Only Software companies eligible to take CMMI?

P

PE-2011

#1
Dear Friends,

I request to kindly help me in following.

1) CMM is now replaced with CMMI. There are 5 levels of CMMI. Software companies only eligible to take CMMI? or any field of companies can take CMMI?

2) What i understand is CMMI 5 level is top one. Any organization can take CMMI 5 level directly without going to CMMI 1 to 4 level? or first they should start with CMMI 1 to reach CMMI 5?

3) Is there any equivalent ISO standard for CMMI 5?

4) Can anybody tell me who is the best consultant in India for CMMI?

5) In ISO Standard, is it possible to integrate 9001, 14001 and 27001? Is yes, anybody know how many companies have such IMS in India and Abroad?

Soliciting your help.

With best Regards
Maheswari:agree:
 
Elsmar Forum Sponsor
P

PE-2011

#4
OK Friend thanks. Why dont you include more Indians in forum. I like this forum very much
Regards, Maheswari

Most of our Members live in the USA, and we're not all awake yet....:nope:
So, please be patient, and responses will be offered...:agree1:

Stijloor, Forum Moderator.
 

Marc

Hunkered Down for the Duration with a Mask on...
Staff member
Admin
#6
OK Friend thanks. Why dont you include more Indians in forum. I like this forum very much
Regards, Maheswari
To be clear, the forum is open to anyone, anywhere. People join who want to join. We do not exclude anyone from joining. So - The question is: Why is it that more people from India do not join?

There are many people here from India. But - The majority of the forum is in English so that will be a barrier to many people.

If you're interested, there is an Indian Social Group here as well: The Indian National Covers - You may discuss things there in your language if you want. There is no requirement that people use English here.
 
P

pldey42

#7
Dear Friends,

I request to kindly help me in following.

1) CMM is now replaced with CMMI. There are 5 levels of CMMI. Software companies only eligible to take CMMI? or any field of companies can take CMMI?

2) What i understand is CMMI 5 level is top one. Any organization can take CMMI 5 level directly without going to CMMI 1 to 4 level? or first they should start with CMMI 1 to reach CMMI 5?

3) Is there any equivalent ISO standard for CMMI 5?

4) Can anybody tell me who is the best consultant in India for CMMI?

5) In ISO Standard, is it possible to integrate 9001, 14001 and 27001? Is yes, anybody know how many companies have such IMS in India and Abroad?

Soliciting your help.

With best Regards
Maheswari:agree:
The CMMI includes models for managing development, acquisition, services and people:

http: //www. sei. cmu. edu /cmmi/tools/index.cfm - DEAD 404LINK UNLINKED

From CMMI for Development, Version 1.3 ...

"CMMI for Development is a reference model that covers activities for developing both products and services. Organizations from many industries, including aerospace, banking, computer hardware, software, defense, automobile manufacturing, and telecommunications, use CMMI for Development."

So pretty much any company could use CMMI if it so chose.

One of the big benefits of CMMs is they give a strategy for reaching a high level of process maturity. Level 1 is where most companies are if they have no formal management processes, and they proceed through levels 2 to 5 in order. Each level adds sophistication and relies for success upon those below being properly established and stable. Organizational change takes a while., so each level will take several months, even a year or two. Thus, a CMM gives a strategy for evolving from immature to mature through well -defined levels.

ISO process management standards tend to be simpler, and cheaper to appraise, hence their appeal. ISO 9004 makes some mention of maturity modelling. There's nothing based on maturity modelling that's auditable in the ISO management systems family that I am aware of.

In software development, an ISO 9001 Certification is equivalent to somewhere between levels 2 and 3 on the CMMI scale.

I'm based in the UK and not aware of Indian CMM consultants, best or otherwise, sorry.

BSI have several clients that combine ISO 9001, 14001, 27001 amongst others. Sorry, haven't counted them. But it makes sense. For example, when implementing ISO 27001 it helps to understand information flows when considering threats and vulnerabilities, and an ISO 9001 management system should help in this regard.

Hope this helps,
Pat
 
Last edited by a moderator:
P

PE-2011

#8
Dear Friend, Thanks a lot for your help.

You stated, BSI have several clients that combine ISO 9001, 14001, 27001. Is the same with ONE SINGLE IMS CERTIFICATE, Common Policy, Common Procedure, Common Internal Audit, Common Scope etc. If you have any idea, please tell.

Also I would request, is it possible an IMS Certified company can integrate CMMI 5 level.

TODAY I SEARCHED IN THIS FORUM FOR IMS SYSTEM WITH THE COMBINATION OF QMS+EMS+ISMS, BUT COULD NOT SEE. ALL ARE QMS+EMS+OHSAS OR ANY OTHER.

Regards, Maheswari


The CMMI includes models for managing development, acquisition, services and people:

http://www.sei.cmu.edu/cmmi/tools/index.cfm

From http://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfm ...

"CMMI for Development is a reference model that covers activities for developing both products and services. Organizations from many industries, including aerospace, banking, computer hardware, software, defense, automobile manufacturing, and telecommunications, use CMMI for Development."

So pretty much any company could use CMMI if it so chose.

One of the big benefits of CMMs is they give a strategy for reaching a high level of process maturity. Level 1 is where most companies are if they have no formal management processes, and they proceed through levels 2 to 5 in order. Each level adds sophistication and relies for success upon those below being properly established and stable. Organizational change takes a while., so each level will take several months, even a year or two. Thus, a CMM gives a strategy for evolving from immature to mature through well -defined levels.

ISO process management standards tend to be simpler, and cheaper to appraise, hence their appeal. ISO 9004 makes some mention of maturity modelling. There's nothing based on maturity modelling that's auditable in the ISO management systems family that I am aware of.

In software development, an ISO 9001 Certification is equivalent to somewhere between levels 2 and 3 on the CMMI scale.

I'm based in the UK and not aware of Indian CMM consultants, best or otherwise, sorry.

BSI have several clients that combine ISO 9001, 14001, 27001 amongst others. Sorry, haven't counted them. But it makes sense. For example, when implementing ISO 27001 it helps to understand information flows when considering threats and vulnerabilities, and an ISO 9001 management system should help in this regard.

Hope this helps,
Pat
 
Last edited:
P

pldey42

#9
Some keep them separate. They believe it helps them to manage the distinct issues associated with quality, information security and environment more easily. Others combine them in order to increase error-proofing.

For example, there would be no value in having three separate document control systems. The common one is likely to say things like

  • control documents (ISO 9001)
  • operate information classification, access and segregation controls (ISO 27001)
  • don't print docs unless absolutely necessary and use recycled paper (ISO 14001)
It makes sense to combine implementations of common requirements, although beware: they aren't always identical. For example, ISO 27001's preventive action requirements aren't exactly the same as those for ISO 9001. Whilst one might use a PA process that meets the requirements of both ISO 9001 and ISO 27001 it still might have variants depending upon whether it's used for quality or information security. For example, an information security PA would have more confidentiality associated with it than a quality one: while good quality practice generally follows Deming's dictum to “involve everyone”, information security notes that “everyone” might include disgruntled employees -- one of the biggest sources of security leaks -- and therefore only involves an essential few people, hopefully none of them planning a subversive attack.

Common policies? Well, the quality policy might be “deliver products and services to customers so as to meet their requirements.” The infosec policy might be “to preserve our company's intellectual property and that of our clients, and satisfy UK Data Protection law.” The environmental policy might be “Control effluents to avoid breaches of UK Environment laws and regulations.” Each policy addresses the issues of the associated standard. The decision about whether to combine these distinct issues into one policy document or several depends upon corporate culture.

Combining management systems into one corporate system makes sense in terms of error-proofing, by having one set of instructions for “how to do things” rather than several. For example, the process for managing a database might incorporate operational issues of how information is processed, with information security issues such as access control and segregation of duties, and environmental controls over printing. If the documentation for this process were distributed amongst three different manual sets (one each for ISO 9001, ISO 27001, ISO 14001) the probability of someone missing something would be higher.

When organizations combine systems, they still get three certificates. BSI operates a scheme for combining ISO 9001, ISO 14001 and ISO 18001, this being the most common combination of management systems. I'm not an expert on the latter two standards (I do ISO 27001 and BS 25999 as well as ISO 9001) but I'm told that the combining can bring some efficiencies, and can lead to processes for resolving risk management issues when quality, environment and H&S pull in different directions. Clients can get individual quotations for arbitrary combinations of standards, e.g. ISO 9001 and ISO 27001.

An ISO 9001-Certified company ought to be able to attain CMMI level 2 perhaps after some detailed work on areas like project management, requirements management and configuration management; and CMMI level 3 after some additional work. Both ISO 9001 and the lower CMMI levels focus on stabilizing an organization's processes. It could retain its ISO certification as it attains level 4, then level 5, which focus on continual improvement, and this indeed is one of the routes that ISO 9004 suggests. (In America, organizations sometimes follow a similar strategy but using Baldrige or Florida Sterling instead of CMMI (or in Europe, EFQM) to continually improve upon an ISO 9001 baseline.)

All these things are possible. The question is, are they worth the increased effort, time and money? For some the answer is yes, because ISO certification satisfies a contract mandate, and a richer model like CMMI drives the details of managing stability, and the higher reaches of continual improvement.

Hope this helps,
Pat
 
P

PE-2011

#10
Dear Friend, Thanks a lot. Very helpful explanation given by you.

I am wondering any other members answering to my queries.

Regards
Maheswari
 
Thread starter Similar threads Forum Replies Date
Y FDA PreCert Program for Software (Companies) - 2017 Other US Medical Device Regulations 1
M Using a Complaint Management Software (Medical Device companies) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
E CAPA Management Software Tool Recommendations for Small Companies Quality Assurance and Compliance Software Tools and Solutions 3
D Documentation Control Software for small companies on a Budget Quality Assurance and Compliance Software Tools and Solutions 10
D Info for Health and Safety in Software Development companies Occupational Health & Safety Management Standards 6
Q Software as a medical device vs software not sold as medical device: local regulations for sale? EU Medical Device Regulations 4
Y Software updates considered servicing (7.5.4) ISO 13485:2016 - Medical Device Quality Management Systems 4
S How to perform verification of the Statistical Analysis Software? Qualification and Validation (including 21 CFR Part 11) 2
I Document Control Software Document Control Systems, Procedures, Forms and Templates 2
E Software maintenance Process Software maintenance Process to IEC 6204? IEC 62304 - Medical Device Software Life Cycle Processes 3
L Micro-Vu InSpec Software Program Qualification and Validation (including 21 CFR Part 11) 6
A For software change - New Channel of interoperability CE Marking (Conformité Européene) / CB Scheme 4
T IVDR Medical device software CE Marking (Conformité Européene) / CB Scheme 8
N ISO 13485 7.3.9 Change control in medical device software ISO 13485:2016 - Medical Device Quality Management Systems 6
C SharePoint Contract Management Software General Information Resources 0
gramps What do you think about automated QA testing For software app industry? Misc. Quality Assurance and Business Systems Related Topics 5
V Software as medical device (SaMD) replicated for multiple clients through APIs IEC 62304 - Medical Device Software Life Cycle Processes 5
U API Spec Q1 - 5.6.1.2 C (3) - Design software Oil and Gas Industry Standards and Regulations 3
B Complaint Records - Accessing records on Easy Track Software Records and Data - Quality, Legal and Other Evidence 3
GreatNate Master Control QMS software Quality Tools, Improvement and Analysis 0
GreatNate Anyone using the Intellect QMS software? Quality Assurance and Compliance Software Tools and Solutions 1
S DHF/DMR/MDF for a software-only, cloud-based, single-instance device Medical Information Technology, Medical Software and Health Informatics 2
H Software Validation for FFS Packaging Machine Qualification and Validation (including 21 CFR Part 11) 1
E Any sample of a full software life cycle IEC 62304 report ( any class )? IEC 62304 - Medical Device Software Life Cycle Processes 1
Q ISO 13485 7.5.6 Validation - Off the shelf Software ISO 13485:2016 - Medical Device Quality Management Systems 3
M ERP / QMS related software standards for Validation IEC 62304 - Medical Device Software Life Cycle Processes 6
J Do Software Subcontractors need to be ISO13485 compliant in the EU? EU Medical Device Regulations 3
D Safety data sheets software REACH and RoHS Conversations 2
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
N Validating Software before getting approved as Class 2 device US Food and Drug Administration (FDA) 5
M Clinical Decision Support Software Question 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
P Missing 1m visual alarm signal in case of software/display failure, mitigation? ISO 14971 - Medical Device Risk Management 3
B Software service provider as critical supplier ISO 13485:2016 - Medical Device Quality Management Systems 5
S Asterisk in DOE minitab software Using Minitab Software 23
M Surgical angle measurement guide device with an application software Medical Device and FDA Regulations and Standards News 1
M Advice needed for SEH Compliance Software and ISNETWord Compatabiliy Occupational Health & Safety Management Standards 2
bruceian Software Quality Metrics Software Quality Assurance 11
optomist1 How Secure Are Our Software Systems Software Quality Assurance 7
M 'Active' device? Software/laptop with attached camera 'looking' at passive metal probe EU Medical Device Regulations 3
D Software validation team Misc. Quality Assurance and Business Systems Related Topics 3
O Any info on release date of FDA “Computer Software Assurance for Manufacturing and Quality System Software” document? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
L Radiology software Class I exemption Medical Device and FDA Regulations and Standards News 3
O Software for comparing text of PDF files Contract Review Process 2
J Implementing an ISO 13485 QMS Software ISO 13485:2016 - Medical Device Quality Management Systems 6
K Software Updates in the Field and ISO scope ISO 13485:2016 - Medical Device Quality Management Systems 2
M Recurrent event analysis software (python) General Auditing Discussions 2
Y UL 1998 Standard: software classes Software Quality Assurance 0
P Need a programmer for QVI's VMS software for optical inspection machine Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
S IEC 62304 software costs and time Medical Device and FDA Regulations and Standards News 3
S IEC 62304 - Software verification cost IEC 62304 - Medical Device Software Life Cycle Processes 3

Similar threads

Top Bottom