Business-oriented Software Process Improvement based on CMM and CMMI using QFD

Software Process Improvement (SPI) has become the key to the survival of many software development organizations. Many international SPI models/standards are developed for SPI. The Capability Maturity Model (CMM) and Capability Maturity Model Integrated (CMMI)) from the Software Engineering Institute are two SPI models. In this study, several existing SPI models and approaches are reviewed, their advantages are identified, and their drawbacks are discussed. A set of new SPI frameworks integrating Quality Function Deployment (QFD) with both CMM and CMMI are developed by combining the best features of previous approaches and addressing their limitations --Abstract, page iii

A requirements-based software process maturity model

The requirements phase of software development is an on-going problem for the software engineering community. The many disparate recommendations and best practices found in the literature make it difficult for software organisations to recognise which practices apply to their individual needs. The aim of this thesis is to pull together key solutions into a framework that allows practitioners to assess where their requirements process needs strengthening and to provide a means in which improvements can be achieved. In this thesis I show how I design, develop and validate a model of requirements engineering processes. This requirements capability maturity model (R-CMM) adheres to the characteristics of the Software Engineering Institute's Software Capability Maturity Model (SW-CMM) and is designed to take practitioners from an immature process capability through to an advanced capability. I contribute to the body of knowledge in both software process improvement and requirements engineering (RE) by providing rigorous detail of how a process maturity framework is developed to support RE practices. The model is generic and should apply to many software development organisations. The R-CMM guides users towards a view of RE that is based on goals and is problem driven. The SW-CMM framework is transformed into a simplified model that relates goals and problems to individual RE practises

Maturity Models Architecture: A large systematic mapping

Maturity models are widespread in research and in particular, IT practitioner communities. However, theoretically sound, methodologically rigorous and empirically validated maturity models are quite rare.  This systematic mapping paper focuses on the challenges faced during the development of maturity models. More specifically, it explores the literature on maturity models and standard guidelines to develop maturity models, the challenges identified and solutions proposed.  Our systematic mapping  revealed over six hundred articles on maturity models. Extant literature reveals that researchers have primarily focused on developing new maturity models pertaining to domain-specific problems and/or new enterprise technologies. We find rampant re-use of the design structure of widely adopted models such as Nolan’s Stage of Growth Model, Crosby’s Grid, and Capability Maturity Model (CMM). We also identify three dominant views of maturity models and provide guidelines for various approaches to constructing maturity models with a standard vocabulary. We finally propose using process theories and configurational approaches to address the main theoretical criticisms with regard to maturity models and conclude with some recommendations for maturity model developers

Methodological approaches for software process improvement in multi-model environments

Programa de Doutoramento em Informática das Universidades do Minho, de Aveiro e do PortoSoftware has improved quality of life dramatically and has now a vital role in today’s society, supporting simple services that range from simple electronic shopping to software responsible for flying planes or performing remote medical surgery. The demand on services is increasing and the result are systems of software that grow in size and complexity. For that reason these software systems are more prone to faults and software quality is an increasing concern for organisations developing software. The costs associated to lack of quality can simply put a software organisation out of business and worst, result in loss of human life. The need to ensure high levels of software quality motivates organisations to adopt approaches to improve their software development process, also referred to software improvement models or simply improvement models. There are two paradigms to process improvement, the benchmark and the analytical based process improvement approaches. Benchmark based approaches are prescriptive in nature, defining requirements or prescribing a set of practices originating from top performing organisations, that are adopted by organisations aiming to improve their software process. Analytical approaches are based on strategies that aim first, to define business, process and product goals and then establish a clear understating of the impact of process performance in these goals. A recent trend in software process improvement in the adoption of more than one improvement model into a single organisational environment, originating what are denominated multi-model environments. The goal is to attain the cumulative added benefit of adopted models. Several challenges arise in these multi-model environments that motivate the research work of this dissertation. One challenge in multi-model environments is the comparison of improvement models for selection and integration purposes and existing approaches compare models in qualitative terms. We propose metrics of size and complexity to compare improvement models in quantitative terms. Additionally, in multi-model environments, ensuring compliance to model adopted is often expected and desired. We develop a model to manage compliance of organisational practices with multiple improvement models minimising the effort required for establishing compliance in these environments. In cooperation with CRITICAL Software S.A. a process improvement process is proposed alighted with the analytical paradigm to process improvement and a set of CMMI-Dev level 5 specific goals. Finally we also addressed the issue of modelling complex system of processes that result from adopting multiple improvement models. The main research method guiding this dissertation was Design Research. We followed the steps in the method in different extents. For validation purposes the method expects demonstration and experimental validation. We focussed mainly on demonstration and we lack the desired level of experimentation. Nonetheless we provide detailed demonstrations of proposed solutions. These were submitted and accepted in peer reviewed international conferences. The main contribution of this dissertation is the demonstration, through practical scenarios, of a set to meteorological approaches to addresses challenges on conducting software process improvement in multi-model environments.O Software melhorou a qualidade de vida de uma forma considerável e assume agora um papel vital no suporte a simples serviços como pagamentos eletrónicos a software que é responsável pelo voo em aviões e por possibilitar cirurgia médica remota. A procura por novos serviços baseados em software está a aumentar e a diversificar-se. O resultado prático é que os sistemas de software estão a aumentar em tamanho e em complexidade. Por esta razão, estes sistemas incorrem num maior risco de exibir falhas e a qualidade do Software é uma procuração crescente nas organizações que desenvolvem software. Falta de qualidade pode simplesmente levar uma empresa à falência ou no pior cenário, resultar em perda de vidas humanas. A necessidade de assegurar elevados níveis de qualidade no software motiva as organizações a adotar abordagens para melhoria do processo de desenvolvimento de software, também referidas como modelos de melhoria do software ou simplesmente modelos de qualidade. Existem dois paradigmas na melhoria do processo de desenvolvimento de software, uma primeira abordagem baseada em práticas de referência e uma segunda abordagem de base analítica. As abordagens baseadas em práticas de referência assumem um carácter prescritivo definindo um conjunto de requisitos ou práticas, originárias de organizações com processos de desenvolvimento com elevados níveis de desempenho. Os modelos resultantes são adotados pelas organizações que procuram idênticos níveis de desempenho. As abordagens analíticas são alicerçadas em estratégias que visam numa primeira fase definir objetivos de negócio, de processo e de produto e depois perceber, de uma forma clara o impacto das fraquezas da organização na capacidade de esta atingir os objetivos identificados. Uma vaga recente no domínio da melhoria do processo de software é a adoção de mais do que um modelo de melhoria pela mesma organização, originando os denominados ambientes de melhoria multi-modelo. O objetivo é acumular os benefícios dos modelos adotados. Novos desafios emergem nestes ambientes que motivam o esforço de investigação desta dissertação. Um desafio nestes ambientes ´e a comparação de modelos de qualidade para efeitos de seleção e integração. As abordagens existentes permitem comparar os modelos de uma forma qualitativa. No ˆâmbito desta dissertação um dos contributos ´e uma pro posta de métricas de tamanho e de complexidade de forma a permitir uma comparação de base quantitativa. De igual forma, nos ambientes multi-modelo, assegurar o alinhamento das práticas organizacionais com os modelos adotados ´e na maior parte das vezes um requisito. No âmbito desta dissertação propomos um modelo que permite gerir a informação sobres as práticas organizacionais implementadas e os requisitos/práticas prescritas pelos modelos de melhoria adotados com o objetivo de minimizar o esforço necessário para assegurar o alinhamento de práticas organizacionais e os modelos adotados. Adicionalmente e em parceria com a empresa CRITICAL Software S.A., é proposto um processo para a melhoria do processo de desenvolvimento de software alinhado com a abordagem analítica de melhoria de processos e com os objetivos específicos da área de processo de nível 5 do CMMI-Dev. Finalmente, abordamos o problema de modelação de processos de software de elevada complexidade que resultam tipicamente da adoção de vários modelos de qualidade. É proposta uma abordagem de modelação de processos a níveis elevados de abstração que permite o seu refinamento para modelos de mais baixo nível, baseado num conjunto de regras de transição que permite a sua conversão de uma forma sistemática. A metodologia de investigação adotada nesta dissertação foi Design Research e executámos os passos expectáveis da metodologia na extensão possível. No objetivo de validação, o método espera o uso de demonstrações e de experimentação. O nosso principal foco foi a demonstração, não tendo sido possível atingir o nível de experimentação desejável. Porém, o detalhe e extensão das descrições nas demonstrações é elevado e o trabalho foi submetido e aceite em conferências internacionais da área. A contribuição desta dissertação é a demonstração, através de cenários práticos, de um conjunto de abordagens para endereçar desafios emergentes nas organizações que adotam múltiplos modelos de qualidade na melhoria do processo de software

The SMPI model : a stepwise process model to facilitate software measurement process improvement along the measurement paradigms

Software engineering, software measurement, software process engineering, capability, maturityMagdeburg, Univ., Fak. für Informatik, Diss., 2007René Braungarte

Identifying functional requirements inconsistencies in multiteam projects framed into a model-based methodology

REP (Requirements Engineering Process) is one of the most essential processes within the software project life cycle because it allows describing software product requirements. This specification should be as consistent as possible to enable estimating in a suitable manner the effort required to obtain the final product. REP is complex in itself, but this complexity is greatly increased in big, distributed and heterogeneous projects with multiple analyst teams and high integration among functional modules. This paper presents an approach for the systematic conciliation of functional requirements in big projects dealing with a model based approach. It also explains how this approach may be implemented in the context of NDT (Navigational Development Techniques) methodology and finally, it describes a preliminary evaluation of our proposal in CALIPSOneo project by analyzing the improvements obtained with our approach.Ministerio de Economía y Competitividad TIN2016-76956-C3-2-R (POLOLAS)Ministerio de Economía y Competitividad TIN2013-46928-C3-3-RMinisterio de Economía y Competitividad TIN2015-71938-RED

Development of an integrated safety, health and environmental management capability maturity model for Ghanaian construction companies

With high rates of accidents, injuries, illnesses, negative environmental impacts and other well-being issues still recorded in the construction sector, as well its social and economic impacts, the need for safety health and environmental (SHE) improvement has become critical. Management systems, particularly environmental management systems (EMS) and safety management systems (SHMS), have been identified as innovative and systematic approaches for companies to manage SHE risks effectively in order to improve their SHE performance. However, the adoption and implementation of EMS and SHMS in the construction sector, particularly in developing countries like Ghana, has been slow and generally low, mainly due to cost and the bureaucracy that comes with the parallel implementation of standalone management systems. There is, therefore, a need for an integrated SHE management framework for effective SHE risks management and control in the construction sector. However, there is no single integrated SHE management framework for construction organisations to use, especially those within developing countries. Neither is there any mechanism by which construction companies can ascertain their capability in implementing integrated SHE management in order to guide efforts to improve their SHE performance. This research was undertaken to develop an integrated SHE management capability maturity model (SHEM-CMM) that can be used by construction firms in the Ghanaian construction industry.To achieve the aim of the study, a quantitative research approach was adopted. It involved a comprehensive literature review to generate potential capability attributes relevant to integrated SHE management. Following the literature review, a survey of experienced SHE experts was undertaken in order to verify the suitability of the identified integrated SHE management capability attributes. Subsequently, a three-round Delphi technique was undertaken with experienced SHE management experts (round 1 n=41, round 2 n=31 and round 3 n=30) and accompanied by the application of voting analytical hierarchy process, to ascertain the relative weight/priority of the capability attributes. This study found 20 integrated SHE management capability attributes which are clustered into five categories, namely: strategy; process; people; resources; and information. Collectively, the attributes within the ‘strategy’ category are the most important, followed by the ‘people’ and then ‘process’ attributes. Drawing on the capability maturity concept, an integrated SHE management capability maturity model (SHEM-CMM) was developed. The model is composed of 20 integrated SHE management capability attributes which are mapped on to five levels of capability maturity ranging from Level 1 to Level 5, and with each level having a distinct maturity level descriptor. The integrated SHEM-CMM was then validated by 59 construction professionals including SHE experts in construction companies operating in the Ghanaian construction industry in order to ensure the adequacy and practical usefulness of the model. This research has contributed to the existing body of knowledge on SHE management by establishing integrated SHE management capability attributes and their relative weight of importance. Furthermore, the research has developed a novel integrated SHEM-CMM which has practical usefulness in the construction industry. The model provides a systematic approach for SHE management capability evaluation and improvement in construction. It is anticipated that the developed capability maturity model would be used by construction firms to systematically assess their SHE management capability and identify ways to further improve their SHE management in order to obtain better SHE performance outcomes

Computer Science & Technology Series : XVIII Argentine Congress of Computer Science. Selected papers

CACIC’12 was the eighteenth Congress in the CACIC series. It was organized by the School of Computer Science and Engineering at the Universidad Nacional del Sur. The Congress included 13 Workshops with 178 accepted papers, 5 Conferences, 2 invited tutorials, different meetings related with Computer Science Education (Professors, PhD students, Curricula) and an International School with 5 courses. CACIC 2012 was organized following the traditional Congress format, with 13 Workshops covering a diversity of dimensions of Computer Science Research. Each topic was supervised by a committee of 3-5 chairs of different Universities. The call for papers attracted a total of 302 submissions. An average of 2.5 review reports were collected for each paper, for a grand total of 752 review reports that involved about 410 different reviewers. A total of 178 full papers, involving 496 authors and 83 Universities, were accepted and 27 of them were selected for this book.Red de Universidades con Carreras en Informática (RedUNCI

Partnerien sertifiointi keskisuuressa ohjelmistoyrityksessä

Delivering software via partners adds one additional layer of complexity and uncertainty to the software delivery process. Inappropriate management of the partners could risk the solution implementation and affect negatively to the partner, software provider, and the customer. Certifications are one tool that can be used to manage and control these relationships. It is not clear however when and how certifications should be used in soft-ware sales. This Master’s thesis studies how certifications are used by independent software vendors and should they certify their partners. The study starts by defining what are the typical partnership models in business software sales and then investigates different aspects of certification in partnerships. First, the typical certification models are presented, and then factors which potentially affect the decision about certification program implementation are discovered. The study focuses on independent software vendors and, e.g., companies who make customer specific software is excluded. The study is exploratory in nature; thus, the aim is to discover new aspects rather than confirm. The study discovered that there are four main types of partnership models used by medium-sized companies: co-selling model, sales agent model, value-added reseller model, and OEM model. The models differ mainly on how the responsibility of the software delivery is shared. In co-selling, the independent software vendor is fully responsible for the end customer and the delivery, whereas in OEM model the partner controls the end customer. It is not clear exactly when a company should start certifying its partners as it depends heavily on the context. The relevance of certification can be evaluated by looking at the partnerships and the certification from four different perspectives: training, quality, governance, and marketing. By using these perspectives this study identifies key questions ISVs face in partnerships and potential factors which can affect the decision of implementing a certification program.Ohjelmiston toimittaminen partnerien kautta lisää toimituksen monimutkaisuutta ja epävarmuutta. Huonosti hallittu kumppanuus voi riskeerata toimituksen onnistumisen ja vaikuttaa negatiivisesti partneriin, ohjelmistotaloon sekä loppuasiakkaaseen. Sertifiointi on yksi työkalu, jota voidaan käyttää hallitsemaan kumppanuutta. Ei ole kuitenkaan selvää, milloin ja miten sertifiointia tulisi käyttää. Tämä diplomityö tutkii kuinka itsenäiset ohjelmistotalot käyttävät sertifiointia ja pitäisikö keskisuuren ohjelmistotalon sertifioida heidän partnerinsa. Työ alkaa määrittelemällä mitkä ovat tyypillisiä partnerimalleja, joita ohjelmistojen myynnissä käytetään. Sen jälkeen työssä käsitellään sertifiointia, joka alkaa tyypillisten sertifiointi mallien esittämisellä. Lopuksi tunnistetaan tekijät jotka voivat vaikuttaa ohjelmistotalon päätökseen luoda oma sertifiointiohjelma. Työ keskittyy itsenäisiin ohjelmistotaloihin ja siten esimerkiksi ohjelmistotaloja, jotka kehittävät asiakaskohtaisia ohjelmia ei tutkittu. Tämä tutkimus on eksploratiivinen, joten tavoitteena on löytää uusia näkökulmia aiheeseen sen sijaan, että vahvistettaisiin jo tiedossa olevia. Tutkimuksessa havaittiin, että itsenäisillä ohjelmistotaloilla on myynnissä pääsääntöisesti neljänlaisia partnerimalleja: co-selling malli, sales agent malli, value-added reseller -malli, sekä OEM malli. Mallit eroavat toisistaan pääsääntöisesti vastuujaoissa ohjelmiston toimituksessa. Co-selling mallissa ohjelmistotalo vastaa täysin loppuasiakkaasta ja toimituksesta, kun taas OEM mallissa partnerilla on kontrolli loppuasiakkaasta. Sertifioinnin osalta ei ole selvää, milloin täsmälleen yrityksen kannattaa sertifioida partnerinsa, koska se riippuu vahvasti ympäristöstä jossa yritys operoi. Sertifioinnin kannattavuutta voi arvioida tarkastelemalla kumppanuutta neljästä näkökulmasta: koulutus, laatu, hallinto, ja markkinointi. Tässä tutkimuksessa näitä näkökulmia käytettiin kumppanuuden avainkysymysten ja tekijöiden tunnistamiseen, jotka voivat vaikuttaa sertifiointiohjelman luomiseen

Compliance framework for change management in cloud environments

Mención Internacional en el título de doctorThe Governance, Risk and Compliance (GRC) area is one of the critical management areas for every organization. This is particularly the case for information technology (IT) departments where both human resources and technical infrastructures (software and hardware) need to work seamlessly in order to provide the expected benefits. The study of the literature shows that sound GRC methods are key to running and maintaining secure and compliant computing infrastructures. An important and particularly challenging aspect of the IT landscape is its constant and perpetual evolution in order to keep pace with new and emerging technologies that find their way faster and faster into the organizational infrastructure. Since assessments of risks and compliance aspects always refer to a certain (more or less static) situation, such frequent changes pose a real danger to the overall relevance of these assessments in the mid and longterm perspective. So, a sound approach to ensuring compliance not only punctually (both in time and space) but holistically – considering the complete IT landscape in a continuous way – needs to integrate with the change management function of the organization. Another important development in the last eight to ten years was the emergence of Cloud Computing (CC) as a straightforward and efficient way of providing IT functionality to organizations. While it poses many various challenges to IT management in general, CC is particularly relevant for GRC as it makes an IT provision approach that was previously sometimes applied – outsourcing – to a predominant approach to provide infrastructure (called Infrastructure‐as‐a‐Service or IaaS), platforms (called Platform‐as‐a‐Service or PaaS), and software (called Software‐as‐a‐Service or SaaS) within an organization. CC and outsourcing entail wider challenges for GRC as it involves the inclusion of an external party as a service provider within an organization reflecting specific aspects of provider selection, contract management, service level agreements (SLAs), and monitoring. They become even more challenging in the context of frequent and interdependent changes. Therefore, this thesis is aimed at the definition and validation of a Compliance Framework for Change Management in Cloud Environments (short: CFC MCC). The proposed solution of the problem has been approached from a multidisciplinary point of view taking in consideration aspects from computer science, IT management and IT governance, but also such aspects as legal and cultural dimensions. The proposed solution provides a framework to support the solicitation of requirements from different subject areas (e.g., organizational, technological, cultural) and their subsequent consideration within the change management process of established IT management frameworks such as ITIL. It can be tailored to the specific situation of most organizations and provides a consistent approach to address GRC aspects in rapidly evolving cloud‐based organizational IT landscapes. The scientific discourse within the thesis has been structured following best academic practices and recommendations. In the last phase of the research methodology an empirical validation has been performed to verify the applicability of the framework. The data obtained from the validation indicate that the application of the framework for ensuring compliance in CC environments constitutes a relevant improvement of the change management process.El área de gobernanza, riesgo y cumplimiento (por sus siglas en inglés GRC) es una de las áreas de gestión clave en todas las organizaciones. En el caso de los departamentos de Tecnología de la Información (por sus siglas en inglés IT de Information Technology) el área cuenta con una importancia igualmente crucial. Estos departamentos deben orquestar los recursos de capital intelectual y las infraestructuras hardware y software para contribuir a la generación de beneficios empresariales. La literatura ha demostrado que un conjunto de procedimientos en el área GRC es clave para prestar el servicio de forma eficiente a partir del mantenimiento de una infraestructura tecnológica segura y compatible. Un aspecto importante y particularmente retador en el entorno IT es su constante evolución con el propósito de habilitar la adopción de nuevas tecnologías en apoyo de los procesos corporativos. Dado que la evaluación de riesgos y los aspectos de cumplimiento se refieren a una determinada situación que se puede considerar más o menos estática, los continuos cambios en el entorno IT representan una amenaza para la incorporación de nuevas tecnologías en ámbitos corporativos desde el punto de vista GRC. Por ello, un enfoque sólido para garantizar el cumplimiento no sólo de forma puntual en tiempo y espacio sino de forma integral, considerando el entorno IT en una forma continua e integrada con la gestión del cambio corporativa. Otro desarrollo importante y modificador de la situación actual es la emergencia de la computación en la nube (CC, siglas en inglés de Cloud Computing) como una forma efectiva y eficaz de proporcionar la función IT en las organizaciones. Pese a que CC suscita diversos desafíos para la administración IT, es en particular relevante para GRC ya que habilita la externalización del servicio como una aproximación predominante para proporcionar infraestructura (llamado Infraestructure‐as‐a‐Service o IaaS), plataformas (llamado Platformas‐ a‐Service o PaaS) y software (llamado Software‐as‐a‐Service o SaaS) dentro de una organización. CC y la externalización suponen retos más amplios para GRC, ya que implican la inclusión de un proveedor de servicios externo dentro de una organización. Esta circunstancia aflora cuestiones relativas a la selección de proveedores, la gestión de contratos, los acuerdos de nivel de servicio (por sus siglas en inglés SLA), y el seguimiento de las relaciones y los servicios prestados. Estos aspectos, se convierten en un reto aún mayor en el contexto de los cambios frecuentes e interdependientes en el ámbito IT. Por lo tanto, esta tesis está dirigida a la definición y validación de un marco de cumplimiento para la gestión del cambio en entornos relativos a la nube (abreviatura: CFC MCC). La solución propuesta del problema ha sido abordada desde un punto de vista multidisciplinar, tomando en consideración aspectos de la informática, la gestión de IT y el gobierno de IT pero incorporando también aspectos tales como las dimensiones legales y culturales. La solución propuesta proporciona un marco para apoyar la solicitud de requisitos de diferentes áreas (por ejemplo, organizativos, tecnológicos, culturales) y su posterior consideración en el proceso de gestión del cambio de los marcos establecidos de gestión de TI como pueda ser ITIL. EL marco puede ser adaptado a la situación específica de las organizaciones y proporciona un enfoque coherente para abordar los aspectos de GRC en rápida evolución entornos de TI de la organización basados en la nube. El discurso científico dentro de la tesis se ha estructurado siguiendo las prácticas académicas y recomendaciones de investigación. En la última fase de la metodología de la investigación empírica una validación se ha realizado para verificar la aplicabilidad del marco. Los datos obtenidos de la validación indican que la aplicación del marco para garantizar el cumplimiento en entornos CC constituye una mejora relevante del proceso de gestión del cambio de las organizaciones.Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Antonio de Amescua Seco.- Secretario: José Antonio Manzano Calvo.- Vocal: Ahmed Barnaw