Antònia Mas

IT Service Management Process Improvement based on ISO/IEC 15504: A systematic review

Context: In recent years, many software companies have considered Software Process Improvement (SPI) as essential for successful software development. These companies have also shown special interest in IT Service Management (ITSM). SPI standards have evolved to incorporate ITSM best practices. Objective: This paper presents a systematic literature review of ITSM Process Improvement initiatives based on the ISO/IEC 15504 standard for process assessment and improvement. Method: A systematic literature review based on the guidelines proposed by Kitchenham and the review protocol template developed by Biolchini et al. is performed. Results: Twenty-eight relevant studies related to ITSM Process Improvement have been found. From the analysis of these studies, nine different ITSM Process Improvement initiatives have been detected. Seven of these initiatives use ISO/IEC 15504 conformant process assessment methods. Conclusion: During the last decade, in order to satisfy the on-going demand of mature software development companies for assessing and improving ITSM processes, different models which use the measurement framework of ISO/IEC 15504 have been developed. However, it is still necessary to define a method with the necessary guidelines to implement both software development processes and ITSM processes reducing the amount of effort, especially because some processes of both categories are overlapped.

Integrating IT service management requirements into the organizational management system

IT service provider organizations that have implemented a Quality Management System (QMS) according to ISO 9001 can take advantage of all the efforts made when implementing an IT Service Management System (ITSMS). In order to facilitate the integration of these two management systems, we analyze the existing relations between the requirements of the QMS and the ITSMS. Based on these results, we provide a new Integrated Management System (IMS) which widens the scope of the ISO 9001 QMS with the specific IT service management requirements of ISO/IEC 20000-1, and present a guide to support organizations in implementing this IMS. The ISO/IEC 20000-1 IT Service Management System (ITSMS) can be integrated with the ISO 9001 Quality Management System (QMS).The relations between the requirements of both management systems have been analyzed.A quality and IT service management Integrated Management System (IMS) is proposed.This new IMS widens the ISO 9001 QMS with the ISO/IEC 20000-1 ITSM requirements.A guide to support organizations in implementing the new IMS is presented.

Lessons learned from an ISO/IEC 15504 SPI programme in a company

This paper describes a first‐hand experience in Software Process Improvement within a Spanish Company which, since 2002, has been involved in an improvement programme led by our research group. We discuss the experience and the results of this improvement programme, as well as the lessons learned to deal with new future improvement initiatives in other companies of our environment. Copyright

Application of ISO/IEC 15504 in Very Small Enterprises

This paper presents the experience of application of the ISO/IEC 15504 standard in eight software companies. Firstly, the objectives, the participants and the work plan are exposed. Secondly, the implementation of the project activities and its results are summarized. And finally, the cost of the implementation is detailed. The project which has allowed this improvement effort in these organizations has been named “QuaSAR II” and represents the continuance of the “QuaSAR” project, a software process improvement initiative started in 2002 in the Balearic Islands.

A project management improvement program according to ISO/IEC 29110 and PMBOK®

This paper describes the results obtained and the lessons learned from the implementation of the ISO/IEC 29110 standard in four small software development companies, clustered in a joint process improvement program. The main results of this initiative have been, on the one hand, the definition of a standardized set of processes and procedures and, on the other, the development of a Process Asset Library to support project management good practices within the participant organizations. The PMBOK® Guide was used to complement the ISO/IEC 29110‐5‐1‐2 standard, in order to provide detailed knowledge about project management inputs, outputs, and best techniques. Copyright

Integrating risk management in IT settings from ISO standards and management systems perspectives

Organizational capabilities in companies, within IT settings, can be strengthened by a centralized and integrated risk management approach based on ISO standards. This paper analyses risk management activities throughout various selected ISO standards in order to provide the basis to improve, coordinate and interoperate risk management activities in IT settings for various purposes related to quality management, project management, IT service management and information security management. Taking as a basis the ISO 31000 international standard for risk management, a comparison is performed with the aim of identifying risk management related activities in the ISO high level structure for management system standards, ISO 9001, ISO 21500, ISO/IEC 20000-1 and ISO/IEC 27001. These standards are of high interest for practitioners in IT settings, benefitting from the integration of process-based activities, implementing mechanisms for linking IT and non-IT entities of their organization with risk management challenges to address. Integration vectors such as the understanding of the organisation and its context, risk-based thinking, leadership and commitment, process approach and PDCA structure are elicited. Risk management in IT settings can be integrated from several ISO standards.Based on ISO 31000, risk management activities in five ISO standards are compared.The goal is to develop a process model for integrating risk management activities.

An investigation of software development process terminology

The practice of software development has evolved considerably in recent decades, with new programming technologies, the affordability of hardware, pervasive internet access and mobile computing all contributing to the emergence of new software development processes. The newer process initiatives, which include those which are sometimes referred to as agile or lean methods, have brought with them new terms, which sometimes reflect the introduction of novel concepts. Other times, new terms correspond to long established concepts that have been repackaged. The net position is that we have a proliferation of language and term usage in the software development process domain, a problem which has implications for assessors and assessment frameworks, and for the broader community. In this paper, we explore this problem, finding that it is worthy of further research. Plus, we identify a technique suited to addressing this concern: the establishment of a canonical software process ontological model.

Implementing information security best practices on software lifecycle processes

The ISO/IEC 15504 international standard can be aligned with the ISO/IEC 27000 information security management framework. During the research conducted all the existing relations between ISO/IEC 15504-5 software development base practices and ISO/IEC 27002 security controls have been analysed and the ISO/IEC 15504 Security Extension has been developed. This extension details the changes that software companies should make in the software lifecycle processes for the successful implementation of the related security controls. To attain our research objectives, we evaluate the ISO/IEC 15504 Security Extension through case studies in a sample of software development organizations. This study follows the design science research paradigm that is based on constructive research. ISO/IEC 15504-5 processes can be adapted to deploy ISO/IEC 27002 controls on them.Relations between ISO/IEC 15504-5 and ISO/IEC 27002 security controls are analysed.From these relations, the ISO/IEC 15504 Security Extension has been developed.The Design Science Research paradigm has been followed during its development.The ISO/IEC 15504 Security Extension has been validated in industry.

Software process improvement through teamwork management

In modern organizations teamwork is considered a key factor for succeeding in business. A growing emphasis on team culture culminates with a great number of articles analyzing different aspects to improve teamwork practises. Since software development projects are normally team efforts, teamwork improvement in software organizations should also be considered essential. In these companies, software process improvement programs based on international maturity standards are current issues in software engineering investigation. In this article, we firstly establish the teamwork key factors for succeeding in software development projects. Secondly, these key factors are analysed taking the ISO/IEC 15504 as a reference improvement framework.

Refactoring software development process terminology through the use of ontology

In work that is ongoing, the authors are examining the extent of software development process terminology drift. Initial findings suggest there is a degree of term confusion, with the mapping of concepts to terms lacking precision in some instances. Ontologies are concerned with identifying the concepts of relevance to a field of endeavour and mapping those concepts to terms such that term confusion is reduced. In this paper, we discuss how ontologies are developed. We also identify various sources of software process terminology. Our work to date indicates that the systematic development of a software development process ontology would be of benefit to the entire software development community. The development of such an ontology would in effect represent a systematic refactoring of the terminology and concepts produced over four decades of software process innovation.