Capability Maturity Model

(CMM)
What is CMM?
 Capability Maturity Model is a bench-mark for measuring the
maturity of an organization’s software process. It is a
methodology used to develop and refine an organization’s
software development process.
 CMM can be used to assess an organization against a scale of
five process maturity levels based on certain Key Process
Areas (KPA).
 It describes the maturity of the company based upon the
project the company is dealing with and the clients.
 Each level ranks the organization according to its
standardization of processes in the subject area being
assessed.
A maturity model provides:

A place to start
 Thebenefit of a community’s prior
experiences
A common language and a shared vision
A framework for prioritizing actions
A way to define what improvement means
for your organization
CMM Model’s Maturity levels

1. Initial
2. Managed
3. Defined
4. Quantitatively Managed
5. Optimizing
Process Maturity and CMM

 The Software Engineering Institute (SEI) has

developed a framework to judge the
process maturity level of an organization.
This framework is known as the Capability
Maturity Model (CMM). This framework has
5 different levels and an organization is
placed into one of these 5 levels.
The following figure shows the CMM
framework.
Level 1 – Initial:
 At Maturity level 1 The software process is characterized
as ad hoc and occasionally even chaotic. Few processes
are defined, and success depends upon individual effort.
By default every organization would be at level 1.
 At Maturity level 1 organizations often produce products
and services that work but company has no standard
process for software development. Nor does it have a
project-tracking system that enables developers to predict
costs or finish dates with any accuracy.
 At Maturity level 1 organizations are characterized by a
tendency to over commit, abandon processes in the time
of crisis, and not be able to repeat their past successes.
Level 2 – Repeatable:
 At Maturity level 2 Basic project management
processes are established to track cost, schedule,
and functionality. The necessary project discipline
is in place to repeat earlier successes on projects
with similar applications.
 AtMaturity level 2 Company has installed basic
software management processes and controls. But
there is no consistency or coordination among
different groups.
Level 2 – Repeatable:
 At maturity level 2, an organization has achieved
all the specific and generic goals of the maturity
level 2 process areas. In other words, the projects
of the organization have ensured that requirements
are managed and that processes are planned,
performed, measured, and controlled.
 The process discipline reflected by maturity level 2
helps to ensure that existing practices are retained
during times of stress. When these practices are in
place, projects are performed and managed
according to their documented plans.
Level 2 – Repeatable:
 At maturity level 2, requirements, processes, work
products, and services are managed. The status of
the work products and the delivery of services are
visible to management at defined points.
 Commitments are established among relevant
stakeholders and are revised as needed. Work
products are reviewed with stakeholders and are
controlled.
 The work products and services satisfy their
specified requirements, standards, and objectives.
Level 3 – Defined:
 The software process for both management and
engineering activities is documented,
standardized, and integrated into an organizational
software process. All projects use a documented
and approved version of the organization’s process
for developing and supporting software.
 Company has pulled together a standard set of
processes and controls for the entire organization
so that developers can move between projects
more easily and customers can begin to get
consistency from different groups.
Level 3 – Defined:
 At maturity level 3, an organization has achieved
all the specific and generic goals.
 Atmaturity level 3, processes are well
characterized and understood, and are described
in standards, procedures, tools, and methods.
Level 3 – Defined:
A critical distinction between maturity level 2 and
maturity level 3 is the scope of standards, process
descriptions, and procedures. At maturity level 2,
the standards, process descriptions, and
procedures may be quite different in each specific
instance of the process (for example, on a
particular project). At maturity level 3, the
standards, process descriptions, and procedures
for a project are tailored from the organization’s
set of standard processes to suit a particular
project or organizational unit.
Level 4 – Managed:
 Detailed measures for software process and
product quality are controlled. Both the software
process and products are quantitatively
understood and controlled using detailed
measures.
 Quantitatively Managed: In addition to
implementing standard processes, company has
installed systems to measure the quality of those
processes across all projects.
Level 4 – Managed:
 At maturity level 4, an organization has achieved
all the specific goals of the process areas assigned
to maturity levels 2, 3, and 4 and the generic
goals assigned to maturity levels 2 and 3.
 Atmaturity level 4 Sub-processes are selected
that significantly contribute to overall process
performance. These selected sub-processes are
controlled using statistical and other quantitative
techniques.
Level 4 – Managed:
 Quantitative objectives for quality and process
performance are established and used as criteria in
managing processes. Quantitative objectives are based
on the needs of the customer, end users, organization,
and process implementers. Quality and process
performance are understood in statistical terms and are
managed throughout the life of the processes.
 For these processes, detailed measures of process
performance are collected and statistically analyzed.
Special causes of process variation are identified and,
where appropriate, the sources of special causes are
corrected to prevent future occurrences.
Level 4 – Managed:
 Quality and process performance measures are
incorporated into the organizations measurement
repository to support fact-based decision making
in the future.
A critical distinction between maturity level 3 and
maturity level 4 is the predictability of process
performance. At maturity level 4, the
performance of processes is controlled using
statistical and other quantitative techniques, and
is quantitatively predictable. At maturity level 3,
processes are only qualitatively predictable.
Level 5 – Optimizing:
 Continuous process improvement is enabled by
qualitative feedback from the process and from
testing innovative ideas and technologies.
 Company has accomplished all of the above and
can now begin to see patterns in performance
over time, so it can tweak its processes in order
to improve productivity and reduce defects in
software development across the entire
organization.
Level 5 – Optimizing:
 At maturity level 5, an organization has achieved
all the specific goals of the process areas assigned
to maturity levels 2, 3, 4, and 5 and the generic
goals assigned to maturity levels 2 and 3.
 Processes are continually improved based on a
quantitative understanding of the common causes
of variation inherent in processes.
 Maturity level 5 focuses on continually improving
process performance through both incremental
and innovative technological improvements.
SEI has associated key process areas with
each maturity level.
1. The KPAs describe those software
engineering functions that must be present
to satisfy good practice at a particular
level. Each KPA is described by identifying
Some characteristics:
Characteristics of KPA’s is described by identifying
the following :
1. Goals: the overall objectives that the KPA must achieve.
2. Commitments: requirements imposed on the organization that
must be met to achieve the goals or provide proof of intent to
comply with the goals.
3. Abilities: those things that must be in place – organizationally and
technically – to enable the organization to meet the commitments.
4. Activities: the specific tasks required to achieve the KPA function
5. Methods for monitoring implementation: the manner in which the
activities are monitored as they are put into place.
6. Methods for verifying implementation: the manner in which proper
practice for the KPA can be verified.
KPA’s

 Each of the KPA is defined by a set of practices that

contribute to satisfying its goals. The key practices are
policies, procedures, and activities that must occur before
a key process area has been fully instituted.
KPA’s Level 2

 Software Configuration Management

 Software Quality Assurance
 Software subcontract Management
 Software project tracking and oversight
 Software project planning
 Requirement management
KPA’s Level 3

 Peer reviews
 Inter-group coordination
 Software product Engineering
 Integrated software management
 Training program
 Organization process management
 Organization process focus
KPA’s Level 4

 Software quality management

 Quantitative process management
KPA’s Level 5

 Process change management

 Technology change management
 Defect prevention