“Looking for a Test Engineer for a CMMI Level-5 company” – is recruiter’s common language. You must have read it numerous times while Job search. Ever wondered what is CMMI Level-5? Why does it matter? How do companies organize the processes? How will a company mature in process starting from its inception? There has to be a framework defined right? How is Level-5 organization different from Level-2? Some might already be aware, but only ‘aware’. This article attempts to deep dive into this Maturity Model called the Capability Maturity Model Integration (CMMI).
Note: It is NOT an engineering development standard or a development life cycle. Please take a moment to re-read and reflect on that before continuing.
The term “Maturity” relates to the degree of formality and optimization of processes, from ad hoc practices, to formally defined steps, to managed result metrics, to active optimization of the processes. The model’s aim is to improve existing software development processes, but it can also be applied to other processes. A maturity model can be viewed as a set of structured levels that describe how well the behaviors, practices and processes of an organization can reliably and sustainably produce required outcomes.
A maturity model can be used as a benchmark for comparison and as an aid to understanding – for example, for comparative assessment of different organizations where there is something in common that can be used as a basis for comparison. In the case of the CMM, for example, the basis for comparison would be the organizations’ software development processes. A maturity model is a structured collection of elements that describe characteristics of effective processes. A maturity model provides a place to start, the benefit of a community’s prior experiences, a framework for prioritizing actions and a way to define what improvement means for your organization. It describes the maturity of the company based upon the project the company is dealing with and the clients.
The Capability Maturity Model (CMM)
The Capability Maturity Model (CMM) is a methodology used to develop and refine an organization’s software development process. The model describes a five-level evolutionary path of increasingly organized and systematically more mature processes.
Capability Maturity Model is a bench-mark for measuring the maturity of an organization’s software process. It is a methodology used to develop and refine an organization’s software development process. CMM can be used to assess an organization against a scale of five process maturity levels based on certain Key Process Areas (KPA). It describes the maturity of the company based upon the project the company is dealing with and the clients. Each level ranks the organization according to its standardization of processes in the subject area being assessed.
Capability Maturity Model (CMM) broadly refers to a process improvement approach that is based on a process model – a structured collection of practices that describe the characteristics of effective processes; the practices included are those proven by experience to be effective. CMM can be used to assess an organization against a scale of five process maturity levels. Each level ranks the organization according to its standardization of processes in the subject area being assessed. The subject areas can be as diverse as software engineering, systems engineering, project management, risk management, system acquisition, information technology (IT) services and personnel management. The Software Engineering Institute (SEI) Capability Maturity Model (CMM) specifies an increasing series of levels of a software development organization. The higher the level, the better the software development process, hence reaching each level is an expensive and time-consuming process.
The CMM is similar to ISO 9001, standard specified by the International Organization for Standardization (ISO). ISO 9001 deals specifically with software development and maintenance. The main difference between the two systems lies in their respective purposes: ISO 9001 specifies a minimal acceptable quality level for software processes, while the CMM establishes a framework for continuous process improvement and is more explicit than the ISO standard in defining the means to be employed to that end.
Capability Maturity Model Integration (CMMI)
“The quality of a system or product is highly influenced by the process used to develop and maintain it”.
Although these models have proved useful to many organizations, the CMM model’s application in software development has sometimes been problematic. Applying multiple models that are not integrated within and across an organization could be costly in training, appraisals, and improvement activities. The Capability Maturity Model Integration (CMMI) project was formed to sort out the problem of using multiple models for software development processes, thus the CMMI model has superseded the CMM model, though the CMM model continues to be a general theoretical process capability model used in the public domain. The CMMI Product Team’s mission was to combine three source models:
- The Capability Maturity Model for Software (SW-CMM) v2.0 draft C
- The Systems Engineering Capability Model (SECM)
- The Integrated Product Development Capability Maturity Model (IPD-CMM) v0.98
CMMI is the designated successor of the three source models. The SEI has released a policy to sunset the Software CMM and previous versions of the CMMI. The same can be said for the SECM and the IPD-CMM; these models were superseded by CMMI. In some cases, CMM can be combined with other methodologies. It is commonly used in conjunction with the ISO 9001 standard, as well as with the computer programming methodologies of Extreme Programming (XP), and Six Sigma.
“CMMI helps integrate traditionally separate organizational functions, set process improvement goals and priorities, provide guidance for quality processes, and provide a point of reference for appraising current processes.”
- Guide process improvement efforts and help organizations establish and achieve improvement goals.
- Provide a common language for cross-organizational communication and benchmarking.
- Provide an integrating, organizing framework for organizational endeavors.
- Help an organization understand what specific practices to perform, how to improve its capability in performing those practices, and what process areas to focus on next.
- Organizations may also use the results of appraisals for source selection or verification of another organization’s maturity level.
- Embedding process improvements into a state of business as usual
- A phased approach to introducing improvements
The Capability Maturity Model Integration, or CMMI, is a process model that provides a clear definition of what an organization should do to promote behaviors that lead to improved performance. With five “Maturity Levels” or three “Capability Levels,” the CMMI defines the most important elements that are required to build great products, or deliver great services, and wraps them all up in a comprehensive model. These models help identify and improve the key capabilities that elevate organization’s performance, quality, and profitability. Proven effective in organizations and governments globally over the last 25 years, CMMI consists of collected best practices designed to promote the behaviors that lead to improved performance in any organization. CMMI can be used to guide process improvement across a project, a division, or an entire organization. The CMMI helps companies identify and achieve measurable business goals, build better products, keep customers happier, and ensure they are working as efficiently as possible.
It is described on the official CMMI website thusly:
The Capability Maturity Model Integration (CMMI) project is a collaborative effort to provide models for achieving product and process improvement. The primary focus of the project is to build tools to support improvement of processes used to develop and sustain systems and products. The output of the CMMI project is a suite of products, which provides an integrated approach across the enterprise for improving processes, while reducing the redundancy, complexity and cost resulting from the use of separate and multiple capability maturity models (CMMs).
The CMMI model does not describe the processes themselves; it describes the characteristics of good processes, thus providing guidelines for companies developing or honing their own sets of processes. Organizations can be “Rated” at a Capability or Maturity Level based on over 300 discreet “Specific” and “Generic” Practices. Intended to be broadly interpreted, the CMMI is not a “Standard” (ala ISO), so achieving a “Level” of CMMI is not a certification, but a “rating.”
Both CMM and CMMI were developed at the Software Engineering Institute (SEI) at Carnegie Mellon University in Pittsburgh, Pa. CMM was developed in the late 1980s, and retired a decade later when CMMI was developed. CMMI v1.02 was released in 2000.
The Structure of CMMI
The model involves five aspects:
- Maturity Levels: a 5-level process maturity continuum – where the uppermost (5th) level is a notional ideal state where processes would be systematically managed by a combination of process optimization and continuous process improvement.
- Key Process Areas: a Key Process Area identifies a cluster of related activities that, when performed together, achieve a set of goals considered important.
- Goals: the goals of a key process area summarize the states that must exist for that key process area to have been implemented in an effective and lasting way. The extent to which the goals have been accomplished is an indicator of how much capability the organization has established at that maturity level. The goals signify the scope, boundaries, and intent of each key process area.
- Common Features: common features include practices that implement and institutionalize a key process area. There are five types of common features: commitment to perform, ability to perform, activities performed, measurement and analysis, and verifying implementation.
- Key Practices: The key practices describe the elements of infrastructure and practice that contribute most effectively to the implementation and institutionalization of the area.
CMMI Maturity Levels
CMMI Maturity Levels provide a rigorous benchmark rating method that enables you to compare your organization’s capability to its competitors, its industry, and itself over time. CMMI provides five maturity levels that demonstrate a visible path for improvement. As an organization advances its capabilities, it can expect to achieve a higher maturity level by identifying areas of improvement, working to correct these areas, and integrating solutions across the organization. By communicating your maturity level to stakeholders, you highlight your organization’s capability and commitment to excellence.
CMMI’s Five Maturity Levels
There are five levels defined along the continuum of the model and, according to the SEI:
“Predictability, effectiveness, and control of an organization’s software processes are believed to improve as the organization moves up these five levels. While not rigorous, the empirical evidence to date supports this belief”.
Within each of these maturity levels are Key Process Areas which characterize that level, and for each such area there are five factors: goals, commitment, ability, measurement, and verification. These are not necessarily unique to CMM, representing — as they do — the stages that organizations must go through on the way to becoming mature. The model provides a theoretical continuum along which process maturity can be developed incrementally from one level to the next. Skipping levels is not allowed/feasible.
Level-1:Initial | Ad-hoc
Company has no standard process for software development. Processes at this level are (typically) undocumented and in a state of dynamic change, tending to be driven in an ad hoc, uncontrolled and reactive manner by users or events. This provides a chaotic or unstable environment for the processes. E.g. No project-tracking system that enables developers to predict costs or finish dates with any accuracy.
- Success in these organizations depends on the competence and heroics of the people in the organization and not on the use of proven processes.
- Organizations often produce products and services that work but company has no standard process for software development.
- Characterized by a tendency to over commit, abandon processes in the time of crisis, and not be able to repeat their past successes.
- Success is likely to depend on individual efforts, and is not considered to be repeatable, because processes would not be sufficiently defined and documented to allow them to be replicated.
Level-2: Repeatable | Managed
Organization has a basic and consistent project management processes to track cost, schedule, and functionality. The process is in place to repeat the earlier successes on projects with similar applications. Program management is a key characteristic of a level two organization. But there is no consistency or coordination among different groups. The process is at least documented sufficiently such that repeating the same steps may be attempted.
- Some processes are repeatable, possibly with consistent results. Process discipline is unlikely to be rigorous, but where it exists it may help to ensure that existing processes are maintained during times of stress.
- The projects ensure that requirements are managed and that processes are planned, performed, measured, and controlled.
- It helps to ensure that existing practices are retained during times of stress. When these practices are in place, projects are performed and managed according to their documented plans.
- Requirements, processes, work products, and services are managed. The status of the work products and the delivery of services are visible to management at defined points.
- Commitments are established among relevant stakeholders and are revised as needed. Work products are reviewed with stakeholders and are controlled.
- The work products and services satisfy their specified requirements, standards, and objectives.
Organization has pulled together a standard set of processes and controls for the entire organization so that developers can move between projects more easily and customers can begin to get consistency from different groups. The process is defined/confirmed as a standard business process. There are sets of defined and documented standard processes established and subject to some degree of improvement over time. This could be considered a developmental stage – with use in a wider range of conditions and user competence development the process can develop to next level of maturity.
- Organization has achieved all the specific and generic goals.
- Processes are well characterized and understood, and are described in standards, procedures, tools, and methods.
- Processes are typically described in more detail and more rigorously than at maturity level 2.
- Processes are managed more proactively using an understanding of the interrelationships of the process activities and detailed measures of the process, its work products, and its services.
The software process for both management and engineering activities are documented, standardized, and integrated into a standard software process for the entire organization and all projects across the organization. These standard processes are used to establish consistency across the organization.
A critical distinction between level 2 and level 3 is the scope of standards, process descriptions, and procedures. At level 2, the standards, process descriptions, and procedures may be quite different in each specific instance of the process (for example, on a particular project). At level 3, the standards, process descriptions, and procedures for a project are tailored from the organization’s set of standard processes to suit a particular project or organizational unit.
Level-4: Capable | Quantitatively Managed
In addition to implementing standard processes, the organization has installed systems to measure the quality of those processes across all projects. The process is quantitatively managed in accordance with agreed-upon metrics. Process users have experienced the process in multiple and varied conditions, and are able to demonstrate competence. The process maturity enables adaptions to particular projects without measurable losses of quality or deviations from specifications. Process Capability is established from this level.
- An organization has achieved all the specific goals of the process areas assigned to maturity levels 2, 3, and 4 and the generic goals assigned to maturity levels 2 and 3.
- Sub-processes are selected that significantly contribute to overall process performance. These selected sub-processes are controlled using statistical and other quantitative techniques.
- Quantitative objectives for quality and process performance are established and used as criteria in managing processes. Quantitative objectives are based on the needs of the customer, end users, organization, and process implementers. Quality and process performance are understood in statistical terms and are managed throughout the life of the processes.
- For these processes, detailed measures of process performance are collected and statistically analyzed. Special causes of process variation are identified and, where appropriate, the sources of special causes are corrected to prevent future occurrences.
- Quality and process performance measures are incorporated into the organizations measurement repository to support fact-based decision making in the future.
Management can effectively control the software development effort using precise measurements. In particular, management can identify ways to adjust and adapt the process to particular projects without measurable losses of quality or deviations from specifications. A critical distinction between maturity level 3 and maturity level 4 is the predictability of process performance. At maturity level 4, the performance of processes is controlled using statistical and other quantitative techniques, and is quantitatively predictable. At maturity level 3, processes are only qualitatively predictable.
Level-5: Efficient & Optimizing
Organizations at this level can now begin to see patterns in performance over time, so it can tweak its processes in order to improve productivity and reduce defects in software development across the entire organization. The focus is on continually improving process performance through both incremental and innovative technological changes/improvements. This would be done at the same time as maintaining the likelihood of achieving the established quantitative process-improvement objectives. There are only a few companies in the world that have attained this level 5.
- Processes are continually improved based on a quantitative understanding of the common causes of variation inherent in processes.
- Focuses on continually improving process performance through both incremental and innovative technological improvements.
- Quantitative process-improvement objectives for the organization are established, continually revised to reflect changing business objectives, and used as criteria in managing process improvement.
- The effects of deployed process improvements are measured and evaluated against the quantitative process-improvement objectives.
- Optimizing processes depends on the participation of an empowered workforce aligned with the business values and objectives of the organization.
- The organization’s ability to rapidly respond to changes and opportunities is enhanced by finding ways to accelerate and share learning. Improvement of the processes is inherently part of everybody’s role, resulting in a cycle of continual improvement.
A critical distinction between maturity level 4 and maturity level 5 is the type of process variation addressed. At maturity level 4, processes are concerned with addressing special causes of process variation and providing statistical predictability of the results. Though processes may produce predictable results, the results may be insufficient to achieve the established objectives. At maturity level 5, processes are concerned with addressing common causes of process variation and changing the process (that is, shifting the mean of the process performance) to improve process performance (while maintaining statistical probability) to achieve the established quantitative process-improvement objectives.
What is CMMI Assessment?
CMMI Assessment is an activity to evaluate compliance and measure the effectiveness of Specific Practices (SPs) of Process Areas (PAs) as specified in CMMI Process Model Framework. The CMMI Assessment Results are delivered in form of Maturity Level Rating when CMMI Framework is implemented as per Staged Representation. The Assessment is conducted by an SEI Certified Assessor. The SEI Certified Assessor is known as Lead Appraiser or High Maturity Lead Appraiser depending on the maturity level to be assessed i.e. Low Maturity (2 and 3) or High Maturity (i.e. 4 and 5). CMMI Assessments are also known as CMMI Appraisals.
CMMI exists in two representations:
- Continuous: Designed to allow the user to focus on the specific processes that are considered important for the organization’s immediate business objectives, or those to which the organization assigns a high degree of risks.
- Staged: Designed to provide a standard sequence of improvements, and can serve as a basis for comparing the maturity of different projects and organizations. The staged representation also provides for an easy migration from the SW-CMM to CMMI.
Why CMMI was required?
In the 1960s, the use of computers grew more widespread, more flexible and less costly. Organizations began to adopt computerized information systems, and the demand for software development grew significantly. Many processes for software development were in their infancy, with few standard or “best practice” approaches defined. As a result, the growth was accompanied by growing pains: project failure was common, the field of computer science was still in its early years, and the ambitions for project scale and complexity exceeded the market capability to deliver adequate products within a planned budget.
In the 1980s, several US military projects involving software subcontractors ran over-budget and were completed far later than planned, if at all. In an effort to determine why this was occurring, the United States Air Force funded a study at the SEI.
CMM was developed and is promoted by the Software Engineering Institute (SEI), a research and development center. The Capability Maturity Model was originally developed as a tool for objectively assessing the ability of government contractors’ processes to implement a contracted software project.
1973: The first application of a staged maturity model to IT was not by CMU/SEI, but rather by Richard L. Nolan, who, in 1973 published the stages of growth model for IT organizations. Watts Humphrey began developing his process maturity concepts during the later stages of his 27-year career at IBM.
1984: SEI was founded in 1984 to address software engineering issues and, in a broad sense, to advance software engineering methodologies. More specifically, SEI was established to optimize the process of developing, acquiring, and maintaining heavily software-reliant systems for the U.S. Department of Defense (DoD). Because the processes involved are equally applicable to the software industry as a whole, SEI advocates industry-wide adoption of the CMM.
1986: Active development of the model by the US Department of Defense Software Engineering Institute (SEI) began in 1986 when Humphrey joined the SEI after retiring from IBM. At the request of the U.S. Air Force he began formalizing his Process Maturity Framework to aid the U.S. Department of Defense in evaluating the capability of software contractors as part of awarding contracts. The result of the Air Force study was a model for the military to use as an objective evaluation of software subcontractors’ process capability maturity. Humphrey based this framework on the earlier Quality Management Maturity Grid developed by Philip B. Crosby in his book “Quality is Free”. Humphrey’s approach differed because of his unique insight that organizations mature their processes in stages based on solving process problems in a specific order. Humphrey based his approach on the staged evolution of a system of software development practices within an organization, rather than measuring the maturity of each separate development process independently. The CMM has thus been used by different organizations as a general and powerful tool for understanding and then improving general business process performance.
1989: Watts Humphrey’s Capability Maturity Model (CMM) was published in 1988 and as a book in 1989, in “Managing the Software Process”.
1991: Organizations were originally assessed using a process maturity questionnaire and a Software Capability Evaluation method devised by Humphrey and his colleagues at the Software Engineering Institute. The full representation of the Capability Maturity Model as a set of defined process areas and practices at each of the five maturity levels was initiated in 1991, with Version 1.1 being completed in January 1993. The CMM was published as a book in 1995 by its primary authors, Mark C. Paulk, Charles V. Weber, Bill Curtis, and Mary Beth Chrissis.
2002: The CMM is no longer supported by the SEI and has been superseded by the more comprehensive Capability Maturity Model Integration (CMMI). CMMI was developed by the CMMI project, which aimed to improve the usability of maturity models by integrating many different models into one framework. The project consisted of members of industry, government and the Carnegie Mellon Software Engineering Institute (SEI). The main sponsors included the Office of the Secretary of Defense (OSD) and the National Defense Industrial Association. In 2002, version 1.1 was released, version 1.2 followed in August 2006, and version 1.3 in November 2010. Some major changes in CMMI V1.3 are the support of agile software development, improvements to high maturity practices and alignment of the representation (staged and continuous).
2016: In March 2016, the CMMI Institute was acquired by ISACA.
Though the model comes from the field of software development, it is also used as a model to aid in business processes generally, and has also been used extensively worldwide in government offices, commerce, and industry.
Some Beneficial elements of CMMI
Creation of Software Specifications, stating what is going to be developed, combined with formal sign off, an executive sponsor and approval mechanism. This is NOT a living document, but additions are placed in a deferred or out of scope section for later incorporation into the next cycle of software development.
- A Technical Specification, stating how precisely the thing specified in the Software Specifications is to be developed will be used. This is a living document.
- Peer Review of Code (Code Review) with metrics that allow developers to walk through an implementation, and to suggest improvements or changes.
- Version Control – a very large number of organizations have no formal revision control mechanism or release mechanism in place.
The list is by no means exhaustive. This is just to give you an idea.
Organizations should be Capable and Mature
CMMI originated in software engineering but has been highly generalized over the years to embrace other areas of interest, such as the development of hardware products, the delivery of all kinds of services, and the acquisition of products and services. The word “software” does not appear in definitions of CMMI. This generalization of improvement concepts makes CMMI extremely abstract. It is not as specific to software engineering as its predecessor, the Software CMM. By January 2013, the entire CMMI product suite was transferred from the SEI to the CMMI Institute, a newly created organization at Carnegie Mellon University (CMU). CMU claims CMMI can be used to guide process improvement across a project, division, or an entire organization. Version 1.3 was published in 2010. CMMI is registered in the U.S. Patent and Trademark Office by CMU.
CMMI models provide guidance for developing or improving processes that meet the business goals of an organization. CMMI is meant to help organizations improve their performance of and capability to consistently and predictably deliver the products, services, and sourced goods their customers want, when they want it and at a price they’re willing to pay. A CMMI model may also be used as a framework for appraising the process maturity of the organization. Organizations use the processes to help them develop, acquire and maintain products and services, and to benchmark themselves against others. Better processes can mean lower costs and better quality results, as well as more realistic timing estimates for projects.