Process Improvement: A brief association between ISO & CMMI

Companies that survive, thrive, and grow are constantly changing and improving. Change is often easiest to implement when improvements are guided by existing roadmaps or standards. This sounds straightforward in principle, but there are so many standards out there! Selecting the right standard can be baffling and the number of choices leads to many questions, among them:

Which standard should be selected?
What if more than one standard seems to fit the company’s needs?

1. What if no single standard addresses all needs?
2. What should be done when some standards address our business needs but others are required by customers?
3. If multiple standards are selected, should any one of them be chosen as the primary driver for process definition and improvement?

In many businesses, an organization’s compliance to the requirements of a given standard will be formally evaluated and measured. Achievement of a specified level of compliance is often required by customers and may be an important driver for process improvement.

Two prominent frameworks frequently used for compliance assessments are ISO 9001:2000, for quality management, and CMMI v1.2, for systems and software engineering process improvement.

In fact, grouping standards this way (compliance frameworks vs. best practices collections) is not strictly accurate. Although ISO 9001 and CMMI are frequently selected for formal assessments, both are valuable as sources of best practices. Similarly, the standards listed as collections of best practices can serve as the reference models in assessments.

As we see, the time and effort needed to implement processes that are compliant with these frameworks varies considerably. This is due, in part, to the degree of emphasis placed on institutionalization and, in part, to the type and amount of objective evidence expected by each appraisal or certification method. Clearly, an organization has many things to consider before embarking on process improvement efforts using multiple frameworks. Among the topics to consider are:

Should we adopt any framework at all?
Organizations with well-established processes and infrastructure may decide that adoption of a framework or standard may not bring meaningful business benefits.

Is certification or appraisal against a framework a mandatory business requirement?
In many industries, certification against one or more standards is a de facto entry criterion for doing business.

1. Should multiple frameworks be used?
2. Are different frameworks required for different customers?
3. Is a single framework inadequate for addressing the needs of the organization’s products and services?
4. If multiple frameworks are used, should one of them be the main driver for the organization’s processes?

If, for example, ISO 9001 certification is needed for certain customers, perhaps the organization’s processes should focus on addressing that standard before adding practices driven by a different framework. Should the same set of frameworks and organizational processes be used across the entire enterprise?
Are the same capability or maturity levels appropriate across the enterprise?

Finally, we should mention that there are other ongoing efforts to develop maps between models that may use different mapping paradigms and sometimes come to different conclusions.