What is CMM?

In the context of software development, although the later version of CMM, known as CMMI (‘Capability Maturity Model Integration’) widened the application of CMM to the generalised business process world.
Basically, it is a formal certification by an external agency of an organisation’s maturity of process framework – specifically the ability to deliver a software project.

Developed and owned by Carnegie Mellon University in the early 1990s, it was based on real data collected from companies about their delivery performance.

If we consider how software companies grow, then there are clear stages in their development as their level of process sophistication grows and they need to maintain and improve quality levels (one hopes) as their organisational complexity increases. After all, ‘Microsoft’ started in a backyard garage in the 1960’s.

There are five process-related developmental stages recognised in the model:

  1. Initial (the backyard garage – typified by a degree of chaos)
  2. Managed (typically there are processes in place with defined management – eg project management)
  3. Defined (process standardisation is in place, with an organisation process focus)
  4. Quantitatively managed (product quality and process performance data is being collected – for example bug insertion rates, individual programmer coding performance – from an ‘engineering’ perspective ).
  5. Optimized - process management – the organisation is formally and continually examining the effectiveness of its process performance, and optimising those processes and the ‘learning organisation’ is achieved.

Each of these maturity levels have defined Key Process Areas (KPAs) which typify that maturity level. Further each KPA has five associated definitions:

  1. Goals
  2. Commitment
  3. Ability
  4. Measurement
  5. Verification

The general nature of these KPAs is apparent and the broader application illustrates the reasons why CMMI was developed to widen application, even as far as ‘People CMM’.

Just as with a human being, an organisation cannot skip a stage (‘miss out adolescence’), although able managers will be able to shorten the timescales.
In the explosion of software development outsourcing to the Indian sub-continent, China and elsewhere, it provided a standardized way of assessing what were basically organisations ‘unknown’  to ‘western’ companies, thereby enabling outsourcing decisions to be made based on objective and independent quality critieria (besides obvious commercial criteria).

However, there is a distinction to drawn. With able (and suitably experienced) management software companies can grow and thrive without the CMM ‘badge’ – for example Microsoft. Whilst not necessarily pursuing formal assessment, the CMM checklists provide managers with a useful way of internally assessing their organisation.

After all, CMM grew out of the US Government’s search for a framework by which to assess potential contractors, and it is in this external delivery context that it is most useful. It is particularly beneficial to software/solutions companies which are delivering one-off development projects. It enables them to promote a maturity level which should give customers a degree of confidence and enables potential customers to compare potential solutions suppliers.

CMM may be contrasted with ISO9001 standards. ISO does provide a gradation of maturity as does CMM. ISO is about a minimum acceptable quality level for software processes. As someone who has worked in organisations under both categorisations (and implemented ISO9001 compliant systems in software houses), the difference to the author is only too obvious.

In an ISO9000 accredited company (a customer of mine), a manager once said to me (in somewhat stronger language) – ‘what we make is not of great quality, but its level of quality is consistent and standardized’.

© 2010 Phil Marks. All Trade and Service Marks are acknowledged.