Multi-Model Implementations: Challenges and Best Practices

LN Mishra, Founder and Principal Consultant, Adaptive Processes Consulting

Brief Summary

In today’s competitive scenario, various international standards and models such as CMMI, ISO
9001 and ISO 27001 not only provide a clear competitive advantage in market place also help
companies streamline their processes to achieve better Quality and Productivity. However,
implementing multiple models can create significant challenges and confusion in the practicing
community if it is not well thought out and not approached with right set of tools. This article
describes author’s experience in implementing multiple models in various companies such as
Infosys, IBM, iGate, Ness, Synowledge and other companies.

Business Needs for Multiple Models and Standards

Organizations need to comply with multiple models and standards such as ISO 9001, CMMI,
PCMM, ISO 27001/BS7799, ISO 20000/ITIL etc. due to competitive / customer / legal
requirements, ensure high quality and improve productivity by reuse, and establish various
business policies and procedures. Most companies manage this through multiple discrete
management systems like QMS, ISMS, and HR Processes etc. Most systems are word or HTML
based

Key Expectations from ISO 9001

ISO 9001 as an International Standard for Quality Management System (QMS) which expects a
documented Quality Management System, management to show commitment through Quality
Policy and Objectives, adequate resources, proper processes for product realization and a
system to ensure measurement, analysis and improvement. ISO 9001 expects an Internal Audit
mechanism to be in place. ISO 9001 has 6 mandatory processes and 19 mandatory records.
Most medium sized companies will have 30 to 40 processes and 30-40 various kinds of data
maintained.

Key Expectations from ISO 27001

ISO 27001 as an International Standard for Information Security Management System (ISMS)
which expects a documented ISMS, management to show commitment through Security Policy
and provide adequate resources, proper processes for managing information security and a
system to ensure measurement, analysis and improvement for information security. Similar to
ISO 9001, ISO 27001 expects an Internal Audit mechanism to be in place. ISO 27001 has 5
mandatory processes. Most medium sized companies will have 15 to 20 IT processes, 15 to 20
Information Security related policies and 10-15 various kinds of data maintained.

Key Expectations from CMMI Level 5

CMMI is a model developed by Software Engineering Institute, Carnegie Mellon University as a

collection of Best Practices for software development and maintenance. Similar to ISO 9001,
CMMI expects a documented Project and Process Management System, management to show
commitment through various policies, periodic reviews, provide adequate resources, proper
processes for product realization and a system to ensure measurement, analysis and
improvement. Most companies those follow CMMI have 30 to 40 processes and 30-40 various
kinds of datas maintained. The emphasis is on Quantitative Project and Process Management
through Statistical Process Control.

Challenges of Multi-Model Implementation

When we combine all these Models, we get more than 1500 requirements, 80 processes, 50
policies, 60 data, 20 trainings, multiple audits and assessments for projects. Also multiple
models create quite a bit of confusion of terminology such as “Document Control” in ISO 9001
becomes “Configuration Management” in CMMI, “Corrective and Preventive Actions” in ISO
9001 becomes ‘Causal Analysis and Resolution” in CMMI.

Software Projects face challenges on ever increasing demands on schedule, quality,

productivity, staffing and attrition. At the same time the Process Group, which is responsible for
implementing processes, faces challenges such as fast pace of model introduction and
changes, lack of appropriate data management system resulting in serious severe data
integrity issues, and poor process compliance. They also face problems of SQA staff
recruitment, mentoring and attrition.

All these models expect more than 20 types of trainings to be conducted for developers,
project managers and other stakeholders compounding the challenges of implementation.

Some Practical Scenarios

A very large IT Products and Services company had 29 different trackers to collect Project Data
for CMMI Purpose. Another large software services firm had a 26 tab Excel workbook to collect
metrics data every month. Most Project Managers feel the return on effort they put in process
implementation is negligible and are largely compliance driven. Most Project Managers spend 2
to 4 Person-Days a month in just preparing various kinds of reports.

Root Causes for Implementation Challenges

Some of the root causes behind such a situation are treating each model as a separate
initiative - difficulty in integrating multiple models/standards into one improvement program,
lack of comprehensive integrated Project Data Management System, excessive emphasis on
documenting and assessing processes, one size fit all approach and dogmatic view of process
implementation.

Best Practices in Multiple Model Implementations

Organizations which have been successful in integrating multiple models have developed
Integrated Project Management System which helps consolidation of all project related data.
They have successfully integrated Quality, Security and HR Management System.

Successful organizations have developed cross-functional teams to ensure process

implementations are ingrained into all functions and divisions of the organization rather than
remaining the sole responsibilities of the progress group. They seek regular feedback from
delivery management regarding process expectations and performance against them.
Organizations also promote Best Practice councils in the areas of process management, project
management, configuration management etc. to disseminate process best practices across the
organization.

Other aspects which organizations should keep in mind are to simplify processes as much as
possible and make processes role and context based. When implementing a new standard,
take holistic view of all processes, maintain ongoing coordination between various standard
implementation teams, tailor processes as per project complexity, and integrate all audits.
Successful companies have moved into Blended Learnings to take benefits of E-Learnings. They
have developed mechanisms to help Project Management community take benefit of process
implementations such as develop better estimation models with data collected.

Summary
Implementing multiple models is definitely a difficult task, however with suitable supporting
systems being in place and integrated view of processes, organizations can overcome the
challenges successfully.

About the Author

LN Mishra, PGDM (IIMA), PMP, Certified ISO 9001 and ISO 27001 Lead Auditor, Six
Sigma Black Belt

LN has 14+ years of professional experience in Software and Consulting - Strategic Change
Management and Software Processes – CMMI, ISO 9001 and 270001, and Six Sigma. He has
consulted several large clients in US, Europe and India for IBM, Infosys, PWC, iGate, MACH,
Ness Technologies etc. He has led in several ISO, CMMI Level 5 and ISMS implementations,
designed and developed Quality and Information Security Management Systems.

His interest areas are making systems and processes simple, comprehensive yet very effective.
With experiences in delivery, processes and change management enables him to appreciate
view points from all stakeholders and develop up systems that will be simple to use, easier to
implement and deliver business results.
About Adaptive Processes

Adaptive Processes helps its clients in defining, implementing, managing and improving
processes which are aligned to world class models and standards like CMMI, ISO 9001 and
27001, PMP, Six Sigma and PCMM.

We developed World’s First Database Driven Process Repository which has been filed for
patent. Our Adaptive Portfolio Management System (APMS) meets complete process and
data management requirements for CMMI Level 5, ISO 9001 and ISO 27001. It can help
companies achieve CMMI Level 5, ISO 9001 and ISO 27001 in less than 6 months and costs less
than even hiring a SQA.

We are the 1st leading Process consulting firm in India to be certified for prestigious
ISO 9001: 2000 from prestigious certification body Det Norske Veritas (DNV).

Key Contacts

Email : LNMishra@AdaptiveProcesses.com
Cell : +91-9880-64-7936 (LN)
www.AdaptiveProcesses.com