Risto Nevalainen

The SPI manifesto and the ECQA SPI manager certification scheme

Software process improvement (SPI) can be seen as a profession having its own competence needs and its own community of interest. European projects EQN and EU Cert have defined skill sets and a common certification scheme for about 20 professions, mainly in the IT domain. European Certification and Qualification Association ECQA is created to manage certification and provide the necessary infrastructure. A common way to approach the IT domain from a process perspective is the ‘3S’ concept (Software, Systems, Services). Software process can be seen as the first spearhead among these. The first software process models, such as CMM and SPICE, have already existed for about 20 years. With all the experience that the models bring, it is reasonable to start the PI profession from the software process. Software Process Improvement Manager (SPI Manager) is one of the new topics in ECQA. The development of the SPI Manager training and certification scheme has been done in many small steps so far. This paper explains the current structure and the main components of SPI Manager competences, training needs and the certification scheme. Several other schemes will be developed in the future for process improvement‐related competences. The current version of the SPI Manager skill set is mainly based on software, systems and service processes and their related reference models. It could also be used in the future in domains other than IT. Copyright

The people aspects in modern process improvement management approaches

Since the beginning of the 1990s, process improvement was considered as a formal issue. Focus was on process description, and improvement was a somewhat better description. Also, process improvement was driven by the customer side. Symptoms were ISO 9001 and Capability Maturity Model (CMM) [11]. This situation remained stable even if at the mid of the fist decade of this century, ISO/IEC 15504 was published. On the contrary, approaches like People Capability Maturity Model Integration (CMMI), EU Support and Guidance to the Procurement of Information and Telecommunication Systems and Services (SPRITE S2) Project and the European Qualification Network European Certification and Qualification Association (ECQA) were established, but their relevance was not recognised by IT people [1]. Currently, we see a move forward to focus on people because they are recognised as key success factors. The first model that really emphasised the ownership and empowerment of people was the Process and Enterprise Maturity Model (PEMM) model of Michael Hammer [14]. In the IT community, Ivar Jacobson [15] developed his approach while criticising the current process description approach. At the same time, Jan Pries-Heje did research related to effective Software Process Improvement (SPI) approaches [6]. In 2007, a first attempt was made to develop a training curriculum for SPI Management. From the very beginning, it was clear that people are a key factor to be addressed. This process of reorientation of the SPI community reached a milestone, when the SPI manifesto [12] was published and the Skill Card for the SPI Manager Qualification Scheme was approved by the authorised Job Role committee. Right now, the first training is delivered and experience is excellent.

Agile maturity model: analysing agile maturity characteristics from the SPICE perspective

The paper discusses structure, quality and content of the currently available agile maturity models. It presents two approaches on how to deal with such models. As a first step of the analysis, the paper contains a compilation of maturity level naming used by these agile maturity models because the variety of level naming is a sign of the variety of understanding and of definition of agile maturity.

Agile Maturity Model: A Synopsis as a First Step to Synthesis

The paper describes the current status of agile maturity models. It shows where such models can be found and it contains a structured top level compilation of the currently available agile maturity models. In the second section, the paper describes an approach to analyse these agile maturity models, extracts their content, maps it to a reference model and then synthesizes the real agile maturity issues. The paper also describes the needs for scientific research in this topic. The paper will not present its own Agile Maturity Model. This will be the task for further research. It intends however to compile current agile maturity model thinking linking it to philosophical issues partly also raised in recent initiatives like the SPI Manifesto, the ECQA PI Manager Certification Scheme and SEMAT.

EU Project SafEUr - Competence Requirements for Functional Safety Managers

Functional Safety has become a vital property of many products and systems. There is a clear trend to move safety functions from pure mechanics into electronic control units. Therefore over the recent years, various standards have evolved describing the properties and certification criteria of safety-critical electronically controlled products and systems. In order for a particular product to be adapted to the requirements of different target markets, the integration of functional safety considerations according to the relevant standards into the complete product creation processes and organisations is essential. This integration requires special competencies that define the new job role of a Functional Safety Manager. This article gives an overview of these competency requirements in the context of the documentation of the first results, the targets, and the scope of the EU project SafEUr, which aims at putting in place a Europe-wide on-line training and certification program for functional safety managers according to the requirements of several industry sectors, as well as the experiences from research and practical safety engineering projects.

Implementing Functional Safety Standards - Experiences from the Trials about Required Knowledge and Competencies (SafEUr)

In the EU project SafEUr (518632-LLP-1-2011-1-AT-LEONARDO-LMP) the partnership developed a skill set with learning objectives, training materials, and tools to teach and coach the implementation of IEC 61508 and ISO 26262. Automotive, Medical, and Nuclear industry gave inputs to the project. A group of above 20 multinational companies (SOQRATES www.soqrates.de) which also are active in automotive industry (some of them represent the largest suppliers in Automotive industry) organised reviews and trial courses with safety managers. This led to a defined set of skills and tools we expect from functional safety managers and functional safety engineers. In this paper we describe the results of SafEUr, the feedback we received from the collaboration with leading automotive industry and the next steps in 2013 to launch this schema with official certificates from end of 2013 onwards.

Additional requirements for process assessment in safety–critical software and systems domain

Certification of safety–critical software is a multi‐disciplinary topic. Process assessment is an essential part of that, but is not enough for software certification. Certification also employs several other method families, such as inspections and reviews, independent V&V, conformance with selected reference standard(s) and use of selected measurements and analyses. Process assessment directly supports qualification of safety–critical applications but is less relevant for certification of platforms and environments. Anyway, qualification and certification are closely related. Certification as a whole supports qualification and makes it more effective. It is possible to adapt and evolve process assessment so that it supports both qualification and certification. Typical process assessment is done for improvement purpose. In qualification and certification it is not so relevant as conformance and management of risks. In this article we discuss the possibilities to develop process assessment to achieve that goal. In most cases assessment is a combination of several approaches. Copyright

Toward nuclear SPICE - integrating IEC 61508, IEC 60880 and SPICE

International Organization for Standardization/International Electrotechnical Commission 15504 has been applied to several domains, where safety is one main characteristic for software and systems. Nuclear power industry is one of the most challenging domains, because of its extreme safety requirements. Nuclear power domain has also a long tradition in using its own standards, classifications and certification schemes.

Situational Factors in Safety Critical Software Development

The generic software development situational factors model has been developed in order that environments within which software is developed can be profiled and better understood. Situational context is a complex concern for software developers, with a broad set of situational factors holding the potential to affect any one software development project. Safety critical software development is broadly similar to other kinds of software development/ engineering. But there are some additional or more dominant situational factors. In this article we conduct a conceptual experiment to define safety critical software development context using situational factors. Eleven such factors are identified, with some of the factors requiring elaboration beyond the detail presently available in the generic situational factors model. We firstly discuss the appropriateness of the selected factors in generic safety critical software development context. Thereafter we apply the selected factors to the medical device and nuclear power domains. Selected situational factors can be used as a high level profile and starting point for more detailed process and safety assessment. Discussion about potential use cases and further development needs is also presented.

Process Assessment in a Safety Domain - Assessment Method and Results as Evidence in an Assurance Case

Applications of process assessment have been established in various domains that require also safety considerations regarding processes, products and services. Often, the scope of the applied process assessment model is inadequate in meeting safety assurance requirements. This paper presents some considerations, how assurance needs could be met with a process assessment method, including both the assessment process and assessment model. Our main domain of interest is nuclear power, and its requirements are used here as examples. The main result is an analysis of the assurance case for systems and software engineering, and how a process assessment method and results can be used as evidence in safety assurance. Our aim is to develop an integrated approach to manage assessment and assurance related evidence in an efficient way.