CMMI vs. ISO 9001:2000

Mukul Gupta,  Sunday, March 4th, 2007

People often tend to compare CMMI with ISO 9001. The most common thing that I come to hear is that ISO 9001:2000 is same as CMMI Level 3. I am no expert on this but being an ISO 9001 organization which has started its journey for CMMI, I cannot resist but talk about how different CMMI is from ISO 9001.

First off, CMMI-SW had been designed as a framework for addressing the problem that is faced by organizations that are into development of software intensive systems. ISO on the other hand is applicable for all manufacturing organizations that may or may not be into software development. Thus, both your software organization as well as a road-side bakery can be an ISO 9001 organization but the bakery won’t get a CMMI certification.

Here are the few things there in CMMI which ISO misses or does not mention explicitly:

Institutionalization
Without institutionalization a process breaks under pressure of deadline. CMMI stresses the fact that the process should be ingrained into business so that it becomes the part of corporate culture.

Focus on Organizational Training
For any process to implemented uniformly across organization and to ensure that organization keeps learning and growing it important to identify training needs and impart it properly. It is for this reason that CMMI has a separate practice area in the area of training.

Maintaining Process Asset Library
This library contains process assets that include process related documentation such as policies, defined processes, checklists, lessons-learned documents, templates, standards, procedures, plans, and training materials. These assets are required for the process to interpreted and executed properly.

Discipline of Risk Management
CMMI looks at risk management as an organized and technical discipline to identify things that light cause harm or loss. Once a risk is identified it is quantified and prioritized and the risk is tracked throughout the project life cycle.

Causal Analysis
The causes of variation in achieving the project goals are analyzed formally and the root is identified and addressed so the variation is eliminated or their impact is minimized.

Concept of Stakeholders
CMMI states that a stakeholder is anyone who is affected by or is accountable for the outcome of the project. Thus, a stakeholder can include project team members, suppliers, customers, end users, and others.

I know that being in the business for software services it make better sense to be a CMMI organization.

Filed under: CMMi 9 Comments

9 Comments

Richard Kemp

Thats an excellent summary of CMMi focus areas. I think its fair to point out that ISO9001 has its own focus areas that CMMi does not have – specifically in the area of customer satisfaction and quality. I find it appropriate to use CMMi for internal softare development practice, and ISO9001 for customer-facing or customer-interactive processes like consulting engagements or system integration projects.

- Rick

Prathibha Jose

Hi,

Thank you for the informative summary. But let me kindly point out that ISO Clause 6.2.2 is about training.

Prathibha

John

Good

Zeeshan Ahmed Khan

Very much required summary of differences posted. I got what i was looking for … thankx !

Tahniyat Kazmi

Thx… It was useful information

blue apple

Good summary, but Maintaining Process Asset Library, is the main requirement of the ISO 9001, included in paragraph 4.2: Quality Manual, Control of documents, Procedures, Work Instructions, Quality Policy, Control of Records and finally it’s all controlled during the Internal Audits. As well as for the trainings, it is all in the ISO 9001 clause 6.2 Human Resources.

Gayatri Sawant

Well summarized. We have to understand that ISO9001 standard is a generic standard, which talks about what is expected. The ‘How’ part is up the organisation to decide and formulate. The ISO 9001:2000 version is much simpler yet powerful std. Though it was initially used by manufacturing industry extensively, it can be very well applied to any industry. It forms a strong base for developing the quality culture in the organisation.
With the base of ISO9001 std it is comparatively easier for any organization to go in for CMMI. The reason being the culture of quality is inculcated in the organisation. There is a Quality Management system in place, the system of reviews, audits, control of non conforming products, taking corrective & preventive actions, measurement and analysis are in place. There is a strong focus on continuous improvement & Customer satisfaction.

hector

I agree with “blue apple” eventhough your effort is very good, regrettably you seem to know very little of iso9000 as there are no such differences you mention. You seem to be very confused with the natural fact that different organizations use different words to refer to the same: a collection of “documents, manuals, book, procedure, sheets” etc : you can just say “library”. I regret you post is further confusing other people: “Institutionalization”= commitment or responsibilities of higher management. risk management: measure, evaluation and improvement, etc. You cannot base a concept comparison on VOCABULARY but in the actual meaning of the words used.

Ankit Sharma

Hi..
thanks for the summary of differences it was really very useful.

Post Your Comments: