Only Software companies eligible to take CMMI?

[PE-2011]

Dear Friends,

I request to kindly help me in following.

1) CMM is now replaced with CMMI. There are 5 levels of CMMI. Software companies only eligible to take CMMI? or any field of companies can take CMMI?

2) What i understand is CMMI 5 level is top one. Any organization can take CMMI 5 level directly without going to CMMI 1 to 4 level? or first they should start with CMMI 1 to reach CMMI 5?

3) Is there any equivalent ISO standard for CMMI 5?

4) Can anybody tell me who is the best consultant in India for CMMI?

5) In ISO Standard, is it possible to integrate 9001, 14001 and 27001? Is yes, anybody know how many companies have such IMS in India and Abroad?

Soliciting your help.

With best Regards
Maheswari

 

[PE-2011]

Hello friends, can anybody help?

 

[Stijloor]

Hello friends, can anybody help?

Most of our Members live in the USA, and we're not all awake yet....
So, please be patient, and responses will be offered...

Stijloor, Forum Moderator.

 

[PE-2011]

OK Friend thanks. Why dont you include more Indians in forum. I like this forum very much
Regards, Maheswari

Most of our Members live in the USA, and we're not all awake yet....
So, please be patient, and responses will be offered...

Stijloor, Forum Moderator.

 

[Stijloor]

OK Friend thanks. Why dont you include more Indians in forum. I like this forum very much
Regards, Maheswari

Look at this post from our Host Mr. Marc Smith.

http://elsmar.com/Forums/showpost.php?p=427539&postcount=184

Scroll to the bottom, locate the world map, and see where our Members live.

Look at India....

Stijloor.

 

[Marc]

OK Friend thanks. Why dont you include more Indians in forum. I like this forum very much
Regards, Maheswari

To be clear, the forum is open to anyone, anywhere. People join who want to join. We do not exclude anyone from joining. So - The question is: Why is it that more people from India do not join?

There are many people here from India. But - The majority of the forum is in English so that will be a barrier to many people.

If you're interested, there is an Indian Social Group here as well: The Indian National Covers - You may discuss things there in your language if you want. There is no requirement that people use English here.

 

[pldey42]

Dear Friends,

I request to kindly help me in following.

1) CMM is now replaced with CMMI. There are 5 levels of CMMI. Software companies only eligible to take CMMI? or any field of companies can take CMMI?

2) What i understand is CMMI 5 level is top one. Any organization can take CMMI 5 level directly without going to CMMI 1 to 4 level? or first they should start with CMMI 1 to reach CMMI 5?

3) Is there any equivalent ISO standard for CMMI 5?

4) Can anybody tell me who is the best consultant in India for CMMI?

5) In ISO Standard, is it possible to integrate 9001, 14001 and 27001? Is yes, anybody know how many companies have such IMS in India and Abroad?

Soliciting your help.

With best Regards
Maheswari

The CMMI includes models for managing development, acquisition, services and people:

http: //www. sei. cmu. edu /cmmi/tools/index.cfm - DEAD 404LINK UNLINKED

From CMMI for Development, Version 1.3 ...

"CMMI for Development is a reference model that covers activities for developing both products and services. Organizations from many industries, including aerospace, banking, computer hardware, software, defense, automobile manufacturing, and telecommunications, use CMMI for Development."

So pretty much any company could use CMMI if it so chose.

One of the big benefits of CMMs is they give a strategy for reaching a high level of process maturity. Level 1 is where most companies are if they have no formal management processes, and they proceed through levels 2 to 5 in order. Each level adds sophistication and relies for success upon those below being properly established and stable. Organizational change takes a while., so each level will take several months, even a year or two. Thus, a CMM gives a strategy for evolving from immature to mature through well -defined levels.

ISO process management standards tend to be simpler, and cheaper to appraise, hence their appeal. ISO 9004 makes some mention of maturity modelling. There's nothing based on maturity modelling that's auditable in the ISO management systems family that I am aware of.

In software development, an ISO 9001 Certification is equivalent to somewhere between levels 2 and 3 on the CMMI scale.

I'm based in the UK and not aware of Indian CMM consultants, best or otherwise, sorry.

BSI have several clients that combine ISO 9001, 14001, 27001 amongst others. Sorry, haven't counted them. But it makes sense. For example, when implementing ISO 27001 it helps to understand information flows when considering threats and vulnerabilities, and an ISO 9001 management system should help in this regard.

Hope this helps,
Pat

 

[PE-2011]

Dear Friend, Thanks a lot for your help.

You stated, BSI have several clients that combine ISO 9001, 14001, 27001. Is the same with ONE SINGLE IMS CERTIFICATE, Common Policy, Common Procedure, Common Internal Audit, Common Scope etc. If you have any idea, please tell.

Also I would request, is it possible an IMS Certified company can integrate CMMI 5 level.

TODAY I SEARCHED IN THIS FORUM FOR IMS SYSTEM WITH THE COMBINATION OF QMS+EMS+ISMS, BUT COULD NOT SEE. ALL ARE QMS+EMS+OHSAS OR ANY OTHER.

Regards, Maheswari

The CMMI includes models for managing development, acquisition, services and people:

http://www.sei.cmu.edu/cmmi/tools/index.cfm

From http://www.sei.cmu.edu/library/abstracts/reports/10tr033.cfm ...

"CMMI for Development is a reference model that covers activities for developing both products and services. Organizations from many industries, including aerospace, banking, computer hardware, software, defense, automobile manufacturing, and telecommunications, use CMMI for Development."

So pretty much any company could use CMMI if it so chose.

One of the big benefits of CMMs is they give a strategy for reaching a high level of process maturity. Level 1 is where most companies are if they have no formal management processes, and they proceed through levels 2 to 5 in order. Each level adds sophistication and relies for success upon those below being properly established and stable. Organizational change takes a while., so each level will take several months, even a year or two. Thus, a CMM gives a strategy for evolving from immature to mature through well -defined levels.

ISO process management standards tend to be simpler, and cheaper to appraise, hence their appeal. ISO 9004 makes some mention of maturity modelling. There's nothing based on maturity modelling that's auditable in the ISO management systems family that I am aware of.

In software development, an ISO 9001 Certification is equivalent to somewhere between levels 2 and 3 on the CMMI scale.

I'm based in the UK and not aware of Indian CMM consultants, best or otherwise, sorry.

BSI have several clients that combine ISO 9001, 14001, 27001 amongst others. Sorry, haven't counted them. But it makes sense. For example, when implementing ISO 27001 it helps to understand information flows when considering threats and vulnerabilities, and an ISO 9001 management system should help in this regard.

Hope this helps,
Pat

 

[pldey42]

Some keep them separate. They believe it helps them to manage the distinct issues associated with quality, information security and environment more easily. Others combine them in order to increase error-proofing.

For example, there would be no value in having three separate document control systems. The common one is likely to say things like

• control documents (ISO 9001)
• operate information classification, access and segregation controls (ISO 27001)
• don't print docs unless absolutely necessary and use recycled paper (ISO 14001)

It makes sense to combine implementations of common requirements, although beware: they aren't always identical. For example, ISO 27001's preventive action requirements aren't exactly the same as those for ISO 9001. Whilst one might use a PA process that meets the requirements of both ISO 9001 and ISO 27001 it still might have variants depending upon whether it's used for quality or information security. For example, an information security PA would have more confidentiality associated with it than a quality one: while good quality practice generally follows Deming's dictum to “involve everyone”, information security notes that “everyone” might include disgruntled employees -- one of the biggest sources of security leaks -- and therefore only involves an essential few people, hopefully none of them planning a subversive attack.

Common policies? Well, the quality policy might be “deliver products and services to customers so as to meet their requirements.” The infosec policy might be “to preserve our company's intellectual property and that of our clients, and satisfy UK Data Protection law.” The environmental policy might be “Control effluents to avoid breaches of UK Environment laws and regulations.” Each policy addresses the issues of the associated standard. The decision about whether to combine these distinct issues into one policy document or several depends upon corporate culture.

Combining management systems into one corporate system makes sense in terms of error-proofing, by having one set of instructions for “how to do things” rather than several. For example, the process for managing a database might incorporate operational issues of how information is processed, with information security issues such as access control and segregation of duties, and environmental controls over printing. If the documentation for this process were distributed amongst three different manual sets (one each for ISO 9001, ISO 27001, ISO 14001) the probability of someone missing something would be higher.

When organizations combine systems, they still get three certificates. BSI operates a scheme for combining ISO 9001, ISO 14001 and ISO 18001, this being the most common combination of management systems. I'm not an expert on the latter two standards (I do ISO 27001 and BS 25999 as well as ISO 9001) but I'm told that the combining can bring some efficiencies, and can lead to processes for resolving risk management issues when quality, environment and H&S pull in different directions. Clients can get individual quotations for arbitrary combinations of standards, e.g. ISO 9001 and ISO 27001.

An ISO 9001-Certified company ought to be able to attain CMMI level 2 perhaps after some detailed work on areas like project management, requirements management and configuration management; and CMMI level 3 after some additional work. Both ISO 9001 and the lower CMMI levels focus on stabilizing an organization's processes. It could retain its ISO certification as it attains level 4, then level 5, which focus on continual improvement, and this indeed is one of the routes that ISO 9004 suggests. (In America, organizations sometimes follow a similar strategy but using Baldrige or Florida Sterling instead of CMMI (or in Europe, EFQM) to continually improve upon an ISO 9001 baseline.)

All these things are possible. The question is, are they worth the increased effort, time and money? For some the answer is yes, because ISO certification satisfies a contract mandate, and a richer model like CMMI drives the details of managing stability, and the higher reaches of continual improvement.

Hope this helps,
Pat

 

[PE-2011]

Dear Friend, Thanks a lot. Very helpful explanation given by you.

I am wondering any other members answering to my queries.

Regards
Maheswari