Technical points of the standard/development ideas/context of the standard

Ideas for formulating standards

In order to speed up the formulation of software capability model standards in my country, the Science and Technology Department of the Ministry of Information Industry established a special working group on software system evaluation standards on September 28, 2000, and proposed the principle of "based on my country's software policy, using advanced international experience, and combining my country's national conditions to formulate evaluation model standards that will help guide and promote the development of my country's software companies."

The special working group is led by the Electronic Standardization Institute of the Ministry of Information Industry (4), and is attended by representatives from Beijing Liyouhe Company, the Electronic Institute 5 of the Ministry of Information Industry, Heli Jinqiao Company, Peking University Founder Company, Datang Software Company, Lenovo Shenzhou Digital Company, Great Wall Computer Software and Systems Company, Chuangzhi Company, Tianjin Jinka Engineering Company, Beijing Shilin Computer Company, Guangzhou Xintai Technology Company, Beijing Sofwell Software Technology Company, Inspur Qilu Software Industry Company, Beijing Zhongyou Green Card Financial Network Company, Guangzhou Ruixin Software Technology Company, Beijing Aerospace Zhitong Electronics Company, and Beijing Beijia Information System Company.

Based on the above principles, the working group identified two main goals for standard setting: one is to support software companies and software organizations within companies to implement continuous internal improvements to their own software process capabilities; the other is to support second-party and third-party evaluations of software companies' comprehensive software capabilities.

Focusing on these two goals, the working group carried out its work according to the following ideas:

1. Two standards were formulated, among which: the "Software Process Capability Assessment Model" targets a single process and serves the internal improvement of software companies; the "Software Capability Maturity Model" targets a collection of processes and serves the evaluation of the comprehensive capabilities of software companies.

2. Study international common practices and standards, learn from them or refer to them in light of my country’s actual situation, take the parts that are useful to my country, and continuously improve and innovate in practice.

3. Learn from the successful management experience of software enterprises, minimize the uncertainty of various provisions in the standards, and give full play to the role of software enterprises in standard formulation. Conduct pilot projects while formulating so as to verify the standards and ensure their operability.

4. The content of the standard is arranged for large software companies, and tailored guidelines are used to deal with small software companies or organizations.

5. Adapt to the needs of economic globalization and my country's software industry development strategy, give full consideration to the coordination with international standards and foreign advanced standards, and prepare for international cooperation.

6. Through standard formulation, a backbone team will be initially formed to implement software process capability assessment and comprehensive software capability assessment according to the standard model.

Based on the research work in the past few years, the working group further studied CMM, CMMI, ISO/IEC TR 15504, ISO 9000-3 and other related materials and documents, and determined to use CMMI as the main reference document to formulate standards in light of national conditions. While reviewing the draft standards in meetings and soliciting opinions online, the working group organized a standard pilot, and finally formed the formal industry standards of "Software Process Capability Assessment Model" and "Software Capability Maturity Model".

Standard context
From CMM to CMMI

The full English name of the Capability Maturity Model for Software is Capability Maturity Model for Software, abbreviated as SW-CMM. The CMM referred to in many occasions in my country is SW-CMM.

The origin of CMM is as follows. In order to support the US Department of Defense in objectively evaluating the capabilities of software contractors, the Carnegie Mellon University Software Engineering Institute (SEI) proposed the "Capability Maturity Model Framework" for software in 1987, and published the "Software Capability Maturity Model" (SW-CMM) version 1.0 and SW-CMM version 1.1 from 1991 to 1993, and published the "System Engineering and Software Engineering Integrated Capability Maturity Model" (CMMI-SE/SW) version 0.2 and CMMI-SE/SW version 1.0 and "System Engineering, Software Engineering and Integrated Product and Process Development Integrated Capability Maturity Model" (CMMI-SE/SW/IPPD version 1.1) from 1999 to 2000. As far as software is concerned, CMMI is a revised version of SW-CMM. In fact, according to SEI's original plan, version 2.0 of SW-CMM should be published in 1998. Due to the progress of the Software Process Assessment (SPA) international standard project, the US Department of Defense ordered a temporary halt to the advancement to SW-CMM version 2.0 in order to absorb the strengths of SPA, and thus CMMI was born. It combines the more reasonable, scientific and thorough advantages of the SW-CMM version 2.0 draft C and SPA. When publishing CMMI-SE/SW V1.0, SEI announced that it would take about two years to complete the transition from CMM to CMMI.

Since 1987, SEI has been trying out CMM level assessments for US defense contractors. After the release of SW-CMM V1.0, the US Department of Defense Contract Review Committee proposed that the contracting unit could stipulate in the bidding process that "the bidder must accept the CMM-based assessment", and the contracting unit would use the assessment results as one of the important factors in selecting the contractor. From another perspective, accepting and conducting the CMM assessment only qualifies you to bid for US military projects, and the CMM assessment is by no means a pass to enter the US market.

Since CMM evaluation has a significant role in promoting software process improvement, SEI has seen the huge commercial prospects of CMM evaluation. Therefore, SEI has introduced CMM-based evaluation to the market as a commercial behavior since 1990. Over the years, software organizations and enterprises that have received CMM evaluation have spread from the U.S. defense project contracting field to the general economic field and other countries and regions.

CMMI and TR 15504

Inspired by the SW-CMM concept, ISO/IEC JTC1 launched the international standardization project on Software Process Assessment (SPA) in 1991 and released ISO/IEC TR 15504 "Software Process Assessment" in 1995. Its purpose is to recommend some good software engineering practices to the world's software industry, and to ensure that the results of software process assessments are comparable worldwide, so that assessors have a unified basis for judging software process assessments. ISO/IEC TR 15504 is similar to the continuous representation of CMMI. The reason for this is that when SEI was developing CMMI, the US Department of Defense required CMMI to be consistent with ISO/IEC 15504, and the people who developed CMMI also participated in the development of TR 15504 as experts in the international standard project working group. After ISO/IEC released TR 15504 in 1995, SEI not only continued to use the maturity level approach (i.e. the staged representation of CMMI) in the development of CMMI, but also absorbed the characteristics of TR 15504 and added a continuous representation of CMMI similar to 15504.

ISO/IEC TR 15504 is a Type 2 technical report that is currently being converted into a formal international standard and is expected to be published in 2003.

ISO 9001 and CMM

Both CMM and ISO 9001 are based on total quality management and describe processes, but they are designed in different ways and belong to two different systems. ISO 9001 is a quality assurance model applicable to all professional fields. However, for software organizations, even with the addition of ISO 9000-3 as an implementation guide, there is still considerable room for auditors to interpret. In terms of software capability assessment, the software capabilities of organizations that have passed ISO 9001 certification may vary greatly.

CMM is also a model, so it is also a description of common characteristics. However, unlike ISO 9001, which is applicable to all manufacturing and service industries, CMM is a model designed specifically for the software industry to describe software process capabilities. It is a very "specialized" model. In fact, considering the large uncertainty in the certification audit of software organizations according to ISO 9001, the design of CMM tries to reduce the auditor's room for interpretation. Therefore, not only clear goals and key practices that reflect these goals are given for each key process, but also clear definitions and detailed descriptions are given for each key practice, so that there is better consistency and reliability when evaluating according to CMM. CMM is specifically for the software industry, while ISO 9001 has a wide range of applications (such as hardware, software, and services), that is, one is a "specialized" model and the other is a "general" model.

ISO 9001 and CMM do not completely overlap each other in terms of content. Chapter 4 of ISO 9001 is about 5 pages, ISO 9000-3 is about 43 pages, and CMM is more than 500 pages. The biggest difference between the two documents is that CMM emphasizes continuous process improvement - through evaluation, a "achievement profile" describing the actual comprehensive software process capabilities of the enterprise can be given; while ISO 9001 involves the minimum acceptable standards of the quality system, and its audit results have only two: "pass" if it is achieved (including "achieved after rectification"), and "fail" if it is not achieved.