Maria Teresa Baldassarre

An ontology for the harmonization of multiple standards and models

Harmonization plays an important role in organizations that are seeking to resolve manifold needs at their different hierarchical levels through multiple models such as CMMI, ISO 90003, ITIL, SWEBOK, COBIT, amongst others. A great diversity of models involves a wide heterogeneity not only about structure of their process entities and quality systems, but also with regards to terminology. This article presents an ontology which: provides the main concepts related to harmonization of multiple models; is supported by a web tool and; has been applied for the harmonization of COBIT 4.1, Basel II, VAL IT, RISK IT, ISO 27002 and ITIL. Research highlights In this article we present an ontology, which has been used in three real contexts of harmonization. The context of harmonization included multiple models and standards such as ISO 27001 and ISO 20000, ISO 9001 and CMMI, the harmonization of COBIT 4.1, Basel II, VAL IT, RISK IT, ISO 27002 and ITIL V3, as well as in the developing of a web tool to support the harmonization of multiple models. What we have learned has led us to recognize specific considerations, described here, along with the conjectures that we have established, all of which should be taken into account when implementing a harmonization project.

Harmonization of ISO/IEC 9001: 2000 and CMMI-DEV: from a theoretical comparison to a real case application

In the past years, both industrial and research communities in Software Engineering have shown special interest in Software Process Improvement—SPI. This is evidenced by the growing number of publications on the topic. The literature offers numerous quality frameworks for addressing SPI practices, which may be classified into two groups: ones that describe “what” should be done (ISO 9001, CMMI) and ones that describe “how” it should be done (Six Sigma, Goal Question Metrics-GQM). When organizations decide to adopt improvement initiatives, many models may be implied, each leveraging the best practices provided, in the quest to address the improvement challenges as well as possible. This may at the same time, however, generate confusion and overlapping activities, as well as extra effort and cost. That, in turn, risks generating a series of inefficiencies and redundancies that end up leading to losses rather than to effective process improvement. Consequently, it is important to move toward a harmonization of quality frameworks, aiming to identify intersections and overlapping parts, as well as to create a multi-model improvement solution. Our aim in this work is twofold: first of all, we propose a theoretical harmonization process that supports organizations interested in introducing quality management and software development practices or concerned about improving those they already have. This is done with specific reference to CMMI-DEV and ISO 9001 models in the direction “ISO to CMMI-DEV”, showing how GQM is used to define operational goals that address ISO 9001 statements, reusable in CMMI appraisals. Secondly, we apply the theoretical comparison process to a real case, i.e., a Small Enterprise certified ISO 9001.

An industrial case study on reuse oriented development

Software reuse can become a key factor for improving and guaranteeing software quality, when adopted systematically all along the software process. The main characteristic of reuse-oriented processes is that they require a common repository for storing, searching and retrieving software modules. Moreover, reuse occurs systematically and is an integrated part of the process. Previous works of the same authors have empirically shown that the full reuse maintenance model (FRM) slows down quality degradation following to maintenance interventions on a software system. This work is a further step in the investigation towards demonstrating how reuse oriented development (ROD) impacts on software quality; how it favors FRM model; and finally, whether reuse-oriented development influences productivity, and as so, is more efficient. This has been done through a case study carried out on two ongoing industrial projects. Results are positive and support our research hypotheses.

Replication types: towards a shared taxonomy

Context: The software engineering community is becoming more aware of the need for experimental replications. In spite of the importance of this topic, there is still much inconsistency in the terminology used to describe replications. Objective: Understand the perspectives of empirical researchers about various terms used to characterize replications and propose a consistent taxonomy of terms. Method: A survey followed by plenary discussion during the 2013 International Software Engineering Research Network meeting. Results: We propose a taxonomy which consolidates the disparate terminology. This taxonomy had a high level of agreement among workshop attendees. Conclusion: Consistent terminology is important for any field to progress. This work is the first step in that direction. Additional study and discussion is still necessary.

Homogenization, comparison and integration: a harmonizing strategy for the unification of multi-models in the banking sector

Information Technologies (IT) play a crucial role in the development of the business processes in organizations. Acquiring the best technologies is quickly becoming as important as understanding and improving the business model of organizations. As a result, many (inter)national standards and models for IT Management, IT Government and IT Security have been developed. This situation allows organizations to choose and improve their processes, selecting the models that best suit their needs. Since several relationships between these models can be found, carrying out the harmonization of their similarities and differences will make it possible to reduce the time and effort involved in implementing them. In this paper, we present a harmonization strategy which has been defined to harmonize COBIT 4.1, Basel II, VAL IT, RISK IT, ISO 27002 and ITIL V3. This work intends to support organizations which are interested in knowing how to carry out the harmonization of these models. Furthermore, as a result of the execution of the harmonization strategy we have defined, a unified model for Banking, called ITGSM, is presented. It resolves the conflicts between the models mentioned above and provides a useful reference model to organizations that are planning to adopt them.

Trends in Harmonization of Multiple Reference Models

Diverse models currently exist in the field of Software Engineering which help organizations to apply recommended practices in order to support ther multiple needs in the areas of software development, maintenance and operation, security, IT government, etc. Examples of such models are CMMI, ISO 9001, ISO 12207, ISO 27001, COBIT, ITIL. Nevertheless, many differences exist between these models, since each model defines its own structure, terminology, definitions and quality systems, amongst other aspects. This issue increases the complexity when an organization is required to apply two or more models in order to satisfy its needs. Organizations must, therefore, define the most appropriate means of choosing and implementing multi-models, and harmonization may be one solution. This paper presents a systematic literature review with the aim of analyzing the state of the art with regard to inititatives concerning the harmonization of multiple reference models. As a result, it has been concluded that there is currently a lack of guidelines with which to help organizations to implement the harmonization of multiple models, and of a unified terminology with which to homogenize the diversity of the structure of the different models and the harmonization techniques which can be applied. In order to address these issues, a framework to support the harmonization of multiple models is outlined.

A process for driving the harmonization of models

At present, there are several factors that may influence an organization in needing to work with more than one reference model. The following can be highlighted: (i) market niches with specific models, (ii) improvement of practices from legacy process models, (iii) business positioning, (iv) leveraged or merger corporate (v) systematic search of the capability of the processes, (vi) business growth, among others. Currently, however, there is no detailed strategy to address the harmonization of reference models. So, the aim of this paper is to present a process that defines the elements necessary to support the harmonization of multiple reference models. This process allows us to guide the implementation of a harmonization project systematically. It also describes our experience of the application of the proposed process in one organization. These results show that the process and the harmonization techniques used to support the objectives of harmonization of ISO 27001 and ISO 20000 of the company involved were suitable.

HProcessTOOL: a support tool in the harmonization of multiple reference models

If companies are to fulfil their business goals then they must implement more than one software process improvement or information technology management model. The heterogeneity of these models signifies that their harmonization in accordance with company goals has become a key initiative. It is therefore necessary to provide companies with suitable software tools which facilitate the implementation and management of the activities, methods, techniques and reference models involved in a harmonization project, thus allowing the harmonization to be properly carried out. This paper therefore presents the HProcessTOOL which guides harmonization projects by supporting specific techniques, and supports their management by controlling and monitoring the resulting harmonization projects. The tool has been applied in two case studies, and has allowed the work products, effort, time and roles involved in the harmonization projects, and the knowledge generated, to be correctly managed.

Empirical studies for innovation dissemination: ten years of experience

Context: technology transfer and innovation dissemination are key success factors for an enterprise. The shift to a new software technology determines inevitable changes to ingrained and familiar processes and at the same time leads to changes in practices, requires training and commitment on behalf of technical staff and management. As so, it cannot leave out neither organizational nor technical factors. Objective: our conjecture is that the process of innovation dissemination is facilitated if the new technology is supported by empirical evidence. In this sense, Empirical Software Engineering (ESE) serves as support for transferring an innovation, either it being a process or product, within production processes. Method: this paper investigates the relation between empirical studies and technical/organizational factors in order to identify the most suitable empirical study for disseminating an innovation in an enterprise. The analysis has been carried out with respect to empirical studies carried out during a ten year time span within the Software Engineering Research LABoratory (SERLAB), at the University of Bari. Results: the results point out that a critical factor in designing empirical studies is the quality model, i.e. measurement program defined by researchers during the study and used to collect relevant information on the effectiveness and efficacy of the innovation being transferred, in order to gain commitment on behalf of stakeholders who will finally adopt the technology. Conclusion: the study outcomes provide an empirically founded guideline that can be used when choosing the most appropriate approach for addressing an innovation.

Comparing ISO/IEC 12207 and CMMI-DEV: Towards a mapping of ISO/IEC 15504-7

Software process improvement is a planned, managed and controlled effort which aims to enhance the capability of the software development processes of an organization. In particular, SPI often involves process reference models, process assessment methods and models that guide process improvement though specific standards such as the ISO and CMMI families. Recently, growing interest has been shown towards the need for harmonization of different improvement technologies with the aim of presenting an integrated vision about the standards. In this sense this paper presents a comparison between the process areas of CMMI-DEV and the processes described in the latest version of ISO/IEC 12207:2008. Based on these results we investigate the relationship between the CMMI-DEV and ISO/IEC 15504-7 models with the aim of identifying the degree of coverage of CMMI-DEV maturity levels in relation to ISO/IEC 15504-7.