services and Acquisitions) omore than 800 people trained in 60 official CMMI courses o73 organizations formally appraised based on CMM/CMMI model since 2001 operforming services in 23 countries on 4 continents Consulting and implementation of improvement projects based on international reference models: CMMI, PMBOK, ITIL, ISO20000 Applying agile methods, Kanban and Lean Sig Sixma for project management and high maturity companies. Implementation of project management offices, tools and methodology for management support. 26
27