You are on page 1of 36

CMM vs.

ISO
David S. Craft CIRM, PMP
Engineering &
Manufactuing Services
11 April 2007

CMM vs. ISO, Sarbanes Oxley

/ 10 April 2007 / EDS INTERNAL

Agenda
Who Am I
CMM
ISO
Similarities And Differences
Sarbanes Oxley

11 April 2007

CMM vs. ISO, Sarbanes Oxley


2

/ 10 April 2007 / EDS INTERNAL

Who Am I
Managing Consultant
Engineering and Manufacturing Services
Applications Service Delivery

Shift Supervisor
Team Leader

Inventory Control Manager


Industrial Engineer

Internal ISO Auditor

Materials Manage
Information Specialist, SeniorVISTA Volunteer
Consultant
Manager Production Planning &
Chief Industrial Engineer
Project Manager
11 April 2007

CMM vs. ISO, Sarbanes Oxley


3

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


4

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


5

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


6

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


7

/ 10 April 2007 / EDS INTERNAL

CMMI History
Federal government cannot distinguish between competing bids for software
development
Early 1980s - Federal Government (Congress) awards a contract to establish
the Software Engineering Institute (SEI) at Carnegie Mellon University
(sponsored by the DOD)
1988 - SEI begins work on a Process Maturity Framework for judging a
companys capability to produce software
The Process Maturity Framework evolves into the Capability Maturity Model
(CMM)
August 1991 SW-CMM Version 1 released
SE-CMM developed by the Enterprise Process Improvement Collaboration
(EPIC)
1992 - CMM Version 1.1 released
1999 - Begin developing CMMI (CMM Integrated)
2002 CMMI SE/SW/IPPD/SS Version 1.1 introduced
200? - CMMI Version 1.2 Released

11 April 2007

CMM vs. ISO, Sarbanes Oxley


8

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


9

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


10

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


11

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


12

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


13

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


14

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


15

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


16

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


17

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


18

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


19

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


20

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


21

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


22

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


23

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


24

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


25

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


26

/ 10 April 2007 / EDS INTERNAL

ISO History
Began with British Military standards
ISO organization was established in 1947
Headquartered in Geneva, Switzerland
Currently composed of 148 National Standard Bodies
and 2,981 technical bodies
As of 12/31/05 there are 15,649 International
Standards embodied in 573,494 pages of English text

11 April 2007

CMM vs. ISO, Sarbanes Oxley


27

/ 10 April 2007 / EDS INTERNAL

What are standards?


Standards are documented agreements containing technical specifications
or other precise criteria to be used consistently as rules, guidelines, or
definitions of characteristics, to ensure that materials, products, processes
and services are fit for their purpose.
For example, the format of the credit cards, phone cards, and "smart" cards
that have become commonplace is derived from an ISO International
Standard. Adhering to the standard, which defines such features as an
optimal thickness (0,76 mm), means that the cards can be used worldwide.
International Standards thus contribute to making life simpler, and to
increasing the reliability and effectiveness of the goods and services we use.
Last modified 2002-07-17

11 April 2007

CMM vs. ISO, Sarbanes Oxley


28

/ 10 April 2007 / EDS INTERNAL

Where are the Standards (12/31/05)


Sector

Standard
s

Generalities, Infrastructure and Sciences

Pages

1,406

49,761

658

20,252

Engineering Technologies

4,099

169,843

Electronics, Information Technology and


Telecommunications

2,447

161,132

Transport and Distribution of Goods

1,710

44,918

954

20,335

3,943

93,121

Construction

311

11,068

Special Technologies

121

3,064

15,649

573,494

Health, Safety and Environment

Agriculture and Food Technology


Materials Technology

11 April 2007

Total
CMM vs. ISO, Sarbanes Oxley
29

/ 10 April 2007 / EDS INTERNAL

Which ISO Standards


The ISO family includes:
ISO 9000:2000 Quality Management Systems

Fundamentals and vocabulary

ISO 9001:2000 Quality Management Systems -

Requirements

ISO 9004:2000 Quality Management Systems

Guidelines for performance improvement

ISO 19011 Guidelines on quality and/or

environmental management systems auditing.

ISO 10012 Measurement control system

11 April 2007

CMM vs. ISO, Sarbanes Oxley


30

/ 10 April 2007 / EDS INTERNAL

Quality System Documentation

Level 1

Quality
Manual

Defines
Approach and
Responsibility

Level 2

Procedures

Defines
Who, What, When

Work/Job
Instructions

Level 3
Answers
How

Level 4

Records/Documentation

11 April 2007

Results: shows that


the system is
operating

CMM vs. ISO, Sarbanes Oxley


31

/ 10 April 2007 / EDS INTERNAL

ISO 9001:2000 Structure


4.

5.

6.

Quality Management System


4.1 General requirements
4.2 Document requirements

Management
Responsibility
5.1 Management
commitment
5.2 Customer focus
5.3 Quality policy
5.4 Planning
5.5 Responsibility, authority,
communication
5.6 Management review
Resource Management
6.1 Provision of resources
6.2 Human resources
6.3 Infrastructure
6.4 Work environment

7.

Product realization
7.1 Planning of product realization
7.2 Customer-related processes
7.3 Design and development
7.4 Purchasing
7.5 Production and service provision
7.6 Control of monitoring and
measuring devices

8.

Measurement, Analysis &


Improvement
8.1 General
8.2 Monitoring and measurement
8.3 Control of nonconforming product
8.4 Analysis of data
8.5
11 AprilImprovement
2007

CMM vs. ISO, Sarbanes Oxley


32

/ 10 April 2007 / EDS INTERNAL

Similarities
Both require the organization be explicit about what
their processes and quality systems are
Say what you do; do what you say
The organization records and tracks data for objective
analysis
Require strong management support to succeed
Provide a structured and measured approach to quality
improvement
Require an outside audit for certification
Both are refined/improved over time

11 April 2007

CMM vs. ISO, Sarbanes Oxley


33

/ 10 April 2007 / EDS INTERNAL

Differences
ISO 9000

SW-CMMI

Outwardly focused

Inwardly focused

Minimum requirements with


implied continuous improvements

Explicit continuous quality


improvement

Not specific to any one industry or


service

Software focus

Registration Document

No documentation

Continual Audits

No follow up audits
11 April 2007

CMM vs. ISO, Sarbanes Oxley


34

/ 10 April 2007 / EDS INTERNAL

Sarbanes-Oxley Implications
With its more than 300 discrete points of enforceable law, this is the most
significant piece of account legislation passed since the formation of the
SEC in 1933
SOX was passed with the specific intent of increasing accountability and
attempting to install ethical behavior in financial reporting and business
operations.
With this increase spotlight on reporting, companies must invest resources
and focus into their internal control process
The Act created the Public Company Accounting Oversight Board (PCAOB)
to oversee the activities of the auditing profession and mandated reforms to
enhance corporate and criminal fraud accountability.
A goal of SOX legislation is to continually improve the transparency of
financial and business events that can impact the accuracy and future
validity of financial statements. Projects to improve processes and regular
review of controls will become common-place activities as compliance
evolves. Tools that simplify project completion and track status will better
enable organization to cost-effectively undertake these projects.
11 April 2007

CMM vs. ISO, Sarbanes Oxley


35

/ 10 April 2007 / EDS INTERNAL

11 April 2007

CMM vs. ISO, Sarbanes Oxley


36

/ 10 April 2007 / EDS INTERNAL