Thursday, January 29, 2009

Jeff speaking at SEPG 2009 in San Jose, CA

The SEI's annual conference, SEPG 2009 is coming soon in San Jose, CA.  SEPG is the big one, the place where process geeks like me and you get to come together, network, learn new things, and make jokes that only we will understand ("so a PPQA auditor comes into a bar....").

Taking place March 23-26, the conference draws 1500 of the world's best practitioners of process improvement and features dozens of great speakers including many of my favorites like Pat O'Tool, Steve Masters, Mike Konrad, David Anderson, Hillel Glazer, and Rick Hefner.

Yours truly will be speaking at least three times: a re-dux of last years #1 presentation (as voted by attendees) "MORE Notes from the Blogosphere" in which we'll examine the most common questions posted to "Ask The CMMI Appraiser" and play a game of "Stump the Appraiser" (with plenty of swag), "Successfully reaching CMMI ML2 with Agile Methods" with my friend and client Ross Timmerman of Johnson Controls, and "CMMI or Agile: Why Not Embrace Both" with Mike Konrad and David Anderson.  Also as a back up I hope to be presenting "Encapsulated Process Objects."

Be there or be square.  We'll have a blast!

CMMIAppraiser on Twitter

Wednesday, January 28, 2009

There seems to be redundancy between OPP and QPM. What gives?

I would like to have your viewpoint on the differences between the two PA’s QPM and OPP, especially when the scenario is that the organization has identified sub processes like Cost and Schedule Variance as selected sub processes and all the projects follow this organization wide. Now there seem to be lot of redundancy in that case among various practices of QPM as well as OPP.
Ahhh, the 'ol OPP vs QPM redundancy question!
I'll admit that back in the day I had similar issues with the high maturity process areas, but I've been to the SEI mountain, worshiped at the alter of high maturity, and been fully indoctrinated into the cult-like interpretation of the informative material!  Just kidding, it's great stuff!
I understand that you've identified sub processes that your are monitoring and measuring, and that is great!  But it's not quite what the practices are ALL about.
Think of OPP as setting up an infrastructure and engine for statistical monitoring and analysis - an infrastructure that the projects will later use while the execute processes based upon QPM.  The projects also feed the engine, for OPP is a hungry one!
What kinds of things take place in OPP?  Gaining a solid, statistical understanding of a selected set of sub processes and their performance.  This understanding includes analysis such as the identification of the natural bounds of the process (within control limits) and the use of other methods to understand process performance. We call these "baselines."  It also includes "modeling" which uses the data to predict what will happen (within limits) if certain actions are taken in the future.  We call these "models."
QPM is the CONSUMER of the OPP baselines and models.  When a project starts up, the PM will "compose" the process based on the project's goals/objectives AND the baselines and models made available to her via the OPP-related work.
So, for example, if the project is very high risk, with medium complexity, and a compressed time-frame, the PM might select sub processes from the set of standard processes that will help them succeed given those conditions.  He also will constantly monitor the sub process performance using the tools and methods spawned by OPP-related processes to understand whether or not they are going to meet their objectives.
There is a clear delineation between OPP and QPM - one is a supplier, the other a consumer (and then ultimately a supplier BACK to OPP to feed the baseline data).

Tuesday, January 27, 2009

What do I need to do to for our company to become CMMI Maturity Level Three

What does our company need to do to become CMMI ML3?
The CMMI is an integrated process model with +-350 distinct practices that define what a “great company” does, at least within it's engineering, product, software, or services organization.  Consider them a list of requirements for your process.  So, your first step is to become smart about the model.
The CMMI model specification can be downloaded from the SEI’s site at in PDF format, or a better choice is the CMMI book by Mary Beth Chrissis, Mike Konrad, and Sandy Schrum available on Amazon for about $50.00.  It has case studies as well as background information.
A better choice might be for you and your key project leaders and technical leads to take the “Introduction to CMMI” course either at the SEI or from an SEI Partner in your area.  As an alternative, you might consider a ½ day CMMI Executive Briefing.  I give these often with various clients around the country.  You can also download "Agile CMMI" from our website at
There are also numerous presentations, white papers, and documents on the SEI’s web site for free download.  One I would suggest is “CMMI or Agile: Why not Embrace Both!” co-authored by me and a few other folks in the CMMI / Agile world including Hillel Glazer, David Anderson,  Mike Konrad, and Sandy Schrum.
The next step would be to engage a certified CMMI Lead Appraiser to conduct an informal gap analysis (known as a “SCAMPI C”) and perhaps meet with you and your sponsor to develop an appraisal strategy and plan. 
You would then need a period of time (either on your own or with a qualified CMMI consultant) designing, deploying, and using processes based on the CMMI specification.  Along the way you might conduct some informal appraisals, perhaps a SCAMPI “B,” and then, when you are ready, a SCAMPI “A” appraisal.
A SCAMPI “A” is a rigorous, time consuming, intensive event that takes weeks (or months) to prepare for, and then requires a 1-2 week on-site appraisal conducted by a certified SCAMPI Lead Appraiser with a trained appraisal team.  The Lead Appraiser will lead you and team through the SCAMPI appraisal which will result in you achieving (or not achieving!) maturity level two.
Whew!  There’s a lot in here.  It’s a major project, but well worth doing because it will put you in an excellent position for competing and winning in a difficult economy.

Thursday, January 22, 2009

Can we have a global configuration plan or does each project need one?

I would like to ask you a question about Configuration Management from ML2. At the place I'm currently working at we have implemented a global CM plan applicable to all projects (in addition to that, we also have what we call a 'cover page', which is where we include all the roles with the corresponding team members). Should any of them present any difference with the original CM plan, we have a section destined to these particularities inside an application called Team Foundation Server (TFS).
Is it correct to be doing the afore-described, or should we be using a specific CM plan for each project?"
Well, that depends!
I personally can't stand that answer when I get it, but your post left me with no choice!
It all comes down to "what" is in the plan and the characteristics of your projects.  If your projects all use identical work products and code modules, and there is little or no variation, then yes, one plan could work.  Other factors influencing my response would be company size, project complexity, timing, and methodologies being used.
One approach to consider might be to split the CM Plan that your using into one global document that is "common" to all, and another piece for the "project specific" data.  It sounds like you're doing some of this using TFS, which is great, but I have to believe there is more uniqueness to each project than you've described.  If not, you're probably in decent shape.

Wednesday, January 21, 2009

What is the difference between ISO certification and CMMI?

We are wondering what the difference is between CMMI Certification and ISO Certification is. We are ISO certified. Are there different levels of CMMI certificates? Any information you can send us would be very helpful.

If I had a nickel for every . . . . . well, I'd still be poor!

That's a great question though. A lot of organization's have been certified for ISO (9001/9001, 15504, etc) and wish to leverage that success towards the achievement of a level of CMMI.

Remember that ISO is an "audit standard" and that the CMMI is a "process model," so conceptually they're quite a bit different. Think of the CMMI as a large set of related "best practices" gathered from many product engineering and software development organizations. ISO can be very helpful, especially for marketing, HR, and quality, but it is not specifically focused on engineering and project management as is the CMMI. So the depth of CMMI in these areas is far greater.
You've obviously done some homework because you've identified one of the differences already. There are five levels of CMMI "maturity" with the vast majority of companies striving to achieve maturity Level Two or Three. ISO does not have this concept. Also, ISO is a "certification" and CMMI, although it looks and feels like one, is something you "achieve." The difference ends up being minor though (at least from your perspective) but it is a distinction.

ISO also doesn't focus with such depth and breadth on the various process areas (there are 22 process areas in the CMMI) and the appraisal process for CMMI (called SCAMPI) is quite a bit more rigorous. I'm not an ISO auditor, but my colleagues have told me that, while there is some overlap, the process of adopting CMMI is quite a bit more rigorous, as is the appraisal method (SCAMPI).

Your best bet is to get some education on CMMI through an authorized "Introduction to CMMI" training class, and to engage a Certified SCAMPI Lead Appraiser to discuss your particular goals and objectives as they relate to CMMI. If you email you'll be able to start the process of learning more about it.

Best of luck to you!

Monday, January 19, 2009

Follow "Ask The CMMI Appraiser" on TWITTER!

Dear readers,

Get regular CMMI tips on the micro-blogging site "TWITTER" ( Sign up to follow "CMMIAppraiser" for your tips . . . always free!

Our Appraisal Expires at the end of this year, what should we do now?

I recently started to work for a cmmi level-3 company and in December 2009 our appraisal expires.
  1.     What is the latest time to conduct a SCAMPI ?
  2.     What is the minimum number of projects to present in the appraisals?
  3.     Is there any significant change brought by the release of CMMI version 1.2?

1. Beginning with CMMI v1.2, the duration between appraisals is three years.  That means if you want to maintain your ML3 rating you will need to complete a SCAMPI "A" by December of 2009.  Depending on your current state of readiness there may be a lot to do.  Many clients I work with commission a SCAMPI "C" to evaluate their readiness before scheduling the higher-cost SCAMPI "A" to renew their rating.

2. SCAMPI v1.2 has clarified the sampling requirements to be (from the SCAMPI MDD): 

In appraisals where the reference model scope includes any project-related
PA, the organizational scope must include at least one focus project. If the
organizational unit includes more than 3 projects, then the organizational
scope must include sufficient focus projects and non-focus projects to
generate at least 3 instances of each practice in each project-related PA in
the model scope of the appraisal.

3.  There was quite a bit of change between v1.1 and v1.2.  Some PA's from ML3 were removed, and others were combined.  All ATMs must now be trained in CMMI v1.2 (there is an upgrade course available), and your LA must also be authorized (now certified) in v1.2

What is the best way to satisfy Generic Practice GP2.1?

We are just getting started and right away we're struggling! What is the best way to satisfy GP2.1 for all of the process areas?

The Generic Practices are foundational to the success of any or all of the process you deploy, and GP 2.1, "Establish and Maintain an Organizational Policy for planning and performing the process" is one of the most important.

GP2.1 is intended to set the expectation, for all practitioners, that they are to plan for AND perform the process that has been established, and that management wants them to do just that. It is an unambiguous request to plan and perform the process as intended.

Now, this set of policies should mirror your process, not the CMMI, and should clearly let everyone know what management's expectations related to performing the process are.

Not every policy is called "a policy" and some may not even exist in a "policy manual."

I have one client that created such a manual, a 100 page document with a detailed policy (bordering on process) and signatures for all the relevant stakeholders contained within its pages. Did this meet the CMMI requirements? Sure, and then some. The problem with this approach is that a) it's too much work to establish and maintain; b) it's not that valuable and c) no one will read it.

Policies can often be effectively communicated in training materials, on posters, in emails, and via word of mouth. In fact, a combination of all of these is often required to get everyone on the same page!

Good luck,