CMMI Case Study
Written By: Subrata Guha
DQS has conducted an integrated assessment combining ISO 9001, ISO 20000-1, ISO 27001, CMMI-DEV and CMMI-SVC. This case study explains the approach used and benefits derived from this method. All data used in this document are indicative. Actual data could not be shared to protect the confidentiality of the customer.
Integrating CMMI SVC and ISO 20000-1
The Capability Maturity Model® Integration for Services (CMMI-SVC) is a collection of best practices for service providers. It provides a five level maturity framework for process improvement. Service provider organizations follow this model as a road map for process improvement. This model is part of the CMMI product suite developed by the Software Engineering Institute (SEISM). SEI has also provided a standard method for process appraisal known as SCAMPISM– Standard CMMI Appraisal Method for Process Improvement.
ISO/IEC 20000-1 is an international standard for Information Technology Service Management. This standard provides specifications for a Service Management System. IT Service providers may adopt this standard for improving IT service management and obtain certification under the ISO certification scheme.
Given these two options, organizations may be wondering how they can benefit from the positive attributes of both. Director of IT Services at UL DQS, Subrata Guha, has developed a new white paper that outlines the similarities, differences and benefits of these two documents, as well as, how organizations may choose to implement an integrated approach.
Aligning ISO 9001 with the new ISO/IEC 20000-1
Let’s look at the structure of ISO 9001:2008. Management system requirements in ISO 9001 are defined in 5 sections:
Section 4 – Quality management system
Section 5 – Management responsibility
Section 6 – Resource management
Section 7 – Product realization
Section 8 – Measurement, analysis and improvement
Only section 7 provides requirements for service design and delivery. The remaining sections provide requirements for the management system framework. Now let’s look at the structure of ISO 20000-1:2011. Section 4 (Service management system general requirements) is essentially a concise version of sections 4, 5, 6 and 8 of ISO 9001:2008. So, an ISO 9001 certified organization should have a robust foundation established for their service management system.
Now, an organization could just consider revisiting the implementation of section 7 (ISO 9001) requirements with the help of ISO 20000-1. This is essentially an elaboration of “Product realization” using IT services specific processes. So, just replace section 7 of ISO 9001 with sections 5, 6, 7, 8 and 9 of ISO 20000-1 and your Quality Management System (QMS) will become a Service Management System (SMS). It makes good business sense to align these two standards.