International Journal of Software Engineering and Its Applications Vol. 3, No.

1, January, January, 2009 2009

Process Quality Levels of ISO/IEC 15504, CMMI and K-model

Sun Myung Hwang Dept. of Computer Engineering Daejeon University, Korea sunhwang@dju.ac.kr Abstract
In the current marketplace, there are maturity models, standards, and guidelines that can help an organization improve the way it does business. Software process assessment models, ISO/IEC 15504 and CMMI provide good strategy to assess organizations software development capability. However these models are too heavy to apply small and medium enterprise organization. A ISO/IEC 15504(Software Process Improvement and Capability determination) and CMMI(Capability Maturity Model Integration) can be considered as representative software process assessment models since assessors assign ratings to indicators and metrics to measure the capability of software processes. In this paper we show the K-model that can easily apply small and medium sized business to process improvement and certification in Korea. This study also compares the practices of Kmodel with practices of CMMI and ISO/IEC 15504. We expect the small and light model, K-model will make software process improvement of Korea enterprises.

1.

Introduction

1.1 Background The quality of a product depends on quality of a process is a known fact. Many industrial software organizations have put effort to improve their software process, which based on ISO/IEC 15504, CMMI. To improve the quality of software and their organizations software development capability and productivity, various approaches have been tried [3][11]. Process assessment enables to identify the process capability, and based on the resulted assessment you can expect an enhancement of the process by identifying your process strengths, weaknesses and risks and preventing them. In this paper we show the K-model that can easily apply small and medium sized business to process improvement and certification in Korea. This study also compares the practices of K-model with practices of CMMI and ISO/IEC 15504. We expect the small and light model, K-model will make software process improvement of Korea enterprises 1.2 Overview of ISO/IEC 15504 The model consists of some major components namely: the 3 process categories, 9 groups, 48 processes and the 6 capability levels. Processes from the basic by which the software organization produces products. Capability refers to the ability of the organization to produce these products predictably and consistently.

Table 1. The Capability Levels of ISO/IEC 15504

Capability Level Level 0 Incomplete Level 1 ISO/IEC 15504 Capability Level Description There is general failure to attain the purpose of the process. There are little or no easily identifiable work products or outputs of the process. The purpose of the process is generally achieved. The achievement may not be

33

International Journal of Software Engineering and Its Applications Vol. 3, No. 1, January, January, 2009 2009

Performed Level 2 Managed Level 3 Established Level 4 Predictable Level 5 Optimizing

rigorously planned and tracked. There are identifiable work products for the process, and these testify to the achievement of the purpose. The process delivers work products according to specified procedures and is planned and tracked. Work products conform to specified standards and requirements. The process is performed and managed using a defined process based upon good software engineering principles. Individual implementations of the process use approved, tailored versions of standard, documented processes to achieve the process outcomes. The defined process is performed consistently in practice within defined control limits, to achieve its defined process goals. Performance of the process is optimized to meet current and future business needs, and the process achieves repeatability in meeting its defined business goals.

The process attributes are defined in ISO/IEC 15504-2 and elaborated in ISO/IEC 15504-5 by process indicators, called generic practices in earlier drafts of the evolving standard. 1.3 Overview of CMMI CMMI describes the principles and practices underlying software process maturity and is intended to help software organizations improve the maturity of their software processes in terms of an evolutionary path from ad hoc, chaotic processes to mature, disciplined software processes. The CMMI is organized into five maturity levels, described in Table 2.

Table 2. CMMI Maturity Levels.

CMMI Maturity Level Description of Maturity Levels

CL 1:Initial

CL 2:Managed

CL 3:Defined

CL 4: Quantitatively Managed CL 5:Optimizing

The software process is characterized as ad hoc, and occasionally even chaotic. Few processes are defined, and success depends on individual effort and heroics. Basic project management processes are established to track cost, schedule, and functionality. The necessary process discipline is in place to repeat earlier successes on projects with similar applications. The software process for both management and engineering activities is documented, standardized, and integrated into a standard software process for the organization. All projects use an approved, tailored version of the organizations standard software process for developing and maintaining software. Detailed measures of the software process and product quality are collected. Both the software the software process and products are quantitatively understood and controlled. Continuous process improvement is enabled by quantitative feedback from the process and from piloting innovative ideas and technologies.

2. K-model
The guideline of software process quality certification consists of project and formation level, and it developed to satisfy the investigation of software process quality capability and improvement at the same time.

34

International Journal of Software Engineering and Its Applications Vol. 3, No. 1, January, January, 2009 2009

In case of the established foreign model, while on the other it can't reflect the environment traits of domestic software business, the guideline of software process certification can easily apply to the process improvement of domestic software business by compositing to be congenial to the korea environment, and structuring the traits of essential software development and organization management. This guideline of software process certification leads to minimize the trial and error on the process improvement propulsion system and to effectively propel reinforcement the process capability by stages by not only suggesting the systematic vision for the improvement activities of domestic software business and by but also offering the priority and direction for the real improvement activity propulsion. Table 3 describes comparison of the process hierarchy in ISO/IEC 15504 and CMMI.

Table 3. Mapping of ISO/IEC 15504 and CMMI

CL/ML 2 48 Processes containing BP and MP that contribute to the achievement of the process attribute in ISO/IEC 15504 SUP.1 Documentation SUP.2 Configuration management SUP.3 Quality Assurance SUP.4 Verification SUP.5 Validation SUP.6 Joint Review SUP.7 Audits SUP.8 Problem Resolution MAN.1 Management MAN.2 Project Management MAN.4 Risk Management ORG.2.1 Process Establishment ORG.3 Human Resource management ORG.4 Infrastructure ORG.6 Reuse 24 Process Areas in CMMI Project Planning Project Monitoring and Control Supplier Agreement Management Requirements Management Configuration Management Process and Product Quality Management Measurement and Analysis

MAN.3 Quality Management ORH.1 Organizational Alignment ORG.2.2 Process Assessment ORG.5 Measurement ORG.2.3 Process Improvement

Organizational Process Definition Organizational Process Focus Organizational Training Integrated Project Management Risk Management Integrated Teaming Requirements Development Technical Solution Product Integration Verification Validation Decision Analysis and Resolution Organizational Environment for Integration Organizational Process Performance Quantitative Project Management

Organizational Innovation and Deployment Causal Analysis and Resolution

35

International Journal of Software Engineering and Its Applications Vol. 3, No. 1, January, January, 2009 2009

3. Structure of K-model
The guideline of software process quality certification has been constituted by certification degree as a result on the base of the essential evaluation element of core activity necessary for systematic performance to software development project. Software business and software process capability level are to decide the certification result degree by investigating the activities suggested as the valuation factor of the process certification guideline to the performance activities in the course of the project development and management process. 3.1 Architecture of process assessment The valuation factor of the process certification guideline is to suggest the structure of group, assessment process, practice as the core activity suggested as a guideline for investigating the performance capability of software development project and management activity. Practice is the core guideline of valuation factor as the activity for performance in order to achieve the special purpose. All practices sustains the low level activities for performance in order to achieve the pertinent purpose, represents the special outcome that system performs satisfies activities of the low level guideline. Practice is represented by the purpose and activity, the result of performance is explained by example of outputs. The activities of practice is to become assessment process of a bundle of practice connected to achieve the greater purpose, and it consists of valuation factor as class structure that becomes group connected as related factors.

Figure 3. 3. The structure of software process quality

The group as the highest category classification guideline of valuation factor consists of five groups, divided by project and organization dimension extensively as a set of processes that perform to satisfy the level of special certification. The group of project dimension consists of PM, development(D),support(S)group. The organization dimension consists of OM and PI group. Assessment process is the low level consisted of groups, consists of seventeen assessment processes as a high bundle of related practice. Practice is to represent the individual outcomes that should be performed and satisfied to achieve the special purpose.

36

International Journal of Software Engineering and Its Applications Vol. 3, No. 1, January, January, 2009 2009

Figure 4. 4. The structure of software process quality certification guideline

3.2 Level The certification level is the outcome of investigating the activity capability level related software development project performance, and it consists of three stages of the primary, the superior, the highest level. Only the superior, the highest level are endowed as a certification level.

Figure 5. The structure of software process quality certification degree

3.2.1 Initial level(level 1) This is the necessary level of improving the process capability in the situation of the performance level of special project, or quality, cost, the appointed date of delivery because project performances can't operate stably, in the situation of the high probability that can't satisfy the expecting purpose regardless of success or failure of project. 3.2.2 Good level(level 2) The process is the capability level to successfully perform the project by developing and controling project, to be established in the necessary project level to perform individual project, 3.2.3 Very good level(level 3) This is the possible capability level to perform project of consistent quality level by solving the fundamental reason of happening matters in the course of improving process of formation level through the quantitative process management by defining process system of formation.

37

International Journal of Software Engineering and Its Applications Vol. 3, No. 1, January, January, 2009 2009

Figure 6. 6. The valuation factor of software process quality certification degree level
The certification level is differently applied to valuation factors by each certification degree as an indicator representing the degree of activity capability level related with software development project performance and its meaning is also different. The superior level contains necessary management, development, supporting process group in order to successfully achieve individual projects. The highest level contains the superior level group, necessary formation management to the quantitative project management through the guideline process of formation level. According to level as an indicator representing capability level of development and management of software, formation keeps different traits each other, the formation of superior level is to represent the keeping of activity performance capability of project level, the formation of the highest level to represent the keeping of activity performance capability in formation level.
certification level Characteristic

- to perform project according to circumstances - the level to make and use process for oneself to perform individual tasks initial - Not to share similar process for each use to make and use level - repeatedly happening the trial and error in person and system not sharing the outcome of trial aqnf error

38

International Journal of Software Engineering and Its Applications Vol. 3, No. 1, January, January, 2009 2009

- successful performance of individual project - level interested in project performance efficiency focusing on individual projects in project level good level - to perform project by projected process in project, to share and manage the outcomes only in team unit - not repeatedly happening the trial and error in project team but repeatedly happening it in system

- to perform project securely and consistently - level interested in consistently performing without environment change by using experience or cases during performing each very good - to develop task performance method as system guideline process in system level, to level regulate and apply the process in various ways according to various traits of each project, to share the outcome in whole system - prevention of repeatedly happening the trial and error in system

4. Levels and Processes of K-model

The superior level aims to the capability level of necessary project level in order to achieve success of software development project process, and consists of project management, development, assessment process of supporting group, and low practice of each assessment process.

Group

Assessment process

Practice Explaination to contain activity to draw up project plans, to establish project management plans,

project to perform project, offense and defense, budget, plan related programs, dangers, planning resources, data, knowledge and technology, etc. (eleven practices) to contain to take measures to confirm project progression an d advance situation, or project control when problems happen, according to established plan(five practices) to contain activity taking over products, to manage whether or not performing partnership project according to contracts that cooperation business establishs contracts and management performs project (five practices) requirement management to contain activity to manage requirement change and grasping client requirement during developing process(three practices)

39

International Journal of Software Engineering and Its Applications Vol. 3, No. 1, January, January, 2009 2009

to contain activity for defining and analyzing software requirements by materializing analysis function requirements that system should achieve based on client requirement(three practices) to contain preparing activity for realizing system, system structure based on design requirement analysis results, detail design, test plan establish(three practices) to contain activity related total test, unit systhesis, unit test performance to software implementation unit, realizing system based of design requirements (four practices) to contain activity for undertaking the system after fittingly confirming the test performance in the given environment of system to perform system(two practice) to contain activity for quality valuation and management during developing quality Assurance period(four practicees) configuration management to contain the plan establishment of change management activity to the outputted results, control activity, outcome management during processing project() As measure and analysis required for the management of outputted information measurement and analysis during processing project, to contain measure goal establishment, measure item choice, data collection and management procedure, outcome analysis(four practicees)

The highest level aims to process capability level of necessary system level to consistently perform the project of system, and it contains assessment processes of the superior level, consists of system management, assessment process of process improvement group, and low practice of each assessment process.

Assessment group process to contain activity for application to the whole system by modulating it according to organization settlement guideline and guideline, by defining the process of system, managing it as process process asset(six practices) management Organization management to contain activity to manage and build the base of system for performing project and infra structure process (three practices) management to contain activity to value and educate, and to identify the education and training education fitting for the goal of system(three practices) Practice Explanation

40

International Journal of Software Engineering and Its Applications Vol. 3, No. 1, January, January, 2009 2009

quantitative process management

to contain activity to achieve quality, process, result and goal of system by using quantitative management method(six practices)

to contain activity to achieve the outcomes by analyzing happened problems, problem solution Process Improvement suggesting alternative, choosing the problem solution method through the official valuation procedure, and performing(five practices)

process improvement management

to contain activity to manage the results, to perform and identify process improvement, to evaluate the process of recent system, to define requirement and goal of system for improvement(five practices)

5. Conclusion
The K-model, the guideline of software process certification can easily apply to the process improvement of domestic software business by compositing to be congenial to the korea environment, and structuring the traits of essential software development and organization management. And It is going to lead to minimize the trial and error on the process improvement propulsion system and to effectively propel reinforcement the process capability by stages by not only suggesting the systematic vision for the improvement activities of domestic software business and by but also offering the priority and direction for the real improvement activity propulsion.

Acknowledgements
This work was supported by a grant from security engineering research center of Korea ministry of knowledge economy.

References
[1] Pankaj Jalote, CMM in Practice, SEI Series in Software Engineering, 2000 [2] Dennis M.Ahern, Aaron Clouse, and Richard Turner, CMMI distilled, SEI Series in Software Engineering, 2001 [3] N. Fenton, S.Pfleeger, Software Metrics : A Rigorous and Practical Approach, PWS Pub., 1997 [4] M.Paulk et al, The capability Maturity Model: Guidelines for Improving the Software Process, AddisonWesley, 1994 [5] ISO/IEC TR 15846 Information technology Software life cycle processes Configuration Management, 1998

41

International Journal of Software Engineering and Its Applications Vol. 3, No. 1, January, January, 2009 2009

[6] ISO/IEC 12207 Information technology Software life cycle processes, 1995 [7] CC; ISO/IEC 15408 Information technology Security technology Evaluation criteria for IT security, 1999 [8] ISO 10007 Quality Management Guidelines for Configuration management, 1995 [9] CMU/SEI, CMM : Capability Maturity Model for Software, V 1.1, 1993 [10] ISO/IEC 9126-1,2,3,4 Information Technology Software Product Quality, 2000 [11] ISO/IEC 14598-1,2,3,4 Information Technology Software Product Evaluation, 1999 [12] Azuma, Software Quality Evaluation System: Quality Models Metrics and Processes International Standards and Japanese Practice, Information and Software Technology [13] ARC. 2000. Assessment Requirements for CMMI, Version 1.0 CMU/SEI-2000-TR-011. Software Engineering Institute, Carnegie Mellon University, Pittsburgh: PA. [14] El-Emam, K., Goldenson, D. 1995. SPICE: An empiricists perspective. In Proceedings of the Second IEEE International Software Engineering Standards Symposium, 84-97. [15] El-Emam, K., 1998, The internal consistency of the ISO/IEC 15504 software process capability scale, In Proceedings of the 5th International Symposium on Software Metrics, 72-81. [16] El-Emam, K., Jung, H.-W. 2001. An evaluation of the ISO/IEC 15504 assessment model. Journal of Systems and Software 59(1), 23-41 [17] Jung, H.-W. 2002 Evaluation the internal consistency of SPICE process capability indictors. Submitted for publication. [18] KSPICE. 2001. A Guideline for KSPICE Assessment Procedure. Korea SPICE.

42