SHOWCASING & INSTITUTIONALISING EXCELLENCE THROUGH ISO & CMMI

A high level of product or service quality is a necessity for any successful organization.
It is important to benchmark, the quality of product/service produced and also the processes to followed to achieve the same, to global best practices. Following ISO standards or CMMI methodologies and getting accredited with the corresponding certifications, enables organizations to not only reach high level of productivity by bench-marking themselves to global best practices, but also improves their performance potential in the market place, by providing their customers with a comfort level of being a quality player.
While ISO standards are evolved in consultation with the users as the minimum standards to be met by products/services across the globe, CMMI levels are the reflection of the capability and maturity levels of the organization in following processes, bench-marked to global best as developed by Soft ware Engineering Institute- Carnegie Mellon, USA along with US government and industry officials.


It is important for organizations to adhere to these standards and methodologies in spirit and not just for the sake of doing it. Normal organizations revert back to old way of doing things upon achieving the certifications resulting in poor quality and cost overruns due to inefficiencies.


International Standards Organization (ISO)- Founded in the year 1947 and based in Geneva, Switzerland, ISO (International Organization for Standardization), a global network of country level standards organizations, is the world’s largest developer of voluntary International Standards, a set of state of the art specifications for products, services and good practices. These standards are meant to achieve better co-ordination among organizations globally thus breaking down barriers  for international trade. This is done to help the industry more efficient and effective. There are more than 19000 ISO standards covering all aspects of technology and manufacturing.
ISO 9000 series focuses on the quality management systems at organizations, where quality management consists of all activities aimed at a) Quality Measurement, b) Quality Assurance, c) Quality control & d) Quality improvement. A quality management system (QMS) can be expressed as the organizational structure, procedures, processes and resources needed to implement quality management. ( Source- Wikipedia) 


SEI (Software Engineering Institute, Carnegie-Mellon) promoted CMMI (Capability Maturity Model Integrated) provides a model process improvement methodology organizations with a defined structure and practice. CMMI is an improvised version of the process maturity measurement system, CMM launched in 1988 by the efforts of Watts Humphrey at Carnegie-Mellon's Institute, as an approach demonstrating that organization's processes mature in stages based upon problems they must solve. It provides the organizations with the essential elements of effective processes, which will improve their performance. CMMI based process improvement aims to eliminate weaknesses and convert them into strengths.
First published in 2000 and replacing CMM at the end of 2002,  CMMI, according to Software Engineering Institute (SEI), “helps integrate traditionally separate organizational functions, set process improvement goals and priorities, provide guidance for quality processes, and provide a point of reference for appraising current processes” 

 CMMI is generally intended for application to the area of software engineering, system engineering, product development, supplier sourcing and does not address the issues related to IT operation, for example, human resource mangement, security, configuration and change management, and incident response.
CMMI has two representations, namely Staged ( CMMI 1-5) and Continuous (0-4 across 22 process areas out of which company can choose those which are strategically important to reach its vision).
An organization being appraised for CMMI successfully will be used a maturity level rating and not a certificate.

ISO standards:
ISO International Standards are developed by experts in consultation with the people who need them so as to ensure that products and services are safe, reliable and of good quality. For business, they are strategic tools that reduce costs by minimizing waste and errors and increasing productivity. They help companies to access new markets, level the playing field for developing countries and facilitate free and fair global trade The following table gives the summary of some of the key ISO standards that are widely  used.

ISO 9001 specifies the quality standards that will enable the organizations, what to do, so that the customer and regulatory requirements are met. It enables the company to document and undertake its own process and methodology to achieve the goal, as along it is consistently done.

ISO standard	Description	Benefits	Strengths	Limitations
ISO 9001: 2008	Quality Management System for any service or manufacturing company, that allows the company to develop a well-documented set of processes and procedures that are followed consistently.	Demonstrates supplier’s capability of providing adequate product quality, and enhanced performanceImproves efficiency of operations and enhances profitability, Increases eligibility to quote against customer requirements and also gives competitive advantage in tenders. Improves image of companies following the certification.	International standard providing assurance to customers and hence focusing on their wellbeing & satisfaction. Flexibility to adapt to wide range of industries & functional areas.	Too general and hence a little confusing to companies in different industries.  Doesn’t focus on continuous improvement like ISO 9004-1 & 9004-4.
ISO 14001	Environmental Management System A framework for organizations to: a)Minimize harmful effects on the environment caused by their activities, b)Meet regulatory requirements,             c) Achieve continual improvement of their environmental performance & d)Improve business performance through more efficient use of resources.	Assists companies to identify the areas within their operations where they can improve their environmental performance.  This leads to a better image in front of the customers, society and other partners leading to higher acceptance. Improves energy efficiency, cost savings and better environmental compliance. Increased acceptance of products in the global markets.	International standards focusing on decreasing the  environmental impacts and improving its use of raw materials and recycling. Increased awareness among global community regarding the need for this will help in tremendous goodwill and also revenues in the form of carbon credits etc.	Being a new area, there is a shortage of resources working on this and hence is difficult to implement for most of the smaller companies, while at the same time there is an urgent need to comply to retain image in the market place.
OHSAS 18001	Health and Safety Assurance System  is the part of the overall management system which is involved in developing, implementing, achieving, reviewing and maintaining the OHS policy and so managing the risks associated with the business of the organization."	Helps avoid damages due to illness, injuries to employees at work place. Legal compliance is taken care. Ensures all employees are aware of the health and wellness related issues. A healthy workforce is an asset as it will improve productivity.	Improves the image of the company as a legally compliant entity. Can help the image of the company in the eyes of the employees for taking care of their health and safety.	For best benefits, needs to be implemented along with ISO9001. Hence requires more organizational resources and continuous commitment.
ISO 22000: 2005	Food Safety Management System focuses on the total food chain – farming, processing, manufacturing, wholesale, retail food service and also on the interested parties – customers, suppliers, public authorities, etc	Adopting  FSMS ISO22000:2005 helps reach global standards, demonstrate compliance to Regulations/Customer requirements besides providing safer food devoid of chemical contaminations.	Increases global acceptance of products and hence help boost export potential.	For best benefits, needs to be implemented along with ISO9001. Hence requires more organizational resources and continuous commitment
ISO 27001	Information Security Management System ISO/IEC 27001 aims to ensure that adequate controls addressing confidentiality, integrity and availability of information are in place to safeguard the information of interested parties. These include customers, employees, trading partners and the needs of society in general.	Helps companies adopt appropriate procedures to ward off threats such as computer-assisted fraud, sabotage and viruses, from internal or external, accidental or malicious sources.	Helps make a public statement of capability without revealing  security processes, and minimises business risk by ensuring controls are in place. Reduces the risk of security threats and  avoids system weaknesses being exploited. Improves confidence of business partners leading to competitive advantage.	For best benefits, needs to be implemented along with ISO9001. Hence requires more organizational resources and continuous commitment

·         Similarly, other important ISO Standards are,  Supply chain security (ISO 28000),Energy management (ISO 50001), Road traffic safety management (ISO 39001) and Risk Management (ISO31000). 

c    

       Process of acquiring the ISO certification:

       The following are undertaken by a company wanting to acquire ISO Certification:

        i) Identify the ISO standard to apply for and get organizational commitment for the same.

       ii) Identify an internal champion and/or an external consultant to go through the process till                            

           the certification is achieved.

       iii) Identify the gaps in the existing standards and the desired standards as per the ISO     requirements.

       iv) Identify the new processes required to achieve the desired standards, document the same and put them into action.

       v) Conduct an internal audit, once the desired level of performance is achieved.

       vi) Invite an external auditor representing a 3rd party certification organization like BVQi,

         TUV-Nord etc and go through a thorough review of the systems, processes in action w.r.t the documentation done.

      vii) In case the external auditor is satisfied with the compliance, get the ISO certification.

      If not, repeat the process.

      Generally the PDCA (Plan, do , check, act) or PDSA (Plan do study Act) are the steps undertaken to complete this process.

      Once this certification is done, there will be a periodic review of the company's systems in action w.r.t its documentation, to ensure that there is continuity of the quality assurance cycle being implemented by the company and the certification is renewed.

i  

       CMMI 

c    CMMI is used to evaluate the process maturity of an organization, typically in the technology        domain. CMMI currently addresses three areas of interest:

1. Product and service development — CMMI for Development (CMMI-DEV),
2. Service establishment, management, and delivery — CMMI for Services (CMMI-SVC), and
3. Product and service acquisition — CMMI for Acquisition (CMMI-ACQ)                                                    Applying the processes, methods, tools, and technologies of the Software Engineering Institute throughout the   Product and service development ,  Service establishment, management, and delivery , acquisition cycle of any product/service from vendors, helps the organizations to meet complex  challenges and achieve their goals.

CMMI applies to teams, work groups, projects, divisions, and entire organizations

CMMI models are collections of best practices that help organizations to dramatically improve effectiveness, efficiency, and quality. These products, or CMMI solutions, consist of practices.

Practices cover topics that include causal analysis; configuration management; quality assurance; verification and validation; risk management; requirements management; supplier management; project management; interface compatibility; make, buy, or reuse analysis; capacity management; availability management; disaster recovery, data collection, process performance; and more.

CMMI's latest version 1.3, lists 22 core process areas, present across 5 staged models. There are generic and specific goals for each area for which assessment is conducting for awarding the level.The five stages of CMMI in the staged model are given in the adjoining figure ( Source- Wikipedia).Achievement of levels by a company is a step by step process and a company cannot skip any levels in its journey from level 1 to level 5. The organizations going for the continuous CMMI model identify any of the 22 processes listed as per CMMI and go for the level they intend to as shown in the following figure.

The organizations going for the continuous CMMI model identify any of the 22 processes listed as per CMMI and go for the level they intend to as shown in the adjoining figure.

The Software Engineering Institute’s (SEI) Team Software Process methodology and the use of CMMI models can be used to raise the maturity level. A new product called Accelerated Improvement Method (AIM) combines the use of CMMI and the TS.

Technology Companies get themselves appraised for CMMI, as it enables them

a) Improve on their process excellence by identifying and plugging the gaps w.r.t the best practices as per CMMI , b) Achieve substantial improvement in productivity & profitability& c) To showcase their capabilities favorably to potential clients, employees, partners etc.

A number of times, only organizations which are assesses at  CMMI level 5 are  eligible to quote against large tenders.

While ISO 9001: 2008 and CMMI are different in their scope, methodology and approach, organizations tend to start with ISO 9001:2008 certification process, as it is an inexpensive and much quicker approach to improve their productivity levels at the same timehelps them to project themselves better externally. Subsequently, they try to gradually move into the higher CMMI levels.

Top companies choose to adopt the best practices of both by integrating them, to achieve highest levels of process excellence and productivity gains that takes them to much higher echelons of growth in revenues and profitability.