Tailoring CMMI-DEV and RUP frameworks for ML2/3-compliance analysis

Tese de doutoramento do Programa de Doutoramento em InformáticaThe Capability Maturity Model Integration is a reference model composed of a set of guidelines that has to be implemented to attain a specific level of maturity in a particular set of process areas. This model aims to establish a set of "best practices" that should be used to ensure the software development with a high degree of quality. However, CMMI is not widely adopted by small businesses. Its adoption by these companies is somewhat complex since, in its guidelines, it merely indicates what to do, but it does not indicate how to implement each guideline. The Rational Unified Process is a software development methodology, which has as its main objective to avail its users the possibility of the software developing high-quality, within time and budget. This thesis aims to contribute a set of solutions that can be followed by small organizations, in order to implement a more streamlined process model that guarantees an increase in the quality of their products. This thesis adopts and validates a tailoring of the Rational Unified Process allowing it to be more easily implemented by small businesses or small software teams. This thesis presents a study of the dependencies between all the Capability Maturity Model Integration process areas, in order to enable the understanding of what the implementation impact is of a given process area in the other process areas. Finally, we present a mapping between the Capability Maturity Model Integration and the Rational Unified Process, which aims to help small software development teams in the implementation of the Maturity Level 2 (presented in more detail) and Maturity Level 3 of the Capability Maturity Model Integration. This mapping specifies what team members have to perform in order to implement most of the guidelines that the Capability Maturity Model Integration requires for each of their maturity levels.O Capability Maturity Model Integration é um modelo de referência que contém um conjunto de orientações necessárias para atingir um determinado nível de maturidade em áreas de processo específicas. Este modelo tem como objetivo estabelecer um conjunto de "melhores práticas" que devem ser utilizadas para garantir o desenvolvimento de software com um elevado grau de qualidade. No entanto o CMMI não é muito adotado por pequenas empresas. A sua adoção por estas empresas torna-se ligeiramente complexa, uma vez que nas suas orientações apenas é indicado o que se deve fazer e não o como se pode fazer. O Rational Unified Process é uma metodologia de desenvolvimento de software que tem como principal objetivo garantir aos seus utilizadores o desenvolvimento de software de alta qualidade dentro do tempo e custo previsto. Esta tese pretende contribuir com um conjunto de soluções, que as pequenas empresas podem seguir, de modo a implementarem de uma forma mais simplificada um modelo de processos que lhes garanta um aumento da qualidade dos seus produtos. Esta tese adota e valida uma simplificação do Rational Unified Process permitindo que este seja mais facilmente implementado por pequenas empresas ou pequenas equipas de software. Esta tese apresenta um estudo das dependências existentes entre as várias áreas de processo do Capability Maturity Model Integration de modo a permitir a compreensão de qual o impacto que a implementação de uma determinada área de processo tem nas restantes áreas existentes. Por fim, é apresentado um mapeamento entre o Capability Maturity Model Integration e o Rational Unified Process, que pretende orientar as pequenas equipas de desenvolvimento a implementar nível 2 (apresentado de um modo mais detalhado) e 3 do Capability Maturity Model Integration. Este mapeamento permite indicar aos elementos da equipa o que tem de fazer para conseguir implementar a maior parte das orientações que o Capability Maturity Model Integration impõe para cada um dos seus níveis de maturidade.Este trabalho foi desenvolvido com o apoio da Fundação para a Ciência e Tecnologia e da I2S - Informática Sistemas e Serviços SA., através de uma Bolsa de Doutoramento em Empresa

A CMMI-compliant requirements management and development process

Requirements Engineering has been acknowledged an essential discipline for Software Quality. Poorly-defined processes for eliciting, analyzing, specifying and validating requirements can lead to unclear issues or misunderstandings on business needs and project’s scope. These typically result in customers’ non-satisfaction with either the products’ quality or the increase of the project’s budget and duration. Maturity models allow an organization to measure the quality of its processes and improve them according to an evolutionary path based on levels. The Capability Maturity Model Integration (CMMI) addresses the aforementioned Requirements Engineering issues. CMMI defines a set of best practices for process improvement that are divided into several process areas. Requirements Management and Requirements Development are the process areas concerned with Requirements Engineering maturity. Altran Portugal is a consulting company concerned with the quality of its software. In 2012, the Solution Center department has developed and applied successfully a set of processes aligned with CMMI-DEV v1.3, what granted them a Level 2 maturity certification. For 2015, they defined an organizational goal of addressing CMMI-DEV maturity level 3. This MSc dissertation is part of this organization effort. In particular, it is concerned with the required process areas that address the activities of Requirements Engineering. Our main goal is to contribute for the development of Altran’s internal engineering processes to conform to the guidelines of the Requirements Development process area. Throughout this dissertation, we started with an evaluation method based on CMMI and conducted a compliance assessment of Altran’s current processes. This allowed demonstrating their alignment with the CMMI Requirements Management process area and to highlight the improvements needed to conform to the Requirements Development process area. Based on the study of alternative solutions for the gaps found, we proposed a new Requirements Management and Development process that was later validated using three different approaches. The main contribution of this dissertation is the new process developed for Altran Portugal. However, given that studies on these topics are not abundant in the literature, we also expect to contribute with useful evidences to the existing body of knowledge with a survey on CMMI and requirements engineering trends. Most importantly, we hope that the implementation of the proposed processes’ improvements will minimize the risks of mishandled requirements, increasing Altran’s performance and taking them one step further to the desired maturity level

Compliance framework for change management in cloud environments

Mención Internacional en el título de doctorThe Governance, Risk and Compliance (GRC) area is one of the critical management areas for every organization. This is particularly the case for information technology (IT) departments where both human resources and technical infrastructures (software and hardware) need to work seamlessly in order to provide the expected benefits. The study of the literature shows that sound GRC methods are key to running and maintaining secure and compliant computing infrastructures. An important and particularly challenging aspect of the IT landscape is its constant and perpetual evolution in order to keep pace with new and emerging technologies that find their way faster and faster into the organizational infrastructure. Since assessments of risks and compliance aspects always refer to a certain (more or less static) situation, such frequent changes pose a real danger to the overall relevance of these assessments in the mid and longterm perspective. So, a sound approach to ensuring compliance not only punctually (both in time and space) but holistically – considering the complete IT landscape in a continuous way – needs to integrate with the change management function of the organization. Another important development in the last eight to ten years was the emergence of Cloud Computing (CC) as a straightforward and efficient way of providing IT functionality to organizations. While it poses many various challenges to IT management in general, CC is particularly relevant for GRC as it makes an IT provision approach that was previously sometimes applied – outsourcing – to a predominant approach to provide infrastructure (called Infrastructure‐as‐a‐Service or IaaS), platforms (called Platform‐as‐a‐Service or PaaS), and software (called Software‐as‐a‐Service or SaaS) within an organization. CC and outsourcing entail wider challenges for GRC as it involves the inclusion of an external party as a service provider within an organization reflecting specific aspects of provider selection, contract management, service level agreements (SLAs), and monitoring. They become even more challenging in the context of frequent and interdependent changes. Therefore, this thesis is aimed at the definition and validation of a Compliance Framework for Change Management in Cloud Environments (short: CFC MCC). The proposed solution of the problem has been approached from a multidisciplinary point of view taking in consideration aspects from computer science, IT management and IT governance, but also such aspects as legal and cultural dimensions. The proposed solution provides a framework to support the solicitation of requirements from different subject areas (e.g., organizational, technological, cultural) and their subsequent consideration within the change management process of established IT management frameworks such as ITIL. It can be tailored to the specific situation of most organizations and provides a consistent approach to address GRC aspects in rapidly evolving cloud‐based organizational IT landscapes. The scientific discourse within the thesis has been structured following best academic practices and recommendations. In the last phase of the research methodology an empirical validation has been performed to verify the applicability of the framework. The data obtained from the validation indicate that the application of the framework for ensuring compliance in CC environments constitutes a relevant improvement of the change management process.El área de gobernanza, riesgo y cumplimiento (por sus siglas en inglés GRC) es una de las áreas de gestión clave en todas las organizaciones. En el caso de los departamentos de Tecnología de la Información (por sus siglas en inglés IT de Information Technology) el área cuenta con una importancia igualmente crucial. Estos departamentos deben orquestar los recursos de capital intelectual y las infraestructuras hardware y software para contribuir a la generación de beneficios empresariales. La literatura ha demostrado que un conjunto de procedimientos en el área GRC es clave para prestar el servicio de forma eficiente a partir del mantenimiento de una infraestructura tecnológica segura y compatible. Un aspecto importante y particularmente retador en el entorno IT es su constante evolución con el propósito de habilitar la adopción de nuevas tecnologías en apoyo de los procesos corporativos. Dado que la evaluación de riesgos y los aspectos de cumplimiento se refieren a una determinada situación que se puede considerar más o menos estática, los continuos cambios en el entorno IT representan una amenaza para la incorporación de nuevas tecnologías en ámbitos corporativos desde el punto de vista GRC. Por ello, un enfoque sólido para garantizar el cumplimiento no sólo de forma puntual en tiempo y espacio sino de forma integral, considerando el entorno IT en una forma continua e integrada con la gestión del cambio corporativa. Otro desarrollo importante y modificador de la situación actual es la emergencia de la computación en la nube (CC, siglas en inglés de Cloud Computing) como una forma efectiva y eficaz de proporcionar la función IT en las organizaciones. Pese a que CC suscita diversos desafíos para la administración IT, es en particular relevante para GRC ya que habilita la externalización del servicio como una aproximación predominante para proporcionar infraestructura (llamado Infraestructure‐as‐a‐Service o IaaS), plataformas (llamado Platformas‐ a‐Service o PaaS) y software (llamado Software‐as‐a‐Service o SaaS) dentro de una organización. CC y la externalización suponen retos más amplios para GRC, ya que implican la inclusión de un proveedor de servicios externo dentro de una organización. Esta circunstancia aflora cuestiones relativas a la selección de proveedores, la gestión de contratos, los acuerdos de nivel de servicio (por sus siglas en inglés SLA), y el seguimiento de las relaciones y los servicios prestados. Estos aspectos, se convierten en un reto aún mayor en el contexto de los cambios frecuentes e interdependientes en el ámbito IT. Por lo tanto, esta tesis está dirigida a la definición y validación de un marco de cumplimiento para la gestión del cambio en entornos relativos a la nube (abreviatura: CFC MCC). La solución propuesta del problema ha sido abordada desde un punto de vista multidisciplinar, tomando en consideración aspectos de la informática, la gestión de IT y el gobierno de IT pero incorporando también aspectos tales como las dimensiones legales y culturales. La solución propuesta proporciona un marco para apoyar la solicitud de requisitos de diferentes áreas (por ejemplo, organizativos, tecnológicos, culturales) y su posterior consideración en el proceso de gestión del cambio de los marcos establecidos de gestión de TI como pueda ser ITIL. EL marco puede ser adaptado a la situación específica de las organizaciones y proporciona un enfoque coherente para abordar los aspectos de GRC en rápida evolución entornos de TI de la organización basados en la nube. El discurso científico dentro de la tesis se ha estructurado siguiendo las prácticas académicas y recomendaciones de investigación. En la última fase de la metodología de la investigación empírica una validación se ha realizado para verificar la aplicabilidad del marco. Los datos obtenidos de la validación indican que la aplicación del marco para garantizar el cumplimiento en entornos CC constituye una mejora relevante del proceso de gestión del cambio de las organizaciones.Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Antonio de Amescua Seco.- Secretario: José Antonio Manzano Calvo.- Vocal: Ahmed Barnaw

Combining SOA and BPM Technologies for Cross-System Process Automation

This paper summarizes the results of an industry case study that introduced a cross-system business process automation solution based on a combination of SOA and BPM standard technologies (i.e., BPMN, BPEL, WSDL). Besides discussing major weaknesses of the existing, custom-built, solution and comparing them against experiences with the developed prototype, the paper presents a course of action for transforming the current solution into the proposed solution. This includes a general approach, consisting of four distinct steps, as well as specific action items that are to be performed for every step. The discussion also covers language and tool support and challenges arising from the transformation

Including functional and non-technical requirements in a software requirement patterns catalogue

Taking into account the drawbacks presented above for each asset in the PABRE framework, the objectives of this thesis are: 1. Do a systematic review of the existent published works on reuse in Requirements Engineering stage, particularly on the use of patterns to achieve the reuse of requirements during Requirements Engineering. 2. Construction of a complete set of non-technical SRP that can be obtained from the Software Requirement Specifications (SRSs) corresponding to 6 real projects. 3. Study of the Content Management System domain and construction of some examples of functional SRP for this domain from the same 6 SRSs. 4. Check the validity of the current SRP metamodel for its suitability for non-technical and functional SRPs. 5. Validate the structure of SRPs (as it is the base of this thesis) and construct a survey which will be used to know what requirements engineers think about the usability of SRP catalogues in real projects in their different enterprises or organizations and if it will be applicable or not

Guideline to apply the ISO 90003:2004 Standard to SMEs of software development

By undertaking this Final Career Project I have tried to accomplish two main goals: • The main goal has been adapt the ISO 90003:2004 standard to SMEs software development company (purposing norms, procedures, work instructions for every one of the guideline sections), and as an example I have created a Web application named Booking Books. • The second goal has been, by developing the software product with a level of quality accepted and recognized, get certified in the ISO 9001:2008 standard. I hope that all software development SMEs take a firm decision to adapt the standard ISO 9001:2008 or other standard of quality, in order to motivate them to improve their quality and thus be more competitive. The certification is not only a necessity in terms of quality; the standard can keep out of the business to the weaker companies, as it is becoming a prerequisite to have certifications in order to do business.Ingeniería Técnica en Informática de Gestió

Towards a Framework for Smart Manufacturing adoption in Small and Medium-sized Enterprises

Smart Manufacturing (SM) paradigm adoption can scale production with demand without compromising on the time for order fulfillment. A smart manufacturing system (SMS) is vertically and horizontally connected, and thus it can minimize the chances of miscommunication. Employees in an SME are aware of the operational requirements and their responsibilities. The machine schedules are prepared based on the tasks a machine must perform. Predictive maintenance reduces the downtime of machines. Design software optimizes the product design. Production feasibility is checked with the help of simulation. The concepts of product life cycle management are considered for waste reduction. Employee safety, and ergonomics, identifying new business opportunities and markets, focus on employee education and skill enhancement are some of the other advantages of SM paradigm adoption. This dissertation develops an SM paradigm adoption framework for manufacturing SMEs by employing the instrumental research approach. The first step in the framework identified the technical aspects of SM, and this step was followed by identifying the research gaps in the suggested methods (in literature) and managerial aspects for adopting SM paradigm. The technical and the managerial aspects were integrated into a toolkit for manufacturing SMEs. This toolkit contains seven modular toolboxes that can be installed in five levels, depending on an SME’s readiness towards SM. The framework proposed in this dissertation focuses on how an SME’s readiness can be assessed and based on its present readiness what tools and practices the SMEs need to have to realize their tailored vision of SM. The framework was validated with the help of two SMEs cases that have recently adopted SM practices

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Multikonferenz Wirtschaftsinformatik 2010 : Göttingen, 23. - 25. Februar 2010 ; Kurzfassungen der Beiträge

Dieser Band enthält Kurzfassungen der Beiträge zur MKWI 2010. Die Vollversionen der Beiträge sind auf dem wissenschaftlichen Publikationenserver (GoeScholar) der Georg-August-Universität Göttingen und über die Webseite des Universitätsverlags unter http://webdoc.sub.gwdg.de/univerlag/2010/mkwi/ online verfügbar und in die Literaturnachweissysteme eingebunden