Multi-model process assessment demonstration case

The output of theModel Mappingtask are mapping tables where quality require-ments from different quality models are mapped and a coverage function is used to characterize their relationship. To perform this task one needs to determine one of the improvement models as the reference model. By choosing a reference improvement model the direction of the relationship for the mapping function is determined. As an example CMMI-Dev will be considered as the reference model and ISO9001 and ISO12207 as the mapped improvement models. The mappings between ISO12207 and ISO9001 to CMMI-Dev created by [MSS09a, MS09] are output examples of the Model Mappingtask for this type of scenario.

Figure 4.6: Quality Management Process OSSP and QR mapping task

The mapping tables are used as input toOSSP and QR mapping task along with organizational process definitions. The expected output is an information system based on the conceptual model described in Figure 4.4. TheOSSP and QR mappingtask may include the following steps:

1. The mapping tables are used to create QualityRequirement and Coverage in-stances (see Figure 4.4). In a first step, all specific practices of CMMI-Dev, ac-tivities and tasks of ISO12207 and shall statements of ISO9001 originate Quali-tyRequirement instances. Coverage associations are created based on the Model Mapping tables output of Model Mapping task.

2. In a second step, for all instances of QualityRequirement of the reference im-provement model, anIndicatorinstance is defined by identifying relevant Arte-factsin the OSSP, e.g., if SPEM is used as process modelling language to define the OSSP, SPEM instances of constructs likeTask Definition,WorkProduct Def-inition, Activity, among others, can be used as instances of type Artefact (see Figure 4.4) to define Indicators for each specific practice of CMMI-Dev.

4.4 Multi-model process assessment demonstration case 89 3. In a third step, the remainingQualityRequirementinstances not belonging to the reference model require an analysis to evaluate ifQualityRequirementrelated in-stances (resulting of theCoverageinstance defined) do include all relevant arte-facts in the OSSP that can be useful in supporting desired compliance. This is a vital point in the process of mapping quality requirements with OSSP process entities. For theQualityRequirementnot part of the reference model, not having Indicators associated, they will reuseIndicatorsof mapped quality requirements.

This means that if a coverage association exists it will identify which indicators can be reused for the purpose of assessing compliance. This is where the sys-tem takes full advantage of shared scope between adopted models. Even so, if mapped quality requirements do not provide full coverage, additional indi-cator instances need to be defined identifying missing relevant OSSP artefacts, e.g., if an ISO12207 activity is partially covered (e.g., not having as maximum a value of 100) by a related CMMI-Dev specific practices, it will reuse artefacts identified by the indicators associated to CMMI-Dev specific practices and still require extra artefacts to support full compliance for the activity considered. An example is given in Figure 4.4 by the QR(3). It maps partially to QR(5) and thus reuses Indicator2related Artefactsbut requires the creation ofIndicator3 to fully collect evidences needed to achieve full coverage of the requirement.

As an outcome ofOSSP and QR mappingtask aninformation systemrelating im-provement models adopted and the respective OSSP entities relevant to ensure compli-ance is created including indicatoers used to establish complicompli-ance with relevant scopes.

Figure 4.7 depicts an example (not exhaustive) of a QR/OSSP Traceability Infor-mation Systemdescribing associations on shared scope between quality requirements and OSSP process related entities. The first and second columns represent quality requirements from ISO9001 and ISO12207 respectively, along with their coverage association with CMMI-Dev practices (depicted in the arrows linking the Quality Re-quirements instances), represented in the third column.

Compliance assessment

Figure 4.8 depicts two tasks in the scope of an Audit process (aligned with IEEE 1028 standard) to demonstrate the context where an information system of figure 4.7 can be used to support the joint model audit process. As an example we will consider an assessment scope set to evaluate compliance to CMMI-Dev Configuration Manage-ment process area. This is depicted in the fourth column of Figure 4.7 along with the Indicators associated to the scope for Configuration Management.

The example of Figure 4.7 is created in line with the mapping tables defined by Mutafelija and Stromberg [MSS09a, MS09] that maps ISO9001 and ISO12207 to

Figure 4.7: Compliance Information System

CMMI-Dev respectively. The mappings provide an example output of the taskModel Mapping tablein Figure 4.6. By analysing the mapping table all ISO12207 configura-tion management activities and tasks have full coverage by CMMI-Dev Configuraconfigura-tion Management specific practices, thus Indicators defined to support CMMI-Dev config-uration management evidences can be reused to guide data collection for compliance with ISO12207 configuration management process. By analysing mapping tables men-tioned, a similar example can be considered relating Decision Management process of ISO12207 and Decision and Analysis Resolution from CMMI-Dev, the coverage as-sociation established allow a full reuse of evidences collection.

If different scopes are defined for Configuration Management and Decision and Analysis Resolution/Decision Management processes from CMMI-Dev and ISO12207 an audit check-list template for evidence collection can be defined in thePlanning the audit taskdepicted in Figure 4.8.

The check-list is defined by selecting from the information system theIndicators associated to the desired scopes e.g., Configuration Management and Decision and Analysis Resolution.

To further optimise the audit process, questions can be defined for a specific scope to support gathering objective evidence on performed practices. These questions be-come instances of Affirmation and are associated to Artefacts of the OSSP and to a Scope defined for the audit. The association exists to allow defining different ques-tions for different scopes. By maintaining information linkingScopeandAffirmation