Gap Analysis
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Gap Analysis as PDF for free.
More details
- Words: 3,185
- Pages: 22
INTERNATIONAL ISLAMIC UNIVERSITY, ISLAMABAD
FACULTY OF BASIC & APPLIED SCIENCES DEPARTMENT OF COMPUTER SCIENCE
Of For CMM Level Subject: Software Quality Engineering
Submitted To: Muhammad Ramzan Submitted By: Muhammad Husnain(187 MSSE) Abdul Rahman(185MSSE)
Dedication This whole work is dedicated to
Our Parents And Specially
Our Teacher Who gave us this idea of practical work
Introduction The Capability Maturity Model (CMM) is a process capability maturity model which aids in the definition and understanding of an organization's processes. The CMM was originally intended as a tool for objectively assessing the ability of government contractors' processes to perform a contracted software project. Though it comes from the area of software development, it can be (and has been and still is being) applied as a generally applicable model to assist in understanding the process capability maturity of organizations in diverse areas. For example, software engineering, system engineering, project management, software maintenance, risk management, system acquisition, information technology (IT), personnel management. It has been used extensively for avionics software and government projects around the world. The CMM involves the following aspects: •
Maturity Levels: A number of levels in a discipline which gives continuous process improvement and optimization of organization.
•
Key Process Areas: A Key Process Area (KPA) identifies a cluster of related activities that, when performed collectively, achieve a set of goals considered important.
•
Goals: The goals of a key process area summarize the states that must exist for that key process area to have been implemented in an effective and lasting way. The extent to which the goals have been accomplished is an indicator of how much capability the organization has established at that maturity level. The goals signify the scope, boundaries, and intent of each key process area.
•
Common Features: Common features include practices that implement and institutionalize a key process area. There are five types of common features: Commitment to Perform, Ability to Perform, Activities Performed, Measurement and Analysis, and Verifying Implementation.
•
Key Practices: The key practices describe the elements of infrastructure and practice that contribute most effectively to the implementation and institutionalization of the KPAs.
Company profile: Office Info: Company Name: TRUE MERIDIAN Website: http://www.truemeridian.com/ Fax: 92 51 2293945 Tel: 92 51 2292462, 92 51 2292460 House# 212, Street# 17, G-10/2, Islamabad-44000 Organization Info: Offices: Tempa-USA Office Lahore-Pak Office Islamabad-Pak Office The Owner Dr. Abdul Basit: Working in the Tempa (USA) state office Deals contracts with the clients Major decisions are made by him CEO Imran Working in Lahore office Deals project related issues with the clients Major decisions regarding office and projects/project managers are made by him Also plays role of the project manager CEO Naaman Muasawwir Working in Islamabad office Deals project related issues with the clients Major decisions regarding office and projects/project managers are made by him Also plays role of the project manager
Each Office has the following hierarchy: Office wide SQC (software quality control) team Account Officer Project Manager for each individual project One or more S/W Development Teams for each project Each S/W Development Team has 4 to 8 members: One Project Manager One Team Lead-also plays the role of application engineer One or Two Back-End engineers Two or Three front-end engineers Two or three Design engineers-work for system design and architecture. Note: One of the group members Abdul Rahman is working as a developer in TRUE MERIDIAN. The purpose of this document is to analyze TRUE MERIDIAN software house’s CMM level. This document contains questions by which we can analyze current CMM level of TRUE MERIDIAN. We also give instructions to improve CMM level by seeing the performance of TRUE MERIDIAN.
Instructions The questionnaire has been divided in a number of sections. Each section covers one of the key process areas of the CMM Level 2. Questions can be answered by marking one of the possible answers. 1. Answer Yes if: - The activity is (almost) always performed. 2. Answer Not always if: - The activity is performed sometimes, or not completely. 3. Answer Never/No if: The activity is never or hardly ever performed. 4. Another option can be description if: The activity is can’t be specified by above three options.
Overview of the Gap Analysis: We have made a questionnaire for the TRUE MERIDIAN and questionnaire is based on the Capability Maturity Model level 2. CMM level 2 have following Key Process Areas (KPAs) Requirements Management Software Project Planning Software Project Tracking & Oversight Software Subcontract Management Software Quality Assurance Software Configuration Management. The questions are organized in sections; each KPA have some questions according to its requirements in the CMM structure. Each section contains a short overview of the purpose of each key process area. CEO is expected to fill in the questions based on your personal experience and knowledge. Answers used by assessment team to conduct the process assessment and are treated confidentially. At the last we give instructions to the company by which they can improve their CMM level.
What are CMM Level 2 KPAs and their relevant questions:
1.Requirements Management Purpose: To establish a common understanding between the customer and the software project of the customer’s requirements that will be addressed by the software project We have following questions for this KPA. 1. The software engineering group reviews the allocated requirements before they are incorporated into the software project. o Yes o No
2. The software engineering group uses the allocated requirements as the basis for software plans, work products, and activities. o Yes o No 3. Changes to the allocated requirements are reviewed and incorporated into the software project. o Yes o No 4. Written organizational Policy o Yes o No 5. Are the Responsibility assigned? o Yes o No 6. Are the adequate resources & funding provided? o Yes o No 7. Training for requirements management activities o Yes o No 8. Are the service commitments documented? o
Yes
o
Not always
o
Never
9. Are the service commitments evaluated with the customer on both a periodic and an event-driven basis? o
Yes
o
Not always
o
Never
10. Is the actual service delivery evaluated with the customer on both a periodic and an event-driven basis? o
Yes
o
Not always
o
Never
11. Activities reviewed with senior management on a periodic basis. o Yes o No 12. Activities are reviewed with the project manager on both a periodic and eventdriven basis. o Yes o No 13. SQA group reviews/ audits o Yes but not always o No The TRUE MERIDIAN can complete this KPA requirement by doing following activities: 1. Writing an organizational Policy. 2. Making service commitments documentation. 3. Service delivery evaluation with the customer on both a periodic and an eventdriven basis. 4. SQA group reviews
2. Software Project Planning Purpose: To establish reasonable plans for performing the software engineering and for managing the software project. We have following questions for this KPA. 1. Software project planning is initiated in the early stages o Yes
o No 2. Is the service delivery plan developed according to a documented procedure? o
Yes
o
Not always
o
Never
3. Is the service delivery plan documented? o
Yes
o
Not always
o
Never
4. 4. Are the service delivery activities to be performed identified and planned according to a documented procedure? o
Yes
o
Not always
o
Never
Are software and hardware products that are needed to establish and maintain control of the service delivery identified? o
Yes
o
Not always
o
Never
5. Are the risks associated with the cost, resource; schedule and technical aspects of the service identified, assessed, and documented? o
Yes
o
No
6. The software engineering group participates with other affected groups in the overall project planning throughout the project's life. o Yes o No
7. Software project commitments made to individuals and groups external to the organization are reviewed with senior management according to a documented procedure o Yes o No 8. Is there Designated Software Project Manager? o Yes o No 9. Documented and approved statement of work o Yes o No o Yes but w/o doc 10. Responsibility for s/w development plan o Yes o No 11. Adequate resources and funding for project planning o Yes o No 12. Training - estimation & planning o Yes o No 13. Periodic senior management review o Yes o No 14. Review with project manager on both periodic and event driven basis o Yes o No 15. Software Quality Assurance group reviews and /or audits o Yes
o No The TRUE MERIDIAN can complete this KPA requirements by doing following practices: 1. Writing an organizational Policy. 2. Making Software Engineering Group. 3. Making service delivery plan habitually. 4. Providing Training. 5. SQA group reviews
Software Project Tracking and Oversight Purpose: Service delivery is being tracked. The realized service levels are compared with the specified service levels and are reported to the customer and management on a regular basis. Corrective actions are taken when actual service delivery deviates from the specified service levels. The service provider reports to the customer the actual services delivered, the actual service levels, and, when relevant, calamities that hindered accurate service delivery. The service level reports are used as input for the evaluation of service level agreements. We have following questions for this KPA. 1. A documented software development plan is used for tracking the software activities and communicating status. o Yes o No 2. The project's software development plan is revised according to a documented procedure. o Yes o No 3. Software project commitments and changes to commitments made to individuals and groups external to the organization are reviewed with senior management according to a documented procedure. o Yes
o No 4. Are the service delivery risks associated with cost, resource, schedule and technical aspects of the services tracked? o
Yes
o
Not always
o
Never
5. Are actual measurement data and replanning data for the service recorded and made available? o
Yes
o
No
6. SW Development plan documentation? o Yes (high level plan only not detailed plan) o No 7. Designated Project Manager? o Yes o No 8. Adequate resources provided? o Yes o No 9. Training - technical & personnel aspects o Yes o No 10. Written Policy? o Yes o No 11. Are formal reviews conducted with the customer to address the accomplishments and results of the services at selected moments according to a documented procedure? o
Yes
o
Never
12. Review with project manager on both periodic and event driven basis o Yes o No 13. Does the service delivery group conducts periodic internal reviews to track activity status, plans, actual service levels, and issues against the service delivery plan? o
Yes
o
Not always( depends upon nature of project)
o
Never
13. Software Quality Assurance group reviews and /or audits o Yes o No The TRUE MERIDIAN can complete this KPA requirements by doing following practices: 1. Writing an organizational Policy. 2. Making service delivery plan habitually. 3. Providing Training. 4. Service delivery group reviews for each project. 5. SQA group reviews
Software Subcontract Management Purpose: The purpose of Subcontract Management is to select qualified IT subcontractors and manage them effectively. The service provider can select and hire subcontractors to delegate parts of the service. If this is the case, the service to be delivered by the subcontractors is laid down in a service level agreement. The service provider keeps track of the actual services
delivered by the subcontractor and takes corrective actions when the actual service levels deviate from the specified service levels. There are two types of contracts 1.
source providing
2.
outsourcing
Source providing: We provide sources (developers to client) and client pays for those sources. Like we provide two developers to the client and client pays for those developers. Out sourcing: Whole project is given to some other company. We have following questions for this KPA. 1. Is the service to be subcontracted specified and planned according to a documented procedure? o
Yes
o
Not always (depends upon nature of project and situation)
o
Never
2. Is the subcontractor selected, based on an evaluation of the subcontract bidders' ability to deliver the service, according to a documented procedure? o
Yes
o
Not always
o
Never
o on personal links basis 3. Is the contractual agreement between the prime contractor and the subcontractor used as the basis for managing the subcontract? o
Yes (with documentation)
o
Not always
o
Never
4. Is the documented subcontractor's service delivery plan reviewed and approved by the prime contractor? o
Yes
o
Not always (depends upon nature of project)
o
Never
5. Is the documented and approved subcontractor's service delivery plan used for tracking the service activities and for communicating status? o
Yes
o
Not always
o
Never
6. Are changes to the subcontractor's service commitments, service delivery plan, and other commitments resolved according to a documented procedure? o
Yes
o
Not always
o
Never
7. Are subcontract service commitments evaluated with the subcontractor on both a periodic and an event-driven basis? o
Yes
o
Not always
o
Never
8. Does the prime contractor's service quality assurance group monitor the subcontractor's service quality assurance activities according to a documented procedure? o
Yes
o
Not always
o
Never
9. Does the prime contractor's configuration management group monitor the subcontractor's configuration management activities according to a documented procedure? o
Yes
o
Not always
o
Never
10. Selecting a software sub-contractor o Yes o No 11. Establishing commitments with the subcontractor o Yes o No o depends upon nature of project 12. Tracking and reviewing the subcontractor’s performance and results o Yes o No o depends upon nature of project 13. Written Organizational Policy? o Yes o No The TRUE MERIDIAN can complete this KPA requirements by doing following practices: 1. Writing an organizational Policy. 2. Subcontractor’s service delivery plan should be reviewed and approved by the prime contractor. 3. Subcontractor’s service delivery plan should be used for tracking the service activities and for communicating status. 4. Changes to the subcontractor's service commitments, service delivery plan, and other commitments should be resolved according to a documented procedure. 5. Subcontract service commitments evaluation with the subcontractor should be on both a periodic and an event-driven basis. 6. Prime contractor's service quality assurance group should monitor the subcontractor's service quality assurance activities according to a documented procedure.
7. The prime contractor's configuration management group should monitor the subcontractor's configuration management activities according to a documented procedure 8. SQA group reviews
Software Quality Assurance Purpose: To provide management with appropriate visibility into the process being used and the products being built. We have following questions for this KPA. 1.Is a SQA plan prepared for the service delivery according to a documented procedure?
2.
o
Yes
o
Not always
o
Never
Are the SQA group's activities performed in accordance with the SQA plan? o
Yes
o
Not always
o
Never
3. Does the SQA group participate in the preparation and review of the service commitments and service delivery planning, standards and procedures? o
Yes
o
Not always
o
Never
4. The SQA group reviews the software engineering activities to verify compliance o Yes o No 5. The SQA group audits designated software work products to verify compliance. o Yes o No 6. Responsible Group
o Yes o No 7. Adequate resources o Yes o No 8. Training - SQA activities o Yes o No 9. Members of SW project orientation o Yes o No 10. Written Policy? o Yes o No 11. Does the SQA group conduct periodic reviews of its activities and findings with the customer's SQA personnel, as appropriate? o
Yes
o
Not always
o
Never
12. Review with project manager on both periodic and event driven basis o Yes o No The TRUE MERIDIAN can complete this KPA requirements by doing following practices: 1. Writing an organizational Policy. 2. SQA group participate in the preparation and review of the service commitments and service delivery planning, standards and procedures 3. SQA group reviews to the software engineering activities to verify compliance 4. SQA group reviews
5.Software Configuration Management The main purpose of Configuration Management is to establish and maintain the integrity of products which are subject to or part of the TRUE MERIDIAN. Configuration Management involves the identification of the relevant hardware and software components which need to be put under configuration control. This includes components owned by the customer that are being managed by the service provider, components owned by the provider that are used by the customer and components owned by the provider that are used to deliver the service. Changes to the configuration are evaluated with respect to the service level agreement and with respect to possible risks for the integrity of the configuration. Configuration management plan A configuration management plan covers the configuration management activities to be performed, the schedule of the activities, the assigned responsibilities, the resources required (including staff, tools, and computer facilities), the CM requirements and activities to be performed by the service delivery group and other related groups. We have following questions for analyzing this KPA. 1. Is a configuration management plan prepared for each service according to a documented procedure? o Yes o Not always o Never 2. Is a documented and approved configuration management plan used as the basis for performing the configuration management activities? o
Yes
o
Not always
o
Never
3. Is a configuration management library system established as a repository for the configuration baselines? o
Yes
o
Not always
o
Never
4. Are the products to be placed under configuration management identified? o
Yes
o
Not always
o
Never
5. Are action items for all configuration items/units initiated, recorded, reviewed, approved, and tracked to closure according to a documented procedure? o
Yes
o
Not always
o
Never
6. Are changes to configuration baselines controlled according to a documented procedure? o
Yes
o
Not always
o
Never
7. Are (software) products from the configuration baseline created and released according to a documented procedure? o
Yes
o
Not always
o
Never
8. Is the status of configuration items/units recorded according to a documented procedure? o
Yes
o
Not always
o
Never
9. Are standard reports documenting the configuration management activities and the contents of the configuration baselines developed and made available to affected groups and individuals?
o
Yes
o
Not always
o
Never
10. Are configuration baseline audits conducted according to a documented procedure? o
Yes
o
No
11. Written Policy? o Yes o No 12. Periodic senior management review o Yes o No 13. Review with project manager on both periodic and event driven basis o Yes o No 14. Periodic audits by SCM group? o Yes o No 15. SQA review and/or audit o Yes o No The TRUE MERIDIAN can complete this KPA requirements by doing following practices: 1. Writing an organizational Policy. 2. Documented and approved configuration management should be made for using as the basis for performing the configuration management activities
3. Changes to configuration baselines should be controlled according to a documented procedure 4. Periodic audits by SCM group. 5. SQA group reviews.
FACULTY OF BASIC & APPLIED SCIENCES DEPARTMENT OF COMPUTER SCIENCE
Of For CMM Level Subject: Software Quality Engineering
Submitted To: Muhammad Ramzan Submitted By: Muhammad Husnain(187 MSSE) Abdul Rahman(185MSSE)
Dedication This whole work is dedicated to
Our Parents And Specially
Our Teacher Who gave us this idea of practical work
Introduction The Capability Maturity Model (CMM) is a process capability maturity model which aids in the definition and understanding of an organization's processes. The CMM was originally intended as a tool for objectively assessing the ability of government contractors' processes to perform a contracted software project. Though it comes from the area of software development, it can be (and has been and still is being) applied as a generally applicable model to assist in understanding the process capability maturity of organizations in diverse areas. For example, software engineering, system engineering, project management, software maintenance, risk management, system acquisition, information technology (IT), personnel management. It has been used extensively for avionics software and government projects around the world. The CMM involves the following aspects: •
Maturity Levels: A number of levels in a discipline which gives continuous process improvement and optimization of organization.
•
Key Process Areas: A Key Process Area (KPA) identifies a cluster of related activities that, when performed collectively, achieve a set of goals considered important.
•
Goals: The goals of a key process area summarize the states that must exist for that key process area to have been implemented in an effective and lasting way. The extent to which the goals have been accomplished is an indicator of how much capability the organization has established at that maturity level. The goals signify the scope, boundaries, and intent of each key process area.
•
Common Features: Common features include practices that implement and institutionalize a key process area. There are five types of common features: Commitment to Perform, Ability to Perform, Activities Performed, Measurement and Analysis, and Verifying Implementation.
•
Key Practices: The key practices describe the elements of infrastructure and practice that contribute most effectively to the implementation and institutionalization of the KPAs.
Company profile: Office Info: Company Name: TRUE MERIDIAN Website: http://www.truemeridian.com/ Fax: 92 51 2293945 Tel: 92 51 2292462, 92 51 2292460 House# 212, Street# 17, G-10/2, Islamabad-44000 Organization Info: Offices: Tempa-USA Office Lahore-Pak Office Islamabad-Pak Office The Owner Dr. Abdul Basit: Working in the Tempa (USA) state office Deals contracts with the clients Major decisions are made by him CEO Imran Working in Lahore office Deals project related issues with the clients Major decisions regarding office and projects/project managers are made by him Also plays role of the project manager CEO Naaman Muasawwir Working in Islamabad office Deals project related issues with the clients Major decisions regarding office and projects/project managers are made by him Also plays role of the project manager
Each Office has the following hierarchy: Office wide SQC (software quality control) team Account Officer Project Manager for each individual project One or more S/W Development Teams for each project Each S/W Development Team has 4 to 8 members: One Project Manager One Team Lead-also plays the role of application engineer One or Two Back-End engineers Two or Three front-end engineers Two or three Design engineers-work for system design and architecture. Note: One of the group members Abdul Rahman is working as a developer in TRUE MERIDIAN. The purpose of this document is to analyze TRUE MERIDIAN software house’s CMM level. This document contains questions by which we can analyze current CMM level of TRUE MERIDIAN. We also give instructions to improve CMM level by seeing the performance of TRUE MERIDIAN.
Instructions The questionnaire has been divided in a number of sections. Each section covers one of the key process areas of the CMM Level 2. Questions can be answered by marking one of the possible answers. 1. Answer Yes if: - The activity is (almost) always performed. 2. Answer Not always if: - The activity is performed sometimes, or not completely. 3. Answer Never/No if: The activity is never or hardly ever performed. 4. Another option can be description if: The activity is can’t be specified by above three options.
Overview of the Gap Analysis: We have made a questionnaire for the TRUE MERIDIAN and questionnaire is based on the Capability Maturity Model level 2. CMM level 2 have following Key Process Areas (KPAs) Requirements Management Software Project Planning Software Project Tracking & Oversight Software Subcontract Management Software Quality Assurance Software Configuration Management. The questions are organized in sections; each KPA have some questions according to its requirements in the CMM structure. Each section contains a short overview of the purpose of each key process area. CEO is expected to fill in the questions based on your personal experience and knowledge. Answers used by assessment team to conduct the process assessment and are treated confidentially. At the last we give instructions to the company by which they can improve their CMM level.
What are CMM Level 2 KPAs and their relevant questions:
1.Requirements Management Purpose: To establish a common understanding between the customer and the software project of the customer’s requirements that will be addressed by the software project We have following questions for this KPA. 1. The software engineering group reviews the allocated requirements before they are incorporated into the software project. o Yes o No
2. The software engineering group uses the allocated requirements as the basis for software plans, work products, and activities. o Yes o No 3. Changes to the allocated requirements are reviewed and incorporated into the software project. o Yes o No 4. Written organizational Policy o Yes o No 5. Are the Responsibility assigned? o Yes o No 6. Are the adequate resources & funding provided? o Yes o No 7. Training for requirements management activities o Yes o No 8. Are the service commitments documented? o
Yes
o
Not always
o
Never
9. Are the service commitments evaluated with the customer on both a periodic and an event-driven basis? o
Yes
o
Not always
o
Never
10. Is the actual service delivery evaluated with the customer on both a periodic and an event-driven basis? o
Yes
o
Not always
o
Never
11. Activities reviewed with senior management on a periodic basis. o Yes o No 12. Activities are reviewed with the project manager on both a periodic and eventdriven basis. o Yes o No 13. SQA group reviews/ audits o Yes but not always o No The TRUE MERIDIAN can complete this KPA requirement by doing following activities: 1. Writing an organizational Policy. 2. Making service commitments documentation. 3. Service delivery evaluation with the customer on both a periodic and an eventdriven basis. 4. SQA group reviews
2. Software Project Planning Purpose: To establish reasonable plans for performing the software engineering and for managing the software project. We have following questions for this KPA. 1. Software project planning is initiated in the early stages o Yes
o No 2. Is the service delivery plan developed according to a documented procedure? o
Yes
o
Not always
o
Never
3. Is the service delivery plan documented? o
Yes
o
Not always
o
Never
4. 4. Are the service delivery activities to be performed identified and planned according to a documented procedure? o
Yes
o
Not always
o
Never
Are software and hardware products that are needed to establish and maintain control of the service delivery identified? o
Yes
o
Not always
o
Never
5. Are the risks associated with the cost, resource; schedule and technical aspects of the service identified, assessed, and documented? o
Yes
o
No
6. The software engineering group participates with other affected groups in the overall project planning throughout the project's life. o Yes o No
7. Software project commitments made to individuals and groups external to the organization are reviewed with senior management according to a documented procedure o Yes o No 8. Is there Designated Software Project Manager? o Yes o No 9. Documented and approved statement of work o Yes o No o Yes but w/o doc 10. Responsibility for s/w development plan o Yes o No 11. Adequate resources and funding for project planning o Yes o No 12. Training - estimation & planning o Yes o No 13. Periodic senior management review o Yes o No 14. Review with project manager on both periodic and event driven basis o Yes o No 15. Software Quality Assurance group reviews and /or audits o Yes
o No The TRUE MERIDIAN can complete this KPA requirements by doing following practices: 1. Writing an organizational Policy. 2. Making Software Engineering Group. 3. Making service delivery plan habitually. 4. Providing Training. 5. SQA group reviews
Software Project Tracking and Oversight Purpose: Service delivery is being tracked. The realized service levels are compared with the specified service levels and are reported to the customer and management on a regular basis. Corrective actions are taken when actual service delivery deviates from the specified service levels. The service provider reports to the customer the actual services delivered, the actual service levels, and, when relevant, calamities that hindered accurate service delivery. The service level reports are used as input for the evaluation of service level agreements. We have following questions for this KPA. 1. A documented software development plan is used for tracking the software activities and communicating status. o Yes o No 2. The project's software development plan is revised according to a documented procedure. o Yes o No 3. Software project commitments and changes to commitments made to individuals and groups external to the organization are reviewed with senior management according to a documented procedure. o Yes
o No 4. Are the service delivery risks associated with cost, resource, schedule and technical aspects of the services tracked? o
Yes
o
Not always
o
Never
5. Are actual measurement data and replanning data for the service recorded and made available? o
Yes
o
No
6. SW Development plan documentation? o Yes (high level plan only not detailed plan) o No 7. Designated Project Manager? o Yes o No 8. Adequate resources provided? o Yes o No 9. Training - technical & personnel aspects o Yes o No 10. Written Policy? o Yes o No 11. Are formal reviews conducted with the customer to address the accomplishments and results of the services at selected moments according to a documented procedure? o
Yes
o
Never
12. Review with project manager on both periodic and event driven basis o Yes o No 13. Does the service delivery group conducts periodic internal reviews to track activity status, plans, actual service levels, and issues against the service delivery plan? o
Yes
o
Not always( depends upon nature of project)
o
Never
13. Software Quality Assurance group reviews and /or audits o Yes o No The TRUE MERIDIAN can complete this KPA requirements by doing following practices: 1. Writing an organizational Policy. 2. Making service delivery plan habitually. 3. Providing Training. 4. Service delivery group reviews for each project. 5. SQA group reviews
Software Subcontract Management Purpose: The purpose of Subcontract Management is to select qualified IT subcontractors and manage them effectively. The service provider can select and hire subcontractors to delegate parts of the service. If this is the case, the service to be delivered by the subcontractors is laid down in a service level agreement. The service provider keeps track of the actual services
delivered by the subcontractor and takes corrective actions when the actual service levels deviate from the specified service levels. There are two types of contracts 1.
source providing
2.
outsourcing
Source providing: We provide sources (developers to client) and client pays for those sources. Like we provide two developers to the client and client pays for those developers. Out sourcing: Whole project is given to some other company. We have following questions for this KPA. 1. Is the service to be subcontracted specified and planned according to a documented procedure? o
Yes
o
Not always (depends upon nature of project and situation)
o
Never
2. Is the subcontractor selected, based on an evaluation of the subcontract bidders' ability to deliver the service, according to a documented procedure? o
Yes
o
Not always
o
Never
o on personal links basis 3. Is the contractual agreement between the prime contractor and the subcontractor used as the basis for managing the subcontract? o
Yes (with documentation)
o
Not always
o
Never
4. Is the documented subcontractor's service delivery plan reviewed and approved by the prime contractor? o
Yes
o
Not always (depends upon nature of project)
o
Never
5. Is the documented and approved subcontractor's service delivery plan used for tracking the service activities and for communicating status? o
Yes
o
Not always
o
Never
6. Are changes to the subcontractor's service commitments, service delivery plan, and other commitments resolved according to a documented procedure? o
Yes
o
Not always
o
Never
7. Are subcontract service commitments evaluated with the subcontractor on both a periodic and an event-driven basis? o
Yes
o
Not always
o
Never
8. Does the prime contractor's service quality assurance group monitor the subcontractor's service quality assurance activities according to a documented procedure? o
Yes
o
Not always
o
Never
9. Does the prime contractor's configuration management group monitor the subcontractor's configuration management activities according to a documented procedure? o
Yes
o
Not always
o
Never
10. Selecting a software sub-contractor o Yes o No 11. Establishing commitments with the subcontractor o Yes o No o depends upon nature of project 12. Tracking and reviewing the subcontractor’s performance and results o Yes o No o depends upon nature of project 13. Written Organizational Policy? o Yes o No The TRUE MERIDIAN can complete this KPA requirements by doing following practices: 1. Writing an organizational Policy. 2. Subcontractor’s service delivery plan should be reviewed and approved by the prime contractor. 3. Subcontractor’s service delivery plan should be used for tracking the service activities and for communicating status. 4. Changes to the subcontractor's service commitments, service delivery plan, and other commitments should be resolved according to a documented procedure. 5. Subcontract service commitments evaluation with the subcontractor should be on both a periodic and an event-driven basis. 6. Prime contractor's service quality assurance group should monitor the subcontractor's service quality assurance activities according to a documented procedure.
7. The prime contractor's configuration management group should monitor the subcontractor's configuration management activities according to a documented procedure 8. SQA group reviews
Software Quality Assurance Purpose: To provide management with appropriate visibility into the process being used and the products being built. We have following questions for this KPA. 1.Is a SQA plan prepared for the service delivery according to a documented procedure?
2.
o
Yes
o
Not always
o
Never
Are the SQA group's activities performed in accordance with the SQA plan? o
Yes
o
Not always
o
Never
3. Does the SQA group participate in the preparation and review of the service commitments and service delivery planning, standards and procedures? o
Yes
o
Not always
o
Never
4. The SQA group reviews the software engineering activities to verify compliance o Yes o No 5. The SQA group audits designated software work products to verify compliance. o Yes o No 6. Responsible Group
o Yes o No 7. Adequate resources o Yes o No 8. Training - SQA activities o Yes o No 9. Members of SW project orientation o Yes o No 10. Written Policy? o Yes o No 11. Does the SQA group conduct periodic reviews of its activities and findings with the customer's SQA personnel, as appropriate? o
Yes
o
Not always
o
Never
12. Review with project manager on both periodic and event driven basis o Yes o No The TRUE MERIDIAN can complete this KPA requirements by doing following practices: 1. Writing an organizational Policy. 2. SQA group participate in the preparation and review of the service commitments and service delivery planning, standards and procedures 3. SQA group reviews to the software engineering activities to verify compliance 4. SQA group reviews
5.Software Configuration Management The main purpose of Configuration Management is to establish and maintain the integrity of products which are subject to or part of the TRUE MERIDIAN. Configuration Management involves the identification of the relevant hardware and software components which need to be put under configuration control. This includes components owned by the customer that are being managed by the service provider, components owned by the provider that are used by the customer and components owned by the provider that are used to deliver the service. Changes to the configuration are evaluated with respect to the service level agreement and with respect to possible risks for the integrity of the configuration. Configuration management plan A configuration management plan covers the configuration management activities to be performed, the schedule of the activities, the assigned responsibilities, the resources required (including staff, tools, and computer facilities), the CM requirements and activities to be performed by the service delivery group and other related groups. We have following questions for analyzing this KPA. 1. Is a configuration management plan prepared for each service according to a documented procedure? o Yes o Not always o Never 2. Is a documented and approved configuration management plan used as the basis for performing the configuration management activities? o
Yes
o
Not always
o
Never
3. Is a configuration management library system established as a repository for the configuration baselines? o
Yes
o
Not always
o
Never
4. Are the products to be placed under configuration management identified? o
Yes
o
Not always
o
Never
5. Are action items for all configuration items/units initiated, recorded, reviewed, approved, and tracked to closure according to a documented procedure? o
Yes
o
Not always
o
Never
6. Are changes to configuration baselines controlled according to a documented procedure? o
Yes
o
Not always
o
Never
7. Are (software) products from the configuration baseline created and released according to a documented procedure? o
Yes
o
Not always
o
Never
8. Is the status of configuration items/units recorded according to a documented procedure? o
Yes
o
Not always
o
Never
9. Are standard reports documenting the configuration management activities and the contents of the configuration baselines developed and made available to affected groups and individuals?
o
Yes
o
Not always
o
Never
10. Are configuration baseline audits conducted according to a documented procedure? o
Yes
o
No
11. Written Policy? o Yes o No 12. Periodic senior management review o Yes o No 13. Review with project manager on both periodic and event driven basis o Yes o No 14. Periodic audits by SCM group? o Yes o No 15. SQA review and/or audit o Yes o No The TRUE MERIDIAN can complete this KPA requirements by doing following practices: 1. Writing an organizational Policy. 2. Documented and approved configuration management should be made for using as the basis for performing the configuration management activities
3. Changes to configuration baselines should be controlled according to a documented procedure 4. Periodic audits by SCM group. 5. SQA group reviews.
Related Documents
Gap Analysis
July 2020 12
Gap Analysis
May 2020 20
Gap Analysis
April 2020 16
Gap Analysis Report
December 2019 18
Gap Group Analysis Project
November 2019 20