Section 2.4.  A Second Path Toward Software Process Improvement Assessments: The History of ISO-9000-3, Bootstrap, SPICE, and the CMMI

2.4. A Second Path Toward Software Process Improvement Assessments: The History of ISO-9000-3, Bootstrap, SPICE, and the CMMI About the same time that the SEI was developing the CMM structure and the CBA IPI assessment methodology in America, European groups began to improve in their own way on the history of manufacturing audits. The most important difference between the two efforts was that in Europe, attention was focused more on small commercial organizations than on large defense-related ones. The European emphasis produced first software audits and then software assessments that diverged from the SEI model. 2.4.1. ISO 9000 In 1987, ISO (the International Standards Organization) augmented its manufacturing standards to include among other things a software component standard for products traded across international borders and specifically within the European Economic Community. The newly enlarged ISO 9000 standards were descendants, via NATO and the British Standards Institution, of U.S. DoD quality management program standards derived from pre-software experience [Bamford 93]. They were made up of "five related standards, which when combined constitute quality system" [ISO 87]. The software standard within this umbrella was called ISO 9000-3. Its philosophy was that the software development life cycle needed to be documented as carefully as manufacturing processes. Certification according to ISO 9000-3 did not involve progress up a ladder of maturity levels, nor were there incentives for process improvement. Although continuous process improvement was not precluded, it was not required or described by the standard, which addressed the control of a nonconforming product and recommended corrective and preventive action. (ISO 9000-3 and subsequent revisions augmented software certification with an audit technique called TickIT that attempted to copy some of the sophistication of an early SEI Software Process Assessment.) 2.4.2. Bootstrap Subsequently, starting in 1990, the European Strategic Program for Information Technology, ESPRIT, adapted Humphrey and Sweet's 1987 lead and developed what was called Bootstrap methodology. The original Bootstrap partners were from Germany, Italy, Finland, Austria, and Belgium. The project goal was to introduce modern software technology into European industry [Kuvaja 94]. Whereas the SEI in America had focused on large-scale and extremely complex defense-related applications, Bootstrap was designed to help European commercial applications, and it concentrated on small- and medium-size software systems and put more emphasis on rating individual software practices (especially technical practices) rather than global technical and management processes. Bootstrap combined its analytical methodology with a questionnaire aimed at developing an action plan for process improvement. Attempting to combine the 1987 SEI questionnaire, the European Space Agency life cycle model ESA-PS-005, and ISO 9000-3, the Bootstrap questionnaire asked more (and more specific) questions than the 1987 SEI questionnaire. Problems remained, however, including a limited version of a working software process improvement development paradigm. 2.4.3. SPICE When European groups attempted to refine their assessment methodology by combining it with the CMM-based efforts of the SEI, they continued to emphasize smaller commercial organizations and individual software practices. In 1991, an international effort was undertaken to refine key parts of ISO 9000-3, Bell Canada's Trillium, and Bootstrap by incorporating perspectives from the CMM. This effort officially began at the June 1991 ISO plenary meeting of the joint technical committee of the ISO and the International Electrotechnical Committee. Then, beginning in January 1993, the International Organization for Standardization formally created the Software Process Improvement and Capability Determination (SPICE) project to develop standards on software process. (In 1998, SPICE was converted into the model and process assessment segments of the ISO/IEC 15504 standards.) One can most easily describe the SPICE effort by saying that it intended to modify the CMM's primary focus on total organizational capability by incorporating Bootstrap's emphasis on particular process elements. In the CMM, control over the organization's process is achieved through a step-by-step progression in which focus shifts as an organization climbs the maturity ladder from controlling an individual project's software process to controlling the system-wide organizational software processes. SPICE, however, attempted to evaluate the "capability" level of individual processes rather than the "maturity level" of the organization as a whole. The CMM states that a "maturity level is a well-defined evolutionary plateau toward achieving a mature software process" [Paulk 95]. The central SPICE document (the Base Practices Guide or BPG), however, says that a "capability level is a set of common features...that work together to provide a major enhancement in the capability to perform a process" (emphasis added) [SPICE 95]. SPICE called this rating of an organization's processes individually a "Process Assessment Approach," [SPICE 95] which emphasizes a "continuous" framework of assessing individual processes (as opposed to the CMM's "staged" assessment of key process areas located at specific levels of an organization's process maturity). 2.4.4. From SPICE to the CMMI: "Continuous" Versus "Staged" Assessments Back in America, the introduction of the CMM for Software led to efforts to articulate assessment methodologies for a number of non-software areas, starting with systems. Faced with this plethora of new efforts, the U.S. Department of Defense formed a CMM Integration project to integrate three important analytical models into a single improvement frameworkthe CMM for Software, the Systems Engineering Capability Model (SECM, also known as Electronic Industries Alliance 731), and the Integrated Product Development Capability Maturity Model (IPD-CMM). Because the SECM followed the SPICE "continuous" approach to process improvement, however, the CMMI sponsor decided that the new single framework, called the Capability Maturity Model Integration (CMMI), must be able to be implemented in both the CMM's "staged" and the SECM's "continuous" approaches to process improvement and assessment. That is, the CMMI would allow organizations to perform either "staged" or "continuous" assessments on either software- or systems-based organizations. For the purposes of staged assessments, the CMMI methodology is very similar to that of the CMM. (Key Practices, for example, now called Specific Practices, continue to reside at maturity levels associated with levels of integrated organizational ability.) In the CMMI "continuous" version, however, a focus on large plateaus of integrated organizational ability has been replaced by an articulation of the multiple factors related to the implementation of specific practices. These factors, which take the place of what the CMM had called "common features," are called "generic practices" in CMMIpractices that concern the way that a process is institutionalized. The result is a matrix system in which individual specific practices can be evaluated according to the strength of its organizational support [CMMI Product Team 02].