CMMI: What do we need to do in Requirements Management & Engineering?



Similar documents
Capability Maturity Model Integration (CMMI SM ) Fundamentals

Risk Management Framework

CMMI for Development, Version 1.3

CMMI for Development, Version 1.3

CMMI for Acquisition, Version 1.3

CMMI KEY PROCESS AREAS

Leveraging CMMI framework for Engineering Services

Software Acquisition Capability Maturity Model (SA-CMM ) Version 1.03

A Report on The Capability Maturity Model

SW Process Improvement and CMMI. Dr. Kanchit Malaivongs Authorized SCAMPI Lead Appraisor Authorized CMMI Instructor

Operationally Critical Threat, Asset, and Vulnerability Evaluation SM (OCTAVE SM ) Framework, Version 1.0

Interpreting Capability Maturity Model Integration (CMMI ) for Service Organizations a Systems Engineering and Integration Services Example

Project Management. 06 Requirements Management. IT M a t u r i t y. S e r v i c e s

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

Assurance Cases for Design Analysis of Complex System of Systems Software

2012 CyberSecurity Watch Survey

Manage the acquisition of products from suppliers for which there exists a formal agreement.

Capability Maturity Model Integration (CMMI ) Overview

An Application of an Iterative Approach to DoD Software Migration Planning

CMMI for SCAMPI SM Class A Appraisal Results 2011 End-Year Update

Supply-Chain Risk Management Framework

+SAFE, V1.2 A Safety Extension to CMMI-DEV, V1.2

Interpreting Capability Maturity Model Integration (CMMI ) for Business Development Organizations in the Government and Industrial Business Sectors

Exploring the Interactions Between Network Data Analysis and Security Information/Event Management

Risk Repository. Prepare for Risk Management (SG 1) Mitigate Risks (SG 3) Identify and Analyze Risks (SG 2)

Guidelines for Developing a Product Line Production Plan

Guidelines for Developing a Product Line Concept of Operations

Arcade Game Maker Pedagogical Product Line: Marketing and Product Plan

Distributed and Outsourced Software Engineering. The CMMI Model. Peter Kolb. Software Engineering

Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

Monitoring Trends in Network Flow for Situational Awareness

Integrating CMMI with COBIT and ITIL

CMMI Version 1.2. SCAMPI SM A Appraisal Method Changes

ADOPTION AND UP GRADATION OF CMMI: PROSPECT OF SOFTWARE INDUSTRY OF BANGLADESH. A Thesis

Evaluating the Quality of Software Engineering Performance Data

Match point: Who will win the game, ITIL or CMMI-SVC? NA SEPG 2011 Paper Presentation

A Study of Systems Engineering Effectiveness. Building a Business Case for Systems Engineering

Using Rational Software Solutions to Achieve CMMI Level 2

Evaluation and Integration of Risk Management in CMMI and ISO/IEC 15504

Frameworks for IT Management

The Capability Maturity Model for Software, Version 1.1

CMM SM -Based Appraisal for Internal Process Improvement (CBA IPI): Method Description

Introduction to the OCTAVE Approach

CMMI: Specific Goals and Practices

SOA for Healthcare: Promises and Pitfalls

Resolving Chaos Arising from Agile Software Development

Buyer Beware: How To Be a Better Consumer of Security Maturity Models

Understanding High Maturity Organizations

Software Project Management and Support - Practical Support for CMMI -SW Project Documentation: Using IEEE Software Engineering Standards

Concept of Operations for the Capability Maturity Model Integration (CMMI SM )

Software Process Maturity Model Study

Basic Principles and Concepts for Achieving Quality

PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3)

Contracting Officer s Representative (COR) Interactive SharePoint Wiki

A Comparison of ISO 9001 and the Capability Maturity Model for Software

Department of Homeland Security Cyber Resilience Review (Case Study) Matthew Butkovic Technical Manager - Cybersecurity Assurance, CERT Division

CERT Resilience Management Model (RMM) v1.1: Code of Practice Crosswalk Commercial Version 1.1

Data Management Maturity (DMM) Model Update

DoD Software Migration Planning

A Comparison of Requirements Specification Methods from a Software Architecture Perspective

Developing CMMI in IT Projects with Considering other Development Models

CMMI 100 Success Secrets

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division

Getting Started with Service- Oriented Architecture (SOA) Terminology

Software Quality. Process Quality " Martin Glinz. Chapter 5. Department of Informatics!

Overview. CMU/SEI Cyber Innovation Center. Dynamic On-Demand High-Performance Computing System. KVM and Hypervisor Security.

Software Process Improvement Journey: IBM Australia Application Management Services

Software Process Improvement Framework for Software Outsourcing Based On CMMI Master of Science Thesis in Software Engineering and Management

The Capability Road Map a framework for managing quality and improving process capability

Information Asset Profiling

Applying CMMI SM In Information Technology Organizations SEPG 2003

A Lightweight Supplier Evaluation based on CMMI

Cyber Intelligence Workforce

A Framework for Categorizing Key Drivers of Risk

Moving Target Reference Implementation

How To Ensure Security In A System

Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process

CMS Policy for Capability Maturity Model Integration (CMMI)

Merging Network Configuration and Network Traffic Data in ISP-Level Analyses

Engineering Standards in Support of

Truly Managing a Project and Keeping Sane While Wrestling Elegantly With PMBOK, Scrum and CMMI (Together or Any Combination)

Process Improvement -CMMI. Xin Feng

Task Report: CMMI for Small Business in the Defense Industry NDIA Systems Engineering Division, CMMI Working Group

Network Analysis with isilk

Foredragfor Den Norske Dataforening, den

Internal Audit Capability Model (IA-CM)

Software Process Improvement CMM

Process Improvement. From the Software Engineering Institute:

Contrasting CMMI and the PMBOK. CMMI Technology Conference & User Group November 2005

wibas Team CMMI-ITIL IT Maturity S e r v i c e s

Software Quality Assurance: VI Standards

Towards a new approach of continuous process improvement based on CMMI and PMBOK

An OWL Ontology for Representing the CMMI-SW Model

Lessons Learned from Adopting CMMI for Small Organizations

Preview of the Mission Assurance Analysis Protocol (MAAP): Assessing Risk and Opportunity in Complex Environments

Towards a CMMI-compliant Goal-Oriented Software Process through Model-Driven Development

Testing a Software Product Line

Copyright 2014 Carnegie Mellon University The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT Resilience

UFO: Verification with Interpolants and Abstract Interpretation

Assurance in Service-Oriented Environments

Transcription:

Colin Hood Page 1 of 11 : What do we need to do in Requirements Management & Engineering? Colin Hood HOOD Group February 2003 : What do we need to do in Requirements Management & Engineering?... 1 1 Abstract... 1 2 Aim... 2 3 Structure of Document... 2 4 Background... 2 5 Requirements... 2 5.1 Introduction...2 5.2 Structure of... 3 5.3 Requirements: Required and Expected Model Elements... 5 5.3.1 Problem and Solution Domains... 5 5.3.2 Introduction to Required and Expected Model Elements... 5 5.3.3 Requirements Management... 6 5.3.3.1 SG 1 Manage Requirements... 6 5.3.4 Requirements Development... 7 5.3.4.1 SG 1 Develop Customer Requirements... 7 5.3.4.2 SG 2 Develop Product Requirements... 7 5.3.4.3 SG 3 Analyze and Validate Requirements... 8 6 Fulfilling Requirements... 8 7 Conclusion... 11 8 Trademarks and Service Marks... 11 1 Abstract To achieve level 2 or higher an organisation needs amongst other things Requirements Management and Engineering process capability. How can this be achieved? Here the proposals of for Requirements Management and Engineering (RM&E) are investigated using RM&E techniques. provides the aims and we suggest how these aims may be fulfilled. As in all good systems investigations, the Problem Domain (User Requirements) is separated from the Solution Domain (System Requirements and Design). provide the User Requirements and we investigate the Systems Requirements. states the aims and we investigate solutions. The first stage is to recognise from the specification which parts can in fact be regarded as Requirements.

Colin Hood Page 2 of 11 2 Aim The aims of this document are to introduce the reader to and to show the reader a little of what is needed to achieve conformance to for Requirements Management and Engineering process capabilities. 3 Structure of Document After the Abstract in Chapter 1, and the Aim in Chapter 2, the structure of the document is explained here in chapter 3. The Background to CMM and is given in Chapter 4, explaining where CMM came from and how it may be used. From the specification the requirements to be fulfilled are extracted and summarised in Chapter 5. Having defined the criteria for success ( Success is fulfilment of Requirements Colin Hood) Chapter 6 details what might be done to achieve the different levels of fulfilment. Conclusions are drawn in Chapter 7. Trademarks and Service Marks are acknowledged in Chapter 8. 4 Background The Capability Maturity Model (CMM) was developed by the Software Engineering Institute of Carnegie Mellon University on behalf of the U.S. Department of Defense. Although originally intended as a means of assessing an organizations capability in Software Development, since 1992 the Author has used CMM to encourage organisations to measurably improve processes and organisational capabilities in a variety of fields. Since 1991, CMMs have been developed for a myriad of disciplines. Some of the most notable include models for systems engineering, software engineering, software acquisition, workforce management and development, and Integrated Product and Process Development. Organizations from industry, government, and the Software Engineering Institute (SEI) joined together to develop the Framework, a set of integrated models, a appraisal method, and supporting products. These organizations donated the time of one or more of their people to participate in the project. 5 Requirements 5.1 Introduction Capability Maturity Model Integration () models provide guidance to use when developing processes. models are not processes or process descriptions. The actual processes used in an organization depend on many factors, including application domain(s)

Colin Hood Page 3 of 11 and organization structure and size. In particular, the process areas of a model typically do not map one to one with the processes used in your organization. 5.2 Structure of The Structure of is described by listing the representation of the components and showing the relationship between Capability Levels, Process Areas, and Goals and Practices. Model Components HOOD Group 2003 Process Area 1 Process Area 2 Process Area n Organise Specific Goals (Required) Generic Goals Organise Specific Practices (Expected) Information based on data from (SM) for Systems Engineering and Software Engineering (-SE/SW,V1.1 Carnegie Mellon Software Engineering Institute Capability Levels Corresponds Corresponds Generic Practices (Expected) Process Areas contain Goals, which organise Practices. The Practices correspond to Capability Levels. The specific goals organize specific practices and the generic goals organize generic practices. Each specific and generic practice corresponds to a capability level. Specific goals and specific practices apply to individual process areas. Generic goals and generic practices apply to multiple process areas. The generic goals and generic practices define a sequence of capability levels that represent improvements in the implementation and effectiveness of all the processes you choose to improve. Both Specific and Generic Goals are required Components of. These components must be achieved by an organization s planned and implemented processes. Required components are essential to rating the achievement of a process area. Goal achievement (or satisfaction) is used in appraisals as the basis upon which process area satisfaction and organizational maturity are determined. Specific and Generic Practices are expected Components of. Expected components describe what an organization will typically implement to achieve a required component. Expected components guide those implementing improvements or performing appraisals. Either the practices as described, or acceptable alternatives to them, are expected to be

Colin Hood Page 4 of 11 present in the planned and implemented processes of the organization before goals can be considered satisfied. A capability level consists of related specific and generic practices for a process area that can improve the organization s processes associated with that process area. As you satisfy the generic and specific goals for a process area at a particular capability level, and you achieve that capability level, you reap the benefits of process improvement. Capability levels focus on growing the organization s ability to perform, control, and improve its performance in a process area. Capability levels enable you to track, evaluate, and demonstrate your organization s progress as you improve processes associated with a process area. Capability levels build on each other, providing a recommended order for approaching process improvement. There are six capability levels, designated by the numbers 0 through 5: 0. Incomplete 1. Performed 2. Managed 3. Defined 4. Quantitatively Managed 5. Optimizing We will concentrate on level 2 for demonstration purposes. Structure of HOOD Group 2003 Integrated Process & Product Software Engineering Systems Engineering Disciplines Process Area Categories Process Management Project Management Engineering Support Information based on data from (SM) for Systems Engineering and Software Engineering (-SE/SW,V1.1 Carnegie Mellon Software Engineering Institute Level 0 Level 1 Level 2 Level 3 Level 4 Level 5 Capability Levels Process Area Categories group Process Areas together. For the disciplines of Systems Engineering and for Software Engineering the Process Area Categories of Process Management, Project Management, Engineering, and Support are used. In this paper

Colin Hood Page 5 of 11 we concentrate on Requirements Management and Requirements Development which are to be found within the Process Area Category Engineering. Structure of : Engineering HOOD Group 2003 Goals & Practices Process Areas Requirements Management Requirements Development Information based on data from (SM) for Systems Engineering and Software Engineering (-SE/SW,V1.1 Carnegie Mellon Software Engineering Institute Technical Solution Product Integration Verification Validation Within the Process Area Category of Engineering the Process Areas; Requirements Management, Requirements Development, Technical Solution, Product Integration, Verification, and Validation are listed. We are interested in the Specific Goals and Specific Practices for the Process Areas Requirements Management, and Requirements Development. 5.3 Requirements: Required and Expected Model Elements 5.3.1 Problem and Solution Domains Here we consider the Required Model Elements to be requirements. These requirements give aims to be fulfilled. The aims do not describe a solution, and are therefore considered to be outside of the requirements solution domain. The aims are in a domain sometimes referred to as Problem Domain and the requirements are sometimes referred to as User Requirements or Stakeholder Requirements or Customer Requirements. In contrast to Required Model Elements, the Expected Model Elements are considered to be in the Solution Domain. The Expected Model Elements describe one of many possible Abstract Solutions, which must be implemented by a process in your organisation. 5.3.2 Introduction to Required and Expected Model Elements From the Process Areas of Process Management, Project Management, Engineering, and Support, this paper concentrates on the area of Engineering. Within the Process Area of Engineering lists; Requirements Management, Requirements Development, Technical

Colin Hood Page 6 of 11 Solution, Product Integration, Verification, and Validation, of which Requirements Management and Requirements Development are investigated here. The Goals stated in (both Generic and Specific) are required to be fulfilled. The Practices suggested here are guides to help you fulfil the required Goals. Other Practices may be, and are expected to be, used. states Expected components describe what an organization will typically implement to achieve a required component. Expected components guide those implementing improvements or performing appraisals. Either the practices as described, or acceptable alternatives to them, are expected to be present in the planned and implemented processes of the organization before goals can be considered satisfied. This chapter uses Specific Goals and Specific Practices as examples. The Generic Goals and Generic Practices, which are dependent on the Capability Level, are not listed here due to space constraints. Both Generic and Specific may be treated in a similar way. Each capability level (1-5) has only one generic goal that describes the institutionalization that the organization must achieve at that capability level. Thus, there are five generic goals; each appears in every process area. Achievement of a generic goal in a process area signifies improved control in planning and implementing the processes associated with that process area thus indicating whether these processes are likely to be effective, repeatable, and lasting. Generic goals are required model components and are used in appraisals to determine whether a process area is satisfied. 5.3.3 Requirements Management In the following sub-chapters the Specific Goal (SG) is listed along with the relevant expected Specific Practices (SP). The purpose of Requirements Management is to manage the requirements of the project's products and product components and to identify inconsistencies between those requirements and the project's plans and work products. 5.3.3.1 SG 1 Manage Requirements Requirements are managed and inconsistencies with project plans and work products are identified. 5.3.3.1.1 SP 1.1-1 Obtain an Understanding of Requirements Develop an understanding with the requirements providers on the meaning of the requirements. 5.3.3.1.2 SP 1.2-2 Obtain Commitment to Requirements Obtain commitment to the requirements from the project participants. 5.3.3.1.3 SP 1.3-1 Manage Requirements Changes Manage changes to the requirements as they evolve during the project.

Colin Hood Page 7 of 11 5.3.3.1.4 SP 1.4-2 Maintain Bidirectional Traceability of Requirements Maintain bidirectional traceability among the requirements and the project plans and work products. 5.3.3.1.5 SP 1.5-1 Identify Inconsistencies between Project Work and Requirements Identify inconsistencies between the project plans and work products and the requirements. 5.3.4 Requirements Development The purpose of Requirements Development is to produce and analyze customer, product, and product-component requirements. In the following sub-chapters the Specific Goals are listed along with the relevant expected Specific Practices 5.3.4.1 SG 1 Develop Customer Requirements Stakeholder needs, expectations, constraints, and interfaces are collected and translated into customer requirements. 5.3.4.1.1 SP 1.1-1 Collect Stakeholder Needs Identify and collect stakeholder needs, expectations, constraints, and interfaces for all phases of the product life cycle. 5.3.4.1.2 SP 1.1-2 Elicit Needs Elicit stakeholder needs, expectations, constraints, and interfaces for all phases of the product life cycle 5.3.4.1.3 SP 1.2-1 Develop the Customer Requirements Transform stakeholder needs, expectations, constraints, and interfaces into customer requirements 5.3.4.2 SG 2 Develop Product Requirements Customer requirements are refined and elaborated to develop product and product-component requirements. 5.3.4.2.1 SP 2.1-1 Establish Product and Product-Component Requirements Establish and maintain product and product-component requirements, which are based on the customer requirements. 5.3.4.2.2 SP 2.2-1 Allocate Product-Component Requirements Allocate the requirements for each product component. 5.3.4.2.3 SP 2.3-1 Identify Interface Requirements Identify interface requirements.

Colin Hood Page 8 of 11 5.3.4.3 SG 3 Analyze and Validate Requirements The requirements are analyzed and validated, and a definition of required functionality is developed. [ 5.3.4.3.1 SP 3.1-1 Establish Operational Concepts and Scenarios Establish and maintain operational concepts and associated scenarios. [ 5.3.4.3.2 SP 3.2-1 Establish a Definition of Required Functionality Establish and maintain a definition of required functionality. 5.3.4.3.3 SP 3.3-1 Analyze Requirements Analyze requirements to ensure that they are necessary and sufficient. [ 5.3.4.3.4 SP 3.4-3 Analyze Requirements to Achieve Balance Analyze requirements to balance stakeholder needs and constraints. [ 5.3.4.3.5 SP 3.5-1 Validate Requirements Validate requirements to ensure the resulting product will perform appropriately in its intended-use environment. 5.3.4.3.6 SP 3.5-2 Validate Requirements with Comprehensive Methods Validate requirements to ensure the resulting product will perform as intended in the user's environment using multiple techniques as appropriate. 6 Fulfilling Requirements 6.1 Introduction to Fulfilling Requirements Before you begin using a model for improving processes, you must map your processes to process areas. This mapping enables you to control process improvement in your organization by helping you track your organization s level of conformance to the model you are using. It is not intended that every process area maps one to one with your organization s processes. 6.2 Example Requirements For a Requirements Management process for instance we can see that requires the following Specific Goal to be achieved; SG 1 Manage Requirements(Requirements are managed and inconsistencies with project plans and work products are identified For Requirements Development process we see that requires the following Specific Goals to be achieved; SG 1 Develop Customer Requirements (Stakeholder needs, expectations, constraints, and interfaces are collected and translated into customer requirements.)

Colin Hood Page 9 of 11 SG 2 Develop Product Requirements (Customer requirements are refined and elaborated to develop product and product-component requirements.) SG 3 Analyze and Validate Requirements (The requirements are analyzed and validated, and a definition of required functionality is developed) 6.3 Showing Conformance To achieve conformance to it is suggested that processes be developed and linked to the relevant parts of. In this way conformance is easily shown, and improvements can be managed in an orderly manner. Showing Conformance HOOD Group 2003 Planned Process Definition Goals and Practices PR EE Test Kf h kh kh j jg zg ulzg Kf h kh kh j jg zg ulzg SG1.ioäaop 9i er9iagu SP1 iopdapokadopokpopdapo SP2 o ok oij iuuio okp opk Link > Open? SG2 oiuj.iugzdskuzdr po äoi SP1 öoiu uk trh rew dsz dfkzu SP2 ewr ewrz wrez sredh kzfh SP3 cxv cvb vn jgz htfz gds The states, When you use a model as a guide, you plan and implement processes that conform to the required and expected components of process areas. Conformance with a process area means that in the planned and implemented processes there is an associated process (or processes) that addresses either the specific and generic practices of the process area or alternatives that clearly and unequivocally accomplish a result that meets the goal associated with that specific or generic practice.

Colin Hood Page 10 of 11 6.4 An incomplete Example of Linking Goals and Practices to Organisational activities from a Planned Process. Problem Domain Solution Domain Generic Goal Specific Goal Specific and General Practice Level 2 Generic Goals SG 1 Manage SP 1.1-1 Obtain an GG 2 Requirements Understanding of Requirements Institutionalize Requirements are Develop an a Managed managed and inconsistencies understanding with Process with project plans the requirements The process is and work providers on the institutionalized as products are meaning of the a managed process identified. requirements. Example Implementation At a Requirements Elicitation Workshop all attendees will discuss, model, and document requirements to develop an understanding of the requirements The commitment to the requirements documented at the workshop will be obtained and documented through acceptance of the requirements at reviews during the workshop. SP 1.2-2 Obtain Commitment to Requirements Obtain commitment to the requirements from the project participants. Level 2 Generic Practices GP 2.1 Establish an Organizational Policy Establish and maintain an organizational policy for planning and performing the process. The Project Member responsible for Requirements Elicitation must Invite by all parties to the Requirements Elicitation Workshops (Roles, responsibilities, and Stakeholders are detailed in the list of Stakeholders for your project.) Invitations must be sent between 2 and 4 weeks before the planned start of the workshop. Include with the invitation to the workshop a link to where all information is to be found on the Intranet. The Workshop may only be led by a person with a grade xyz qualification. As the level of capability increases, different Generic Goals will be satisfied.

Colin Hood Page 11 of 11 7 Conclusion is supportive of Process Improvement. does not prescribe how work has to be done, but it does define what has to be achieved to reach defined levels of maturity. Goals are set that must be achieved. Practices are suggested that are expected to be found, but may be replaced with other practices. This allows much freedom of implementation and makes applicable and useful over a wide range of applications. To achieve conformance to it is suggested that processes be developed and linked to the relevant parts of. In this way conformance is easily shown, and improvements can be managed in an orderly manner. 8 Trademarks and Service Marks This work by the HOOD Group uses as source documents work (Continuous Representation CMU/SEI-2002-TR-001 ESC-TR-2002-001) sponsored by the U.S. Department of Defense Copyright 2002 by Carnegie Mellon University.. The Software Engineering Institute is a federally funded research and development center sponsored by the U.S. Department of Defense. NO WARRANTY CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Use of any trademarks in this report is not intended in any way to infringe on the rights of the trademark holder. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work (Continuous Representation CMU/SEI-2002-TR-001 ESC-TR-2002-001), in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013. The following service marks and registered marks are used in this document: Capability Maturity Model CMM CMM Integration SM SM IDEAL SM SCAMPI SM CMM and Capability Maturity Model are registered in the U.S. Patent and Trademark Office. CMM Integration,, SCAMPI, and IDEAL are service marks of Carnegie Mellon University. --- End of Report ---

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information