A maturity model for the Spanish software industry based on ISO standards

doi:10.1016/j.csi.2013.04.002

Computer Standards & Interfaces

Volume 35, Issue 6, November 2013, Pages 616-628

https://doi.org/10.1016/j.csi.2013.04.002 Get rights and content

Highlights

•
A Software Engineering Maturity Model was produced for Spanish software industry.
•
The model is based on standards: ISO/IEC 12207, ISO/IEC 15504 and ISO/IEC 17021.
•
It allows a certification of the organizational maturity for software enterprises.
•
Helping to improve the software development quality in all types of enterprises.
•
Currently there are 38 development enterprises certified by AENOR in this model.

Abstract

Many organizations are implementing process improvement models, seeking to increase their organizational maturity for software development. However, implementing traditional maturity models involves a large investment (as regards money, time and resources) which is beyond the reach of vast majority of small organizations. This paper presents the use and adaptation of some ISO models in the creation of an organizational maturity model for the Spanish software industry. This model was used satisfactorily to (i) improve the software processes of several Spanish small firms, and (ii) obtain an organizational maturity certification for software development, granted by the Spanish Association for Standardization and Certification.

Introduction

The software industry is made up mainly of small and medium software companies [1] which favor the growth of national economies [2]. One important concern of software industry companies has been the development of software products with an optimum use of resources, time and costs [3]; in other words, the quest is to be efficient. In this respect, small companies need efficient Software Engineering practices that are suitable for their particular characteristics. These practices would support the development of products of high quality [2] which must evolve if they are to adapt to new demands and scenarios [4] as they seek to make these companies become more competitive. In recent years, a key research area in the software engineering community has been the evaluation of the maturity of software processes, given its impact on the efficiency of the software product development process [5]. According to [6], a maturity model “contains the essential elements of effective processes for one or more disciplines and describes an evolutionary improvement path from ad-hoc, immature processes to disciplined, mature processes with improved quality and effectiveness”. Having efficient processes by means of organizational maturity helps a firm understand its position in terms of process management and execution [5]. This in turn leads to an increase in software product quality since, according to [7], there is a close relationship between software process quality and the software product quality obtained using this process.

It is precisely because of the considerations outlined above that software development firms are putting greater and greater emphasis on building their software products to a level of quality that allows them to meet the needs of their clients satisfactorily, as they strive to compete adequately in the local and international markets. At the present time, the strategy of gaining certification in one quality model or another is used by software development companies. This is done to guarantee the quality of the enterprise's products; certification is an element that, amongst other things, marks a company out from its competitors and gives it a good sales image in the eyes of its customers. A number of software process capability/maturity models have been developed and these are being used for software process improvement/assessment by companies [8]. At the moment, the most popular and most widely-used certification in the world for cataloging the maturity of a software-development organization is CMMI-DEV [9]. For some considerable time now, however, this model has been the only option for a certification of this type. That has meant that it has had a monopoly, such that the costs (associated with consulting and more especially with certification) have put the service beyond the reach of most of the firms which form part of the software industry. On this very issue, the study carried out by [10] concludes that many firms do not adopt CMMI because of its high costs. The fact that it is inappropriate for small-scale organizations (which make up the greater part of the software industry) is another disadvantage. Moreover, this model takes a long time to implement.

Bearing in mind the above state of affairs, together with the present-day economic climate, we believed that it was important to offer another option for the certification of organizational maturity (focused on software development) to firms in the Spanish software industry (thinking especially of those small firms with fewer than 50 employees). That offer had to be both appropriate and accessible. To create this new scheme for the certification of organizational maturity for software development, we counted on the support of different actors in the country, such as the government and the industry itself, as well as the scientific-academic community in Spain. The input from this synergy brought into being a Software Engineering Maturity Model (also called Organizational Maturity Model in this paper) which allows us to assess and to certify the software enterprises by means of organizational maturity levels (in the same way as the CMMI model does). It is important to highlight that this model:

•
was financed by the Spanish Ministry of Industry, Tourism and Trade.
•
involved researchers from universities and practitioners from organizations of the Software Engineering field, and used mainly the ISO/IEC 15504 part 2 [11] and 7 [12] standards, as well as ISO/IEC 12207 [13] for its creation.
•
has the backing of the Spanish Association for Standardization and Certification — AENOR (www.aenor.es), the body responsible for offering certification in this model.
•
has financial support (from the Spanish Ministry of Industry, Tourism and Trade), for those firms wishing to opt for this certification.
•
provides the certification that is required of any software development firm which wishes to bid for official tenders or contracts with the Spanish state.

This paper, then, seeks to present a Software Engineering Maturity Model that has been produced for the Spanish software industry. The model aims to be an effective tool in helping to improve the quality of software development in organizations that wish to tackle certification schemes related to organizational maturity in the context of software development. The goal is to strengthen their productivity and competitiveness in the national and international markets. The proposed certification scheme is based on: (i) a software lifecycle process model in accordance with the ISO/IEC 12207 Standard, (ii) a model for assessing the capability of these processes and the maturity of the organizations to develop software in accordance with parts 2 and 7 from ISO/IEC 15504 Standard respectively, and (iii) requirements of the audit according to ISO/IEC 17021 standard [14]. The paper also sets out the results of the use of this model in carrying out the audit of 16 firms which have obtained their corresponding AENOR Certificate for Level 2 in compliance with the Software Engineering Maturity Model created.

These introductory comments have set the scene; Section 2 goes on to present a more detailed background, in which the research methods and the project context are explained and the related work in this field is referred too. The Software Engineering Maturity Model developed is described in Section 3. Section 4 sets out the use of this model from the viewpoint of the auditors during the audit process in the enterprises aiming to achieve the certification. Finally, Section 5 discusses the work performed in relation to the development and application of the model and Section 6 presents our conclusions and future lines of work.

Section snippets

Method used to develop the maturity model

In [15] the existing methods and recommended practices for developing maturity models are analyzed. This study makes it clear that there are four stages which these methods consider for the development of a maturity model: (i) inception stage, in which the problem and participants in the development are identified, existing models are analyzed, and scope and goals are defined; (ii) elaboration stage, in which the design strategy and architecture of the model are established, that is, the levels

Building the maturity model

The Software Engineering Maturity Model, created by the work group under the coordination and supervision of AENOR, is made up of three components:

•
A model for assessing the capability of the processes and the maturity of software-developing organizations, based on parts 2 and 7 from ISO/IEC 15504 respectively.
•
A software lifecycle process model, based on ISO/IEC 12207.
•
An auditing process based on the ISO/IEC 17021 standard.

In the following lines each one of these components of the model produced

Appling the software engineering maturity model

Initially, the organizational maturity model for the Spanish software industry defined was applied in the enterprise group that took part in the pilot project for the certification conformance with this model. The certification process was led by AENOR and the first step of this association was to make up an auditors' pool and an advisers' pool of this model. In this respect, from the project work group, AENOR selected a set of people to train as auditors of the Software Engineering Maturity

Discussion

The enterprises who took part in the pilot project for the certification conformance with the software engineering maturity model expressed the views that this model: (i) was an important and practical aid for reflecting on the base and management practices needed to increase the capability of their software development processes, and (ii) was useful in tackling improvement in these processes in the quest to reach a organizational maturity level. On the other hand, experiences obtained from the

Conclusions

The fact that there was no international ISO certification available for process improvement at the level of organizational maturity led to the creation of a model for the evaluation of software processes by maturity levels, presented in this paper. The model proposed, based on ISO standards, is for small enterprises in the Spanish software industry. Its main objective is to minimize the problems presently experienced by small software development firms when implementing models of process

Acknowledgments

We acknowledge the assistance of the Spanish Ministry of Industry, Tourism and Trade, as well as of the projects GEODAS (TIN2012-39493-C03-01, MEC of Spain) and Agreement Unicauca-UCLM (4982-4901273). Francisco J. Pino acknowledges the contribution of the University of Cauca, where he works as a full professor.

Javier Garzás has an MsC and a PhD in Computer Science at the University of Castilla-La Mancha (UCLM). CEO at KybeleConsulting and associate professor at Rey Juan Carlos University. His research interests include the Capability Maturity Model Integration, object-oriented design, and software process and project management. Solid professional experience on software factories, software quality, and software process improvement, and testing. Contact details: Kybele Consulting SL, Madrid, Spain;

References (32)

R. Colomo-Palacios et al.
Software product evolution for Intellectual Capital Management: the case of Meta4 PeopleNet
International Journal of Information Management
(2011)
G. Valdés et al.
Conception, development and implementation of an e-Government maturity model in public agencies
Government Information Quarterly
(2011)
M. Staples et al.
An exploratory study of why organizations do not adopt CMMI
Journal of Systems and Software
(2007)
F. Pino et al.
Assessment methodology for software process improvement in small organizations
Information and Software Technology
(2010)
M. Díaz-Ley et al.
MIS-PyME software measurement capability maturity model — supporting the definition of software measurement programs and capability determination
Advances in Engineering Software
(2010)
M.E. Fayad et al.
Software engineering in the small
Communications of the ACM
(2000)
F. Pino et al.
Software process improvement in small and medium software enterprises: a systematic review
Software Quality Journal
(2008)
F. Ahmed et al.
A business maturity model of software product line engineering
Information Systems Frontiers
(2011)
F. Ahmed et al.
An organizational maturity model of software product line engineering
Software Quality Journal
(2010)
SEI
CMMI for Develpment, Version 1.3

A. Fuggetta

Software process: a roadmap

J.C. Rossa Hauck et al.

Proposing an ISO/IEC 15504-2 compliant method for process capability/maturity models customization

ISO

ISO/IEC 15504-2:2003/Cor.1:2004(E). Information technology – process assessment – part 2: performing an assessment

(2004)

ISO

ISO/IEC TR 15504-7:2008. Information technology – process assessment – part 7: assessment of organizational maturity

(2008)

ISO

ISO/IEC 12207:2008 systems and software engineering — software life cycle processes

(2008)

ISO

ISO/IEC 17021:2011. Conformity assessment – requirements for bodies providing audit and certification of management systems

(2011)

Cited by (40)

Optimized decision support for BIM maturity assessment
2023, Automation in Construction
Building information modeling (BIM) maturity models occupy a crucial role in guiding BIM-reliant stakeholders and enterprises to identify BIM capabilities and facilitate process improvements. Nevertheless, few quantitative BIM maturity models are available for the measurement and improvement of BIM utilization performance. This study designs a refined assessment system for the maturity measurement of BIM-based projects during the design and construction stages. The advocated BIM maturity model combines a probability distribution function aggregation paradigm and a large-scale group decision-making framework to provide an expert-based assessment system for evaluating project-based BIM performance. The case study of the Corning Gen 10.5 glass substrate production line workshop in Wuhan demonstrates the feasibility and effectiveness of the proposed model. This paper establishes a generalizable structural framework that can potentially facilitate BIM maturity analysis in a portfolio of projects or the industry as a whole and will generate fresh insight into designing quantitative BIM maturity models across various contexts.
Demand response process assessment model: Development and case study assessment
2022, Computer Standards and Interfaces
Demand response is a new study area and many countries intend to create roadmaps to activate their implementations. Smart Grid Maturity Model (SGMM) defines the characteristics and targets related to customer, but it does not adequately elaborate and provide a guiding perspective for demand response.
In addressing the gap mentioned, this article presents a Demand Response Process Assessment Model (DRPAM) as a fundamental proposal towards evaluating, implementing, and improving capabilities of customers’ demand response processes.
The standard of ISO/IEC 33004 and the second maturity level of “Customer” domain in SGMM were referenced to develop the DRPAM. Literature studies and technical reports were examined to determine the key processes of the model, while Waterfall and Agile software development models and Action Workflow Loop were used to identify process practices. The set of key processes was defined, updated and verified using expert opinions gathered by Delphi study technique applied in five rounds. It was then used for an exploratory case study assessment in an organization that conducts research and development activities in this field.
Eight processes were identified with purpose, outcomes, base practices, work products (as inputs and outputs), and responsible roles of implementation. DRPAM is the first detailed model intended to reduce time and energy loss for demand response pilot studies of customers. The results of the case study assessment indicated that DRPAM was found satisfactory in identifying capabilities of demand response processes and of providing a roadmap for their improvement. As future work, the model will be validated by conducting multiple case studies.
System quality and security certification in seven weeks: A multi-case study in Spanish SMEs
2021, Journal of Systems and Software
Citation Excerpt :
As to future work, the recommendations that emerged from this case study will be implemented in future versions of the SevenWeeks method, as follows: In addition, we intend to carry out a multi-case study to evaluate to what extent SevenWeeks could be successfully applied to software process improvement, in relation to the ISO/IEC 29110 (Larrucea and Santamaria, 2018) or the ISO/IEC 15504/33000 (Garzás et al., 2013) standards. In fact, there is evidence that most small software organisations do not adopt the existing standards because they perceive them as being orientated towards large organisations, and studies have shown that small firms’ negative perceptions of process model standards are primarily driven by negative views of cost, documentation, and bureaucracy (Laporte et al., 2008).
Every company wishes to improve its system quality and security, all the more so in these times of digital transformation, since having a good quality and security management system is essential to any company’s commercial survival. Such needs are even more pressing for small and medium-sized enterprises (SMEs), given their limited time and resources. To address these needs, a Spanish company, Proceso Social, has developed an innovative method called “SevenWeeks” to allow SMEs to create or improve their quality and security management systems in just seven weeks, with a view to obtaining one or both of the ISO 9001 and ISO/IEC 27001 certifications.
We have evaluated the effectiveness and usefulness of SevenWeeks by carrying out a multi-case study of 26 Spanish companies, based on independent sources of evidence.
This allowed us to corroborate that SevenWeeks was indeed effective for and perceived as useful by all the companies, as it enabled them to create their own quality and security management systems in only seven weeks and to obtain the necessary ISO certification. The interviewees found SevenWeeks to be an agile and intuitive method, easy to implement, which reduces costs and effort. We also include some recommendations to improve and further develop the method.
Green IT Governance and Management based on ISO/IEC 15504
2018, Computer Standards and Interfaces
Citation Excerpt :
The ISO/IEC 15504 [8], also known as Software Process Improvement Capability Determination (SPICE), is a set of standards, developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), that propose models for improving and assessing processes related to information systems and software products. ISO/IEC 15504 has been applied in many fields such as aerospace [9], software engineering [10], government [11], risk management [12], automotive [13,14], information security [15], health [16,17], nuclear energy [18], among others. However, so far there is no application of this standard in the field of Green IT.
Organizations around the world are increasingly concerned about the environment, adopting sustainable practices in their business processes. In the field of Information Technologies (IT) several Green IT practices have been proposed, but in isolation, so a framework is needed if the Green IT is to be implemented and improved in an efficient and integrated way. In this paper, we propose a maturity model (based on ISO/IEC 15504) to help organizations implement the governance and management of Green IT gradually, as well as to improve their maturity level in this area. The validation of this proposal by experts and a case study seems to indicate that the proposal can be useful for implementing and improving the Green IT processes in organizations.
Identifying HCI approaches to support CMMI-DEV for interactive system development
2018, Computer Standards and Interfaces
Software process capability maturity models are currently widely used in industry. To perform the practices defined in these models, software engineering approaches are applied. We have experimented the definition of a large number of methods, techniques, patterns, and standards for the conception, design, implementation, and evaluation of interactive systems focusing on Human–Computer Interaction (HCI) issues. Nevertheless, it is well-known that HCI approaches are not largely used in industry. In order to take advantage of the widespread use of capability maturity models, we have worked on the identification of appropriate HCI approaches for each practice of the engineering advocated by the most known model - the CMMI-DEV (Capability Maturity Model Integration for Development). By exploring the CMMI-DEV and the literature, we identified a set of HCI approaches for the development of interactive systems. Twenty HCI experts were interviewed for the Validation and improvement of this initial set. As a result, we identified 14 HCI categories of approaches with examples of methods, techniques, patterns, and standards adequate for performing engineering practices of the CMMI-DEV when developing interactive systems.
Do staged maturity models result in organization-wide continuous process improvement? Insight from employees
2017, Computer Standards and Interfaces
During the last two decades, staged models have been successfully used by software organizations for process improvement. However, the relationship between these models and organization-wide continuous process improvement has not been studied extensively. This study questions the continuity, extent and participation characteristics of software process improvement by analyzing the software process improvement activities and employee perceptions within two different software companies that has CMMI level-3 certification. In order to perform this analysis a multiple case study in two phases were performed. In the first phase the process improvement suggestions submitted by the employees are analyzed from three aspects, namely the submitter, timing, and content characteristics. In the second phase, the employees’ perception regarding the organization-wide continuous process improvement activities are analyzed by performing a factor analysis on questionnaire results obtained from the employees. The results of the multiple-case study show that there are shortcomings with respect to organization-wide continuous process improvement. It is seen that the software process improvement activities are not performed in a continuous manner. In addition, the contribution of employees to these activities and their perspectives of process improvement are highly dependent on their role within the organization. Based on these findings, it is concluded that staged maturity models fail to enable organization-wide continuous process improvement. Organizations employing these models display a case of process-wise oligarchy where a minority manages the processes for a majority who use them. We believe that these findings should generate the incentive to more deeply analyze these shortcomings and determine improvement opportunities for staged models.

View all citing articles on Scopus

Francisco J. Pino has a European PhD in Computer Science from the University of Castilla-La Mancha (UCLM), Spain. He is currently a full professor at the Electronic and Telecommunications Engineering Faculty at the University of Cauca, in Popayán (Colombia). He is a member of the IDIS Research Group and his research interests are: software process improvement in small companies and qualitative research methods for Software Engineering. Contact details: Universidad del Cauca, Popayán, Colombia; [email protected].

Mario Piattini is a full professor at the UCLM. He holds the PhD degree in Computer Science from the Technical University of Madrid (UPM) and leads the Alarcos Research Group. He is CISA, CISM, CGEIT and CRISC by ISACA. His research interests include software quality, metrics and maintenance. He is the Director of the Joint UCLM–Indra Software Research and Development Center and the Institute of Information Systems and Technologies. Contact details: Escuela Superior de Informática (UCLM), Ciudad Real, Spain; [email protected].

Carlos Manuel Fernández has an MsC in Computer Science from the Technical University of Madrid (UPM). He is the Manager of ICT and Auditor leader of ICT from Spanish Association for Standardization and Certification — AENOR. He is CISA and CISM by ISACA and he is certified ITIL Foundations. He holds over 30 years of experience in the ICT sector and 20 of them in Control and Audit of information systems. He has been associate professor in the Universidad Pontificia de Salamanca in Madrid (UPSAM) from 1987. Contact details: AENOR, Madrid, Spain; [email protected].

View full text

A maturity model for the Spanish software industry based on ISO standards

Highlights

Abstract

Introduction

Section snippets

Method used to develop the maturity model

Building the maturity model

Appling the software engineering maturity model

Discussion

Conclusions

Acknowledgments

International Journal of Information Management

Government Information Quarterly

Journal of Systems and Software

Information and Software Technology

Advances in Engineering Software

Software engineering in the small

Communications of the ACM

Software process improvement in small and medium software enterprises: a systematic review

Software Quality Journal

A business maturity model of software product line engineering

Information Systems Frontiers

An organizational maturity model of software product line engineering