This book explains how organizations can use ISO 9001 and CMMI together to improve process quality. It provides advice for streamlining process improvement programs, conserving resources, and moving toward compliance certification. For organizations using older versions of the programs, the book details migration paths for upgrading.Book News, Inc.®, Portland, OR
Review By: Douglas Hoffman 07/08/2010Mutafelija and Stromberg present a detailed description and analysis of the ISO9001:2000 and CMMI 1.1 standards, both of which provide a framework for creating and systematically improving software development processes. This is a mid-level discussion – it goes into detail about the standards, their application, and organizational implications, but does not restate the details of the standards themselves.
The early chapters lay a foundation by describing the evolution of software process standards, paying particular attention to the earlier versions of both the ISO9001 and CMMI standards. The book includes fundamentals of process improvement and process framework so the vocabulary and concepts become more familiar before getting into the heart of the material. The authors have done a thorough job of researching the subject matter and providing clear, current, and relevant footnote references.
A third of the book is dedicated to describing the ISO9001:2000 and CMMI 1.1 standards, explaining the significant changes from earlier versions, and comparing and contrasting them with each other. (ISO9001 describes the high level requirements for a quality management system for any organization, while CMMI focuses on series of specific processes in software development organizations. ISO9001 is very general and non-prescriptive, while CMMI provides detailed process descriptions and road maps for process improvement.) The reader can come away with a solid appreciation of the strengths and weaknesses of both standards.
Mutafelija and Stromberg next address the process of instantiating a software development process based on either or both standards. Their approach is based on SEI’s SCAMPI assessment and the CMMI’s road maps. They go to some length to outline how to bring about the organizational changes required to have a software process that can be systematically improved.The book lives up to and sometimes exceeds my expectations based on the title. Even if you aren’t planning to get ISO9001 registration or CMMI rating appraisal, it provides an excellent history, reference, and cross-comparison of the standards. Anyone interested in software quality management systems can benefit from the wealth of information covered.
The book provides a lot of detail on two very complex and very different process standard families. It reads like a textbook, which, given the subjects it covers, is as it should be. It fulfills the promise of its title, although by a method that is almost indirect. [An organization that’s using either ISO9001:2000 or CMMI 1.1 is already doing systematic process improvement. Both standards cause an organization to repeatedly assess and improve its processes. What’s very hard is establishing a quality management system in the first place. The authors have addressed this truly hard part – how to assess where you are and bring the organizational processes into conformance with the standards. The authors leave the ongoing, systematic processes improvements to the usual business of the functioning quality management system once it is in place.]
By the nature of the subject matter, this book isn’t good for a casual read. It is packed with the typical cross-references to other standards; alphabet soup of acronyms; and section, paragraph, clause, and sub-clause references. The authors have done a reasonably good job of explaining and defining relevant terms, in spite of the overloading of terms by the standards themselves. [For example, PI is defined as “Partially Implemented” in SCAMPI, “Process Improvement” in ISO, and “Product Integration” in CMMI.] To understand the material presented in the book, the reader should know (or learn) a lot about the standards themselves. The descriptions in the three basic sections of the ISO9000:2000 standard run more than 100 pages, and the two basic models in the CMMI 1.1 standard run more than 1350 pages.