Only Software companies eligible to take CMMI?

P

PE-2011

#1
Dear Friends,

I request to kindly help me in following.

1) CMM is now replaced with CMMI. There are 5 levels of CMMI. Software companies only eligible to take CMMI? or any field of companies can take CMMI?

2) What i understand is CMMI 5 level is top one. Any organization can take CMMI 5 level directly without going to CMMI 1 to 4 level? or first they should start with CMMI 1 to reach CMMI 5?

3) Is there any equivalent ISO standard for CMMI 5?

4) Can anybody tell me who is the best consultant in India for CMMI?

5) In ISO Standard, is it possible to integrate 9001, 14001 and 27001? Is yes, anybody know how many companies have such IMS in India and Abroad?

Soliciting your help.

With best Regards
Maheswari:agree:
 
Elsmar Forum Sponsor
P

PE-2011

#4
OK Friend thanks. Why dont you include more Indians in forum. I like this forum very much
Regards, Maheswari

Most of our Members live in the USA, and we're not all awake yet....:nope:
So, please be patient, and responses will be offered...:agree1:

Stijloor, Forum Moderator.
 

Marc

Fully vaccinated are you?
Leader
Admin
#6
OK Friend thanks. Why dont you include more Indians in forum. I like this forum very much
Regards, Maheswari
To be clear, the forum is open to anyone, anywhere. People join who want to join. We do not exclude anyone from joining. So - The question is: Why is it that more people from India do not join?

There are many people here from India. But - The majority of the forum is in English so that will be a barrier to many people.

If you're interested, there is an Indian Social Group here as well: The Indian National Covers - You may discuss things there in your language if you want. There is no requirement that people use English here.
 
P

pldey42

#7
Dear Friends,

I request to kindly help me in following.

1) CMM is now replaced with CMMI. There are 5 levels of CMMI. Software companies only eligible to take CMMI? or any field of companies can take CMMI?

2) What i understand is CMMI 5 level is top one. Any organization can take CMMI 5 level directly without going to CMMI 1 to 4 level? or first they should start with CMMI 1 to reach CMMI 5?

3) Is there any equivalent ISO standard for CMMI 5?

4) Can anybody tell me who is the best consultant in India for CMMI?

5) In ISO Standard, is it possible to integrate 9001, 14001 and 27001? Is yes, anybody know how many companies have such IMS in India and Abroad?

Soliciting your help.

With best Regards
Maheswari:agree:
The CMMI includes models for managing development, acquisition, services and people:

http: //www. sei. cmu. edu /cmmi/tools/index.cfm - DEAD 404LINK UNLINKED

From CMMI for Development, Version 1.3 ...

"CMMI for Development is a reference model that covers activities for developing both products and services. Organizations from many industries, including aerospace, banking, computer hardware, software, defense, automobile manufacturing, and telecommunications, use CMMI for Development."

So pretty much any company could use CMMI if it so chose.

One of the big benefits of CMMs is they give a strategy for reaching a high level of process maturity. Level 1 is where most companies are if they have no formal management processes, and they proceed through levels 2 to 5 in order. Each level adds sophistication and relies for success upon those below being properly established and stable. Organizational change takes a while., so each level will take several months, even a year or two. Thus, a CMM gives a strategy for evolving from immature to mature through well -defined levels.

ISO process management standards tend to be simpler, and cheaper to appraise, hence their appeal. ISO 9004 makes some mention of maturity modelling. There's nothing based on maturity modelling that's auditable in the ISO management systems family that I am aware of.

In software development, an ISO 9001 Certification is equivalent to somewhere between levels 2 and 3 on the CMMI scale.

I'm based in the UK and not aware of Indian CMM consultants, best or otherwise, sorry.

BSI have several clients that combine ISO 9001, 14001, 27001 amongst others. Sorry, haven't counted them. But it makes sense. For example, when implementing ISO 27001 it helps to understand information flows when considering threats and vulnerabilities, and an ISO 9001 management system should help in this regard.

Hope this helps,
Pat
 
Last edited by a moderator:
P

PE-2011

#8
Dear Friend, Thanks a lot for your help.

You stated, BSI have several clients that combine ISO 9001, 14001, 27001. Is the same with ONE SINGLE IMS CERTIFICATE, Common Policy, Common Procedure, Common Internal Audit, Common Scope etc. If you have any idea, please tell.

Also I would request, is it possible an IMS Certified company can integrate CMMI 5 level.

TODAY I SEARCHED IN THIS FORUM FOR IMS SYSTEM WITH THE COMBINATION OF QMS+EMS+ISMS, BUT COULD NOT SEE. ALL ARE QMS+EMS+OHSAS OR ANY OTHER.

Regards, Maheswari


The CMMI includes models for managing development, acquisition, services and people:

http://www.sei.cmu.edu/cmmi/tools/index.cfm

From http://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfm ...

"CMMI for Development is a reference model that covers activities for developing both products and services. Organizations from many industries, including aerospace, banking, computer hardware, software, defense, automobile manufacturing, and telecommunications, use CMMI for Development."

So pretty much any company could use CMMI if it so chose.

One of the big benefits of CMMs is they give a strategy for reaching a high level of process maturity. Level 1 is where most companies are if they have no formal management processes, and they proceed through levels 2 to 5 in order. Each level adds sophistication and relies for success upon those below being properly established and stable. Organizational change takes a while., so each level will take several months, even a year or two. Thus, a CMM gives a strategy for evolving from immature to mature through well -defined levels.

ISO process management standards tend to be simpler, and cheaper to appraise, hence their appeal. ISO 9004 makes some mention of maturity modelling. There's nothing based on maturity modelling that's auditable in the ISO management systems family that I am aware of.

In software development, an ISO 9001 Certification is equivalent to somewhere between levels 2 and 3 on the CMMI scale.

I'm based in the UK and not aware of Indian CMM consultants, best or otherwise, sorry.

BSI have several clients that combine ISO 9001, 14001, 27001 amongst others. Sorry, haven't counted them. But it makes sense. For example, when implementing ISO 27001 it helps to understand information flows when considering threats and vulnerabilities, and an ISO 9001 management system should help in this regard.

Hope this helps,
Pat
 
Last edited:
P

pldey42

#9
Some keep them separate. They believe it helps them to manage the distinct issues associated with quality, information security and environment more easily. Others combine them in order to increase error-proofing.

For example, there would be no value in having three separate document control systems. The common one is likely to say things like

  • control documents (ISO 9001)
  • operate information classification, access and segregation controls (ISO 27001)
  • don't print docs unless absolutely necessary and use recycled paper (ISO 14001)
It makes sense to combine implementations of common requirements, although beware: they aren't always identical. For example, ISO 27001's preventive action requirements aren't exactly the same as those for ISO 9001. Whilst one might use a PA process that meets the requirements of both ISO 9001 and ISO 27001 it still might have variants depending upon whether it's used for quality or information security. For example, an information security PA would have more confidentiality associated with it than a quality one: while good quality practice generally follows Deming's dictum to “involve everyone”, information security notes that “everyone” might include disgruntled employees -- one of the biggest sources of security leaks -- and therefore only involves an essential few people, hopefully none of them planning a subversive attack.

Common policies? Well, the quality policy might be “deliver products and services to customers so as to meet their requirements.” The infosec policy might be “to preserve our company's intellectual property and that of our clients, and satisfy UK Data Protection law.” The environmental policy might be “Control effluents to avoid breaches of UK Environment laws and regulations.” Each policy addresses the issues of the associated standard. The decision about whether to combine these distinct issues into one policy document or several depends upon corporate culture.

Combining management systems into one corporate system makes sense in terms of error-proofing, by having one set of instructions for “how to do things” rather than several. For example, the process for managing a database might incorporate operational issues of how information is processed, with information security issues such as access control and segregation of duties, and environmental controls over printing. If the documentation for this process were distributed amongst three different manual sets (one each for ISO 9001, ISO 27001, ISO 14001) the probability of someone missing something would be higher.

When organizations combine systems, they still get three certificates. BSI operates a scheme for combining ISO 9001, ISO 14001 and ISO 18001, this being the most common combination of management systems. I'm not an expert on the latter two standards (I do ISO 27001 and BS 25999 as well as ISO 9001) but I'm told that the combining can bring some efficiencies, and can lead to processes for resolving risk management issues when quality, environment and H&S pull in different directions. Clients can get individual quotations for arbitrary combinations of standards, e.g. ISO 9001 and ISO 27001.

An ISO 9001-Certified company ought to be able to attain CMMI level 2 perhaps after some detailed work on areas like project management, requirements management and configuration management; and CMMI level 3 after some additional work. Both ISO 9001 and the lower CMMI levels focus on stabilizing an organization's processes. It could retain its ISO certification as it attains level 4, then level 5, which focus on continual improvement, and this indeed is one of the routes that ISO 9004 suggests. (In America, organizations sometimes follow a similar strategy but using Baldrige or Florida Sterling instead of CMMI (or in Europe, EFQM) to continually improve upon an ISO 9001 baseline.)

All these things are possible. The question is, are they worth the increased effort, time and money? For some the answer is yes, because ISO certification satisfies a contract mandate, and a richer model like CMMI drives the details of managing stability, and the higher reaches of continual improvement.

Hope this helps,
Pat
 
P

PE-2011

#10
Dear Friend, Thanks a lot. Very helpful explanation given by you.

I am wondering any other members answering to my queries.

Regards
Maheswari
 
Thread starter Similar threads Forum Replies Date
Y FDA PreCert Program for Software (Companies) - 2017 Other US Medical Device Regulations 1
M Using a Complaint Management Software (Medical Device companies) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
E CAPA Management Software Tool Recommendations for Small Companies Quality Assurance and Compliance Software Tools and Solutions 3
D Documentation Control Software for small companies on a Budget Quality Assurance and Compliance Software Tools and Solutions 10
D Info for Health and Safety in Software Development companies Occupational Health & Safety Management Standards 6
G Software verification vs. system verification IEC 62304 - Medical Device Software Life Cycle Processes 3
S Process Monitoring using SPC software Quality Assurance and Compliance Software Tools and Solutions 3
J Megger MIT520/2 adjustment software? Calibration and Metrology Software and Hardware 0
M Product Acceptance Software (PAS) PROCEDURE (BOEING D6-51991) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
M 3D Scanner Software validation ISO 13485:2016 - Medical Device Quality Management Systems 7
Y Software to Manage IEC 62304 Traceability Requirement IEC 62304 - Medical Device Software Life Cycle Processes 3
T Software item classification and Detailed Design IEC 62304 - Medical Device Software Life Cycle Processes 4
T Software Unit definition - IEC 62304 - Medical Device Software Life Cycle Processes 3
T Software user interface - definition of hazards ISO 14971 - Medical Device Risk Management 15
T Classification Accessory Software medical device EU Medical Device Regulations 4
G Software Medical Device Classification EU Medical Device Regulations 7
D Software Validation Question ISO 13485:2016 - Medical Device Quality Management Systems 10
C. Tejeda Computer system validation approach for Minitab Statistical software Software Quality Assurance 7
B Can a software that receive data from a MD be classified as Class I?or is not a MD? EU Medical Device Regulations 5
A What JIRA Software workflows you use for your software lifecycle? IEC 62304 - Medical Device Software Life Cycle Processes 4
G Software change management Design and Development of Products and Processes 2
G IATF 7.1.5.2.1 Calibration/verification records :Program/software verification IATF 16949 - Automotive Quality Systems Standard 7
John C. Abnet ...validation of computer software ISO 13485:2016 - Medical Device Quality Management Systems 14
N Free statistical software Reliability Analysis - Predictions, Testing and Standards 7
T ISO quality system software such as MQ1 (which is what we currently use) Document Control Systems, Procedures, Forms and Templates 8
X Looking for 17025 auditor to perform internal audit on IT software testing laboratory ISO 17025 related Discussions 3
B ERP software validation - risk assessment vs validation scope ISO 13485:2016 - Medical Device Quality Management Systems 11
D Guidance for Medical records software/template ISO 13485:2016 - Medical Device Quality Management Systems 1
M MDSW Software importer distributor CE Marking (Conformité Européene) / CB Scheme 2
B Software as a Medical Device - Language Requirements EU Medical Device Regulations 6
B Software as a NON-medical device Medical Information Technology, Medical Software and Health Informatics 23
qualprod 8.3 for software development. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
S Software design document NMPA guidance and consultant China Medical Device Regulations 4
C How to place software version for SaMD product in HIBC secondary data structure (UDI-PI)? Other US Medical Device Regulations 4
L Acquiring software from 3rd party company IEC 62304 - Medical Device Software Life Cycle Processes 8
R Validation of Software used in Verification Testing ISO 13485:2016 - Medical Device Quality Management Systems 2
A FMEA Software IATF 16949 - Automotive Quality Systems Standard 6
A Medical Device Software POC Medical Device and FDA Regulations and Standards News 6
C Discus Software for First Article Inspection Inspection, Prints (Drawings), Testing, Sampling and Related Topics 1
D One Software as Medical Device product or two? EU Medical Device Regulations 4
V Internal Audit Software IATF 16949 - Automotive Quality Systems Standard 5
Watchcat New Draft Guidance on Content of Premarket Submissions for Software Device "Functions" Other US Medical Device Regulations 2
Watchcat Software validation vs design V&V? Other US Medical Device Regulations 27
M Initial Importer/Distributor and Software Validation IEC 62304 - Medical Device Software Life Cycle Processes 1
F Configurator for a power unit - Software or other solution? Manufacturing and Related Processes 0
D Test Management Software Software Quality Assurance 1
E ISO 13485 software validation ISO 13485:2016 - Medical Device Quality Management Systems 7
D Tracking software versions used with instruments ISO 13485:2016 - Medical Device Quality Management Systems 0
dgrainger Informational MHRA's Software and AI as a Medical Device Change Programme UK Medical Device Regulations 0
S Do you follow your QMS for non-device software features? Medical Information Technology, Medical Software and Health Informatics 4

Similar threads

Top Bottom