What is the CMM Model?
Maturity Model - Software Development
This discussion will be in the context of software development, although the later version of 'CMM™', known as
CMMI™ ('Capability Maturity Model Integration'), and other derivations, widened the application of CMM to the
generalised business process world. Basically, it is a formal certification by an external agency of an
organisation's maturity of process framework - specifically the ability to deliver a software project.
Developed and owned by Carnegie Mellon University in the early 1990s, it was based on research
into real data collected from companies about their delivery performance.
If we consider how software companies grow, then there are clear stages in their development as their level of
process sophistication grows and they need to maintain and improve quality levels (one hopes) as their
organisational complexity increases. After all, 'Microsoft' started in a backyard garage in the 1960's.
There are five process-related developmental stages recognised in the model:
1. Initial (the backyard garage - typified by a high degree of chaos)
2. Managed (typically there are processes in place with defined management - eg project management)
3. Defined (process standardisation is in place, with an organisation process focus)
4. Quantitatively managed (product quality and process performance data is being collected - for example bug
insertion rates, individual programmer coding performance - from an 'engineering' perspective ).
5. Optimized - process management - the organisation is formally and continually examining the effectiveness of its
process performance, and optimising those processes and the 'learning organisation' is achieved.
Each of these maturity levels have defined Key Process Areas (KPAs) which typify that maturity level. Further each
KPA has five associated definitions:
The general nature of these KPAs is apparent and the broader application illustrates the reasons why CMMI was
developed to widen application, even as far as 'People CMM™'.
Just as with a human being, an organisation cannot skip a stage ('miss out adolescence'), although able managers
will be able to shorten the timescales. In the explosion of software development outsourcing to the Indian
sub-continent, it provided a standardized way of assessing what were basically organisations 'unknown' to 'western'
companies, thereby enabling outsourcing decisions to be made based on objective and independent quality critieria
(besides obvious commercial criteria).
However, there is a distinction to drawn. With able (and suitably experienced) management software companies can
grow and thrive without the CMM 'badge' - for example Microsoft.
After all, CMM grew out of the US Government's search for a framework by which to assess potential contractors, and
it is in this external delivery context that it is most useful.
It is particularly beneficial to software/solutions companies which are delivering one-off development projects. It
enables them to promote a maturity level which should give customers a degree of confidence and enables potential
customers to compare potential solutions suppliers.
CMM may be contrasted with ISO9001 standards. ISO does not provide a gradation of maturity as does CMM. ISO is
about a minimum acceptable quality level for software processes. As someone who has worked in organisations under
both categorisations (and implemented ISO9001 compliant systems in software houses), the difference to the author
is only too obvious. In an ISO9000 accredited company (a customer), a manager once said to me (in somewhat stronger
language) - 'what we make is not of great quality, but its level of quality is consistent and standardized'.
© Phil Marks, March 2010
Over 20 years successfully delivering software development and implementation projects in banking,
commerce, manufacturing and distribution. Find out how my Project Management experience and sharp
delivery focus could help you at => www.projectpdq.com
Phil Marks, MSc, MBA, MBCS, Chartered IT Professional