Models and Standards

ISO 17025 is an international standard that specifies the general requirements for the competence to carry
out tests and or calibrations. There are 15 management requirements and 10 technical requirements. These
requirements outline what a laboratory must do to become accredited. Management system refers to the
organization's structure for managing its processes or activities that transform inputs of resources into a
product or service which meets the organization's objectives, such as satisfying the customer's quality
requirements, complying with regulations, or meeting environmental objectives.
The CMMI (Capability Maturity Model Integration) model is widely used to implement Quality Assurance
(PPQA) in an organization. The CMMI maturity levels can be divided in to 5 steps, which a company can
achieve by performing specific activities within the organization.
Preventing quality problems
Quality assurance, in its broadest sense, is any action taken to prevent quality problems from occurring. In
practice, this means devising systems for carrying out tasks which directly affect product quality.
A simple example of quality assurance is a cooking recipe. A recipe is a system for preparing a particular dish.
It describes the ingredients and utensils necessary to prepare the food, the method of cooking it, how to test
when it is ready, how to store it, and how to serve it. Cooking to a recipe produces better and more consistent
results. And the same applies to using systems in other situations.
To implement systems for an organisation, you need to carry out three basic steps: first develop the system;
second, document it (this takes the form of policies, procedures, and reference information); and third, inform,
instruct, and train staff to use it. This process is illustrated below.

Systems of various kinds are, of course, already an integral part of all organisations. But in most cases they do
not thoroughly address quality as a separate and important issue. This changes when an organisation embraces
and pursues quality assurance. Quality assurance does not only apply to products. Services, and even "non-
production" activities such as administration and sales, benefit from a quality assurance approach.
Quality Assurance standards
Quality Assurance Standards are published documents which describe in detail what systems should be used by
a company to manage quality.
The table below lists some of the QA standards issued by various bodies.
Name of QA standard Issuing body Applies to:
ISO 9001: Quality Systems - Model International Organisation for
General supplier qualification
for quality assurance etc. standardization
Code of Good Manufacturing
Australian Health Authorities Pharmaceuticals and sterile products
Practice (GMP)
Testing Laboratory Certification National Assoc. of Testing
Qualification of testing laboratories
standard Laboratories (NATA)(Aust)
Suppliers to the US petroleum
API Q1 Quality Program American Petroleum Institute
industry
Mil-Q-9858 US Dept. of Defense Suppliers to the US Defense Forces
These Standards exist because many large organisations will not buy from suppliers who cannot give them
assurance that they have systems which support quality. These large organisations include Government Defense
Departments, Health Departments, car manufacturers such as Ford, Toyota, and General Motors, and
Aerospace companies such as Boeing and Lockheed.
Until the mid 1980's these large organisations published their own standards or codes for suppliers to follow,
and their staff would audit supplier companies regularly to make sure they followed the code. It was not
unusual for a supplier to be audited separately by a number of larger customers, all with their own quality
system codes. In some instances suppliers hosted 30 or 40 quality system audits a year from all their major
customers. To reduce the number of audits to which individual suppliers were subjected, the International
Organisation for Standards (ISO) published a series of standards in 1987 known as ISO 9000. Most large
purchasing organisations accepted this worldwide standard and ceased to issue their own codes. They also
ceased carrying out their own audits and accepted the findings of independent audit companies engaged by
supplier companies to check their systems against the ISO 9000 standards. This allowed supplier companies to
reduce the number of audits to two or three per year.

Some of the independent audit companies operating in Australia are Lloyds Quality Assurance Services,
Quality Assurance Services (QAS), Bureau Veritas, Benchmark Certification, SGS QA Services, and National
Assocation of Testing Authorities (NATA).

The ISO 9000 series of QA standards

ISO 9000 is the name of a series of QA standards recognised by over 200 countries around the world and
adopted as their national standards for QA. In Australia this series has been named the AS 3900 series, but this
will change in mid 1995 to the AS/NZ/ISO 9000 series to identify it more closely with the international
standard. AS 3900 and ISO 9000 have identical contents.

The most important document in the ISO 9000 series is ISO 9001. This is the code against which audits are
actually carried out (two other documents, ISO 9002 and ISO 9003, can also be audited against but these are
'cut down' versions of ISO 9001 for companies which do not need to comply with the entire code). All the other
documents in the ISO 9000 series provide guidelines and explanations for how to apply ISO 9001.

The principal features of ISO 9001 are that it, takes the basic principle of QA (the need for documented systems
to support QA), and adds requirements to control system documentation to make sure it is kept up-to-date
requires companies to carry out their own internal audits of their QA system to make sure it is working properly
requires the QA system to be constantly monitored to ensure that it is effective, and that changes are constantly
made to improve it
These requirements are illustrated in the diagram below.

In addition, ISO 9001 requires organisations to include documented systems in their QA system to cover all
aspects of: basic quality control (inspection, testing, test records, traceability, etc.) a product's life cycle from
the time negotiations start with the customer, through the design process, purchasing of raw materials,
production, storage, and final delivery
When is QA appropriate
The basic principle of QA - working out the best course of action beforehand and communicating it reliably to
all those concerned - should be applied whenever a planned process is complex, has implications for other
processes, or has wide or repetitious application. Beyond this, the decision to follow the specifications in a
comprehensive published QA standard rests on your organisation's answers to the following questions:
• Is your organisation prepared to invest the time to follow the formal discipline required?
• Does the law require your organisation's compliance with a specific standard (pharmaceutical
manufacturers must comply with the Code of GMP)?
• Do your customers insist on your organisation's compliance with a standard (many large companies
and
• Government Agencies and Departments have a policy of preference for suppliers with QA
Certification)?
How to implement a QA system
You can implement quality assurance in a general way by identifying the tasks, processes, or systems critical to
the business and writing clear guidelines and instructions for staff. Use these guidelines and instructions for
training and day-to-day reference. For the tasks, processes and systems covered, this will reduce:
• 1.the number of errors 2.waste of time and materials associated with errors
• 3.the number of customer complaints 4. the number of problems to fix
• the time spent on giving day-to-day instructions
• the time needed to improve processes and systems (by establishing a stable base)
You can then take this general principle of clearly documenting tasks, processes and systems to the next level
by using ISO 9000 (or another appropriate QA system code) as a model for covering all aspects of quality, and
for establishing formal disciplines for controlling information accuracy, and reviewing and improving systems.
The two levels of implementation are summarised in the table below. The table also lists the additional things
you can do to make your quality assurance easier to apply and even more effective.
ISO 9000 Series
ISO 9000 is a family of standards for quality management systems. ISO 9000 is maintained by ISO, the
International Organization for Standardization and is administered by accreditation and certification bodies.
The rules are updated, as the requirements motivate changes over time. Some of the requirements in ISO
9001:2008 (which is one of the standards in the ISO 9000 family) include
• a set of procedures that cover all key processes in the business;
• monitoring processes to ensure they are effective;
• keeping adequate records;
• checking output for defects, with appropriate and corrective action where necessary;
• regularly reviewing individual processes and the quality system itself for effectiveness;
and
• facilitating continual improvement
A company or organization that has been independently audited and certified to be in conformance with
ISO 9001 may publicly state that it is "ISO 9001 certified" or "ISO 9001 registered". Certification to an
ISO 9001 standard does not guarantee any quality of end products and services; rather, it certifies that
formalized business processes are being applied.
Although the standards originated in manufacturing, they are now employed across several types of
organizations. A "product", in ISO vocabulary, can mean a physical object, services, or software.
Contents of ISO 9001

ISO 9001 certification of a fish wholesaler in Tsukiji

ISO 9001:2008 Quality management systems — Requirements is a document of approximately 30 pages
which is available from the national standards organization in each country. Outline contents are as
follows:
• Page iv: Foreword
• Pages v to vii: Section 0 Intro
• Pages 1 to 14: Requirements
o Section 1: Scope
o Section 2: Normative Reference
o Section 3: Terms and definitions (specific to ISO 9001, not specified in ISO9000)
• Pages 2 to 14 132 1
o Section 4: Quality Management System
o Section 5: Management Responsibility
o Section 6: Resource Management
o Section 7: Product Realization
o Section 8: Measurement, analysis and improvement
In effect, users need to address all sections 1 to 8, but only 4 to 8 need implementing within a QMS.
• Pages 15 to 22: Tables of Correspondence between ISO 9001 and other standards
• Page 23: Bibliography
The standard specifies six compulsory documents:
• Control of Documents (4.2.3)
• Control of Records (4.2.4)
• Internal Audits (8.2.2)
• Control of Nonconforming Product / Service (8.3)
• Corrective Action (8.5.2)
• Preventive Action (8.5.3)
In addition to these, ISO 9001:2008 requires a Quality Policy and Quality Manual (which may or may not
include the above documents).
[edit] 1.0 Scope
Designing Manufacturing Installation (DMI) has developed and implemented this quality management
system to demonstrate its ability to consistently provide an FRP product that meets customer and statutory
and regulatory requirements, and to address customer satisfaction through the effective application of the
system.
1.3 QUALITY POLICY DMI accepts responsibility for the complete satisfaction of its customers. We
exercise this responsibility through adequate training of our employees, adherence to proven procedures,
and total commitment to meeting and exceeding customer requirements.
[edit] 4.0 Quality management system
[edit] 4.1 General
The Company documents, implements, and maintains a quality management system and continually
improves its effectiveness in accordance with the requirements of the ISO 9001:2008 International
Standard, that comprises of:
(Company Name):
• determines the processes needed for the quality management system and their application
throughout (Company Name),
• determines the sequence and interaction of these processes,
• determines criteria and methods needed to ensure that both the operation and control of these
processes are effective,
• ensures the availability of resources and information necessary to support the operation and
monitoring of these processes,
• monitors, measures where applicable and analyzes these processes,
• implements actions necessary to achieve planned results and continual improvement of these
processes.
These processes are managed by (Company Name) in accordance with the requirements of the ISO
9001:2008 International Standard. Where (Company Name) chooses to outsource any process that affects
product conformity with requirements, (Company Name) ensures control over such processes. The type and
extent of control of such outsourced processes are identified within the quality management system.
NOTE: Processes needed for the quality management system referred to above include processes for
management activities, provision of resources, product realization, measurement, analysis, and
improvement.
[edit] 4.2 Documentation requirements
[edit] 4.2.1 General Specifications
The quality management system documentation includes:
• documented statements of a quality policy and quality objectives,
• a quality manual,
• documented procedures and records required by the ISO 9001:2008 International Standard, and
• documents, including records determined by (Company Name) to be necessary to ensure the
effective planning, operation and control of its processes
NOTE 1: Where the term “documented procedure” appears within the ISO 9001:2008 International
Standard, means that a procedure is established, documented, implemented and maintained.
NOTE 2: Documentation can be in any form or type of medium.
[edit] 4.2.2 Quality manual
(Company Name) establishes and maintains a quality manual that includes
• the scope of the quality management system, including details of and justification for any
exclusions,
• the documented procedures established for the quality management system, or reference to them,
and
• a description of the interaction between the processes of the quality management system.
[edit] 4.2.3 Control of documents
Documents required by the quality management system are controlled. Records required by the quality
management system are controlled according to the requirements given in 4.2.4. A documented procedure
is established to define the controls needed:
• to approve documents for adequacy prior to issue,
• to review and update as necessary and re-approve documents,
• to ensure that changes and the current revision status of documents are identified,
• to ensure that relevant versions of applicable documents are available at points of use,
• to ensure that documents remain legible and readily identifiable,
• to ensure that documents of external origin determined by the organization to be necessary for the
planning and operation of the quality management system are identified and their distribution
controlled, and
• to prevent the unintended use of obsolete documents, and to apply suitable identification to them if
they are retained for any purpose.
Supporting Documentation
QOP-42-01 Control of Documents
[edit] 4.2.4 Control of records
Records established to provide evidence of conformity to requirements and or the effective operation of the
quality management system shall be controlled. (Company Name) will establish a documented procedure to
define the controls needed for the identification, storage, protection, retrieval, retention time and disposition
of records. Records will remain legible, readily identifiable, and retrievable. Supporting Documentation
QOP-42-02 Control of Records
[edit] 5.0 Management responsibility
[edit] 5.1 Management commitment
Top management is committed to the development and implementation of the quality management system
and continually improves its effectiveness by:
• communicating to (Company Name) the importance of meeting customer as well as statutory and
regulatory requirements,
• establishing a quality policy,
• establishing quality objectives,
• conducting management reviews, and
 • ensuring the availability of resources.
[edit] 5.2 Customer focus
Top management ensures that customer requirements are determined and are met with the aim of enhancing
customer satisfaction. (see 7.2.1 and 8.2.1)
[edit] 5.3 Quality policy
“(Company Name) is committed to Exceeding Customer Expectations through Implementation and
Continuous Improvement of our Quality Management System. Absolute Customer Satisfaction is the
expectation and, will be achieved through supplying a Superior Product, On-time, at a Competitive Price.”
Top management ensures that the quality policy
• is appropriate to the purpose of the quality policy,
• includes a commitment to comply with requirements and continually improve the effectiveness of
the quality management system,
• provides a framework for establishing and reviewing quality objectives,
• is communicated and understood within (Company Name), and
• is reviewed for continuing suitability.
[edit] 5.4 Planning
[edit] 5.4.1 Quality objectives
Top management ensures that quality objectives, including those needed to meet requirements for product
[see 7.1 a], are established at relevant functions and levels within (Company Name). The quality objectives
are measurable and consistent with the quality policy. 1. Meet or exceed customer expectations by effective
communication and review of customer requirements. 2. Provide our customers high quality products and
services, on time delivery, and at a reasonable cost. 3. Effectively manage our products, processes, and
services to provide superior customer satisfaction. 4. Promote the safety, awareness, and well being of
employees through training and education.
[edit] 5.4.2 Quality management system planning
Top management ensures that:
• the planning of the quality management system is carried out in order to meet the requirements
given in 4.1, as well as the quality objectives, and
• the integrity of the quality management system is maintained when changes to the quality
management system are planned and implemented.
[edit] 5.5 Responsibility, authority and communication
[edit] 5.5.1 Responsibility and authority
Top management ensures that responsibilities and authorities are defined and communicated within
(Company Name) to promote effective management of the quality system. An Organizational Chart
illustrates the responsibility and relative authority of the personnel who manage, perform, and verify the
activities affecting the QMS. Changes to the quality system are planned within the framework of
management reviews. These changes may be in response to changing circumstances, such as product,
process, capacity, or other operational or organizational changes; or to improve the effectiveness and
efficiency of the quality system. Supporting Documentation Organizational Chart
[edit] 5.5.2 Management representative
Top management has appointed a member of the organization’s management who, irrespective of other
responsibilities, has the responsibility and authority that includes
• ensuring that processes needed for the quality management system are established, implemented
and maintained,
• reporting to top management on the performance of the quality management system and any need
for improvement, and
• ensuring the promotion of awareness of customer requirements throughout (Company Name).
NOTE The responsibility of a management representative can include liaison with external parties on
matters relating to the quality management system.
[edit] 5.5.3 Internal communication
Top management ensures that appropriate communication processes are established within (Company
Name) and that communication takes place regarding the effectiveness of the quality management system.
[edit] 5.6 Management Review
[edit] 5.6.1 General
Top management reviews (Company Name)’s quality management system, at planned intervals, to ensure
its continuing suitability, adequacy and effectiveness. The review includes assessing opportunities for
improvement and the need for changes to the quality management system, including the quality policy and
quality objectives. Records from management reviews are maintained (see 4.2.4). Supporting
Documentation QOP-56-01 Management Review
[edit] 5.6.2 Review input
The input to management review includes information on:
• results of audits,
• customer feedback,
• process performance and product conformity,
• status of preventive and corrective actions,
• follow-up actions from previous management reviews,
• changes that could affect the quality management system, and
• recommendations for improvement.
[edit] 5.6.3 Review output
The output from the management review includes any decisions and actions related to:
• improvement of the effectiveness of the quality management system and its processes,
• improvement of product related to customer requirements, and
• resource needs.
[edit] 6.0 Resource management
[edit] 6.1 Provision of resources
(Company Name) determines and provides the resources needed
• to implement and maintain the quality management system and continually improve its
effectiveness, and
• to enhance customer satisfaction by meeting customer requirements.
[edit] 6.2 Human resource Management
[edit] 6.2.1 General
Personnel performing work affecting conformity to product requirements are competent on the basis of
appropriate education, training, skills and experience.
[edit] 6.2.2 Competence, training, and awareness
(Company Name) :
• determines the necessary competence for personnel performing work affecting conformity to
product requirements,
• where applicable, provides training or takes other actions to achieve the necessary competence,
• evaluates the effectiveness of the actions taken,
• ensures that its personnel are aware of the relevance and importance of their activities and how
they contribute to the achievement of the quality objectives, and
• maintains appropriate records of education, training, skills and experience (see 4.2.4).
Supporting Documentation QOP-62-01 Competence, Training, and Awareness
[edit] 6.3 Infrastructure
(Company Name) determines, provides for, and maintains the infrastructure needed to achieve conformity
to product requirements. Infrastructure includes, as applicable:
• buildings, workspace and associated utilities,
• Process equipment (both hardware and software), and
• Supporting services (such as transport, communication or information systems).
Supporting Documentation QOP-63-01 Equipment Maintenance.
[edit] 6.4 Work environment
(Company Name) determines and manages the work environment needed to achieve conformity to product
requirements.
[edit] 7.0 Product realization
[edit] 7.1 Planning of product realization
(Company Name) plans and develops the processes needed for product realization. Planning of product
realization is consistent with the requirements of the other processes of the quality management system (see
4.1). In planning product realization, (Company Name) determines the following, as appropriate:
 • quality objectives and requirements for the product,
• the need to establish processes, and documents, and provide resources specific to the product,
• required verification, validation, monitoring, measurement, inspection and test activities specific
to the product and the criteria for product acceptance, and
• records needed to provide evidence that the realization processes and resulting product meet
requirements (see 4.2.4).
The output of the planning is in a form suitable for (Company Name)s method of operations.
NOTE 1 A document specifying the processes of the quality management system (including the product
realization processes) and the resources to be applied to a specific product, project or contract, is referred to
as the quality plan.
NOTE 2 (Company Name) also applies the requirements given in 7.3 to the development of product
realization processes. Supporting Documentation
QOP-71-01 Planning of Product Realization
[edit] 7.2 Customer- related processes
[edit] 7.2.1 Determination of requirements related to the product
(Company Name) determines:
• requirements specified by the customer, including the requirements for delivery and post-delivery
activities,
• requirements not stated by the customer but necessary for specified or intended use, where known,
• statutory and regulatory requirements applicable to the product, and
• any additional requirements considered necessary by (Company Name).
Supporting Documentation
QOP-72-02 Order Processing & Review
[edit] 7.2.2 Review of requirements related to the product
(Company Name) reviews the requirements related to the product. This review is conducted prior to
(Company Name)s commitment to supply a product to the customer (e.g. submission of tenders, acceptance
of contracts or orders, acceptance of changes to contracts or orders) and ensures that:
• product requirements are defined,
• contract or order requirements differing from those previously expressed are resolved, and
• (Company Name) has the ability to meet the defined requirements.
Records of the results of the review and actions arising from the review are maintained (see 4.2.4). Where
the customer provides no documented statement of requirement, the customer requirements are confirmed
by (Company Name) before acceptance. Where product requirements are changed, (Company Name)
ensures that relevant documents are amended and that relevant personnel are made aware of the changed
requirements.
NOTE In some situations, a formal review is impractical for each order. Instead the review can cover
relevant product information such as catalogues or advertising material.
Supporting Documentation QOP-72-02 Order Processing & Review
[edit] 7.2.3 Customer communication
(Company Name) determines and implements effective arrangements for communicating with customers in
relation to:
• product information,
• enquiries, contracts or order handling, including amendments, and
• customer feedback, including customer complaints.
SupportingDocumentation QOP-72-02 Order Processing & Review
QOP-85-02 Customer Complaints
[edit] 7.3 Design and development
[edit] 7.3.1 design and development planning
(Company Name) plans and controls the design and development of product. During the design and
development planning, (Company Name) determines:
• the design and development stages.
• the review, verification and validation that are appropriate to each design and development stage,
and
• the responsibilities and authorities for design and development.
[edit] 7.3.2 Design and development inputs
Inputs relating to product requirements shall be determined and records maintained. these inputs shall
include
• functional and performance requirements.
• applicable statutory and regulatory requirements.
• where applicable information derived from previous similar designs, and
• other requirements essential for design and development.
the inputs shall be reviewed for adequacy, requirements shall be complete, unambiguous and not in conflict
with each other.
[edit] 7.4 Purchasing
[edit] 7.4.1 Purchasing process
(Company Name) ensures that purchased product conforms to specified purchase requirements. The type
and extent of control applied to the supplier and the purchased product is dependent upon the effect of the
purchased product on subsequent product realization or the final product.
Supporting Documentation
QOP-74-01 Purchasing
[edit] 7.4.2 Purchasing Information
Purchasing information describes the product to be purchased, including where appropriate
• requirements for approval of product, procedures, processes and equipment,
• requirements for qualification of personnel, and
• quality management system requirements.
(Company Name) ensures the adequacy of specified purchase requirements prior to their communication to
the supplier. Supporting Documentation QOP-74-01 Purchasing
[edit] 7.4.3 Verification of purchased product
(Company Name) establishes and implements the inspection or other activities necessary for ensuring that
purchased product meets specified purchase requirements. Where (Company Name) or its customer intends
to perform verification at the supplier’s premises, (Company Name) states the intended verification
arrangements and method of product release in the purchasing information.
Supporting Documentation
QOP-74-02 Verification of Purchase Product
[edit] 7.5 Production and service provision
[edit] 7.5.1 Control of production and service provision
As applicable, (Company Name) plans and carries out production and service provisions under controlled
conditions. Controlled conditions include:
• the availability of information that describes the characteristics of the product,
• the availability of work instructions, as necessary,
• the use of suitable equipment,
• the availability and use of monitoring and measuring equipment,
• the implementation of monitoring and measurement activities, and
• the implementation of product release, delivery and post-delivery activities.
Supporting Documentation
QOP-75-01 Work Order and Production Records
QOP-63-01 Equipment Maintenance
QOP-76-01 Measuring and Monitoring Equipment
QOP-84-02 Final Inspection
QOP-75-06 Shipping
[edit] 7.5.2 Validation of processes for production and service provision
(Company Name) validates any processes for production and service provisions where the resulting output
cannot be verified by subsequent monitoring or measurement and, as a consequence, deficiencies become
apparent only after the product is in use or the service has been delivered. Validation demonstrates the
ability of these processes to achieve planned results. As applicable, (Company Name) establishes
arrangements for these processes including:
• defined criteria for review and approval of the processes,
• approval of equipment and qualification of personnel,
 • use of specific methods and procedures,
• requirements for records (see 4.2.4), and
e) revalidation.
Note: (Company Name) has no Special Processes at this time.
[edit] 7.5.3 Identification and traceability
Where appropriate, (Company Name) identifies the product by suitable means throughout product
realization. (Company Name) identifies the product status with respect to monitoring and measurement
requirements throughout product realization. Where traceability is a requirement, (Company Name)
controls the unique identification of the product an maintain records (4.2.4). Supporting Documentation
QOP-75-04 Product Identification and Traceability
[edit] 7.5.4 Customer property
(Company Name) exercises care with customer property while it is under (Company Name)s control or
being used by (Company Name). (Company Name) identifies, verifies, protects and safeguards customer
property provided for use or incorporation into the product. If any customer property is lost, damaged or
otherwise found to be unsuitable for use, (Company Name) will report this to the customer and maintain
records (see 4.2.4).
Note: Customer property can include intellectual property and personal date.
Note: (Company Name) has no Customer Property at this time.
[edit] 7.5.5 Preservation of product
(Company Name) preserves the product during internal processing and delivery to the intended destination
in order to maintain conformity to requirements. As applicable, preservation includes identification,
handling, packaging, storage and protection. Preservation also applies to the constituent parts of a product.
[edit] 7.6 Control of monitoring and measuring equipment
(Company Name) determines the monitoring and measurement to be undertaken and the monitoring and
measuring equipment needed to provide evidence of conformity of product to determined requirements.
(Company Name) establishes processes to ensure that monitoring and measurement can be carried out, and
is carried out in a manner that is consistent with the monitoring and measurement requirements. Where
necessary to ensure valid results measuring equipment is:
• calibrated, verified or both at specified intervals, or prior to use, against measurement standards
traceable to international or national measurement standards; where no such standards exist, the
basis used for calibration or verification shall be recorded,
• adjusted or re-adjusted as necessary,
• have identification in order to determine it’s calibration status,
• safeguarded from adjustments that would invalidate the measurement result, and
• protected from damage and deterioration during handling, maintenance and storage.
In addition, (Company Name) assesses and records the validity of the previous measuring results when the
equipment is found not to conform to requirements. (Company Name) takes appropriate action on the
equipment and any product affected. Records of the results of calibration and verification are maintained
(see 4.2.4).
Note: Confirmation of the ability of computer software to satisfy the intended application will typically
include its verification and configuration management to maintain its suitability for use Supporting
Documentation
QOP-76-01 Monitoring and Measuring Equipment
[edit] 8.0 Measurement, analysis and improvement
[edit] 8.1 General
(Company Name) plans and implements the monitoring, measurement, analysis and improvement
processes needed:
• to demonstrate conformity to product requirements,
• to ensure conformity of the quality management system, and
• to continually improve the effectiveness of the quality management system.
This includes determination of applicable methods, including statistical techniques, and the extent of their
use.
[edit] 8.2 Monitoring and measurement
[edit] 8.2.1 Customer satisfaction
As one of the measurements of the performance of the quality management system, (Company Name)
monitors information relating to customer perception as to whether (Company Name) has met customer
requirements. The methods for obtaining and using this information are determined. Supporting
Documentation QOP-82-01 Customer Satisfaction
[edit] 8.2.2 Internal Audits
(Company Name) conducts internal audits at planned intervals to determine whether the quality
management system:
• conforms to the planned arrangements (see 7.1), to the requirements of ISO 9001:2008 and to the
quality management system requirements established by (Company Name), and b)is effectively
implemented and maintained.
An audit program is planned, taking into consideration the status and importance of the processes and areas
to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods are
defined. The selection of auditors and conduct of audits ensure objectivity and impartiality of the audit
process. Auditors do not audit their own work. The responsibilities and requirements for planning and
conducting audits, and for reporting results and maintaining records (see 4.2.4) are defined in a documented
procedure. The management responsible for the area being audited ensures that any necessary correction
and corrective actions are taken without undue delay to eliminate detected nonconformities and their
causes. Follow-up activities include the verification of the actions taken and the reporting of verification
results (see 8.5.2). Supporting Documentation QOP-82-02 Internal Quality Audits

[edit] 8.2.3 Monitoring and measurement of processes

(Company Name) applies suitable methods for monitoring and where applicable, measurement of the
quality management system processes. These methods demonstrate the ability of the processes to achieve
planned results. When planned results are not achieved, correction and corrective action is taken, as
appropriate.
[edit] 8.2.4 Monitoring and measurement of product
(Company Name) monitors and measures the characteristics of the product to verify that product
requirements have been met. This is carried out at appropriate stages of the product realization process in
accordance with the planned arrangements (see 7.1). Evidence of conformity with the acceptance criteria is
maintained. Records indicate the person(s) authorizing release of product for delivery to the customer (see
4.2.4). The release of product and delivery of service to the customer does not proceed until the planned
arrangements (see 7.1) have been satisfactorily completed, unless otherwise approved by a relevant
authority and where applicable, by the customer. Supporting Documentation QOP-82-03 In Process
Inspections QOP-82-04 Final Inspection
[edit] 8.3 Control of nonconforming product
(Company Name) ensures that product which does not conform to product requirements is identified and
controlled to prevent its unintended use or delivery. A documented procedure is established to define the
controls and related responsibilities and authorities for dealing with nonconforming products. Where
applicable (Company Name) deals with nonconforming product by one or more of the following ways:
• by taking action to eliminate the detected nonconformity,
• by authorizing its use, release or acceptance under concession by a relevant authority and, where
applicable, by the customer, and
• by taking action to preclude its original intended use or application.
• by taking action appropriate to the effects, or potential effects, of the nonconformity when
nonconforming product is detected after delivery or use has started.
When nonconforming product is corrected the product is subject to re-verification to demonstrate
conformity to the requirements. When nonconforming product is detected after delivery or use has started,
(Company Name) takes action appropriate to the effects, or potential effects, of the nonconformity. Records
of the nature of nonconformities and any subsequent actions taken, including concessions obtained, are
maintained (see 4.2.4). Supporting Documentation QOP-83-01 Control of Nonconforming Product
[edit] 8.4 Analysis of data
(Company Name) determines, collects and analyzes appropriate data to demonstrate the suitability and
effectiveness of the quality management system and to evaluate where continual improvement of the
effectiveness of the quality management system can be made. This includes data generated as a result of
monitoring and measurement and from other relevant sources. The analysis of data provides information
relating to:
• customer satisfaction (see 8.2.1),
• conformity to product requirements (see 8.2.4),
• characteristics and trends of processes and products including opportunities for preventive action
(see 8.2.3 and 8.2.4),
• suppliers (see 7.4),
Supporting Documentation QOP-56-01 Management Review
[edit] 8.5 Improvement
[edit] 8.5.1 Continual improvement
(Company Name) continually improves the effectiveness of the quality management system through the
use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive actions
and management reviews. Supporting Documentation QOP-85-01 Continual Improvement
[edit] 8.5.2 Corrective action
(Company Name) takes action to eliminate the causes of nonconformities in order to prevent recurrence.
Corrective actions are appropriate to the effects of the nonconformities encountered. A documented
procedure is established to define requirements for:
• reviewing nonconformities (including customer complaints),
• determining the causes of nonconformities,
• evaluating the need for action to ensure that nonconformities do not recur,
• determining and implementing action needed,
• records of the results of action taken (see 4.2.4), and
• reviewing the effectiveness of the corrective action taken.
Supporting Documentation QOP-85-02 Customer Complaints QOP-85-03 Corrective and Preventive
Actions
[edit] 8.5.3 Preventive action
(Company Name) determines actions to eliminate the causes of potential nonconformities in order to
prevent their occurrence. Preventive actions are appropriate to the effects of the potential problems. A
documented procedure is established to define requirements for:
• determining potential nonconformities and their causes,
• evaluating the need for action to prevent occurrence of nonconformities,
• determining and implementing action needed,
• records of results of action taken (see 4.2.4), and
• reviewing the effectiveness of the preventive action taken.
Supporting Documentation QOP-85-03 Corrective and Preventive Actions
[edit] 1987 version
ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three 'models' for quality
management systems, the selection of which was based on the scope of activities of the organization:
• ISO 9001:1987 Model for quality assurance in design, development, production, installation, and
servicing was for companies and organizations whose activities included the creation of new
products.
• ISO 9002:1987 Model for quality assurance in production, installation, and servicing had
basically the same material as ISO 9001 but without covering the creation of new products.
• ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final
inspection of finished product, with no concern for how the product was produced.
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards ("MIL SPECS"), and so
was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures
rather than the overall process of management—which was likely the actual intent.[citation needed]
[edit] 1994 version
ISO 9000:1994 emphasized quality assurance via preventive actions, instead of just checking final product,
and continued to require evidence of compliance with documented procedures. As with the first edition, the
down-side was that companies tended to implement its requirements by creating shelf-loads of procedure
manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving
processes could actually be impeded by the quality system.[citation needed]
[edit] 2000 version
ISO 9001:2000 combines the three standards 9001, 9002, and 9003 into one, called 9001. Design and
development procedures are required only if a company does in fact engage in the creation of new
products. The 2000 version sought to make a radical change in thinking by actually placing the concept of
process management front and center ("Process management" was the monitoring and optimizing of a
company's tasks and activities, instead of just inspecting the final product). The 2000 version also demands
involvement by upper executives, in order to integrate quality into the business system and avoid
delegation of quality functions to junior administrators. Another goal is to improve effectiveness via
process performance metrics — numerical measurement of the effectiveness of tasks and activities.
Expectations of continual process improvement and tracking customer satisfaction were made explicit.
The ISO 9000 standard is continually being revised by standing technical committees and advisory groups,
who receive feedback from those professionals who are implementing the standard.[1]
ISO 9001:2008 only introduces clarifications to the existing requirements of ISO 9001:2000 and some
changes intended to improve consistency with ISO 14001:2004. There are no new requirements.
Explanation of changes in ISO 9001:2008. A quality management system being upgraded just needs to be
checked to see if it is following the clarifications introduced in the amended version.
[edit] Certification
ISO does not itself certify organizations. Many countries have formed accreditation bodies to authorize
certification bodies, which audit organizations applying for ISO 9001 compliance certification. Although
commonly referred to as ISO 9000:2000 certification, the actual standard to which an organization's quality
management can be certified is ISO 9001:2008. Both the accreditation bodies and the certification bodies
charge fees for their services. The various accreditation bodies have mutual agreements with each other to
ensure that certificates issued by one of the Accredited Certification Bodies (CB) are accepted worldwide.
The applying organization is assessed based on an extensive sample of its sites, functions, products,
services and processes; a list of problems ("action requests" or "non-compliance") is made known to the
management. If there are no major problems on this list, or after it receives a satisfactory improvement plan
from the management showing how any problems will be resolved, the certification body will issue an ISO
9001 certificate for each geographical site it has visited.
An ISO certificate is not a once-and-for-all award, but must be renewed at regular intervals recommended
by the certification body, usually around three years. There are no grades of competence within ISO 9001:
either a company is certified (meaning that it is committed to the method and model of quality management
described in the standard), or it is not. In this respect, it contrasts with measurement-based quality systems
such as the Capability Maturity Model.
[edit] Auditing
Two types of auditing are required to become registered to the standard: auditing by an external
certification body (external audit) and audits by internal staff trained for this process (internal audits). The
aim is a continual process of review and assessment, to verify that the system is working as it's supposed to,
find out where it can improve and to correct or prevent problems identified. It is considered healthier for
internal auditors to audit outside their usual management line, so as to bring a degree of independence to
their judgments.
Under the 1994 standard, the auditing process could be adequately addressed by performing "compliance
auditing":
• Tell me what you do (describe the business process)
• Show me where it says that (reference the procedure manuals)
• Prove that this is what happened (exhibit evidence in documented records)
The 2000 standard uses a different approach. Auditors are expected to go beyond mere auditing for rote
"compliance" by focusing on risk, status and importance. This means they are expected to make more
judgments on what is effective, rather than merely adhering to what is formally prescribed. The difference
from the previous standard can be explained thus:
Under the 1994 version, the question was broadly "Are you doing what the manual says you should be
doing?", whereas under the 2000 version, the question is more "Will this process help you achieve your
stated objectives? Is it a good process or is there a way to do it better?"
[edit] Industry-specific interpretations
The ISO 9001 standard is generalized and abstract. Its parts must be carefully interpreted, to make sense
within a particular organization. Developing software is not like making cheese or offering counseling
services; yet the ISO 9001 guidelines, because they are business, management guidelines can be applied to
each of these. Diverse organizations—police departments (US), professional soccer teams (Mexico) and
city councils (UK)—have successfully implemented ISO 9001:2000 systems.
Over time, various industry sectors have wanted to standardize their interpretations of the guidelines within
their own marketplace. This is partly to ensure that their versions of ISO 9000 have their specific
requirements, but also to try and ensure that more appropriately trained and experienced auditors are sent to
assess them.
• The TickIT guidelines are an interpretation of ISO 9000 produced by the UK Board of Trade to
suit the processes of the information technology industry, especially software development.
• AS9000 is the Aerospace Basic Quality System Standard, an interpretation developed by major
aerospace manufacturers. Those major manufacturers include AlliedSignal, Allison Engine,
Boeing, General Electric Aircraft Engines, Lockheed-Martin, McDonnell Douglas, Northrop
Grumman, Pratt & Whitney, Rockwell-Collins, Sikorsky Aircraft, and Sundstrand. The current
version is AS9100.
• PS 9000 is an application of the standard for Pharmaceutical Packaging Materials. The
Pharmaceutical Quality Group (PQG) of the Institute of Quality Assurance (IQA) has developed
PS 9000:2001. It aims to provide a widely accepted baseline GMP framework of best practice
within the pharmaceutical packaging supply industry. It applies ISO 9001: 2000 to pharmaceutical
printed and contact packaging materials.
• QS 9000 is an interpretation agreed upon by major automotive manufacturers (GM, Ford,
Chrysler). It includes techniques such as FMEA and APQP. QS 9000 is now replaced by ISO/TS
16949.
• ISO/TS 16949:2009 is an interpretation agreed upon by major automotive manufacturers
(American and European manufacturers); the latest version is based on ISO 9001:2008. The
emphasis on a process approach is stronger than in ISO 9001:2008. ISO/TS 16949:2009 contains
the full text of ISO 9001:2008 and automotive industry-specific requirements.
• TL 9000 is the Telecom Quality Management and Measurement System Standard, an
interpretation developed by the telecom consortium, QuEST Forum. The current version is 4.0 and
unlike ISO 9001 or the above sector standards, TL 9000 includes standardized product
measurements that can be benchmarked. In 1998 QuEST Forum developed the TL 9000 Quality
Management System to meet the supply chain quality requirements of the worldwide
telecommunications industry.
• ISO 13485:2003 is the medical industry's equivalent of ISO 9001:2000. Whereas the standards it
replaces were interpretations of how to apply ISO 9001 and ISO 9002 to medical devices, ISO
13485:2003 is a stand-alone standard. Compliance with ISO 13485 does not necessarily mean
compliance with ISO 9001:2000.
• ISO/IEC 90003:2004 provides guidelines for the application of ISO 9001:2000 to computer
software.
• ISO/TS 29001 is quality management system requirements for the design, development,
production, installation and service of products for the petroleum, petrochemical and natural gas
industries. It is equivalent to API Spec Q1 without the Monogram annex.
[edit] Effectiveness
The debate on the effectiveness of ISO 9000 commonly centers on the following questions:
1. Are the quality principles in ISO 9001:2000 of value? (Note that the version date is important: in
the 2000 version ISO attempted to address many concerns and criticisms of ISO 9000:1994).
2. Does it help to implement an ISO 9001:2000 compliant quality management system?
3. Does it help to obtain ISO 9001:2000 certification?
Effectiveness of the ISO system being implemented depends on a number of factors, the most significant of
which are:
1. Commitment of Senior Management to monitor, control, and improve quality. Organizations that
implement an ISO system without this desire and commitment, often take the cheapest road to get
a certificate on the wall and ignore problem areas uncovered in the audits.
2. How well the ISO system integrates into their business practices. Many organizations that
implement ISO try to make their system fit into a cookie-cutter quality manual rather than create a
 manual that documents existing practices and only adds new processes to meet the ISO standard
when necessary.
3. How well the ISO system focuses on improving the customer experience. The broadest definition
of quality is "Whatever the customer perceives good quality to be". This means that you don't
necessarily have to make a product that never fails, some customers will have a higher tolerance
for product failures if they always receive shipments on-time, or some other dimension of
customer service. Your ISO system should take into account all areas of the customer experience,
the industry expectations, and seek to improve them on a continual basis. This means taking into
account all processes that deal with the three stakeholders (your customers, your suppliers, and
your organization), only then will you be able to sustain improvements in your customer
experience.
4. How well the auditor finds and communicates areas of improvement. Now, ISO auditors may not
provide consulting to the clients they audit, however, there is the potential for auditors to point out
areas of improvement. Many auditors simply rely on submitting reports that indicate compliance
or non-compliance with the appropriate section of the standard, however, to most executives, this
is like speaking a foreign language. Auditors that can clearly identify and communicate areas of
improvement in language and terms executive management understands allows the companies
they audit to act on improvement initiatives. When management doesn't understand why they were
non-compliant and the business implications, they simply ignore the reports and focus on what
they do understand.
[edit] Advantages
It is widely acknowledged that proper quality management improves business, often having a positive
effect on investment, market share, sales growth, sales margins, competitive advantage, and avoidance of
litigation.The quality principles in ISO 9000:2000 are also sound, according to Wade and Barnes, who say
that "ISO 9000 guidelines provide a comprehensive model for quality management systems that can make
any company competitive implementing ISO often gives the following advantages:
1. Create a more efficient, effective operation
2. Increase customer satisfaction and retention
3. Reduce audits
4. Enhance marketing
5. Improve employee motivation, awareness, and morale
6. Promote international trade
7. Increases profit
8. Reduce waste and increases productivity.
[edit] Problems
A common criticism of ISO 9001 is the amount of money, time and paperwork required for registration. [1]
According to Barnes, "Opponents claim that it is only for documentation. Proponents believe that if a
company has documented its quality systems, then most of the paperwork has already been completed."[2]
ISO 9001 is not in any way an indication that products produced using its certified systems are any good. A
company can intend to produce a poor quality product and providing it does so consistently and with the
proper documentation can put an ISO 9001 stamp on it. According to Seddon, ISO 9001 promotes
specification, control, and procedures rather than understanding and improvement. [3][4] Wade argues that
ISO 9000 is effective as a guideline, but that promoting it as a standard "helps to mislead companies into
thinking that certification means better quality, ... [undermining] the need for an organization to set its own
quality standards." [5] Paraphrased, Wade's argument is that reliance on the specifications of ISO 9001 does
not guarantee a successful quality system.
While internationally recognized, most US consumers are not aware of ISO 9000 and it holds no relevance
to them. The added cost to certify and then maintain certification may not be justified if product end users
do not require ISO 9000. The cost can actually put a company at a competitive disadvantage when
competing against a non ISO 9000 certified company.
The standard is seen as especially prone to failure when a company is interested in certification before
quality.[3] Certifications are in fact often based on customer contractual requirements rather than a desire to
actually improve quality.[2][6] "If you just want the certificate on the wall, chances are, you will create a
paper system that doesn't have much to do with the way you actually run your business," said ISO's Roger
Frost.[6] Certification by an independent auditor is often seen as the problem area, and according to Barnes,
"has become a vehicle to increase consulting services." [2] In fact, ISO itself advises that ISO 9001 can be
implemented without certification, simply for the quality benefits that can be achieved.[7]
Another problem reported is the competition among the numerous certifying bodies, leading to a softer
approach to the defects noticed in the operation of the Quality System of a firm.
Abrahamson[8] argued that fashionable management discourse such as Quality Circles tends to follow a
lifecycle in the form of a bell curve, possibly indicating a management fad.
[edit] Summary
A good overview for effective use of ISO 9000 is provided by Barnes: "Good business judgment is needed
to determine its proper role for a company. Is certification itself important to the marketing plans of the
company? If not, do not rush to certification Even without certification, companies should utilize the ISO
9000 model as a benchmark to assess the adequacy of its quality programs."

Capability Maturity Model (CMM)

CMM (Capability Maturity Model) is a model of process maturity for software development - an
evolutionary model of the progress of a company’s abilities to develop software.

In November 1986, the American Software Engineering Institute (SEI) in cooperation with Mitre
Corporation created the Capability Maturity Model for Software.

Development of this model was necessary so that the U.S. federal government could objectively evaluate
software providers and their abilities to manage large projects.

Many companies had been completing their projects with significant overruns in schedule and budget. The
development and application of CMM helps to solve this problem.

The key concept of the standard is organizational maturity. A mature organization has clearly defined
procedures for software development and project management. These procedures are adjusted and
perfected as required.

In any software development company there are standards for processes of development, testing, and
software application; and rules for appearance of final program code, components, interfaces, etc.

The CMM model defines five levels of organizational maturity:

 1. Initial level is a basis for comparison with the next levels. In an organization at the initial level,
conditions are not stable for the development of quality software. The results of any project
depend totally on the manager’s personal approach and the programmers’ experience, meaning the
success of a particular project can be repeated only if the same managers and programmers are
assigned to the next project. In addition, if managers or programmers leave the company, the
quality of produced software will sharply decrease. In many cases, the development process comes
down to writing code with minimal testing.
2. Repeatable level. At this level, project management technologies have been introduced in a
company. That project planning and management is based on accumulated experience and there
are standards for produced software (these standards are documented) and there is a special quality
management group. At critical times, the process tends to roll back to the initial level.
3. Defined level. Here, standards for the processes of software development and maintenance are
introduced and documented (including project management). During the introduction of standards,
a transition to more effective technologies occurs. There is a special quality management
department for building and maintaining these standards. A program of constant, advanced
training of staff is required for achievement of this level. Starting with this level, the degree of
organizational dependence on the qualities of particular developers decreases and the process does
not tend to roll back to the previous level in critical situations.
4. Managed level. There are quantitative indices (for both software and process as a whole)
established in the organization. Better project management is achieved due to the decrease of
digression in different project indices. However, sensible variations in process efficiency may be
different from random variations (noise), especially in mastered areas.
5. Optimizing level. Improvement procedures are carried out not only for existing processes, but
also for evaluation of the efficiency of newly introduced innovative technologies. The main goal
of an organization on this level is permanent improvement of existing processes. This should
anticipate possible errors and defects and decrease the costs of software development, by creating
reusable components for example.
The Software Engineering Institute (SEI) constantly analyzes the results of CMM usage by different
companies and perfects the model taking into account accumulated experience
Capability Maturity Model (CMM) - WIKKI
The Capability Maturity Model (CMM) is a service mark owned by Carnegie Mellon University (CMU)
and refers to a development model elicited from actual data. The data were collected from organizations
that contracted with the U.S. Department of Defense, who funded the research, and they became the
foundation from which CMU created the Software Engineering Institute (SEI). Like any model, it is an
abstraction of an existing system.
When it is applied to an existing organization's software development processes, it allows an effective
approach toward improving them. Eventually it became clear that the model could be applied to other
processes. This gave rise to a more general concept that is applied to business processes and to developing
people.
Overview
The Capability Maturity Model (CMM) was originally developed as a tool for objectively assessing the
ability of government contractors' processes to perform a contracted software project. The CMM is based
on the process maturity framework first described in the 1989 book Managing the Software Process by
Watts Humphrey. It was later published in a report in 1993 (Technical Report CMU/SEI-93-TR-024 ESC-
TR-93-177 February 1993, Capability Maturity Model SM for Software, Version 1.1) and as a book by the
same authors in 1995.
Though the CMM comes from the field of software development, it is used as a general model to aid in
improving organizational business processes in diverse areas; for example in software engineering, system
engineering, project management, software maintenance, risk management, system acquisition, information
technology (IT), services, business processes generally, and human capital management. The CMM has
been used extensively worldwide in government, commerce, industry and software development
organizations.
CMM-rated organizations
An organization may be assessed by an SEI-Authorized Lead Appraiser, and will then be able to claim that
they have been assessed as CMM level X, where X is from 1 to 5. Although sometimes called CMM-
certification, the SEI doesn't use this term due to certain legal implications.
The SEI maintains a list[1] of organizations assessed for CMM since 2006.
Many India based software offshoring companies were amongst the first organizations to receive the
highest CMM rating.
History
The need for software processes prior to CMM
In the 1970s the use of computers became more widespread, flexible and less expensive. Organizations
began to adopt computerized information systems, and the demand for software development grew
significantly. The processes for software development were in their infancy, with few standard or "best
practice" approaches defined.
As a result, the growth was accompanied by growing pains: project failure was common, and the field of
computer science was still in its infancy, and the ambitions for project scale and complexity exceeded the
market capability to deliver. Individuals such as Edward Yourdon, Larry Constantine, Gerald Weinberg,
Tom DeMarco, and David Parnas began to publish articles and books with research results in an attempt to
professionalize the software development process.
In the 1980s, several US military projects involving software subcontractors ran over-budget and were
completed much later than planned, if they were completed at all. In an effort to determine why this was
occurring, the United States Air Force funded a study at the SEI.
Precursor to CMM
The Quality Management Maturity Grid was developed by Philip Crosby in his book "Quality Is Free".[2]
Note that the first application of a staged maturity model to IT was not by CMM/SEI, but rather by Richard
L. Nolan, who, in 1973 published the Stages of growth model for IT organizations.[3]
Watts Humphrey began developing his process maturity concepts during the later stages of his 27 year
career at IBM. (References needed)
The development of CMM at SEI
Active development of the model by the US Department of Defense Software Engineering Institute (SEI)
began in 1986 when Humphrey joined the Software Engineering Institute located at Carnegie Mellon
University in Pittsburgh, Pennsylvania after retiring from IBM. At the request of the U.S. Air Force he
began formalizing his Process Maturity Framework to aid the U.S. Department of Defense in evaluating the
capability of software contractors as part of awarding contracts.
The result of the Air Force study was a model for the military to use as an objective evaluation of software
subcontractors' process capability maturity. Humphrey based this framework on the earlier Quality
Management Maturity Grid developed by Philip B. Crosby in his book "Quality Is Free".[2] However,
Humphrey's approach differed because of his unique insight that organizations mature their processes in
stages based on solving process problems in a specific order. Humphrey based his approach on the staged
evolution of a system of software development practices within an organization, rather than measuring the
maturity of each separate development process independently. The CMM has thus been used by different
organizations as a general and powerful tool for understanding and then improving general business
process performance.
Watts Humphrey's Capability Maturity Model (CMM) was published in 1988[4] and as a book in 1989, in
Managing the Software Process.[5]
Organizations were originally assessed using a process maturity questionnaire and a Software Capability
Evaluation method devised by Humphrey and his colleagues at the Software Engineering Institute (SEI).
The full representation of the Capability Maturity Model as a collection of defined process areas and
practices at each of the five maturity levels was initiated in 1991, with Version 1.1 being completed in
January 1993.[6] The CMM was published as a book[7] in 1995 by its primary authors, Mark C. Paulk,
Charles V. Weber, Bill Curtis, and Mary Beth Chrissis.
CMM is superseded by CMMI
The CMM model proved useful to many organizations, but its application in software development has
sometimes been problematic. Applying multiple models that are not integrated within and across an
organization could be costly in terms of training, appraisals, and improvement activities. The Capability
Maturity Model Integration (CMMI) project was formed to sort out the problem of using multiple CMMs.
For software development processes, the CMM has been superseded by Capability Maturity Model
Integration (CMMI), though the CMM continues to be a general theoretical process capability model used
in the public domain.
CMM is adapted to processes other than software development
The CMM was originally intended as a tool to evaluate the ability of government contractors to perform a
contracted software project. Though it comes from the area of software development, it can be, has been,
and continues to be widely applied as a general model of the maturity of processes (e.g., IT Service
Management processes) in IS/IT (and other) organizations.
Capability Maturity Model topics
Maturity model
A maturity model can be viewed as a set of structured levels that describe how well the behaviours,
practices and processes of an organisation can reliably and sustainably produce required outcomes. A
maturity model may provide, for example :
• a place to start
• the benefit of a community’s prior experiences
• a common language and a shared vision
• a framework for prioritizing actions.
• a way to define what improvement means for your organization.
A maturity model can be used as a benchmark for comparison and as an aid to understanding - for example,
for comparative assessment of different organizations where there is something in common that can be used
as a basis for comparison. In the case of the CMM, for example, the basis for comparison would be the
organizations' software development processes.
Capability Maturity Model structure
The Capability Maturity Model involves the following aspects:
• Maturity Levels: a 5-Level process maturity continuum - where the uppermost (5th) level is a
notional ideal state where processes would be systematically managed by a combination of
process optimization and continuous process improvement.
• Key Process Areas: a Key Process Area (KPA) identifies a cluster of related activities that, when
performed collectively, achieve a set of goals considered important.
• Goals: the goals of a key process area summarize the states that must exist for that key process
area to have been implemented in an effective and lasting way. The extent to which the goals have
been accomplished is an indicator of how much capability the organization has established at that
maturity level. The goals signify the scope, boundaries, and intent of each key process area.
• Common Features: common features include practices that implement and institutionalize a key
process area. There are five types of common features: commitment to Perform, Ability to
Perform, Activities Performed, Measurement and Analysis, and Verifying Implementation.
• Key Practices: The key practices describe the elements of infrastructure and practice that
contribute most effectively to the implementation and institutionalization of the KPAs.
Levels of the Capability Maturity Model
There are five levels defined along the continuum of the CMM[8] and, according to the SEI: "Predictability,
effectiveness, and control of an organization's software processes are believed to improve as the
organization moves up these five levels. While not rigorous, the empirical evidence to date supports this
belief."
1. Initial (chaotic, ad hoc, individual heroics) - the starting point for use of a new process.
2. Managed - the process is managed according to the metrics described in the Defined stage.
3. Defined - the process is defined/confirmed as a standard business process, and decomposed to
levels 0, 1 and 2 (the latter being Work Instructions).
4. Quantitatively managed
5. Optimizing - process management includes deliberate process optimization/improvement.
Within each of these maturity levels are Key Process Areas (KPAs) which characterise that level, and for
each KPA there are five definitions identified:
1. Goals
2. Commitment
3. Ability
4. Measurement
 5. Verification
The KPAs are not necessarily unique to CMM, representing — as they do — the stages that organizations
must go through on the way to becoming mature.
The CMM provides a theoretical continuum along which process maturity can be developed incrementally
from one level to the next. Skipping levels is not allowed/feasible.
N.B.: The CMM was originally intended as a tool to evaluate the ability of government contractors to
perform a contracted software project. It has been used for and may be suited to that purpose, but critics
pointed out that process maturity according to the CMM was not necessarily mandatory for successful
software development. There were/are real-life examples where the CMM was arguably irrelevant to
successful software development, and these examples include many Shrinkwrap companies (also called
commercial-off-the-shelf or "COTS" firms or software package firms). Such firms would have included, for
example, Claris, Apple, Symantec, Microsoft, and Lotus. Though these companies may have successfully
developed their software, they would not necessarily have considered or defined or managed their
processes as the CMM described as level 3 or above, and so would have fitted level 1 or 2 of the model.
This did not - on the face of it - frustrate the successful development of their software.
Level 1 - Initial (Chaotic)
It is characteristic of processes at this level that they are (typically) undocumented and in a state of dynamic
change, tending to be driven in an ad hoc, uncontrolled and reactive manner by users or events. This
provides a chaotic or unstable environment for the processes.
Level 2 - Repeatable
It is characteristic of processes at this level that some processes are repeatable, possibly with consistent
results. Process discipline is unlikely to be rigorous, but where it exists it may help to ensure that existing
processes are maintained during times of stress.
Level 3 - Defined
It is characteristic of processes at this level that there are sets of defined and documented standard
processes established and subject to some degree of improvement over time. These standard processes are
in place (i.e., they are the AS-IS processes) and used to establish consistency of process performance across
the organization.
Level 4 - Managed
It is characteristic of processes at this level that, using process metrics, management can effectively control
the AS-IS process (e.g., for software development ). In particular, management can identify ways to adjust
and adapt the process to particular projects without measurable losses of quality or deviations from
specifications. Process Capability is established from this level.
Level 5 - Optimizing
It is a characteristic of processes at this level that the focus is on continually improving process
performance through both incremental and innovative technological changes/improvements.
At maturity level 5, processes are concerned with addressing statistical common causes of process variation
and changing the process (for example, to shift the mean of the process performance) to improve process
performance. This would be done at the same time as maintaining the likelihood of achieving the
established quantitative process-improvement objectives.
Software process framework for SEI's Capability Maturity Model
The software process framework documented is intended to guide those wishing to assess an
organization/projects consistency with the CMM. For each maturity level there are five checklist types:
TypeSD Description
Policy Describes the policy contents and KPA goals recommended by the CMM.
Standard Describes the recommended content of select work products described in the CMM.
Process Describes the process information content recommended by the CMM. The process
checklists are further refined into checklists for:
• roles
• entry criteria
• inputs
• activities
• outputs
• exit criteria
• reviews and audits
 • work products managed and controlled
• measurements
• documented procedures
• training
• tools
Describes the recommended content of documented procedures described in the
Procedure
CMM.
Provides an overview of an entire maturity level. The level overview checklists are
further refined into checklists for:
• KPA purposes (Key Process Areas)
• KPA Goals
• policies
• standards
Level
• process descriptions
overview
• procedures
• training
• tools
• reviews and audits
• work products managed and controlled
• measurements

Jump to: navigation, search

The Malcolm Baldrige National Quality Award is an annual award that recognizes U.S. organizations in
the business, health care, education, and nonprofit sectors for performance excellence. The Baldrige Award
is the only formal recognition of the performance excellence of both public and private U.S. organizations
given by the President of the United States. It is administered by the Baldrige National Quality Program,
which is based at and managed by the National Institute of Standards and Technology, an agency of the
U.S. Department of Commerce.
The Baldrige National Quality Program and the associated Award were established by the Malcolm
Baldrige National Quality Improvement Act of 1987 (Public Law 100–107). The Program and Award were
named for Malcolm Baldrige, who served as United States Secretary of Commerce during the Reagan
administration, from 1981 until Baldrige’s 1987 death in a rodeo accident.
The Award promotes awareness of performance excellence as an increasingly important element in
competitiveness and information sharing of successful performance strategies and the benefits derived from
using these strategies. To receive a Baldrige Award, an organization must have a role-model organizational
management system that ensures continuous improvement in the delivery of products and/or services,
demonstrates efficient and effective operations, and provides a way of engaging and responding to
customers and other stakeholders. The Award is not given for specific products or services. Up to 18
Awards may be given annually across six eligibility categories—manufacturing, service, small business,
education, health care, and nonprofit. As of 2009, 84 organizations had received the Award.

Criteria for Performance Excellence

The seven categories of the Criteria are:

The main uses of the Baldrige Criteria for Performance Excellence are education and organizational self-
assessment and self-improvement. The Criteria are also the basis for giving Baldrige Awards and giving
feedback to Baldrige Award applicants. In addition, the Criteria have the following three roles in
strengthening U.S. competitiveness:
• To help improve organizational performance practices, capabilities, and results
• To facilitate communication and sharing of information on best practices among U.S.
organizations of all types
• To serve as a working tool for understanding and managing performance and for guiding planning
and opportunities for learning
The Baldrige Criteria for Performance Excellence provide organizations with an integrated approach to
organizational performance management that results in
• delivery of ever-improving value to customers and stakeholders, contributing to organizational
sustainability
• improvement of overall organizational effectiveness and capabilities
• organizational and personal learning
The following three sector-specific versions of the Criteria, which are revised every two years, are available
for free from the Baldrige National Quality Program:
• Criteria for Performance Excellence
• Education Criteria for Performance Excellence
• Healthcare Criteria for Performance Excellence
[edit] Early History of the Baldrige Program
• In the early and mid-1980s, many U.S. industry and government leaders saw that a renewed
emphasis on quality was a necessity for doing business in an ever-expanding and more
competitive world market. But many American businesses either did not believe quality mattered
for them or did not know where to begin.
• The Malcolm Baldrige National Quality Improvement Act of 1987, signed into law on August 20,
1987, was developed through the actions of the National Productivity Advisory Committee,
chaired by Jack Grayson. The nonprofit research organization APQC, founded by Grayson,
organized the first White House Conference on Productivity, spearheading the creation of the
Malcolm Baldrige National Quality Award in 1987. The Baldrige Award was envisioned as a
standard of excellence that would help U.S. organizations achieve world-class quality.
• In the late summer and fall of 1987, Dr. Curt Reimann, the first director of the Malcolm Baldrige
National Quality Program, and his staff at the National Institute of Standards and Technology
(NIST) developed an award implementation framework, including an evaluation scheme, and
advanced proposals for what is now the Baldrige Award.
• In its first three years, the Baldrige Award was jointly administered by APQC and the American
Society for Quality, which continues to assist in administering the Award Program under contract
to NIST.
[edit] Program Impacts
• According to Building on Baldrige: American Quality for the 21st Century by the private Council
on Competitiveness, “More than any other program, the Baldrige Quality Award is responsible for
making quality a national priority and disseminating best practices across the United States.”
• An October 2001 study of the economic impact of the Baldrige National Quality Program,
prepared for NIST by Albert N. Link and John T. Scott, conservatively estimated the net private
benefits associated with the Program to the economy as a whole at $24.65 billion. When compared
to the social costs of the Program of $119 million, BNQP’s social benefit-to-cost ratio is 207-to-1.
• Leadership Excellence magazine in 2007 placed the Baldrige Program in the top ten best
government/military leadership programs in the United States based on seven criteria:
vision/mission, involvement/participation, accountability/measurement, content/curriculum,
presenters/presentations, take-home value/results for customers, and outreach of the programs and
products.
• Since the Program’s inception in 1987, more than 2 million copies of the business/nonprofit,
education, and health care versions of the Criteria for Performance Excellence booklets have been
distributed to individuals and organizations in the United States and abroad. In 2008, more than
1.75 million copies of the Criteria were accessed or downloaded from the Baldrige Web site.
[edit] Public-Private Partnership
The Malcolm Baldrige National Quality Award is supported by a distinctive public-private partnership. The
following organizations and entities play a key role:
• The Foundation for the Malcolm Baldrige National Quality Award raises funds to permanently
endow the Award Program.
• The National Institute of Standards and Technology (NIST), an agency of the U.S. Department of
Commerce, manages the Baldrige National Quality Program.
 • The American Society for Quality (ASQ) assists in administering the Award Program under
contract to NIST.
• The Board of Overseers advises the Department of Commerce on the Baldrige National Quality
Program.
• The Board of Examiners—consisting of leading experts from U.S. businesses and education,
health care, and nonprofit organizations—volunteers time to evaluate Award applications and
prepare feedback reports for applicant organizations. Board members also share information about
the Program in their professional, trade, community, and state organizations. The Panel of Judges,
part of the Board of Examiners, makes Award recommendations to the Director of NIST.
• The network of state, regional, and local Baldrige-based award programs known as the Alliance
for Performance Excellence provides potential award applicants and examiners, promotes the use
of the Criteria, and disseminates information regarding the Award process and concepts.
• Award recipients share information on their successful performance and quality strategies with
other U.S. organizations.
[edit] Baldrige Award Recipients
The following organizations have received the Malcolm Baldrige National Quality Award to date:
[edit] 2009
Honeywell Federal Manufacturing & Technologies, Kansas City, MO (manufacturing)
MidwayUSA, Columbia, MO (small business), AtlantiCare, Egg Harbor Township, NJ
(health care) Heartland Health, St. Joseph, MO (health care), VA Cooperative Studies Program
Clinical Research Pharmacy Coordinating Center, Albuquerque, NM (nonprofit)

[edit] 2008Poudre Valley Health System, Fort Collins, CO (health care)

Cargill Corn Milling North America, Wayzata, MN (manufacturing)
Iredell-Statesville Schools, Statesville, NC (education)