1 SEI Capability Maturity Model Advanced Software Engineering COM360 University of Sunderland © 2000

SEI CMM What is the CMM (I)?... ‘The CMM is a 5-level model where each maturity level is “a well-defined evolutionary plateau on the path towards becoming a mature software organisation”.’SEI ( - translate please!)

SEI CMM What is the CMM (II)?... ‘The CMM provides a conceptual structure for improving the management and development of software products in a disciplined and consistent way.’ SEI (process vs. product?)

Software Measurement SEI CMM Levels REPEATABLE INITIAL DEFINED MANAGED OPTIMISING discipline standard, consistent predictable continuous improvement project management engineering management quantitative management change management

SEI CMM The CMM Structure Maturity levels Key Process Areas Implementation / institutionalisation Infrastructure or activities Common Features Key Practices Process capability Goals contain organised by contain indicate achieve address describe

SEI CMM Applying the CMM Self assessment possible because the CMM document t is detailed, cheaper to do in-house, lack of experience/independence Formal assessment independent and experienced, identifies improvement priorities Software Capability Evaluation to identify qualified contractors

Software Measurement Assessment Steps 4Team selection small, qualified team chosen; as independent as possible 4Maturity questionnaire sample of depts/projects is questioned; results are analysed for further investigation/clarification 4Site visit actual depts/projects visited; interviews conducted, documents reviewed, priority process areas scrutinised 4Presentation of findings to management 2 parts - CMM assessment of current level of org., identify strengths & weaknesses and key improvement areas

SEI CMM ISO9000 and CMM compared CMMISO 9001 (9000-3) Specific to software developmentIntended for most industries Used in USA, less widely Recognised and accepted in most elsewhere countries Provides detailed and specific Specifies concepts, principles and definition of what is required safeguards that should be in place for given levels Assesses on 5 levelsEstablishes one acceptable level CMM Level  ISO 9001 (9000-3) Relevant to Stabilises the customer - supplier s/w development processrelationship No time limit on certificationCertification valid for three years No ongoing auditAuditors may return for spot checks during the lifetime of the certificate

SEI CMM Critical Evaluation (I)... Best practice - as defined by who, when, - with respect to what development types, what application areas, which tools? Management and process discipline - vs. what made the software good and how produced Is the CMM maturity scale really ordinal - are all activities at level n+1 dependent on those at n? Are the levels “clear evolutionary plateaus” - e.g. measurements are essential to project tracking and quality assurance (L2), but the KPA of quantitative process mngmt = measurement (L4)

SEI CMM Critical Evaluation (II)... Scoring - CMM employs a multi-hurdle system; questions and ‘key questions’ Sparse data sets - approx. 100 questions to cover everything in a software development process Number vs. Profile - the number is mesmerising, but the profile is the instructive outcome

SEI CMM A Final Word “There are serious measurement questions... We must ensure that the models are appropriate (see Ch. 2 of Software Metrics).... We must understand how reliable and valid measurements and models are. We must know what entities are being measured, and we must test the relationships between the maturity scores and the behaviours that ‘maturity’ is supposed to produce or enhance.” Fenton & Pfleeger, Software Metrics, Edn. 2, 1997