2009 10th ACIS International Conference on Software Engineering, Artificial Intelligences, Networking and Parallel/Distributed Computing

Analysis of Relationship among ISO/IEC 15504, CMMI and K-model

Sun Myung Hwang Hee Gyun Yeom

Dept. of Computer Engineering Dept. of Computer Engineering
Daejeon University Daejeon University
Korea Korea
[email protected] [email protected]

AbstractA ISO/IEC 15504(Software Process Improvement

and Capability determination) and CMMI(Capability B. Overview of ISO/IEC 15504
Maturity Model Integration) can be considered as The model consists of some major components namely:
representative software process assessment models since the 3 process categories, 9 groups, 48 processes and the 6
assessors assign ratings to indicators and metrics to measure capability levels. Processes from the basic by which the
the capability of software processes. In this paper we show the software organization produces products. Capability refers to
K-model that can easily apply small and medium sized the ability of the organization to produce these products
business to process improvement and certification in Korea. predictably and consistently.
This study also compares the practices of K-model with
practices of CMMI and ISO/IEC 15504. We expect the small TABLE I. THE CAPABILITY LEVELS OF ISO/IEC 15504
and light model; K-model will make software process
improvement of Korea enterprises Capability
ISO/IEC 15504 Capability Level Description
Level
Keywords-ISO/IEC 15504; CMMI; K-model; SPI There is general failure to attain the purpose of the process.
Level 0 There are little or no easily identifiable work products or
Incomplete outputs of the process.
I. INTRODUCTION
The purpose of the process is generally achieved. The
A. Background Level 1 achievement may not be rigorously planned and tracked.
Performed There are identifiable work products for the process, and
Until recently, the only ISO standards available for these testify to the achievement of the purpose.
evaluating the ability of an organization to produce software
The process delivers work products according to specified
have been ISO 9001, which contains generic quality Level 2
procedures and is planned and tracked. Work products
management requirements for organizations, ISO 9000-3, Managed
conform to specified standards and requirements.
which contains guidance on implementing the ISO 9001 The process is performed and managed using a defined
requirements, and ISO 10011, which contains generic process based upon good software engineering principles.
Level 3 Individual implementations of the process use approved,
requirements for auditing the quality management systems of Established
organizations. The new ISO 9000 series, series, due to tailored versions of standard, documented processes to
achieve the process outcomes.
appear in 2000, will require organizations to define and
customers. The software industry is uniquely fortunate in The defined process is performed consistently in practice
Level 4
within defined control limits, to achieve its defined process
having two standards, ISO/IEC 12207 and ISO/IEC TR Predictable
goals.
15504, that define the processes that could be used by Performance of the process is optimized to meet current and
software-producing organization. Level 5
future business needs, and the process achieves repeatability
Optimizing
The Software Engineering Institute (SEI) has been in meeting its defined business goals.
evolving a process maturity framework now know as the
Capability Maturity Model for Software (Software CMM) The process attributes are defined in ISO/IEC 15504-2
since 1986. This model provides organizations with guidance and elaborated in ISO/IEC 15504-5 by process indicators,
for measuring software process maturity and establishing called generic practices in earlier drafts of the evolving
process improvement programs. The Software process standard.
improvement at this writing. In 2000, CMMI was released to
integrated 3 specific process improvement models: software, C. Overview of CMMI
systems engineering, and integrated product and process CMMI describes the principles and practices underlying
developments. This integration was intended to reduce the software process maturity and is intended to help software
cost of implementing multidiscipline model-based process. organizations improve the maturity of their software
ISO/IEC 15504 is a suite of standards for software process processes in terms of an evolutionary path from ad hoc,
assessment currently under development as an international chaotic processes to mature, disciplined software processes.
standard. The CMMI is organized into five maturity levels, described
in Table 2.

978-0-7695-3642-2/09 $25.00 2009 IEEE 306

DOI 10.1109/SNPD.2009.87
 TABLE II. CMMI MATURITY LEVELS SUP.6 Joint Review Management
SUP.7 Audits Measurement and Analysis
CMMI Maturity SUP.8 Problem
Description of Maturity Levels
Level Resolution
The software process is characterized as ad hoc, and MAN.1 Management
occasionally even chaotic. Few processes are MAN.2 Project
CL 1:Initial
defined, and success depends on individual effort Management
and heroics. MAN.4 Risk
Basic project management processes are established Management
to track cost, schedule, and functionality. The 3 ORG.2.1 Process Organizational Process Definition
CL 2:Managed necessary process discipline is in place to repeat Establishment Organizational Process Focus
earlier successes on projects with similar ORG.3 Human Resource Organizational Training
applications. management Integrated Project Management
The software process for both management and ORG.4 Infrastructure Risk Management
engineering activities is documented, standardized, ORG.6 Reuse Integrated Teaming
and integrated into a standard software process for Requirements Development
CL 3:Defined the organization. All projects use an approved, Technical Solution
tailored version of the organizations standard Product Integration
software process for developing and maintaining Verification
software. Validation
Detailed measures of the software process and Decision Analysis and Resolution
CL4:
product quality are collected. Both the software the Organizational Environment for
Quantitatively
software process and products are quantitatively Integration
Managed
understood and controlled. 4 MAN.3 Quality Organizational Process
Continuous process improvement is enabled by Management Performance
CL 5:Optimizing quantitative feedback from the process and from ORH.1 Organizational Quantitative Project Management
piloting innovative ideas and technologies. Alignment
ORG.2.2 Process
II. K-MODEL Assessment
ORG.5 Measurement
The guideline of software process quality certification 5 ORG.2.3 Process Organizational Innovation and
consists of project and formation level, and it developed to Improvement Deployment
satisfy the investigation of software process quality Causal Analysis and Resolution
capability and improvement at the same time.
In case of the established foreign model, while on the III. STRUCTURE OF K-MODEL
other it can't reflect the environment traits of domestic The guideline of software process quality certification
software business, the guideline of software process has been constituted by certification degree as a result on the
certification can easily apply to the process improvement of base of the essential evaluation element of core activity
domestic software business by compositing to be congenial necessary for systematic performance to software
to the Korea environment, and structuring the traits of development project.
essential software development and organization Software business and software process capability level
management. are to decide the certification result degree by investigating
This guideline of software process certification leads to the activities suggested as the valuation factor of the process
minimize the trial and error on the process improvement certification guideline to the performance activities in the
propulsion system and to effectively propel reinforcement course of the project development and management process.
the process capability by stages by not only suggesting the
systematic vision for the improvement activities of domestic
software business and by but also offering the priority and A. Architecture of process assessment
direction for the real improvement activity propulsion. Table The valuation factor of the process certification guideline
3 describes comparison of the process hierarchy in ISO/IEC is to suggest the structure of group, assessment process,
15504 and CMMI. practice as the core activity suggested as a guideline for
investigating the performance capability of software
TABLE III. MAPPING OF ISO/IEC 15504 AND CMMI development project and management activity.
48 Processes containing Practice is the core guideline of valuation factor as the
BP and MP that activity for performance in order to achieve the special
CL/ contribute to the
24 Process Areas in CMMI purpose. All practices sustain the low level activities for
ML achievement of the performance in order to achieve the pertinent purpose,
process attribute in
ISO/IEC 15504
represents the special outcome that system performs satisfies
2 SUP.1 Documentation Project Planning activities of the low level guideline. Practice is represented
SUP.2 Configuration Project Monitoring and Control by the purpose and activity, the result of performance is
management Supplier Agreement Management explained by example of outputs.
SUP.3 Quality Assurance Requirements Management The activities of practice is to become assessment
SUP.4 Verification Configuration Management
process of a bundle of practice connected to achieve the
SUP.5 Validation Process and Product Quality

307
greater purpose, and it consists of valuation factor as class 1) Initial level(level 1)
structure that becomes group connected as related factors. This is the necessary level of improving the process
capability in the situation of the performance level of special
project, or quality, cost, the appointed date of delivery
because project performances can't operate stably, in the
situation of the high probability that can't satisfy the
expecting purpose regardless of success or failure of project.
2) Good level(level 2)
The process is the capability level to successfully
perform the project by developing and controlling project, to
be established in the necessary project level to perform
individual project.
3) Very good level(level 3)
This is the possible capability level to perform project of
Figure 1. The structure of software process quality consistent quality level by solving the fundamental reason of
happening matters in the course of improving process of
The group as very good category classification guideline formation level through the quantitative process management
of valuation factor consists of five groups, divided by project by defining process system of formation.
and organization dimension extensively as a set of processes
that perform to satisfy the level of special certification. The
group of project dimension consists of PM, development
(D), support(S) group. The organization dimension consists
of OM and PI group. Assessment process is the low level
consisted of groups, consists of seventeen assessment
processes as a high bundle of related practice. Practice is to
represent the individual outcomes that should be performed
and satisfied to achieve the special purpose.

Figure 4. The valuation factor of software process quality certification

degree level

Figure 2. The structure of software process quality certification guideline The certification level is differently applied to valuation
factors by each certification degree as an indicator
representing the degree of activity capability level related
B. Level
with software development project performance and its
The certification level is the outcome of investigating the meaning is also different.
activity capability level related software development project Good level contains necessary management,
performance, and it consists of three stages of initial , good , development, supporting process group in order to
very good level. Only good , very good level are endowed as successfully achieve individual projects. Very good level
a certification level. contains good level group, necessary formation management
to the quantitative project management through the guideline
process of formation level.
According to level as an indicator representing capability
level of development and management of software,
formation keeps different traits each other, the formation of
superior level is to represent the keeping of activity
performance capability of project level, the formation of very
good level to represent the keeping of activity performance
capability in formation level.
Figure 3. The structure of software process quality certification degree

308
 TABLE IV. CHARACTERISTIC OF CERTIFICATION LEVEL AND V. CONCLUSION
PROCESS AREA
The K-model, the guideline of software process
Certification Process certification can easily apply to the process improvement of
Characteristic
level Area domestic software business by compositing to be congenial
to the Korea environment, and structuring the traits of
- to perform project according to essential software development and organization
circumstances management. And It is going to lead to minimize the trial
- the level to make and use process and error on the process improvement propulsion system and
for oneself to perform individual
tasks
to effectively propel reinforcement the process capability by
Initial level - Not to share similar process for stages by not only suggesting the systematic vision for the
each use to make and use improvement activities of domestic software business and by
- repeatedly happening the trial and but also offering the priority and direction for the real
error in person and system not improvement activity propulsion.
sharing the outcome of trial aqnf
error ACKNOWLEDGMENT
The work was supported by a grant NO. R01-2001-
- successful performance of 00343 from Korea Science & Engineering Foundation.
individual project
- level interested in project REFERENCE
performance efficiency focusing on [1] Pankaj Jalote, CMM in Practice, SEI Series in Software Engineering,
individual projects in project level -Project 2000
- to perform project by projected management
Good level [2] Dennis M.Ahern, Aaron Clouse, and Richard Turner, CMMI
process in project, to share and -Development distilled, SEI Series in Software Engineering, 2001
manage the outcomes only in team -Support
unit [3] N. Fenton, S.Pfleeger, Software Metrics : A Rigorous and Practical
- not repeatedly happening the trial Approach, PWS Pub., 1997
and error in project team but [4] M.Paulk et al, The capability Maturity Model: Guidelines for
repeatedly happening it in system Improving the Software Process, Addison-Wesley, 1994
[5] ISO/IEC TR 15846 Information technology Software life cycle
processes Configuration Management, 1998
- to perform project securely and [6] ISO/IEC 12207 Information technology Software life cycle
consistently processes, 1995
- level interested in consistently [7] CC; ISO/IEC 15408 Information technology Security technology
performing without environment Evaluation criteria for IT security, 1999
change by using experience or [8] ISO 10007 Quality Management Guidelines for Configuration
cases during performing each management, 1995
- to develop task performance -Organization [9] CMU/SEI, CMM : Capability Maturity Model for Software, V 1.1,
Very good method as system guideline process management 1993
level in system level, to regulate and -Process
apply the process in various ways improvement [10] ISO/IEC 9126-1,2,3,4 Information Technology Software Product
Quality, 2000
according to various traits of each
project, to share the outcome in [11] ISO/IEC 14598-1,2,3,4 Information Technology Software Product
whole system Evaluation, 1999
- prevention of repeatedly [12] Azuma, Software Quality Evaluation System: Quality Models
happening the trial and error in Metrics and Processes International Standards and Japanese
system Practice, Information and Software Technology
[13] ARC. 2000. Assessment Requirements for CMMI, Version 1.0
CMU/SEI-2000-TR-011. Software Engineering Institute, Carnegie
Mellon University, Pittsburgh: PA.
IV. LEVELS AND PROCESSES OF K-MODEL [14] El-Emam, K., Goldenson, D. 1995. SPICE: An empiricists
perspective. In Proceedings of the Second IEEE International
Good level aims to the capability level of necessary Software Engineering Standards Symposium, 84-97.
project level in order to achieve success of software [15] El-Emam, K., 1998, The internal consistency of the ISO/IEC 15504
development project process, and consists of project software process capability scale, In Proceedings of the 5th
management, development, assessment process of supporting International Symposium on Software Metrics, 72-81.
group, and low practice of each assessment process. [16] El-Emam, K., Jung, H.-W. 2001. An evaluation of the ISO/IEC
Very good level aims to process capability level of 15504 assessment model. Journal of Systems and Software 59(1), 23-
41
necessary system level to consistently perform the project of
system, and it contains assessment processes of good level, [17] Jung, H.-W. 2002 Evaluation the internal consistency of SPICE
process capability indictors. Submitted for publication.
consists of system management, assessment process of
[18] KSPICE. 2001. A Guideline for KSPICE Assessment Procedure.
process improvement area, and low practice of each Korea SPICE.
assessment process.

309