APPLYING ISO 9001 AND CMMI IN QUALITY-ORIENTED KNOWLEDGE MANAGEMENT FOR SOFTWARE PROCESS IMPROVEMENT

140 International Journal of Electronic Business Management, Vol. 2, No. 2, pp. 140-151 (2004)

APPLYING ISO 9001 AND CMMI IN

QUALITY-ORIENTED KNOWLEDGE

MANAGEMENT FOR SOFTWARE PROCESS

IMPROVEMENT

Yin-Ho Yao

1*

and Hsin-Kuo Lee

2

1

Department of Industrial Engineering & Management

Ta-Hwa Institute of Technology

2

Department of Industrial Engineering & Engineering Management

National Tsing Hua University

Hsinchu (300), Taiwan

ABSTRACT

ISO 9001 Quality Management System (QMS) and Capability Maturity Model Integration (CMMI) are quality management technologies, which can be applied to the software industry. This paper adopts these two management technologies to improve software process quality. ISO 9001 stresses the importance of building a QMS complying with the ISO guidelines of documation. CMMI stresses the importance of building a process improvement model following the CMMI documentation guidelines. In addition, knowledge management (KM) technology transforms these quality-related documents into valuable knowledge that can be utilized effectively and efficiently throughout the entire software organization. The objective of this paper is to apply and integrate ISO 9001 and CMMI in a quality-orientated knowledge management system for software process improvement (SPI). Focusing on the combined approaches and methodologies, the software process of a real software company is analyzed for designing a web-based prototyping quality-orientated KM system. The main functional modules of the system include creating, archiving, querying and managing the ISO and CMMI based quality system document. With the prototyping system, this paper confirms the benefits and synergies of the quality system for software development and process improvement. This paper also provides the transformation guidelines from ISO 9001 to CMMI for software companies to enhance the quality-orientated knowledge management of software processes.

Keywords: ISO 9001, Capability Maturity Model Integration (CMMI), Software Process

Improvement (SPI), Knowledge Management (KM)

1. INTRODUCTION

*

Owing to more complex software development processes in software development projects, software problems such as poor quality, budget overrun, unimplemented functionality, and cancelled projects become worse. Software organizations, like software companies and information departments of enterprises and governments, start to pay more attention to software quality management technology to improve software quality. The term ‘Software Process Improvement’ (SPI) denotes the “changes implemented to a software process that bring about improvements” [11]. The software process can be defined as “a set of activities, methods, practices, and

*

Corresponding author: [email protected]

transformations that people use to develop and maintain software and the associated products such as project plans, design documents, code, test cases, and user manuals” [12, 16].

The objectives of SPI are to improve software product quality, increasing productivity and decreasing the cycle time for product development [13]. In other words, SPI aims at achieving competitive advantage for software developers [15]. There are various approaches to implement SPI. European firms tend to use the ISO 9000 family to enhance software process capabilities and quality. North American companies seem to prefer CMM [12], now CMMI. Both ISO 9001 and CMMI are synergistic SPI technologies. Using either one as a basis will help process improvement. Whereas the CMMI is designed exclusively for software processes, the ISO 9001 standards are not limited to software

production.

Many software companies realize that they need to improve their software processes using more than one assessment model, e.g., ISO 9001 or CMMI. But, if they do not compare the differences carefully, it will cause an increase in the cost of running their business. In fact, the cost can be minimized by understanding where these assessment models overlap and how they differ from one another [17].

First, based on the above concepts, an overview and detailed analysis of each model is provided in this paper. Then a complete translation of the requirements of the models into software process quality documentation is offered. Third, a web-based prototyping quality-orientated KM system is designed. Finally, this study suggests transition steps from ISO 9001 to CMMI to enhance the quality-orientated knowledge management of software processes.

2. BACKGROUND

There are both production and service processes in a generic software development process. For differentiating them from the hardware manufacturing process, we define software development process as “software process” [4] in this paper. Because the quality of software is closely related to overall software process, experience has shown that successful quality management must be orientated to process improvement rather than control of the final product alone. Hence, it is important to improve software quality by means of improving software processes [10].

It is impossible to create a comprehensive quality management system (QMS) without a universally acceptable standard or model to follow, therefore we need an acceptable standard or model as reference. Fortunately, both ISO 9001 and CMMI can help us solve this problem. ISO 9000 series of standards, developed by the International Organization for Standardization (ISO), and CMMI [1], developed by the Software Engineering Institute (SEI), have a common concern of quality and process management. Although they are driven by similar

issues and are intuitively correlated, they differ in their underlying philosophies: ISO 9001 identifies the minimal requirements for a QMS, while CMMI underlines the need for continual process improvement. However, some aspects are not covered in ISO or CMMI, as illustrated in Table 1. Table 1: Aspects not covered in ISO 9001 and CMMI

ISO 9001 CMMI No explicit requirements for: Institutionalization Creating/maintaining organization assets (repository/database) Process areas No explicit requirements for:

Customer focus and customer satisfaction Management representative

responsible for quality management

Infrastructure (buildings, workspace, equipment, etc.)

Control of monitoring and measuring devices

ISO 9000 family is a set of internationally recognized standards on quality management. The standards are intended “to provide a generic core of quality system standards applicable to broad range of industry and economic sectors”. A major purpose of quality management is “to improve the systems and processes so that continual improvement of quality can be achieved”.

Before the year 2000, software developers were advised to use ISO 9000-3 [7] due to the specialization of software as a product. At 15 Dec. 2000, ISO published a revised ISO 9000 series. The ISO 9000 family is based on the assumption that all work is accomplished by a process. Accordingly, quality management means managing all processes in an overall organization. Table 2 gives an overview of the ISO 9000:2000 standards. Software organizations can use the standards to build and maintain the QMS to assure the software process conforming to the requirements specified in ISO 9001.

Table 2: Overview of the ISO 9000:2000 standards

Standards and guidelines Purposes

ISO 9000:2000, Quality management systems -

Fundamentals and vocabulary [6]

Establishes a starting point for understanding the standards and defines the fundamental terms and definitions used in the ISO 9000 family which you need to avoid misunderstandings in their use.

ISO 9001:2000, Quality management systems – Requirements [8]

This is the requirement standard you use to assess your ability to meet customer and applicable regulatory requirements and thereby address customer satisfaction. It is now the only standard in the ISO 9000 family against which third-party certification can be carried.

ISO 9004:2000, Quality

management systems - Guidelines for performance improvements [9]

This guideline standard provides guidance for continual improvement of your quality management system to benefit all parties through sustained customer satisfaction.

142 International Journal of Electronic Business Management, Vol. 2, No. 2 (2004) A quality system is a set of “organizational

structures, procedures, processes and resources needed to implement quality management”. ISO 9004 is a guideline for performance improvement. ISO 9001 is the only model for external quality assurance specifying a set of requirements. The demonstration of conformance to these requirements is called certification or registration. Although the implementation of an ISO 9001 QMS does not necessarily require a certification, most software organizations are seeking certification when they have installed a QMS. The average time software organizations need to implement an ISO 9001 QMS is 1.5 years.

ISO 9001 provides customers with confidence when delivering conforming products/services. It offers a framework for developing a well documented and continually improved QMS based process, which meets customer requirements. The general approach of ISO 9001 is to assure quality by improving processes. The process-orientated framework of ISO9001 QMS is illustrated in Figure 1.

Continual Improvement of the QMS Continual Improvement of the QMS

Product Customer Customer Customer Customer Value-added activities Information flow Requirements Satisfaction Management Responsibility Management Responsibility Resource Management Resource Management Measurement, Analysis, and Improvement Measurement, Analysis, and Improvement Product Realization Product RealizationProduct_Realization Product Realization

input output

Figure 1: Process-orientated framework of ISO 9001 The CMMI Product Suite provides industries and governments with a set of integrated products to

support process and product improvement. By reducing redundancy and complexity with the separate use of multiple Capability Maturity Models (CMMs) and related CMMI-Models, companies could improve efficiency and the return on investment for process improvement. The resulting CMMI products will be adaptable to an organization’s mission/business objectives.

The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The models that the SEI are currently involved with in developing, expanding, or maintaining include the following:

Capability Maturity Model Integration (CMMI) Capability Maturity Model for Software (SW-CMM)

People Capability Maturity Model (P-CMM) Software Acquisition Capability Maturity Model (SA-CMM)

Systems Engineering Capability Maturity Model (SE-CMM)

Integrated Product Development Capability Maturity Model (IPD-CMM)

The SEI continues to advocate the adoption of CMMI models as the best process improvement models available for product and service development and maintenance. These models build on and extend the best practices of the SW-CMM, SECM, and IPD-CMM. The newest CMMI model is CMMI-SE/SW/IPPD/SS Version 1.1 [2], released at March 1, 2002. This model includes systems engineering, software engineering, integrated product and process development, and supplier sourcing. History of the CMMI series is shown in Figure 2.

SEI and Mitre

Corporation Process Maturity Framework

1986.11

SEI and Mitre

Corporation Process Maturity Framework 1986.11 SEI Description of Process Maturity Framework and Maturity Questionnaire ( SEI-87-TR-24 ) 1987.9 SEI Description of Process Maturity Framework and Maturity Questionnaire ( SEI-87-TR-24 ) 1987.9 Watts Humphrey’s Managing the Software Process 1989 Watts Humphrey’s Managing the Software Process 1989 SEI Capability Maturity Model ( V 1.0 ) 1991 SEI Capability Maturity Model ( V 1.0 ) 1991 SEI Capability Maturity Model ( V 1.1 ) 1993.2 SEI Capability Maturity Model ( V 1.1 ) 1993.2 SEI Capability Maturity Model ( V 0.2 ) 1990 SEI Capability Maturity Model ( V 0.2 ) 1990 SEI Capability Maturity Model Integration ( V 1.0~V 1.1 ) 2000~2002 SEI Capability Maturity Model Integration ( V 1.0~V 1.1 ) 2000~2002

CMMI offers a framework that describes the key elements of an effective software process, which support the measurement of the software process. The CMMI describes a process maturity framework of five maturity levels (initial, managed, defined, quantitatively and optimizing level), as illustrated in Figure 3.

Disciplined process Standard process

Predictable process Continually improving process

Quantitatively Managed Quantitatively Managed Optimizing Optimizing Defined Defined Managed Managed Initial Initial

Figure 3: Framework of CMMI maturity levels The purposes of the CMMI are to:

Describe good management and engineering practices as structured by the maturity framework.

Support organizations to improve their processes.

The CMMI provides two representations (continuous representation and organizational maturity approach) to facilitate users to become familiar with either approach, i.e. process capability approach or organizational maturity approach. Software organizations have to choose one before implementing CMMI:

1. Process capability approach - continuous representation:

Choose order of improvement based on business objectives, areas of risk.

Enable comparisons based on process areas or maturity levels.

Enable comparison to ISO 15504 (SPICE)

2. Organizational maturity approach - staged representation:

Follow proven sequence of improvements, beginning with basic management practices. Enable comparisons based on maturity levels. Migrate from CMM for Software (SW-CMM).

Because most software organizations have adopted ISO 9001 or SW-CMM, they should have some experiences on QMS or process maturity improvement. Hence, CMMI staged representation will be the better one to most software organizations. The CMMI staged representation is composed of 5 maturity levels, 24 Process Areas (PA), 54 Specific Goals (SP), 24 Generic Goals (GG), 181 Specific Practices (SP), and 274 Generic Practices (GP), as illustrated in Figure 4.

Although one might expect that a QMS in a big software organization is more expensive than a QMS in a small one, the costs of implementing and certifying a QMS do not correlate with the size of the organization. The organizational structures of larger organizations are usually well documented and more clearly defined. This makes it much easier to install an ISO 9001 or CMMI QMS. Some common benefits for implementing ISO 9001 and CMMI are positive cultural change, increased productivity, better communications and improved customer satisfaction. Yet, it is also important to distinguish between the ISO9001 and CMMI. Following are some major differences between ISO 9001 and CMMI, as illustrated in Table 3.

Maturity level Maturity level

Process Area 1

Process Area 1 Process Area 2Process Area 2 Process Area nProcess Area n

Specific Goal

Specific Goal Generic Goal_{Generic Goal}

Specific Practices Specific Practices Generic Practices Generic Practices Commitment to Perform Ability to Perform Directing Implementation Verifying Implementation （Common Feature） ×24 ×24 ×54 ×181 ×274 ‧‧‧

Figure 4: Structure of CMMI composition Table 3: Major differences between ISO 9001 and CMMI

ISO 9001 CMMI

Focus: Its primary focus is the customer-supplier relationship to reduce a customer’s risk in choosing a supplier.

Focus: Its focus is on the supplier to improve the internal software process.

Objectives:

It is written for a wide range of industry other than software. Documents are more abstract.

It identifies only the minimal requirement for a QMS.

Objectives:

It is written specifically for software industry. Documents are detailed.

It describes the software process in detail. Concept: It is to follow a set of standards to make success

repeatable.

It emphasizes on achieving “maturity” and improving its process continuously.

Structure: It means that some basic practices are in place and the challenge is only to maintain certification.

Concept: It emphasizes on continual improvement, even at the last level.

Internal appraisal: It requires auditors, such that the value of certification depends on the expertise and experience of the auditors.

Internal appraisal: It allows self-assessment follow on the CMMI requirements.

Time needed: It takes about one and a half years to obtain ISO 9001 certification.

Time needed:It takes an average of two years to move between levels of the CMMI.

144 International Journal of Electronic Business Management, Vol. 2, No. 2 (2004)

3. ANALYSIS OF INTEGRATED

ISO 9001 AND CMMI

ARCHITECTURE

In this section, software processes based on ISO 9001 requirements, CMMI requirements, and ISO 9001-CMMI-integration requirements are analyzed successively. The analytical results are detailed in three process matrices as described below.

3.1 Software Process Analysis

With the ISO 9001-based process matrix analysis framework (as illustrated in Figure 5), we use five quality management principles (i.e., resource management, management responsibility, product realization, measurement and process improvement) as the vertical dimension, and business roles (including customer, management level, Quality Assurance representative, business department, technique department, quality assurance and supplier) as the horizontal dimension. The aims of the framework are: (1) to demonstrate that there are close relationships between software development processes and other business processes, (2) to provide a basis for ISO 9000 documentation and quality-orientated knowledge management, (3) to emphasize the importance of PDCA (Plan, Do, Check, Action) cycle, roles/duties assignments, and continual process improvement for meeting the software project quality.

With the CMMI-based process matrix analysis framework (as illustrated in Figure 6), we use a project management process and a software engineering process as the vertical dimension, and roles of business as the horizontal dimension. The purposes of the framework are: (1) to demonstrate the close relationships between project management processes and software development processes, (2) to provide a basis for CMMI documentation and knowledge management.

According ISO 9001 and CMMI process requirements, this study integrates the ISO-based 9001 and CMMI-based software process matrix. The integrative framework (as illustrated in Figure 7) provides a guideline for analyzing the gap between the existing software process and ISO-based/CMMI-based software process, which will aid in designing and implementing quality-orientated knowledge management systems for software process improvement.

Software organizations should look for the synergy between ISO 9001 and CMMI. Most software organizations could start with ISO 9001 then add CMMI, some might start with CMMI then ISO 9001. So, it is better to determine the process improvement status of the organization based on either ISO 9001 or CMMI, and then develop a transition plan. Transforming from ISO 9001 to CMMI enhances the quality-orientated knowledge management of software processes, as illustrated in Figure 8. System analysis System design Program design Softwa re Q A System implement System maintenance Project planning Technique Department

Customer Management_{Level Representative}QA _DepartmentBusiness _DepartmentTechnique QA Supplier

Customer Management_{Level Representative}QA _DepartmentBusiness QA Supplier

Provision of resource/Human resources/Infrastructure/Work environment

Management commitment/Customer focus/Quality policy/Quality planning/Responsibility, authority and communication/Management review

Market survey

Customer information Customer development

Customer requirement Contract review

sign a contract

Purchasing

Finance

Outsourcing management

Monitoring and measurement/Control of nonconforming product/Analysis of data Continual improvement/Corrective action/Preventive action

Internal audit Management review

Pay

Compliant Customer requirement confirm

Product validation Resource management Management Responsibility

Qu

alit

y manag

em

ent sy

stem

Measurement, Analysis Improvement

Prod

uct Rea

lizati

o

n

P

D

C

A

Resource management Management Responsibility

Qu

alit

y manag

em

ent sy

stem

Measurement, Analysis Improvement

Prod

uct Rea

lizati

o

n

P

D

C

A

Requirement confirm Software development System test

Yes

Technique department

Customer Managementlevel

Business

department QA Supplier

Project team

Technique department

Customer Managementlevel

Business department QA Supplier Project team M e asure m

ent and analy

sis, Pr o ce ss and product q u ality a ssurance Risk management

Customer requirement Contract review

Sign a contract

Requirement confirm

Project planning

PM start point

Integrated PM for IPPD, Integrated team, Supplier agreement management

Project monitoring and control

Re-planning

Software engineering start point

Req u ir em en t d ev el o p men t, T ech n ical s o lu tio n , pr od uc t i n te gr atio n Yes No No System analysis System design Program design System implement System maintenance System test

Requirement management, Configuration management, Verification, Validation

Software engineering end point Postmortem PM end point Project management process Software engineering process Project management process Software engineering process Project approval Update historical database

Update historical database CMMI document Update historical database

Update historical database CMMI document

Requirement confirm

Software development

Figure 6: CMMI-based process matrix analysis

SE engineering end pt. Project team

Monitoring and measurement/Control of nonconforming product/Analysis of data

Continual improvement, Corrective action, Preventive action Internal audit Customer compliant Resource management Management Responsibility Qua lity man agem ent sy stem Measurement, Analysis Improvement Product Rea lization Resource management Management Responsibility Qua lity man agem ent sy stem Measurement, Analysis Improvement Product Rea lization P M p ro ce ss S E p ro ce ss P M p ro ce ss S E p ro ce ss

Integrated PM for IPPD, Integrated team, Supplier agreement management Postmortem

PM end pt.

Yes

Measurement and analysis, Process and product

quality assurance

Risk management

Customer requirement Contract review

Sign a contract

Requirement confirm

Project planning

PM start pt.

Project monitoring and control

Re-planning SE process start pt. Yes No No System analysis System design Program design System implement System maintenance System test

Requirement management, Configuration management, Verification, Validation

Update historical database

Update historical database

Project approval Requirement confirm Software development Purchase Finance Outsourcing management Payment Product realization Requirement development, Technical solution, product integration Market survey

Customer informatin Customer development

Document database

Technique Department

Customer Management_{Level Representative}QA _DepartmentBusiness DepartmentTechnique QA Supplier

Customer Management_{Level Representative}QA _DepartmentBusiness QA Supplier

Provision of resource/Human resources/Infrastructure/Work environment Management commitment/Customer focus/Quality policy/Quality planning/Responsibility, authority and communication/Management review

Management review

Figure 7: Integrative ISO 9001/CMMI-based process matrix analysis

Initialize •Organize •Train •Organize

•Train _{ISO 9001 QMS}Establish Establish ISO 9001 QMS Establish ISO Document Establish ISO Document Internally audit Internally audit Audit_Audit

Review once half a year to one year

Strategically analyze Strategically analyze Set goal and plan Set goal and plan Assess

Assess Assess gap (IDEAL) Assess gap (IDEAL) •Organize •Train •Organize •Train Develop processes Develop processes Pilot Pilot Assess pilot Assess pilot Institutionalize Institutionalize Strategic transform step

CMMI adoption and assessment step Process improvement

ISO 9001 adoption and audit step

Continually improve process

Figure 8: Transformation from ISO 9001 to CMMI

3.2 Software Process Quality Knowledge Content Analysis

The basic function of knowledge management is to manage knowledge contents. Knowledge content can be defined as documents that have been written by knowledge workers that outline a re-usable area of know-how (procedures, processes etc.) or know-why [3]. The major knowledge contents for software process quality are ISO documents and CMMI documents.

ISO documents are usually classified on four levels, namely, Quality Manual (QM), Operation Procedures (OP), Work Instructions (WI), and Quality Record or Form, as illustrated in Figure 9.

International Journal of Electronic Business Management, Vol. 2, No. 2 (2004) 146

Quality Manual: states the quality policy and describes the quality system in accordance with the policy [5].

Operating Procedures: The procedures often include detailed business processes, related activities, as well as management and personnel’s responsibilities and authorities with respect to specific activities [5, 14]. Work instructions: which provide the detailed information (step-by-step instructions) on how to perform a particular task.

Quality records and forms: provide the evidence (records or proofs) of what have been accomplished to comply with the quality system. [I] Quality Manual (QM) [II] Operation Process (OP) [III] Work Instructions (WI) Quality Plan [IV] Quality Record (From and record)

Figure 9: ISO document level

The organization’s process asset library is a collection of items (such as processes descriptions, life cycle models description and process-related documentation) maintained by the organization, which support process improvement by allowing the sharing of knowledge learned across the organization. CMMI documents can be derived from process assets of CMMI including standard processes, life cycle models, process tailoring guidelines or criteria, organizational measurement repository (which contains both product and process measures that are related to the organization’s set of standard processes) and a library of process-related documentation.

4. IMPLEMENTING

QUALITY-ORIENTATED KM

SYSTEM FOR SOFTWARE

PROCESS IMPROVEMENT

In this section, an implemented ISO 9000/CMMI based quality-orientated KM system for software process improvement is discussed. First, data flow diagrams (DFDs) for the KM system and managing the knowledge contents are

presented. Then, the implementation system environment (HW/SW), system framework and system function tree (depicted as system structure chart) are demonstrated. Finally, the database structure with entities relationship diagrams and part of data dictionaries are described.

4.1 Quality-Orientated KM System Analysis and Design

It is necessary to define the mission/goal of the system and then analyze and establish the ISO 9001 QMS/CMMI model before implementing KMS (Knowledge Management System), as illustrated in Figure 10. Figure 10 shows the strategic KMS implementation steps including strategy analysis steps, ISO9001 QMS/CMMI modeling steps for software process quality management and implementation KMS steps.

External analysis Opportunity & Threat

External analysis

Opportunity & Threat Strength & WeaknessInternal analysis

Internal analysis Strength & Weakness

Define mission and goal

Define mission and goal

Select strategy of system integration Select strategy of system integration Establish ISO 9001 QMS Establish ISO 9001 QMS Establish KMS prototype Establish KMS prototype

Establish CMMI model

Establish CMMI model

Enrich KMS content

Enrich KMS content

Totally implement KMS

Totally implement KMS

Strategy analysis step

Establish software process quality management step

Implement KMS step

Figure 10: Strategic KMS implementation steps In this research, data flow diagrams are used as a process description tool to document the details of the functional primitive, processes steps and logic of the KM system. The KM processes include managing knowledge content, community communication, resource sharing, online learning, security management etc. The KM data flow diagram is illustrated in Figure 11. Data flow diagram of managing knowledge content is depicted in Figure 12. 3.0 Community communication 4.0 Business intelligence 5.0 Statistical analysis 6.0 Information sharing 7.0 Online learing 2.0 Knowledge content 8.0 Security management 1.0 My homepage System security management User 0.0 Knowledge management system System management User Identification

User data management Online learning Click resource sharing

Click Business intelligence Community Communication A dd, D el et e, Mod if y K now le dge C ont en t Customized individual demand modules Acknowledgement User Acknowledgement ID acknowledgement ID acknowledgement User Identification Acknowledgement Acknowledgement Acknowledgement Acknowledgement Acknowledgement Acknowledgement Acknowledgement Statistical Analysis

2.1 Manage ISO documents User 2.2 CMMI documents 2.3 Knowledge Management ISO Documents CMMI Documents Knowledge File

ISO documents query

Add, Delete, Modify ISO documents

CMMI documents query Add, Delete, Modify

CMMI documents

Knowledge documents query Add, Delete, Modify

knowledge content Knowledge documents

management CMMI documents

management ISO documents management

Acknowledgement

Acknowledgement

Acknowledgement

Figure 12: Managing knowledge content data flow diagram

Entity relationship diagram (ERD) is often used as a means to describe the structure of a database. The main database structure of the KM system is depicted in an integrative ERD. The integrated ERD is composed of four entities (data tables) relationships including ISO document table, knowledge document table, CMMI document table and user data table, as illustrated in Figure 13, 14, 15, 16.

PK DOC. Level_No. DOC. level

PK Author No Author

Doc. level table

PK Authoring department No Authoring department Authoring department table Author table PK department NoApprover Approver department Approver department table ISO doc. table

ISO doc. Number PK FK1,11 FK2,11 FK3,11 FK7 FK6,11 FK4,11 FK5,11

ISO doc. name Doc. level Authoring department Author Approver name Approver department Keeping department Issue date Version Workflow status Keeping department No Workflow status No. Approving department No. Approver No PK Approver No. Approver name Approver PK Keeping department No Keeping department Keeping departments table PK Workflow statusNo Workflow status Workflow status No

Figure 13: ISO document relationships tables

PK Category No Category PK Project No Project Category table Project table Knowledge file table

Knowledge file No.

PK FK1,11 FK2,11 FK3,11 FK4,11 FK5,11 FK6,11

Knowledge file name Category Project Authoring department Author Approver department issue date version workflow status PK Approver department No Approver department Approver department table PK Workflow status No Workflow status Workflow status table PK Authoring department No Authoring department Authoring department table PK Author No Author Author Table

International Journal of Electronic Business Management, Vol. 2, No. 2 (2004) 148

CMMI doc. table

CMMI doc. No PK FK1,11 FK3,11 FK2,11 FK4,11 FK5,11 CMMI doc. Standard process Life-cycle model Tailoring Criteria Measure Repository Process doc. PK Standard process No Standard process

Standards process table

PK Tailoring

criteria No Tailoring

criteria

Tailoring Criteria table

PK Measurement repository No. Measurement Repository Measurement Repository table PK Life-cycle model No Life-cycle model

Life-cycle model table

PK Process doc.No

Process doc. Process doc. table

Figure 15: CMMI document relationships tables

PK Department No Department PK Group No Group Department table PK Rank code Rank Rank table Group table PK Sex code Sex Sex table User data table

User No PK FK1,11 FK2,11 FK3,11 FK4,11 Password Group Name Department Rank Birthday Sex Address Telephone Mobile phone E-mail

Figure 16: User data relationships tables Data dictionaries are used to collect, define,

describes and organize specific facts about the KM system, including the contents of data flows, data stores (entities or tables), and processes. Part of the data dictionary that defines and describes

combinations of data elements taken into tables including a user table, the ISO document table, CMMI document table, and a knowledge file table are illustrated as Table 4.

Table 4: Partial data dictionary of the KM system

Table Name Data Element

tbUser UserNo＋Password＋Group＋User＋Dept＋Title＋Birthday＋Sex＋Address＋Telephone＋ Cellphone＋Email

tbISODoc ISODocNo＋ISODoc＋_＋Level＋AuthorDept＋Author＋Approver＋CosignDept＋KeepDept IssueNo＋IssueDate＋Version＋WfStatus

tbCMMIDoc CMMIDocNo＋CMMIDoc＋StdProcess＋LifeCycle＋TailorCriteria＋ MeasurementRepository＋ProcessDoc

tbKFile KFileNo＋KFile＋Category＋Project＋AuthorDept＋Author＋CosignDept＋IssueDate＋ Version＋WfStatus

4.2 System Implementation

The KM system development environment is a web-based three-tier system, as illustrated in Figure 17. The first tier is the client tier used for the presentation of data, receiving user events and controlling the user interface. The second tier is the application server tier. The third tier, namely database server tier is responsible for data storage. The architecture of the KM system is illustrated in Figure 18. The function tree of the KM system is depicted as a system structure chart is illustrated as Figure 19. The main functions or modules of the implemented system includes:

Knowledge content management module: ISO

9000 document management, CMMI document management and knowledge file management. Community communication module: Partner calendar sharing, new message, opinion exchange, online communication etc.

Statistical analysis module: includes knowledge sharing list, service records statistics.

Resource sharing module: includes sharing of product information, department information, tool information, customer information, resource reservation etc.

Online learning module. Security management module.

User/Administrator Web server/System module Database

Web Web Knowledge file database CMMI document database Web server _DBMS Workflow management system ISO document database User Database ISO document management system CMMIdocument management system

1sttier 2ndtier 3rdtier

Knowledge file management

system

Figure 17: Web-based three-tier system architecture

System front-end Browser (KM portal)

Firework (Security Management)

KM ISO documents management CMMI documents management Knowledge documents managements Community Calendar sharing Newest information discussion group improvement proposal Collaboration Intelligence Expert system Decision support Technology service Technology information Online Learning On-line course Skill evaluation KM tools learning Statical Analysis KM Sharing list Quality hecking statistics Customer services statistics Knowledge retrieve

Document driver Data driver

Document index Data index

Database

Internet (infrastructure) C

Workflow groupware

System rear-end

International Journal of Electronic Business Management, Vol. 2, No. 2 (2004) 150 Information sharing Tool information Facilities information Factory information Customer information Life Information Resource Reservation Online learing Security management On-line course Account data management Skill evaluation Groups data management KM tools learning Knowledge management system My homepage Knowledge content Communicat-ion community Business intelligence Statistical analysis Account management ISO document Calendar sharing Expent system KM Sharing list Favorite knowledge CMMI document Company calender Decision support Quality hecking statistics Awaiting work lists Knowledge file Colleage calender Technology service Customer services statistics E-mail Newest information Technology information Calendar Opinion sharing Books & magannizes

Mailing list Collaboration Technology maganizes Working memos E-mail Software tools Viedo conference On-line communication Product information Department information

Figure 19: System structure chart

5. CONCLUSION

There are several possible ways for software organizations to transit from older quality management models to newer ones, that is, from ISO 9001:1994 to ISO 9001:2000, and from CMM to CMMI. Software organizations should also look at the synergy between ISO 9001 and CMMI model. Most software organizations can start with ISO 9001 then add CMMI, some might start with CMMI then ISO 9001. So, it is better to determine the process improvement status of the organization based on either ISO 9001 or CMMI, and then develop a transition plan. ISO 9001 identifies only minimal requirements for a QMS. When a software organization aims to achieve software process improvement, it is necessary to address more aspects, likes CMMI.

This paper applies and integrates ISO9001/CMMI in a quality-orientated KMS and provides the guidelines for transformation from ISO 9001 to CMMI in order to enhance the quality-orientated knowledge management of software process improvement. A prototyping quality-orientated KM system is implemented to

show the benefits and synergies of the knowledge management in the context of ISO 9000 and the CMMI model. This system demonstrates that combinations of ISO 9000/CMMI models requirements can facilitate software organizations to manage and share quality-related documents/knowledge effectively. The research results demonstrate the feasibility and benefits of combining ISO 9001 and CMMI based quality management systems for software process improvement.

REFERENCES

1. CMU/SEI, CMU/SEI-2002-TR-012, 2002, Capability Maturity Model Integration (CMMI-SE/SW/IPPD/SS), Staged Representation, V1.1, Carnegie Mellon University/Software Engineering Institute, MA.

2. CMU/SEI, CMU/SEI-96-HB-001, 1996, IDEAL-A User’s Guide for Software Process

Improvement, V1.1, Carnegie Mellon

University/Software Engineering Institute, MA. 3. Eppler, M. J., 2004, Managing Knowledge

Content Quality–Lessons from IT Analysts, http://www.analyst-academy.org/relatedarticles. 4. Florac, W. A. and Carleton, A. D., 1999,

Measuring the Software Process: Statistical Process Control for Software Process Improvement, Addison-Wesley, MA.

5. ISO 10013, 1995, Guidelines for Developing Quality Manuals, Geneva, Switzerland: International Organization for Standardization. 6. ISO 9000, 2000, Quality Management Systems -

Fundamentals and Vocabulary, International Organization for Standardization, Geneva, Switzerland.

7. ISO 9000-3, 1997, Guidelines for the Implementation for ISO 9001 for the Development of Software, International Standards Organization, Geneva, Switzerland. 8. ISO 9001, 2000, Quality Management Systems -

Requirements, International Organization for Standardization, Geneva, Switzerland.

9. ISO 9004, 2000, Quality Management Systems - Guidelines for Performance Improvements, International Organization for Standardization, Geneva, Switzerland.

10. Jovanovic, V. and Shoemaker, D., 1997, “ISO 9001 standard and software quality improvement,” Benchmarking for Quality Management & Technology, Vol. 4, No. 2, pp. 148-159.

11. Olson, T., Humphrey, W. and Kitson, D., 1989, CMU/SEI-89-TR-7, Conducting SEI-Assisted Software Process Assessments, Pennsylvania. 12. Paulk, M., 1993, CMU/SEI-93-TR-024,

Capability, Maturity Model for Software (SW-CMM), V1.1, Pennsylvania.

13. Paulk, M., 1993, CMU/SEI-93-TR-025, Key Practices of Capability Maturity Model, V1.1, Pennsylvania.

14. Peach, R. W., 1997, The ISO 9000 Handbook, 3rd edition, New York: McGraw-Hill Companies,

Inc.

15. Stelzer, D., Mellis, W. and Herzwurm, G. 1996, “Software process improvement via ISO 9000? results of two surveys among software houses,” Proceedings of the 29th Annual Hawaii Internal Conference on System Sciences, Hawaii, pp. 703-712.

16. Stelzer, D. and Mellis, W., 1999, “Success factors of organizational change in software process improvement,” Software Process Improvement and Practice, Vol. 4, No. 4, pp. 2-4.

17. Tingey, M. O., 1997, Comparing ISO 9000, Malcolm Baldrige, and the SEI CMM for Software, Prentice-Hall, New Jersey.

ABOUT THE AUTHORS

Yin-Ho Yao received his doctoral degree in industrial engineering and engineering management at National Tsing Hua University. He is currently an associate professor and head of the IEM department at the Ta Hwa Institute of Technology and Commerce. He has participated in several NSC projects and CSD projects. His research areas are in the electronic document management, information system analysis and design, business process reengineering and e-commerce.

Hsin-Kuo Lee received his master degree from the department of industrial engineering and engineering management at National Tsing Hua University. His research interest including electronic document management, ISO 9000 quality management system and CMMI.

(Received July 2004, revised September 2004, accepted October 2004)