Francisco J. Pino

Software process improvement in small and medium software enterprises: a systematic review

Small and medium enterprises are a very important cog in the gears of the world economy. The software industry in most countries is composed of an industrial scheme that is made up mainly of small and medium software enterprises—SMEs. To strengthen these types of organizations, efficient Software Engineering practices are needed—practices which have been adapted to their size and type of business. Over the last two decades, the Software Engineering community has expressed special interest in software process improvement (SPI) in an effort to increase software product quality, as well as the productivity of software development. However, there is a widespread tendency to make a point of stressing that the success of SPI is only possible for large companies. In this article, a systematic review of published case studies on the SPI efforts carried out in SMEs is presented. Its objective is to analyse the existing approaches towards SPI which focus on SMEs and which report a case study carried out in industry. A further objective is that of discussing the significant issues related to this area of knowledge, and to provide an up-to-date state of the art, from which innovative research activities can be thought of and planned.

An ontology for the harmonization of multiple standards and models

Harmonization plays an important role in organizations that are seeking to resolve manifold needs at their different hierarchical levels through multiple models such as CMMI, ISO 90003, ITIL, SWEBOK, COBIT, amongst others. A great diversity of models involves a wide heterogeneity not only about structure of their process entities and quality systems, but also with regards to terminology. This article presents an ontology which: provides the main concepts related to harmonization of multiple models; is supported by a web tool and; has been applied for the harmonization of COBIT 4.1, Basel II, VAL IT, RISK IT, ISO 27002 and ITIL. Research highlights In this article we present an ontology, which has been used in three real contexts of harmonization. The context of harmonization included multiple models and standards such as ISO 27001 and ISO 20000, ISO 9001 and CMMI, the harmonization of COBIT 4.1, Basel II, VAL IT, RISK IT, ISO 27002 and ITIL V3, as well as in the developing of a web tool to support the harmonization of multiple models. What we have learned has led us to recognize specific considerations, described here, along with the conjectures that we have established, all of which should be taken into account when implementing a harmonization project.

Assessment methodology for software process improvement in small organizations

Context: Diagnosing processes in a small company requires process assessment practices which give qualitative and quantitative results; these should offer an overall view of the process capability. The purpose is to obtain relevant information about the running of processes, for use in their control and improvement. However, small organizations have some problems in running process assessment, due to their specific characteristics and limitations. Objective: This paper presents a methodology for assessing software processes which assist the activity of software process diagnosis in small organizations. There is an attempt to address issues such as the fact that: (i) process assessment is expensive and typically requires major company resources and (ii) many light assessment methods do not provide information that is detailed enough for diagnosing and improving processes. Method: To achieve all this, the METvalCOMPETISOFT assessment methodology was developed. This methodology: (i) incorporates the strategy of internal assessments known as rapid assessment, meaning that these assessments do not take up too much time or use an excessive quantity of resources, nor are they too rigorous and (ii) meets all the requirements described in the literature for an assessment proposal which is customized to the typical features of small companies. Results: This paper also describes the experience of the application of this methodology in eight small software organizations that took part in the COMPETISOFT project. The results obtained show that this approach allows us to obtain reliable information about the strengths and weaknesses of software processes, along with information to companies on opportunities for improvement. Conclusion: The assessment methodology proposed sets out the elements needed to assist with diagnosing the process in small organizations step-by-step while seeking to make its application economically feasible in terms of resources and time. From the initial application it may be seen that this assessment methodology can be useful, practical and suitable for diagnosing processes in this type of organizations.

Harmonization of ISO/IEC 9001: 2000 and CMMI-DEV: from a theoretical comparison to a real case application

In the past years, both industrial and research communities in Software Engineering have shown special interest in Software Process Improvement—SPI. This is evidenced by the growing number of publications on the topic. The literature offers numerous quality frameworks for addressing SPI practices, which may be classified into two groups: ones that describe “what” should be done (ISO 9001, CMMI) and ones that describe “how” it should be done (Six Sigma, Goal Question Metrics-GQM). When organizations decide to adopt improvement initiatives, many models may be implied, each leveraging the best practices provided, in the quest to address the improvement challenges as well as possible. This may at the same time, however, generate confusion and overlapping activities, as well as extra effort and cost. That, in turn, risks generating a series of inefficiencies and redundancies that end up leading to losses rather than to effective process improvement. Consequently, it is important to move toward a harmonization of quality frameworks, aiming to identify intersections and overlapping parts, as well as to create a multi-model improvement solution. Our aim in this work is twofold: first of all, we propose a theoretical harmonization process that supports organizations interested in introducing quality management and software development practices or concerned about improving those they already have. This is done with specific reference to CMMI-DEV and ISO 9001 models in the direction “ISO to CMMI-DEV”, showing how GQM is used to define operational goals that address ISO 9001 statements, reusable in CMMI appraisals. Secondly, we apply the theoretical comparison process to a real case, i.e., a Small Enterprise certified ISO 9001.

Key processes to start software process improvement in small companies

To support Small Software Enterprises -- VSEs-- when they are dealing with the first processes that must be considered as they undertake a project of Software Process Improvement --SPI--, we have defined a set of processes which we consider to be of high-priority when initiating the implementation of an improvement project in VSEs. This paper introduces this set of processes and the way in which they have been obtained, based on the analysis and synthesis of three research works carried out within the context of the COMPETISOFT project. It also describes our experience of the application of both the process selection and the prioritization strategy in four VSEs. The result of implementing the proposal shows that it is feasible to implement it in VSEs and that it can be done with an expense of effort that is suitable for them.

A maturity model for the Spanish software industry based on ISO standards

Many organizations are implementing process improvement models, seeking to increase their organizational maturity for software development. However, implementing traditional maturity models involves a large investment (as regards money, time and resources) which is beyond the reach of vast majority of small organizations. This paper presents the use and adaptation of some ISO models in the creation of an organizational maturity model for the Spanish software industry. This model was used satisfactorily to (i) improve the software processes of several Spanish small firms, and (ii) obtain an organizational maturity certification for software development, granted by the Spanish Association for Standardization and Certification.

A Process for Driving Process Improvement in VSEs

A success factor in Software Process Improvement -SPI- in very small enterprises -VSEs- is that improvement effort must be guided and managed by means of specific process. Nonetheless, many proposals related to this issue have not considered that type of process explicitly. So, aiming to establish SPI in VSEs systematically and coherently, we have defined a light process for managing and leading the improvement process step-by-step, called PmCOMPETISOFT. This paper introduces that process, which guides the implantation of an improvement cycle in an iterative and incremental manner. It also describes our experience of the application of the proposed process in four VSEs, through case studies. The results of the case studies show that the companies increased the capability of their processes, and that it is feasible to implement this process in this type of organizations, by investing an effort which corresponds to the particular characteristics of each.

Homogenization, comparison and integration: a harmonizing strategy for the unification of multi-models in the banking sector

Information Technologies (IT) play a crucial role in the development of the business processes in organizations. Acquiring the best technologies is quickly becoming as important as understanding and improving the business model of organizations. As a result, many (inter)national standards and models for IT Management, IT Government and IT Security have been developed. This situation allows organizations to choose and improve their processes, selecting the models that best suit their needs. Since several relationships between these models can be found, carrying out the harmonization of their similarities and differences will make it possible to reduce the time and effort involved in implementing them. In this paper, we present a harmonization strategy which has been defined to harmonize COBIT 4.1, Basel II, VAL IT, RISK IT, ISO 27002 and ITIL V3. This work intends to support organizations which are interested in knowing how to carry out the harmonization of these models. Furthermore, as a result of the execution of the harmonization strategy we have defined, a unified model for Banking, called ITGSM, is presented. It resolves the conflicts between the models mentioned above and provides a useful reference model to organizations that are planning to adopt them.

Trends in Harmonization of Multiple Reference Models

Diverse models currently exist in the field of Software Engineering which help organizations to apply recommended practices in order to support ther multiple needs in the areas of software development, maintenance and operation, security, IT government, etc. Examples of such models are CMMI, ISO 9001, ISO 12207, ISO 27001, COBIT, ITIL. Nevertheless, many differences exist between these models, since each model defines its own structure, terminology, definitions and quality systems, amongst other aspects. This issue increases the complexity when an organization is required to apply two or more models in order to satisfy its needs. Organizations must, therefore, define the most appropriate means of choosing and implementing multi-models, and harmonization may be one solution. This paper presents a systematic literature review with the aim of analyzing the state of the art with regard to inititatives concerning the harmonization of multiple reference models. As a result, it has been concluded that there is currently a lack of guidelines with which to help organizations to implement the harmonization of multiple models, and of a unified terminology with which to homogenize the diversity of the structure of the different models and the harmonization techniques which can be applied. In order to address these issues, a framework to support the harmonization of multiple models is outlined.

A process for driving the harmonization of models

At present, there are several factors that may influence an organization in needing to work with more than one reference model. The following can be highlighted: (i) market niches with specific models, (ii) improvement of practices from legacy process models, (iii) business positioning, (iv) leveraged or merger corporate (v) systematic search of the capability of the processes, (vi) business growth, among others. Currently, however, there is no detailed strategy to address the harmonization of reference models. So, the aim of this paper is to present a process that defines the elements necessary to support the harmonization of multiple reference models. This process allows us to guide the implementation of a harmonization project systematically. It also describes our experience of the application of the proposed process in one organization. These results show that the process and the harmonization techniques used to support the objectives of harmonization of ISO 27001 and ISO 20000 of the company involved were suitable.