From ISO and CMM Certification to TQM

[article]
Member Submitted
Summary:

Quality standards are a way to ensure that the product being developed is a well-engineered product. ISO 9001, the standard in the 9000 series that pertains to software development, identifies the minimal requirements for a quality system while the Capability Maturity Model (CMM) and Total Quality Management (TQM) are two approaches to continuous software process improvement that have attracted considerable interest. Moving from ISO to CMM to TQM would require effort at the organisational level.

Quality standards are a way to ensure that the product being developed is a well-engineered product. ISO 9001, the standard in the 9000 series that pertains to software development identifies the minimal requirements for a quality system while the Capability Maturity Model (CMM) and Total Quality Management (TQM) are two approaches to continuous software process improvement that have attracted considerable interest. All three of them are linked to each other in one way or another since the primary concern of each of them is quality, and moving from ISO to CMM to TQM would only imply enhanced effort at the organisational level studying the three approaches.

There is a high awareness of the importance of software process improvement activities and assuring software quality. Considerable efforts are being made in improving the software processes. The software process is a set of tools, methods and practices we use to produce a software product. This must be done in conformance to quality standards [1].

Assurance encompasses control beyond just inspection and testing. Quality Assurance (QA) requires structured approach to prevention of quality problems through planned and systematic activities. QA demands a Quality Management system (QMS) [2].

A QMS in the software industry may be implemented using various quality standards, which exists and vary from one another in several aspects. ISO 9001, the standard in the 9000 series that pertains to software development and maintenance; identifies minimal requirements for quality system, while CMM and TQM are two approaches to continuous software improvement.

Discussion
ISO Certification
The ISO 9000 Standards specify quality. System requirements are for use when a contract between two parties requires the demonstration of a supplier’s capability to design and supply a product.

9001 pertains to the software development and therefore ensures that the quality is guaranteed. ISO 9000-3 is the guidance for implementing the 20 ISO 9001 clauses [3].

The primary intent of QMS is to focus on delivery of the required quality of product or service, the clause 4.2 requires a quality plan to be developed and followed to ensure that the customer requirements are met [4]. The requirements need to be kept in mind during the entire SDLC, which compromises of 5 major stages: Requirements gathering, Analysis and Design, Implementation, Testing and Maintenance. There are specific clauses for each of these stages too. Clause 4.3 of contract review ensures the finalizing of requirements /functional specifications. Clause 4.4 gives detailed account for design and implementation. Clauses 4.10-4.14 all deal with testing, prevention, inspection and related aspects of software. Clause 4.9 of process controls ensure that the product and installation be planned and maintenance taken care of. Clause 4.15 also deals with maintenance and 4.19 deals with servicing. Clause 4.8 of product identification and traceability requires an organization to be able to identify a product through all of the above stages.

To ensure the applicability of the entire ISO Clauses, Clauses 4.5 and 4.16 require the organization documentation to be thorough and maintained. Which is a fundamental premise of ISO 9001. There are 7 other clauses in ISO amongst that is the first clause 4.1 of management responsibility that requires an organization to define, document and maintain a quality policy. ISO standards also include internal audit (4.17) training (4.18), purchasing standards (4.6) and control of customer supplier product (4.7).

The above clauses of ISO 9001 show that ISO is a tool that promotes quality system consistency and uniformity. Finally ISO 9001 bridges the technical and the social systems in an approachable method that the biggest or smallest company can implement.

Capability Maturity Model
The Capability Maturity Model (CMM) is a model developed by the Software Engineering Institute, Carnegie Mellon University, to gauge the software engineering components of an organisation. It is a generally applicable reference that focuses on what rather than how [5]. There are five maturity levels ranging from 1 to 5 and initially all organisations exist at level 1. Each maturity level is composed of Key Process Areas. A key process area is a cluster of related activities that when performed together collectively achieve a set of goals important for establishing process capability at that maturity level.

At the first level—initial, the software process is characterized as ad hoc occasionally even chaotic. Few processes are defined, and success depends on individual effort.

At level 2—repeatable, basic project management processes are established to track cost, schedule and functionality. This level involves five KPA’s namely Software Configuration Management, Quality Assurance, Subcontract Management, Project Tracking and Oversight, Project Planning and Requirements Management.

At level 3—defined, The software process for both management and engineering activities is documented standardized and integrated into an organisation wide process involving the KPA’s related to Peer Reviews, Intergroup Coordination, Software Product Engineering, Integrated Software Management, Training Program, Organisation Process definition and organization process focus.

At level 4—Managed, detailed measures of the software process and product quality are measured. This level has fewer KPA’s but these two for a major part of the Software Process Improvement methodology. The KPA's at level 4 are Software Quality Management and quantitative process management

The last level—Optimising, enables quality process improvement by quantitative feedback from the process and from testing innovative ideas and technologies. The three KPA’s at this level are Process Change Management, Technology Change Management, and Defect Prevention.

The five levels of maturity may be acquired by any organization by going through several processes and procedures. To attain any level the previous levels are automatically achieved allowing for continuous process improvement.

From ISO to CMM
Clearly there is a strong correlation between ISO 9001 and the CMM, although some issues in ISO 9001 are not covered and vice versa. The level of detail differs significantly: section 4 in ISO 9001 is about five pages long; section 5, 6 and 7 in ISO 9000-3 comprise about 11 pages; and the CMM is more than 500 pages [6].

The biggest similarity between the two is their bottom line: “say what you do; do what you say”, while the biggest difference between the two documents is the explicit emphasis of the CMM on continuous process improvement.

Therefore the implementation of CMM would definitely require more efforts than those involved in ISO but if an organisation is already ISO certified then it does have advantage. If an organisation is following the spirit of ISO 9001, it is likely to be somewhere between level 2 and 3 of CMM. Every CMM key process area is at least weakly related to ISO 9001 in some way as is shown in table 1 below and thus help organisations in moving from ISO to CMM.

Table 1: A comparison of ISO 9001 and CMM [6]

 

TQM
Total Quality management is a concept that integrates various initiatives into a systematic quality improvement process [7]. It is a process that recognizes the need to determine the customer's requirements and to use that knowledge to drive the entire organisation to ensure those needs are fully met. Total quality is the goal and continuous improvement is the means to achieve the goal. W. Edwards Deming is considered the dean of quality gurus. Deming distilled his philosophy into fourteen points of management [8].

  1. Create constancy of purpose toward improvement of product and service,
  2. Adopt the new philosophy. Western management must awaken to the challenge, must learn their responsibilities, and take on leadership for change.
  3. Cease dependence on inspection to achieve quality.
  4. End the practice of awarding business on the basis of price tag.
  5. Improve constantly and forever the system of production and service, to improve quality and productivity, and thus constantly decrease costs.
  6. Institute training on the job.
  7. Institute leadership. Supervision of management is in need of overhaul as well as supervision of production workers.
  8. Drive out fear, so that everyone may work effectively for the
  9. Break down barriers between departments
  10. Eliminate slogans, exhortations, and targets for the work force asking for zero defects and new levels of productivity.
  11. Remove barriers that rob the hourly worker of his right to pride of workmanship.
  12. Institute a vigorous program of education and self-improvement.
  13. Put everybody in the company to work to accomplish the transformation. The transformation is everybody's job.

Deming uses the concept system. The complete system is the management style, employees, suppliers, customers, laws and taxes, the education and work experience of people in the country and shareholders. Deming’s concept of system fits the concept of open systems and may thus be applicable to a software organization [9].

From CMM to TQM
The Capability Maturity Model (CMM) and Total Quality Management (TQM) are two approaches to software process improvement that have attracted considerable interest. The CMM characterizes an organisation’s capability in producing software and forms a road map for software process improvement activities in an organisation. TQM is a customer focused approach to improvement of production.

Historically, the CMM is claimed by W. Humphrey and the Software Engineering Institute to be TQM applied to software development [10].

Both TQM and CMM have the basic conception of an organisation as an open and social system and both use the concept of internal and external customers. One difference between the two is that, the CMM is model based improvement whereas TQM is not.

If an organisation has attained certain maturity then it would definitely become easier for it to climb higher levels of maturity and then finally attain the goal of achieving quality by practising TQM. The TQM paradigm is very comprehensive and it builds on principles rather than models or coherent methods but if the organisation is already following a quality practise it becomes more manageable to achieve further goals.

Moving from a CMM maturity level implies that a comparison of both CMM and TQM be done. Table 2 below summarises the key organisational change characteristics for TQM and CMM. These have been based on the key elements extracted from the two approaches. These would show what needs to be done to move towards TQM from CMM.

Table 2: Summary of characteristics for TQM and CMM [10].

 

Conclusions

  1. Quality Assurance (QA) requires structured approach to prevention of quality problems through planned and systematic activities.
  2. ISO 9001, the standard in the 9000 series that pertains to software development and maintenance; identifies minimal requirements for quality system.
  3. The CMM is a framework for software process improvement to achieve a predictable, reliable and self-improving software development process that produces software of high quality.
  4. If an organisation is following the spirit of ISO 9001, it is likely to be somewhere between level 2 and 3 of CMM. Every CMM key process area is at least weakly related to ISO 9001.
  5. Total Quality management is a concept that integrates various initiatives into a systematic quality improvement process.
  6. Both TQM and CMM have the basic conception of an organisation as an open and social system and both use the concept of internal and external customers.
  7. If an organisation has attained certain maturity then it would definitely become easier for it to climb higher levels of maturity and then finally attain the goal of achieving quality by practising TQM.

References:

  1. Watts S. Humphery; Managing the Software Process, SEI Series in Software Engineering, PP 3-15
  2. Mr. Ali Toosy; Quality System Coordinator, CresSoft Lahore.
  3. Quality Management and Quality Assurance Standards, BS EN ISO 9000-3:1997, PP C1-C3
  4. Majida Sharif, Sarah Salahuddin; Capability Maturity Model—Implementation and Implications, FAST-NU, July 2000.
  5. Mark C. Paulk, How ISO 9001 compares with the CMM, January 1995, PP 74-82
  6. ISO & TQM: Why bother?
  7. The Qulaity Book, QPE-Greg Hutchins, PP 2-61 – 2-64
  8. Changing the Culture: Implementing TQM in an IT Organization

About the author

StickyMinds is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.