Improving Process Capability Across Your Enterprise Linda Ibrahim Federal Aviation Administration Washington, DC, USA linda.ibrahim@faa.gov Abstract There are many process standards and models that can help a business achieve its objectives, and there are many objectives that a business may seek to achieve. An enterprise typically seeks improvements across many functions and disciplines, and a host of process standards are available to help. But … does this broad range of standards really help, or does it potentially complicate and confuse enterprise improvement efforts? The international process community has recognized the need to bring together multiple standards and models into a single integrated standards-based model that addresses broad enterprise processes, and has launched the Enterprise SPICE initiative to meet this need. Enterprise SPICE will be used with the international standard ISO/IEC 15504 (SPICE) and will provide an efficient and effective mechanism for assessing and improving processes deployed across an enterprise. This paper provides an overview and status of the Enterprise SPICE (ISO/IEC 15504) initiative. Introduction Suppose you want/need to improve performance across your enterprise. There are many improvement models, standards, and approaches. Each might help with part of the business, but using several separately can be expensive, confusing, and ineffective. How can an enterprise reap the benefits of the knowledge in a bewildering variety of standards, models and approaches? How can this be done efficiently and effectively? We propose that various models and standards be integrated and harmonized into a single enterprise model …known as Enterprise SPICE. This paper describes this proposed solution as being implemented by the Enterprise SPICE project of the international SPICE (ISO/IEC 15504 [1]) community. First some context is provided regarding the status of process standards and enterprise process improvement, and the role of SPICE and Enterprise SPICE. Next the Enterprise SPICE project is described, followed by summary and conclusions. Context: Process Models and Standards Over the past 20 years, process models and standards have come into existence as major catalysts for process improvement. We have seen the launching of capability maturity models (CMMs) (starting with early work on the CMM for Software in the late 80s), ISO 9000 Quality Management Systems (1987), Information Technology Infrastructure Library (ITIL) (late 80s), Malcolm Baldrige National Quality Award (1987), ISO/IEC 15504 Process Assessment (SPICE) (early 90s), Internal Control – Integrated Framework (COSO) (1992), ISO/IEC 12207 – Software life cycle processes (1995), and Control Objectives for Information and related Technology (CobiT) (1996). The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) created a joint technical committee in 1988 to strive for standardization in the field of information technology, and this committee now has several subcommittees and working groups. The movement to codify process knowledge continued as models and standards have been developed through national and international standards bodies, industry, universities, research organizations, and diverse professional communities and societies. Efforts to describe processes in the form of a capability
Improving Process Capability Across Your Enterprise
Page 1 of 6
Fourth World Congress on Software Quality (4WCSQ) – Bethesda, MD – September 2008
�or maturity model have exploded to the point where there may be hundreds of such frameworks in existence. Whereas some models and standards that deal with a particular discipline may be mutually supportive, there are many process standards that are at the same or similar level of abstraction, with frequent content overlaps, but different structures and terminology. This often causes confusion for an enterprise seeking broad improvement guidance, and excessive expense from using multiple isolated standards. Such an abundance of disconnected models and standards might impede the adoption of any improvement efforts at all. There are several things we have been doing, and can do regarding this situation including: model integration, harmonization, and providing guidance for model builders. First model integration efforts resulted with the release of Federal Aviation Administration’s (FAA) initial integrated capability maturity model (iCMM) in 1997 (integrating the software acquisition, software, and systems engineering CMMs), and with the CMM Integration (CMMI) initial release in 2000 (integrating the software, systems engineering, and integrated product development CMMs). Both these model integration initiatives continued to evolve. The iCMM approach has been to extend beyond CMMs by integrating several ISO standards, Baldrige, and several safety and security standards into a single integrated model [2] [3] [4]. Meanwhile the CMMI initiative chose to provide different models for different disciplines resulting in CMMI for Development and CMMI for Acquisition, and another CMMI for Services under construction, these multiple CMMI models or constellations sharing common material and a common structure [5]. We also have instances of model builders collaborating. For example, iCMM and CMMI stakeholders collaborated in developing safety and security extensions intended for use with both models; safety experts and security experts collaborated to integrate and harmonize several safety standards and several security standards in this effort [6] [7]; and the ISO systems and software lifecycle standards builders are seeking to harmonize their efforts. But there is more to be done to address the needs of an enterprise that has a broad range of business objectives, performs many functions and disciplines, and is likely to need to address compliance with multiple standards and models [8] [9] [10]. In the global arena, the multiple standards problem has been recognized as needing international attention. Since SPICE sets the international requirements for process assessment models and for assessment methods, it is most appropriate that dispersed models and standards be brought together in a way that complies with SPICE. Thus the Enterprise SPICE initiative has been launched to develop an integrated standards-based model as part of the ISO/IEC 15504 product suite. Enterprise SPICE Project Background and Objectives The process community recognized the need for an integrated standards-based enterprise model and requested an international activity to develop such a model. The SPICE User Group endorsed the initiative to establish an Enterprise Integrated Standards-Based model (Enterprise SPICE) for use with international standard ISO/IEC 15504 (SPICE). − Enterprise SPICE was first proposed and discussed at SPICE2006 conference in Luxembourg [11] − Enterprise SPICE was formally launched at SPICE2007 conference in Seoul, Korea Enterprise SPICE intends to support enterprises that want/need to improve performance across the enterprise. Enterprise SPICE will address the multiple standards problem by − integrating and harmonizing existing standards as determined by project stakeholders to provide a single process model that addresses broad enterprise processes, and − providing an efficient effective mechanism for assessing and improving processes deployed across a typical, large or small, enterprise
Improving Process Capability Across Your Enterprise
Page 2 of 6
Fourth World Congress on Software Quality (4WCSQ) – Bethesda, MD – September 2008
�Enterprise SPICE is about serving the needs of the customer … the enterprise. Some of the benefits from using Enterprise SPICE for our enterprise customers include: − Single Unified Model: no need to use many separate standards/models − Pick and Choose: select areas relevant to the business − Authoritative and Robust: derived from widely recognized standards and sources, with mapping to sources − Comprehensive: covers a broad, expanding, range of disciplines − Synergized: each source contributes important perspectives − Reduced Costs: for training, improvement, assessment, simultaneous ratings/ certification vs. one model − Enhanced Effectiveness: via integrated guidance across the enterprise − Certification: certification services from accredited bodies Enterprise SPICE is not starting from scratch, but builds on Federal Aviation Administration's (FAA) integrated Capability Maturity Model (iCMM) plus extensions, and additionally considers/analyzes related standards integration efforts in establishing the initial baseline model. Note that with the launching of Enterprise SPICE, FAA is no longer enhancing the iCMM, but encourages further standards integration work as an international SPICE activity. Project Stages The project will be carried out in stages, as follows: − − − Stage 1: Initial release: focuses on developing the initial Enterprise SPICE release. It will be carried out in phases as interim work products are developed, reviewed and refined leading to the publication of the initial Enterprise SPICE model. Stage 2: Deployment: focuses on developing the mechanisms and infrastructure for Enterprise SPICE deployment, including communications, training, tool support, publications, guidance documents, formation of Enterprise SPICE interest groups, etc Stage 3: Subsequent releases: to address further releases and/or other needs that arise regarding the project.
Project Organization, Roles and Responsibilities The first stage of the project (Initial Release) is structured as follows. To date, 95 experts from 28 countries have volunteered for various teams and roles1. Sponsorship – provides support and advocacy − Executive Sponsor - SPICE User Group − SPICE User Group Sponsor – Alec Dorling International Project Leader – responsible for overall project direction and leadership – Linda Ibrahim Advisory Board2 − responsible for governance of Enterprise SPICE project − advocates and supports Enterprise SPICE initiative − provides advice, direction, and decision-making regarding work in the Enterprise SPICE project
1
Participants by country: Australia (2), Austria (1), Brazil (7), Canada (4), Chile (1), Colombia (2), Finland (2), France (2), Germany (13), Hong Kong (1), Hungary (2), India (5), Italy (3), Lithuania (1), Luxembourg (1), Netherlands (1), New Zealand (1), Portugal (3), Romania (1), Russia (1), Singapore (1), South Africa (1), Spain (3), Sweden (2),Switzerland (1)Turkey (1), United Kingdom (4), United States (28)
Advisory Board members: François Coallier (Canada), Alec Dorling (Sweden), Victoria Hailey (Canada), Kirk Holmes (United States), Linda Ibrahim Co-Chair (United States), Fred Kaminski (Germany), Sallie Kennedy (United States), Winifred Menezes CoChair (Canada), Antanas Mitasiunas (Lithuania), Terry Rout (Australia), Renato Vasques (Brazil), Ernest Wallmuller (Switzerland), Curt Wells (United States)
2
Improving Process Capability Across Your Enterprise
Page 3 of 6
Fourth World Congress on Software Quality (4WCSQ) – Bethesda, MD – September 2008
�Project Team The project team comprises several sub-teams as identified below. − Project Management Team – plans and manages the project − Work Environment Team – establishes and maintains the collaborative work environment and ensures project access to required resources − Technical Author Team (core) – develops, reviews, and revises the process reference model and process assessment model work products − Author Team (buddies) – provides subject matter expertise to assist Technical Author Team in particular areas − Architecture Team (subset of Technical Author Team) – develops author guidelines and model architecture; addresses organizational and capability level profile issues − Assessment Team – conducts trial assessments using project work products and reports any problems or issues; various assessment methods might be used − Reviewer Team – reviews and comments on project work products First Technical Decisions Enterprise SPICE will provide a single standards-based model addressing major activities performed across a typical enterprise. It will not be sector-specific, and it can be used selectively according to the business objectives of the enterprise. To determine initial scope of Enterprise SPICE, stakeholders were surveyed regarding choices of disciplines and the source models and standards to be integrated. Criteria for discipline selection included priority, relevance, need, maturity of standards, and compliance requirements. Proposed sources needed to be major, essential widely-recognized process standards, models, and documents. The Advisory Board analyzed survey results and decided as follows. Discipline Selection: Initial baseline disciplines from the iCMM are included, which are: Enterprise management (i.e. governance, leadership, strategic processes, enterprise performance excellence, public responsibility); Full lifecycle engineering (for products and services); Acquisition; Quality Management Systems; Safety and Security; General management (i.e., management of project, operations, suppliers, risk, teams); and Core supporting disciplines (i.e., configuration management, quality assurance, information management, measurement, training, work environment, decision making, process management, innovation). The following additional disciplines will be in the initial release: Service Management; Human Resource Management; Knowledge Management; Financial/Investment Management; and Environment. Other disciplines are on hold pending further availability of qualified source material. These include: supply chain management; marketing, sales, business development; collaboration; asset/facilities management; and health. They will be covered initially only to extent source material already addresses parts of these disciplines. Source Materials: The source materials addressed in iCMM are sources for the initial release. (NOTE: latest version of source to be used.) These include: ISO Standards, for quality, engineering, acquisition, management, core, enterprise management (ISO 9001:2000; ISO/IEC 12207 (ISO/IEC 15504-5); ISO/IEC 15288 (ISO/IEC 15504-6); ISO/IEC 15504); Performance excellence criteria, for enterprise management, acquisition, core (Malcolm Baldrige National Quality Award); Capability Models, for engineering, acquisition, management, core (EIA 731; CMMI; SA-CMM; SW-CMM; SE-CMM); Safety Sources (MIL-STD-882C; MIL-STD-882D; IEC 61508; DEF STAN 00-56); and Security Sources (ISO 17799; ISO 15408; ISO/IEC 21827 (SSE-CMM); NIST 800-30). The following additional sources will be used in developing the first release: Service Management (ITIL v3; ISO/IEC 20000; Parts of CobiT); Human Resource Management (People-CMM plus others listed above such as Baldrige, 15504-5,15504-6); Knowledge Management (eSCM-SP v2, selected parts; and others listed above); Financial/Investment Management (Parts of CobiT; ITIM; Parts of ITIL v3; Parts of ISO/IEC 20000 and others listed above); Environment (ISO 14000, plus other references). Improving Process Capability Across Your Enterprise Page 4 of 6
Fourth World Congress on Software Quality (4WCSQ) – Bethesda, MD – September 2008
�Next Steps The Architecture team has developed author guidelines and a preliminary architecture. Next activities are to develop the Enterprise SPICE Process Reference Model (i.e. purpose and outcomes for each process), and then the Process Assessment Model (including base practices and work products for each process). The Process Assessment Model will be used in trial assessments, follow by publication targeted for ~ April 2009. Note that major deliverables undergo peer review/revise, stakeholder review/ revise, and Advisory Board approval. Risks and Challenges Enterprise SPICE offers many benefits to stakeholders, and the time is clearly ripe for this initiative, but there are challenges. Schedule risk: This project is voluntary, and people may not be able to carry out work in proposed timeframes. Mitigation: We have a large number of team members who should be able to work together and/or back each other up to meet targets. The schedule is fairly lax to accommodate volunteer efforts, and effort estimates (based on several previous integration projects) should be manageable in the proposed timeframes. Customer risk: Is enterprise leadership ready to drive improvement across the enterprise? Is organizational culture ready for enterprise processes? Mitigation: Many organizations pursue enterprise-wide improvement, but we may seek to offer special workshops or training to help meet leadership and cultural challenges. Standards collaboration risk: Will stakeholders in specific standards/models recognize the value of integration? Mitigation: Project participants are engaged and have stakes in activities using different standards and models and we need to continue to advocate the value of this integrated approach. Our customers, the enterprises, may insist on it. Assessor collaboration risk: Will auditors/assessors/ appraisers collaborate by granting certifications and ratings via a single event vs. a single model? Mitigation: Several members of the team hold multiple auditor/assessor/appraiser credentials and hopefully can engage the various communities to address this challenge. It has been done before [12] [13]. Our customers, the enterprises, may insist on it. Summary and Conclusions There are many process standards available for an enterprise to use to guide improvement activities. Bringing them together should lead to more effective efficient improvement efforts across an enterprise. SPICE sets the requirements for assessment models. Combining these three is our aim: Standards and Models + The Enterprise + SPICE requirements = Enterprise SPICE. Our vision: – Enterprise SPICE is the way to bring about collaboration, integration and harmonization – across models, assessors, practitioners, enterprise processes – Enterprise SPICE is the way to bring value to our customers – to alleviate the multiple standards problem enterprises face – Enterprise SPICE will provide: – an internationally endorsed, integrated standards-based model – an efficient effective way to assess and improve processes across an enterprise – an evolving model to capture best practice guidance in an expanding range of disciplines to meet enterprise needs Join us! To participate, visit www.enterprisespice.com . Improving Process Capability Across Your Enterprise Page 5 of 6
Fourth World Congress on Software Quality (4WCSQ) – Bethesda, MD – September 2008
�References [1] ISO/IEC 15504-2:2003, Information Technology – Process Assessment – Part 2: Performing an assessment, International Organization for Standardization/ International Electrotechnical Commission. [2] Ibrahim, L., B. Bradford, D. Cole, L. LaBruyere, H. Leinneweber, D. Piszczek, N. Reed, M. Rymond, D. Smith, M. Virga, and C. Wells, The Federal Aviation Administration Integrated Capability Maturity Model (FAA-iCMM), Version 2.0, Federal Aviation Administration, September 2001. [3] Ibrahim, L. “Integrating beyond Capability Maturity Models”, Proceedings of the Twelfth Annual International Symposium of the International Council on Systems Engineering (INCOSE), Las Vegas, Nevada, July 2002. [4] Ibrahim, L. and A. Pyster, “A Single Model for Process Improvement”, IEEE IT Professional, May-June 2004, pp. 43-49. [5] CMMI Product Team, Capability Maturity Model Integration (CMMI) - Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA. [6] Ibrahim, L., J. Jarzombek, M. Ashford, R. Bate, P. Croll, M. Horn, L. LaBruyere, and C. Wells, Safety and Security Extensions for Integrated Capability Maturity Models, Federal Aviation Administration, September 2004. [7] Ibrahim, L., C. Wells, and R. Bate, “Extending Systems Engineering Frameworks for Special Application Areas: Case Study Safety and Security”, Proceedings of the Fifteenth Annual International Symposium of the International Council on Systems Engineering (INCOSE), Rochester, New York, July 2005. [8] Ibrahim, L., “A Process Improvement Commentary”, CrossTalk, August 2008, pp.26-29. [9] Ibrahim, L. and J. Weszka, “There is More to Process Improvement Than Just CMM”, CrossTalk, June 2004, pp. 11-15. [10] Ibrahim, L., “SPICE’ing Up Your Enterprise”, SPICE2008, Nuremberg, Germany, May 2008. [11] Ibrahim, L., “A Proposed Exemplar Enterprise Process Reference Model for ISO/IEC 15504”, SPICE2006, Luxembourg, May 2006. [12] Ibrahim, L. “An Integrated Approach to Quality Improvement”, Third World Congress on Software Quality, Munich, Germany, September 2005. [13] Ibrahim, L. and C. Wells, “Single Appraisal, Multiple Standards”, INCOSE INSIGHT, April 2007, pp.34-37.
Improving Process Capability Across Your Enterprise
Page 6 of 6
Fourth World Congress on Software Quality (4WCSQ) – Bethesda, MD – September 2008
�