Capability Maturity Model Integration (CMMI), developed by the Software Engineering

Institute at Carnegie Mellon University in Pittsburgh, Pennsylvania is an improvement on the

earlier CMM model that determined the maturity of software intensive systems. The latest
version, CMMI 1.2, released in August 2006 address Development (CMMI-DEV), Services
(CMMI-SVC) and Acquisition (CMMI-ACQ). CMI-DEV is a yardstick to judge the maturity
of an organization’s software development systems by comparing it to the best industry
practice.

In CMMI models with a staged representation, there are five maturity levels designated by
the numbers 1 through 5

1. Initial
2. Managed
3. Defined
4. Quantitatively Managed
5. Optimizing

Maturity Level Details:

Maturity levels consist of a predefined set of process areas. The maturity levels are measured
by the achievement of the specific and generic goals that apply to each predefined set of
process areas. The following sections describe the characteristics of each maturity level in
detail.
Maturity Level 1 - Initial
At maturity level 1, processes are usually ad hoc and chaotic. The organization usually does
not provide a stable environment. Success in these organizations depends on the competence
and heroics of the people in the organization and not on the use of proven processes.
Maturity level 1 organizations often produce products and services that work; however, they
frequently exceed the budget and schedule of their projects.
Maturity level 1 organizations are characterized by a tendency to over commit, abandon
processes in the time of crisis, and not be able to repeat their past successes.
Maturity Level 2 - Managed
At maturity level 2, an organization has achieved all the specific and generic goals of the
maturity level 2 process areas. In other words, the projects of the organization have ensured
that requirements are managed and that processes are planned, performed, measured, and
controlled.
The process discipline reflected by maturity level 2 helps to ensure that existing practices are
retained during times of stress. When these practices are in place, projects are performed and
managed according to their documented plans.
At maturity level 2, requirements, processes, work products, and services are managed. The
status of the work products and the delivery of services are visible to management at defined
points.
Commitments are established among relevant stakeholders and are revised as needed. Work
products are reviewed with stakeholders and are controlled.The work products and services
satisfy their specified requirements, standards, and objectives.
Maturity Level 3 - Defined
At maturity level 3, an organization has achieved all the specific and generic goals of the
process areas assigned to maturity levels 2 and 3.
At maturity level 3, processes are well characterized and understood, and are described in
standards, procedures, tools, and methods.
A critical distinction between maturity level 2 and maturity level 3 is the scope of standards,
process descriptions, and procedures. At maturity level 2, the standards, process descriptions,
and procedures may be quite different in each specific instance of the process (for example,
on a particular project). At maturity level 3, the standards, process descriptions, and
procedures for a project are tailored from the organization's set of standard processes to suit a
particular project or organizational unit. The organization's set of standard processes includes
the processes addressed at maturity level 2 and maturity level 3. As a result, the processes
that are performed across the organization are consistent except for the differences allowed
by the tailoring guidelines.
Another critical distinction is that at maturity level 3, processes are typically described in
more detail and more rigorously than at maturity level 2. At maturity level 3, processes are
managed more proactively using an understanding of the interrelationships of the process
activities and detailed measures of the process, its work products, and its services.
Maturity Level 4 - Quantitatively Managed
At maturity level 4, an organization has achieved all the specific goals of the process areas
assigned to maturity levels 2, 3, and 4 and the generic goals assigned to maturity levels 2 and
3.
At maturity level 4 Subprocesses are selected that significantly contribute to overall process
performance. These selected subprocesses are controlled using statistical and other
quantitative techniques.
Quantitative objectives for quality and process performance are established and used as
criteria in managing processes. Quantitative objectives are based on the needs of the
customer, end users, organization, and process implementers. Quality and process
performance are understood in statistical terms and are managed throughout the life of the
processes.
For these processes, detailed measures of process performance are collected and statistically
analyzed. Special causes of process variation are identified and, where appropriate, the
sources of special causes are corrected to prevent future occurrences.
Quality and process performance measures are incorporated into the organization.s
measurement repository to support fact-based decision making in the future.
A critical distinction between maturity level 3 and maturity level 4 is the predictability of
process performance. At maturity level 4, the performance of processes is controlled using
statistical and other quantitative techniques, and is quantitatively predictable. At maturity
level 3, processes are only qualitatively predictable.
Maturity Level 5 - Optimizing
At maturity level 5, an organization has achieved all the specific goals of the process areas
assigned to maturity levels 2, 3, 4, and 5 and the generic goals assigned to maturity levels 2
and 3.
Processes are continually improved based on a quantitative understanding of the common
causes of variation inherent in processes.
Maturity level 5 focuses on continually improving process performance through both
incremental and innovative technological improvements.
Quantitative process-improvement objectives for the organization are established, continually
revised to reflect changing business objectives, and used as criteria in managing process
improvement.
The effects of deployed process improvements are measured and evaluated against the
quantitative process-improvement objectives. Both the defined processes and the
organization's set of standard processes are targets of measurable improvement activities.
Optimizing processes that are agile and innovative depends on the participation of an
empowered workforce aligned with the business values and objectives of the organization.
The organization's ability to rapidly respond to changes and opportunities is enhanced by
finding ways to accelerate and share learning. Improvement of the processes is inherently part
of everybody's role, resulting in a cycle of continual improvement.
A critical distinction between maturity level 4 and maturity level 5 is the type of process
variation addressed. At maturity level 4, processes are concerned with addressing special
causes of process variation and providing statistical predictability of the results. Though
processes may produce predictable results, the results may be insufficient to achieve the
established objectives. At maturity level 5, processes are concerned with addressing common
causes of process variation and changing the process (that is, shifting the mean of the process
performance) to improve process performance (while maintaining statistical predictability) to
achieve the established quantitative process-improvement objectives.

ISO

ISO is a family of quality management standards developed and maintained by the

International Organization for Standardization (ISO). ISO 9001, for instance relates to
 standards in the supply chain and ISO 14000 relates to environment related standards. ISO
specifications change with time

CMMI vs ISO: Conceptual Difference

The fundamental difference between CMMI vs ISO is conceptual. CMMI is a process model
and ISO is an audit standard.

CMMI is a set of related "best practices" derived from industry leaders and relates to product
engineering and software development. Businesses receive CMMI ratings from Level 1 to
Level 5 depending upon the extent of compliance to key performance areas specified in the
selected CMMI process area.

ISO is a certification tool that certifies businesses whose processes conform to the laid down
standards.

ISO 9000 Overview

ISO 9000 is a family of standards, published by the International Organization for

Standardization, is a set of five individual, but related international standards on quality
management and quality assurance. They are generic and not specific to any particular
product or service. ISO provides a certification process to organizations whereby stating to
other organization that the certified organization has a Quality Management System in place
and that the organization adheres to this system in conducting business. Table 5 to a brief
review of the ISO 9000 family of standards.

Table 5 [9]
ISO Standard Title Description
ISO 9000 Quality Management and Quality Guidelines for the selection and use of
Assurance Standards--Guidlines for ISO 9001, 9002 and 9003.
Selection and Use
ISO 9001* Quality Systems--Model for quality Standard covers design, development,
assurance in design/development, production, installation, and
production, installation and servicing. servicing, this applies to the software
industry.
ISO 9002 Quality systems--Model for quality Assesses the production and installation
assurance in production and installation. processes.
ISO 9003 Quality systems--Model for quality Evaluation the final inspection and test
assurance in final inspection and test. phase.
ISO 9004 Quality management and quality system Defines the 20 fundamental quality
elements--Guidlines system concepts included in the three
models.