Thursday, December 9, 2010

The CMMI seems to be for Project Managers. Is there anything for developers or development teams?

Dear Appraiser,

Is there anything in the CMMI for developers and development teams?  It seems focused on project management.

Oh, I always thought only Project Managers cared about process improvement!  hmmm let me think about this for a second . . . . YES!  Turns out there is a lot for developers and teams.

One of the reasons the CMMI is known for "Project Management" is that Maturity Level Two, often the first step, is largely focused around Project Management.  It isn't until ML3 that we start seeing practices related to technology.

It's important to understand that CMMI is not a methodology (like RUP or XP) so you won't read any chapters in the book that give you specific steps for developing software.  This is OK though, because most teams or companies develop their own home-brew that fits in with their culture, often based on one of the popular methods like XP, Scrum, Crystal, RUP, and so forth.  I have one client whose method is called "xRUP" and it's a hybrid of . . . well, you get it.

But there ARE specific guidelines that you can use to help you detemine what your process should be, and more importantly, how to improve on it.  Think of your own process as a v1.0 Release, and then use the CMMI to sprint your way toward v2, v3, and so on - making it better as you go.

Check out the following Process Areas for developers and teams:

Technical Solutions (TS)

TS offers guidance for picking the right technology and tools, developing interface designs, designing software. developing programs, and appropriately documenting your work.  It's "methodology agnostic" so agile methods, traditional methods, or any other approach works equally well.

Product Integration (PI)

PI is helpful in guiding us how our process should handle compilation, integration, and deployment of our software into a production environment, or delivering it to a customer.  It covers interface testing and monitoring, customer documentation, deployment sequence, and a lot of other cool stuff.

Integrated Product and Process Development (IPPD)

IPPD is sandwiched in as Goals within IPM and OPD and covers the team aspect of your development work.  Setting project vision, making sure everyone's roles are defined (who is the ScrumMaster, who is the Product Owner?) and setting rules of engagement between teams.  It's good stuff!

Validation (VAL)

Guidance for how your process creates validation environments, processes tests, reacts to test defects, and communicates the results.  Pair programming fits in here, unit testing, environmental and performance testing also.

Verification (VER)

Guidance for making sure all of the requirements, features, and user stories have been produced in your code.  It also covers peers and code reviews.  Scrum Demo, Fagen Inspection, User Testing, Traceability all fit in here.

Requirement Development (RD)

This is a great PA.  The usual stuff for eliciting needs, and interating through customer meetings.  But also great guidance on how to reduce defects in the requirements by using some pretty robust validation techniques.  Prototyping, proof of concept, use cases, user stories, and the like all fit in here.

So, that's all there is related to software developers and teams.  Think of it as a model for how the greatest development teams behave and don't over-do it!

Good luck!

New CMMI Shows added!

Monday, December 6, 2010

Can you describe the changes to CMMI v1.3?

We know we need to upgrade to CMMI v1.3.  What are the changes we need to be aware of?

There have been many changes to v1.3, with many, many redlines in the document, so I will address this iteratively (or course!).  I'll keep a running post, but here is the first "installment" (some of this is from the SEI's post on their CMMI website).

Changes made to all Constellations of the CMMI

- In V1.3, generic goals 4 and 5 were eliminated and therefore capability levels 4 and 5 were also eliminated.

- The IPPD option and its associated goals were eliminated (and some of the practices sprinkled into IPM and OPD)

- Requirements Management has been moved to the "Project Management" category in the Continuous Representation

- GP2.8 clarifies measurement by changing Monitoring and controlling the process  involves measuring appropriate attributes of the process or work products produced by the process to "Monitoring and controlling the process can involve measuring appropriate attributes of the process or work products produced by the process."  This should alleviate a lot of people from the oppression of measurement whackos.

Changes made to the SVC constellation only

For all process areas and categories unique to the CMMI-SVC model, the word "project" was replaced with "work,” “work group,” or other related term. These changes include the following:

1. Project Monitoring and Control (PMC) was changed to Work Monitoring and Control (WMC)
2. Project Planning (PP) was changed to Work Planning (WP)
3. Integrated Project Management (IPM) was changed to Integrated Work Management (IWM)
4. Quantitative Project Management (QPM) was changed to Quantitative Work Management (QWM)
5. The category Project Management was changed to Project and Work Management.C.

Changes related to CMMI V1.3 High Maturity 

Organizational Innovation and Deployment (OID) was changed to be Organizational Performance Management (OPM). OPM includes the specific goals and practices of OID as well as a new goal and practices.

In OPM, a new specific goal 1 (SG1), Manage Business Performance, was added. The remaining specific goals from OID were shifted one place and renumbered (e.g. the previous SG1: Select Improvements becomes SG2).

Stay tuned for more!

Saturday, December 4, 2010

Selected to perform . . . I mean present . . . at SEPG 2011!

Hey Readers,

For the fifth year in a row I've been selected to perform at the SEI SEPG conference for SEPG 2011 in Portland, OR!  Whoo hoo!

My presentation, "The Agile SCAMPI: Taming the Savage Beast" will discuss ways of approaching SCAMPI appraisals with agility by adopting iterative and incremental practices and an agile mindset.

I hope to see you all there at the Greatest Show on Earth!

For more information email

Saturday, November 27, 2010

The new CMMI v1.3 class has finally been released!

New CMMI v1.3 Classes are scheduled!

The new v1.3 CMMI is class has been released by the SEI!

To all of those who have called and asked about when the CMMI v1.3 class will be ready, we have two on the schedule!

January 19-21, 2011 in Troy, MI

To register click here

February 16-18 in Austin, TX

To register click here

To see a list of all of our classes for 2011 click here

This 3-day SEI Authorized course provides attendees with a detailed overview of the Capability Maturity Model Integration (CMMI).  It provides systems engineers, software developers, project managers, and process professionals with an understanding of how to use the CMMI, a model that is the defacto standard and leading framework for software process improvement.
Your instructor is Jeff Dalton, an Certified SCAMPI Lead AppraiserCertified CMMI Instructor, Candidate SCAMPI Appraiser Observer, author, and consultant with years of real-world experience with the CMMI in all types of organizations.  Jeff has taught this class to well over 1000 students and has received an aggregate satisfaction score of 4.97 out of 5 from his students.
Completion of this course is recommended for anyone with an interest in improving software and engineering product development processes, and is required for those who wish to participate in a CMM SCAMPI Appraisal, those who wish to enroll in Intermediate Concepts of CMMI, and those who wish to undergo CMMI SCAMPI Lead Appraiser training or CMMI Instructor training.      

Why come to THIS class instead of that other guy's?
- Your instructor, Jeff Dalton, is also a Certified Lead Appraiser and will be revealing his Appraisal secrets gathered from conducting appraisals at dozens of clients!
- Jeff was voted #1 Speaker at several international conferences - including the SEI's SEPG conference
- Two Broadsword exclusive modules are included - one on Agile implementation - that no one else offers!
- You may win the FREE iPod!  Register today!

Register today and save 30% on this important new class!

Friday, November 26, 2010

How do we determine the applicability of Supplier Agreement Management (SAM)?

We were wondering how to determine if SAM was applicable to our organization?  Can you give us any advice?

Sure!  Back when I was a novice Lead Appraiser my SEI observer, the very knowledgeable and all-around nice guy Steve Masters, told me that "SAM is your friend."  That has always stayed with me as I've worked with many clients and tried to reach a deeper understanding of the meaning and value of the CMMI model. 

I think what he meant was that Supplier Agreement Management (SAM) could be used in many situations that might not technically be "required" for an appraisal, but can help you nevertheless.

So this brings us to the amazing realization that the CMMI is really for improvement, and not meant to achieve a "level."  

Oh, I know it's hard to believe my friends, but it's true!

As you probably know, SAM is the only Process Area that a Lead Appraiser and Sponsor can agree is "Not Applicable" to an Organizational Unit (the group being appraised).  The unfortunate outcome of the way this is described and implemented by the SEI is that virtually all organizations that seek a Maturity Level spend (too much) time trying to figure out how to frame the "N/A" argument so that it's credible.  I think this is a mistake as SAM can be extremely useful.

SAM is useful for many internal relationships - and perhaps this is where it is most valuable.  If IT's development organization needs services from it's operations/infrastructure group, SAM can be very useful.  If the sales organization needs services from the Call Center, SAM can be very useful..... and so one.

The same is true for external suppliers where a bona-fide contract must be put in place.

So, whether or not your conducting an appraisal, SAM might be of use.  But for those of you focused on an appraisal here are some of my rules for making the determination (keeping in mind that every situation requires discussion and context):

- do you procure any services or products from an external firm that builds a component or part of a component that gets integrated into your product?  Yes, SAM should be applicable.

- do you depend on any external service or product that is required for you to complete your work?  If so, SAM is probably applicable.

- do you use contract labor where the people are de-facto members of your team using your process?  If yes, then SAM is probably not applicable.

- does an internal call center take calls for the sales department?  If yes, SAM might be applicable.

You get the picture.  The bottom line is, if you have risk and you expect performance, SAM is your friend.

Tuesday, November 9, 2010

We're a Scrum shop and we need some suggestions for CMMI, specifically GP2.8 - Monitor and Control the Process

Dear Appraiser,

We're a Scrum shop and our consultant says CMMI requires us to have a measurement book for every project and every process area that proves we are performing GP2.8.  This is too much overhead and doesn't seem useful.  Can you help?

Danger Will Robinson!  Danger!  Fire your consultant immediately!  Any time you hear the phrase "The CMMI requires ....." you should be wary.  The CMMI requires only a few things, the vast majority of it are guidelines to be interpreted within your organizational context.

Don't forget to embrace self-organization and collaboration on this subject.

I agree with you that a process metrics "book" for each project makes no sense in your context.  It directly conflicts with the essence of Scrum (or any other agile approach) and probably would add little value, if any.

One of the things that is interesting about agile organizations is that when it comes to "process" they typically have a "waterfall" mentality.  This brute-force method to satisfying the CMMI doesn't help us get any better . . . kinda the point of the whole thing.

I would advise you to embrace agility, team collaboration, and self-organization to solve this problem, in other words, be agile!

It helps me to ask the question "why is this practice in the CMMI model?"  GP2.8 is there to help us understand if the process is working for us, and to use that data as a basis for improvement.  One method you might consider is to survey the team on each of the relevant processes at different points in the project and get THEIR feedback on how well they think things like managing the backlog, prioritizing, using story points, refactoring, etc worked and how they might improve those things.  Doing this during the retrospective, and focusing on a comprehensive list of processes (as opposed to just talking), would give you some good data about what is working, what isn't, and how to make it better.

Better yet, if your record the results of the team survey so that management and scrum masters can look at aggregate trends, then you would really have some good data for continuous improvement.

This type of self-organization provides more value than a metrics book can.

CMMI, agility, Scrum, process monitoring . . . Bam!  Not as hard as it sounds.

Monday, November 8, 2010

Have you ever seen a successful project run by someone who was not a PMI Certified PMP?

Dear Appraiser,

My boss says only PMI Certified PMPs are capable of running a project.  I say it depends on skills other than test taking.  Have you ever seen a successful project run by someone who was not a PMP?

The real questions is, have you ever seen a project run by a PMP that WAS successful? :)

I'm not a big fan of this (or just about any other) certification.  It's a complex question, but people who focus on certifications demonstrate that they are focused, that they study well, and that they take tests well.  None of these things contribute to successfully running a project!

This calls into question the TYPE of person who focuses on getting certified . . . and perhaps they are not the SAME type of person that knows how to run successful projects.  I'm no psychiatrist, but I'm sure there is a study somewhere about this (maybe it's the same study that examines QA practitioners....).

People who mostly care about certifications are like companies that are searching for a CMMI "Level."  They are focusing on the wrong things.  Companies that do this struggle with the same problems after they get their "level" as before the did.  They get no value from it.

Here's some of the reasons I'm not a fan of the PMP (or the CSM for that matter):

- anyone who is good at multiple choice test taking can get it
- they have their own language and processes they prescribe and are very inflexible
- so many of the attributes required to be a successful project manager are not even evaluated by PMI - leadership, communications skills, ethics, etc.

That said, there are many people who ALREADY were good leaders and became PMP certified, and it probably didn't hurt them.  But there are way too many with the certification that don't know how to lead a project. 

If I were a CIO I would train everyone in process, communications, facilitation, writing, and leadership - and skip the PMP.

Good luck!

Thursday, October 28, 2010

The New Verion of CMMI has been Released!

Dear Readers,

The new version of the CMMI, v1.3, has been released and is available for use!  Download it today at:

Version 1.3 has several changes that will impact you.  We will be posting a Delta document in the next few days as we perform the analysis.

Thursday, October 21, 2010

Why do we need CMMI Certification?

I just started at a 8(a); Small Disadvantaged Business who is also ISO 9001:2008 Certified.  We were just recertified in Sept ‘10.  One of the tasks at hand I have is to investigate CMMI Level 2 certification for our company.  

Our business bid on Federal contracts.  These contracts are usually multi-year events and sometimes we are the Prime contractor, and sometimes we are a subcontractor.  In most contracts wins, we keep existing talent and transfer them to our payroll.  We have about100 employees at this time.

My question is:  why would we need to spend the time and money to obtain such a certification?  I understand it’s not cheap.  Is it another feather in our Marketing cap, or will it really make a difference for us?  Help me understand. 

First of all, congratulations on your ISO recertification.  If you did it right, this is something to be proud of (of course, if you just wrote docs that everyone ignores, then you've wasted your time . . . ).

The reason Federal agencies (and many commercial businesses) ask you for CMMI is that the CMMI is a "behavioral model" that represents the best-practices of many successful organizations.  CMMI is much broader and deeper than ISO 9001, and concerns itself with how you act, not what documents you produce.  So it's not about "certification" (btw, it's not really a "certification"), it's about acting like a professional company.

I read a Twitter quote today that partially sums it up: "Configuration Management is a discipline, not a tool."  In similar fashion, estimating is about using a reliable method to produce and estimate, not filling out an estimating deliverable.  The CMMI seeks to help you define your behaviors, and then tests to see if your behaviors are "world-class" or not.  Like ISO, it's possible to "implement" CMMI and totally waste your time, but if used wisely it will produce a substantial (50% or more) increase in quality and productivity. 

Undoubtedly your sales staff sees CMMI as a marketing "feather" that will open the door to some RFPs they can't respond to today.  That's a reasonable position and it's all fine - assuming your response is to "do it right."  Yes, the CMMI journey can be quite expensive (I won't quote a price here, but you know how to reach me . . .. .wink wink), but the cost is TINY compared to the benefit (4:1), and a company in your space, of your size, should be embracing it.

The real question is: "how do I start?"  That's another post.

That's what I think anyway.  Thanks!

Wednesday, October 20, 2010

What PIIDs should we be using for CMMI-ACQ?

Dear Appraiser,

We are involved with helping a group prepare themselves for a CMMI for Acquisition Appraisal. I’m looking for a set of PIIDs that provide examples of acceptable artifacts/evidence for two of the process areas, which are Agreement Management & Acquisition Requirements Development. We are fairly familiar with the artifacts needed, but would like to see from an appraisers point of view, what are acceptable type artifacts/evidence  for each of the SPs in this these process areas. Where can I get PIIDs similar to CMMI for Dev, that provides detail examples of Direct & Indirect artifacts/evidence.

If I just had those dang documents we'd be Level 5!

And before I forget, the idea of "Direct and Indirect" is going away in v1.3, replaced by "Artifact."  Problem half solved!

Like the CMMI-DEV, there are no "accepted" PIIDs that are good for everyone and that all Lead Appraisers would agree with.  This is because every organization is unique, and has their way of doing business.  Some examples exist for DEV commercially because of its relative maturity in the market, but since ACQ is so recent, there isn't much available out there - even for a price.  Even if there were, I'd stay away from them if it were me.

You knew I couldn't end there :)

Isn't focusing on the PIIDs the opposite of what is good for your company?  I'm sure you're not just "trying to achieve a level (cough cough)" so if you are using work products that support behaviors that completely serve your needs, and you use the SPs and Sub Practices to perform a loose "gap analysis" on your behaviors and work products, then everything should "just work" (to borrow a phrase from Apple).  And your Lead Appraiser will be happy too.  BONUS!

The CMMI is a behavioral model, not a documentation requirement, and PIIDs are useful as a natural outcome of a certain behavior.  All the examples you should need are in the book - and if what you're using already is meeting your needs, it's probably just fine (and better than an outsiders suggestion).

How do we best implement GP2.1

Dear Appraiser,

In our company we have implemented GP2.1 ([ed. GP2.1 is about having a policy]) by creating an all-encompassing policy book.  It has 18 sections, one for each PA (Process Area) and a policy statement for each.  Then at the end all of our management signed the book.  We think this is an excellent piece of evidence for GP2.1 but our Lead Appraiser started laughing at us when he saw it.  This hurt my feelings because I created it.  What do you think?

What do I think?  WHAT DO I THINK?  Ha hahahahahahahahahahahaha!  Oh, just kidding!

GP2.1 is about setting expectations in your organization to perform a process.  Let's put aside for a second the notion that PA's are NOT processes, the best way to guage whether or not what you've done actually sets that expectation is to stop people in the hall and ask them how they know they're supposed to use a policy.  Most will tell you "because my supervisor said so."  Not too many will say "because I read the 18 page policy book, and since it was signed by 30 people I took it seriously!."

If you remember the 2004 US Presidential election we had a candidate named John Kerry who, while brilliant, was famous for long-winded, complex answers.  Yea, he answered the question better the George Bush did (GWB just nodded and said "Yep, darn tootin'" to every question), but he lost us and no one paid attention.  This is what your book will do.

Setting a policy is a multi-dimensional, multi-medium exercise and if you'd stop focusing on the APPRAISAL and start focusing on being GREAT, you'll realize this.

Sunday, October 17, 2010

Follow me on Twitter and Facebook

Hey Readers,

Did you know you could follow me on Facebook and Twitter?

On Facebook I'm at:

On Twitter follow: CMMIAppraiser

For Broadsword Blog go to:

Click on over to Broadsword to find out what's happening in the CMMI world:

See you on the Internets!

Wednesday, October 6, 2010

How should we interpret GP3.2?

My CMMI consultant interprets the GP 3.2 as that we must have evidences showing actual improvements that projects obtain from using the process assets (work products, measures, improvement requests...) collected by SEPG from other projects

Previously, I interpreted GP 3.2 as just collecting process assets, and that would satisfy this GP.

Please kindly advise which way can be best match the GP 3.2

The great the thing about consulting is that ANYONE can be one! What a great gig!

GP3.2 is one of my favorite practices because it codifies the gathering of new and improved ideas, data, and other information to actually make us better. What a concept!

It reads:

"Collect work products, measures, measurement results, and improvement information derived from planning and
performing the process to support the future use and improvement of the organization’s processes and process

It's great stuff!! But,  does it force you to demonstrate actual improvements because of this? Not so much.

What it means is that, at some future date, another project might benefit from the use of some of the data we submit. The SEI was smart enough to know that some information might be used, some might not be used, and it wasn't up to them to enforce that. In IPM we're guided to plan using the Organization's Process Assets - perhaps this is what he is referring to . . . .

A further reading of the sub-practices, which explain the intent of the authors, tells us that:


1. Store process and product measures in the organization’s measurement repository. The process and product measures are primarily those that are defined in the common set of measures for the organization’s set of standard processes.

2. Submit documentation for inclusion in the organization’s process
asset library.

3. Document lessons learned from the process for inclusion in the
organization’s process asset library.

4. Propose improvements to the organizational process assets.

These are all good things, but don't lead us to interpert the intent of the practice any differently than the actual practice statement (unlike some others in the model). And still, not a single mention of what you "consultant" describes.

So, I would have to disagree with your "consultant." He's wrong. The practice does not tell us we need to demonstrate that what was submitted was actually used. It would be nice, and it's a good thing, but he's leading you down the wrong path.

Tuesday, October 5, 2010

Live tweets at CMMI v1.3 upgrade workshop

Dear Readers,

I'm Tweeting live at the CMMI Workshop (#cmmiworkshop) in Las Vegas this week where we are learning about CMMI v1.3 upgrade, SCAMPI v1.3, and a whole slew of new SEI information. For live tweets follow me at CMMIAppraiser.


Monday, October 4, 2010

We provide Project Management Services. Which model should we use - CMMI-DEV or CMMI-SVC?

We are a relatively small company of approximately 100 employees providing program management support services for government agencies. Our services include program and project management, including planning, financial management, risk management, etc. Our contracts usually also include delivery of specific documents as part of that support. We are discussing whether we should use CMMI-SVC or CMMI-DEV. Is there a good resource to help us decide which constellation is the better fit for our company as we try to decide whether to implement CMMI?

You didn't say which Maturity Level you were hoping for (2,3,4,5), but the DEV and SVC models are almost identical for ML2 (SVC has one additional PA: Service Delivery). We have many clients who provide project/program management services and use the CMMI-DEV ML2 very effectively. ML2 is focused on project and program management, so the differences between the two are small.

Going with the DEV model gives you the benefit of a huge body of knowledge and experience, with proven methods and techniques. SVC is only a year old, so that just doesn't exist.

ML2 in the DEV model includes Project Planning, Project Monitoring (this includes risks), PPQA, Configuration Management, and so on. These are core to project management. So that is probably a good initial target for you.

If you run projects, then the DEV models is slightly more appropriate. If you provide staff on a staff augmentation basis, then SVC might have a slight edge for you.

My advice would be to go with the DEV model for ML2, and if you wanted some of the advanced PAs then get a Capability Level Three in RSKM and IPM.

Good luck!

Friday, October 1, 2010

Can we just use some documents we created for our customer's process to be ML2?

In a recently completed contract, our company provided support which included helping a Federal agency implement process improvements and achieve a CMMI level 2 maturity rating in CMMI for Acquisition. Personnel from our company developed, documented, and implemented the processes with input, approval, and oversight from the government staff.
Our management asked whether there was any way to use the documentation developed in that contract as evidence in a level 2 appraisal for our company’s CMMI-SVC efforts.
Is there any way that process documentation (methods and evidence) can be used in a CMMI-SVC Level 2 appraisal of our company’s processes?

Of course they did! :)

You have probably heard the SEI joke that the answer to everything is “it depends!”

A CMMI SCAMPI Appraisal is an evaluation of your business practices, behaviors, processes, and deliverables. To the extent that what you developed for your client has been embraced and adopted by YOUR company, and you can demonstrate that is “the what things are done around here” then there is no issue with you re-using process documentation created for another client.
But if your thought is that you will just present this documentation to a Lead Appraiser, without adopting it for your own use, then I doubt that would be useful for you. If it did make it possible for you to achieve CMMI-SVC ML2 under these conditions, then I would question your Lead Appraiser’s competency (or ethics)!

That all said, the SVC and ACQ constellations may share 16 Process Areas, but the target stakeholders of the practices are much different. The way they are adopted is much different. So, adoption of the processes you developed for your client with ASQ may not be a good fit for your