Introduction

“We are using CMM as a business tool to improve the bottom line and to achieve our management vision of being ‘better, faster, cheaper’.”

Peter Lawrence, Northern Region Quality Director, CSC

When the UK arm of global consultancy and information technology services organisation, Computer Sciences Corporation (CSC) began looking for a business model in the late 1990’s to help in its company-wide change programme, various strategies and models were considered. CSC was already operating a quality management system (QMS) which had been certified to ISO 9001 TickIT since 1994 with certification body, Lloyd’s Register Quality Assurance (LRQA). The company therefore already had a mature management system that was embedded within the organisation on which to build.

Following discussion with colleagues in the US, it was decided to adopt the Software Engineering Institute’s (SEI) Software Capability Maturity model (SW-CMM®) to help drive software process improvement throughout the organisation. The question remained however as to how the use of this model would complement and support the company’s ISO certification programme to which it was also committed.

The publication of ISO 9001:2000 has seen increasing convergence between the two approaches which has given CSC the opportunity to use the ISO and SEI models together as a unified management system tool for driving and benchmarking process improvement – rather than independent goals.

Uniquely, it was decided to use the regular LRQA ISO 9001 surveillance programme to also help track the company’s use of CMM® and more recently CMMI® thereby giving CSC the added value of an ongoing, independent viewpoint.

First | Previous | Next | Last

Benefits

Benefits of the combined surveillance programme include:

Staying on track

Organisations approved to ISO 9001 with LRQA are familiar with the benefits provided by the surveillance programme. Typically every six months, the visit provides clients with a focus for continual improvement, an opportunity for managers to re-look at their management systems and discuss any issues openly with their LRQA assessor who with the experience and knowledge gained from visiting numerous organisations over many years can offer valuable insight.

Demonstrating improvement

The external, independent view provided by the LRQA assessor against the appraised scope gives valuable assurance to CSC’s senior management and internal stakeholders, customers and potential purchasers, trading partners and suppliers that it continues to undertake process improvements in its management systems and that there have been no identifiable issues noted relating to the appraised maturity level. In turn this gives the organisation additional impetus to strive for, and commit to, higher maturity levels.

Reducing impact

No organisation wants to spend an inordinate amount of time auditing. The similarity of the ISO and SEI models enables the LRQA assessor to conduct an assessment that both covers all the requirements necessary to monitor ongoing compliance with ISO 9001 while giving consideration to the CMM® model. In practical terms, although this activity requires some additional time, it does provide significant savings in resource and avoiding unnecessary duplication of paperwork.

Winning new business

The ability to demonstrate a maturity rating against the model is increasingly a pre-requisite for business particularly with the large corporates. Even where a rating is not a contractual obligation, it is a valuable differentiator in a highly competitive, crowded marketplace.

Having regular, independent ISO 9001 visits that also consider CSC’s use of the CMM/CMMI® models gives assurance to purchasers that the company’s processes are being continually improved.

First | Previous | Next | Last

Adopting the model

In an industry which is continually growing by acquiring outsourced organisations and therefore new people from diverse industry backgrounds and business cultures, CSC faced a significant challenge in effecting sustainable process standardisation and improvement throughout the company.

By 1998, the company had 1,500 software development staff in a dozen major centres with many smaller groups involved in software development and legacy system support. Each team had its own local procedures and methods for ‘getting the job done’ and while largely successful, this approach relied on the experience and skill of exceptional project managers rather than a standard formula for repeatable results. The ‘localised’ approach also meant that it was more difficult to share staff between teams in order to cater for the natural fluctuations in business.

As a global IT outsourcer, CSC needed to operate the same processes throughout its development teams - wherever in the world they were located – in order to meet increasing demands for the corporate sector and to provide a market differentiator. The company decided to use the CMM® approach to help support its change management programme as a business tool to help it achieve the productivity gains, delivery time improvements and reduction in costs that was necessary to grow its business.

First | Previous | Next | Last

ISO 9001 and CMM/CMMI®

CMM/CMMI® are qualitative models presented at an abstract level which defines the attributes and key practices expected at five stages, from an initial stage characterised by informal management practices and chaotic processes through to the final level in which continual improvement has become institutionalised.

Like ISO 9001:2000, its intent is not to be prescriptive in content but advocates the advantages from formally defined processes yielding data and metrics which drive continual improvement. The goal of both models is to promote understanding and maturity, where the organisation monitors its performance in a continuous cycle to improve its services and products.

Both models have similarities in intent and in demonstrating best practice, however there are differences particularly in the formal assessment process. ISO 9001 certified companies must meet the requirements of the standard and continue to do so by undergoing routine surveillance visits in order to ensure that the results of the initial assessment remain valid.

In contrast, the SEI typically requires only a one-off assessment in order to confirm an organisation’s maturity rating arguing that once a company has continual improvement embedded within its culture, it will continue to do so. However, CSC had become accustomed to the benefits provided by its regular LRQA visits and felt that similar benefits could exist through routine checks against the CMM®. To this end, LRQA has extended its routine ISO surveillance activity to include consideration of the SEI CMM® model criteria. The LRQA assessor who is trained in the CMM® model therefore takes account of this in looking at the activities of the company at each visit and references his findings within the assessment report.

CSC and LRQA…a model relationship

Since 2003, LRQA has been taking into account the CMM® model during its regular ISO 9001 surveillance visits for CSC. This has seen LRQA adapting its typical audit approach to also incorporate evaluation against CMM® criteria. It was important from the very beginning to demonstrate that any assessment could fully meet the requirements of ISO 9001 without compromising the integrity of the audit or the independence of the LRQA audit team.

During the audit, Ian Upson, the LRQA assessor working with Dave Wynn of CSC uses CMM® evaluation type techniques to gather data about the system to judge compliance with both ISO 9001 and the CMM®. This includes review of documentation and in-depth interviews with appropriate staff including senior management, process owners and the training department.

For the CMM® review this typically involves the in-depth review of three projects, each taking one day. This involves each team producing a project documentation pack which is reviewed by LRQA and Dave Wynn to see how well the data is complying with the process. Additionally, this provides the necessary preparation for the interview sessions held in the afternoon of project review. The objective here is to judge how embedded the process is within the team which also provides valuable input to the 9001 surveillance part of the audit.

The benefits of this approach for CSC are clear. It supports their activities in the area of CMM®. “Organisations need to be assured that their suppliers and trading partners will continue to maintain their maturity rating. While the SEI hold rigorous checks of its lead assessors to ensure the quality of those undertaking formal CMM® or CMMI® assessments, CSC feels that the additional assurance provided by regular, independent audits can offer significant benefits,” comments Dave Wynn, Principal Quality Management Consultant for CSC.

From an LRQA viewpoint, in very practical terms it gives the assessor more opportunity for information to be sought in a highly systematic and structured way resulting in the production of a report that references CMM® and in the future CMMI®.

Mike James, general manager of LRQA comments: “Increasingly companies are looking at how to drive improvement through their business processes. Many organisations, such as CSC are looking to build on the firm foundation that ISO 9001 has given their business and looking to other models to complement their approach.

CSC has chosen LRQA as its certification partner in its global programme. It is hoped that as CMMI® becomes more widely recognised globally, there will be an opportunity to roll out the combined surveillance approach trialled here in the UK.”

First | Previous | Next | Last

The future

The maturity level achieved through a formal SCAMPISM appraisal process provides recognition of achievement at a particular point in time. As with any assessment process the confidence in the ongoing validity of the outcome or rating diminishes with time. By using the ISO 9001:2000 surveillance process to supplement the initial appraisal customers can have a greater degree of confidence that the organisation’s systems continue to meet the requirements of the model.

It is hoped that a combined approach will in due course be recognised by the accreditation bodies. Discussions currently taking place between the Software Engineering Institute, CSC and the certification industry could lead to certification bodies being accredited to conduct simultaneous ISO 9001/CMMI® evaluations. A combined assessment performed by fully trained and authorised appraisers would therefore provide organisations with an integrated certification and maturity rating. Taking the ISO model of regular planned surveillance activities, a company could therefore reasonably claim ongoing consistency with their stated maturity rating although SEI rules do not currently allow confirmation of a maturity rating.

“ISO 9001:2000 is the bedrock which brings fundamental business principles to the table. We use the CMM/CMMI approach to give maturity type improvement. The two approaches are complementary.”
Dave Wynn, Principal Quality Management Consultant, CSC

“There is little doubt that global clients will increasingly demand a CMMI rating. We have the potential to be able to prove ongoing independent monitoring of our maturity level.”
Peter Lawrence, Northern Region Quality Director, CSC

“To support our process improvement objectives, we needed our surveillance visits to examine our on going commitment to the maturity model.”
Dave Wynn, Principal Quality Management Consultant, CSC

First | Previous | Next | Last

About CSC

Computer Sciences Corporation (CSC) is a global consulting and information technology services organisation offering clients the solutions they need to manage complexity, focus on core businesses, collaborate with partners and clients and improve operations. Vendor-independent, the company delivers solutions that best meet each client’s unique requirements. For more than 40 years, clients in industry and governments have trusted CSC with their business process and information systems outsourcing, systems integration and consulting needs.

Carnegie Mellon University Software Engineering Institute (SEI)

The SEI is a federally funded research and development centre sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. Its mission is to provide leadership in advancing the state of the practice of software engineering to improve the quality of systems that depend on software. The SEI accomplishes this mission by promoting the evolution of software engineering from an ad hoc, labour-intensive activity to a discipline that is well managed and supported by technology.

® CMM is registered in the U.S Patent and Trademark Office by Carnegie Mellon University.

First | Previous | Next | Last