III Conferência CMMI Portugal, Keynote 2: CMMI for Services... not only for IT, Enrique Morey, PIA...
-
Upload
isabelmargarido -
Category
Business
-
view
133 -
download
0
description
Transcript of III Conferência CMMI Portugal, Keynote 2: CMMI for Services... not only for IT, Enrique Morey, PIA...
Abstract
Over the last three years, there are more than 300 formal appraisals using CMMI for Services as model reference. Over 70% of the appraised organizations belong to sectors that
IT project manager with extensive experience in the Banking and Finance, in recent years has worked as Senior Consultant in the areas of quality processes for Information Technology and Services industry, having a wide experience in training consulting and
pp g g are not directly related to Information Technology.
I have had the opportunity to evaluate businesses and services related to fund management, marketing campaigns, and billing services. The objective of this presentation is to show the generic aspects of CMMI for Services and give some examples
wide experience in training, consulting and evaluation for improvement projects in Spain, Portugal and Latin America.
He has worked as Senior Consultant in European Software Institute (ESI-Tecnalia) and Process Quality Engineering (ProQua), and SEPG Leader of Systems Division of the Banco de Credito del Peru (BCP) having achieved maturity level 3 of CMMI model
of implementation in areas beyond the typical IT services.
Biography
Master in Business Administration (MBA) by ESADE Business School (Barcelona, Spain) and Systems Engineer by Pontificia Universidad Catolica del Peru (PUCP). Certified SCAMPI Lead Appraiser for CMMI
achieved maturity level 3 of CMMI model.
He has participating in Software Engineering Process Group Latin America Conferences (SEPG LA) as program committee member and speaker. He is also a member of the training staff in the PUCP and he has extensive training experience at universities and institutions.
Certified SCAMPI Lead Appraiser for CMMI for Development (DEV), Acquisitions (ACQ) & Services (SVC) by CMMI Institute. Managing Director in PIA Consultores since 2013.
1
Why do we need effective management of services?
“Throughout the latter half of the twentieth century, the service sector has been both the largest and the fastest growing component of
This increase is due, in part, because today the products have a higher service component than in previous decades. For example, large infrastructure vendors such as IBM, HP and Cisco, offer services that go beyond the sale of a particular product
g g g p the U.S. economy. Fifty years ago, the service sector accounted for about sixty percent of U.S. output and employment. Today, the service sector‘s share of the U.S. economy has risen to roughly 80 percent.” - The Role of Services in the Modern U.S. Economy, Office of Service Industries, January 1999
“Services constitute the engine of economic
of a particular product.
growth of the EU, since they account for 70% of GDP and employment in most Member States.” - Access to European Union: law, economics, policies., Nicholas Moussis, 19th updated edition, 2011
“According to one study of DoD contracts, “services” constituted more than one-third of purchases in 1984, but 56% by 2003.” -
Outsourcing the Pentagon: Who benefits from the Politics and Economics of National Security?, Larry Makinson, September 2004
2
Why do we need effective management of services?
Based on “The Cost of Poor Customer Service: The Economic Impact of the Customer Experience and Engagement in 16
causes of poor service are:
• Being trapped in automated self-service
• Being forced to wait too long for service
• Repeating themselves p g g Key Economies” - Genesys Telecommunications Laboratories, Inc, November 2009:
• The associated cost with the poor customer service in 16 major world economies amounted to US$ 338.5 billions (= € 250 thousand million).
• “In virtually every country customers ended
p g
• Representatives that lack the skills to answer their inquiry
Nearly 8,800 consumers were surveyed, with a minimum sampling of 500 per country: Australia, Brazil, Canada, China, Czech Republic, France, Germany, India, Italy, Mexico, Netherlands, New Zealand, Poland, Russia U K U S• In virtually every country, customers ended
at least one relationship per year due to poor service.”
• “Across all countries surveyed, about 7 in 10 consumers have ended a relationship.”
• “Nearly two-thirds of consumers who have ended relationships turn to a competitor, with the remainder lost or abandoned
Russia, U.K., U.S.
completely as consumers decide not to purchase from anyone.”
Consumers feel the most significant root
3
Why do we need effective management of services?
• IF causes of poor service delivery are corrected THEN customer satisfaction are increased.
the service rather than reacting to incidents or questions of clients.
• Personalization: deliver different services to satisfy personal qualities or characteristics.
These factors can be met if the service • IF customer satisfaction are increase THEN
customers become loyal and repeat their purchases.
• IF customers repeat purchases THEN they become communicators of good experiences to potential clients.
• Repeated purchases PLUS new customers
These factors can be met if the service management is improved so that can be provided effectively and efficiently.
There are many models and standards that are used as a basis to improve services management. Many of them are designed for specific industries and services. Some others do not offer a clear path for continuous service improvement Services providers are
EQUAL more turnover & increased economics benefits
According to the Genesys Labs' study, customer satisfaction would increase when four key needs are met:
• Competency: staff with needed abilities and skills to provide the service
service improvement. Services providers are confused about which could be more beneficial and appropriate for their business.
• Convenience: usefulness and suitability of the delivered services.
• Proactivity: initiative of providers to improve
4
IT Services
IT Service (ITILv3): “A service provided to one or more customers, by an IT Service Provider. An IT service is based on the use of Information Technology and supports
referred to as business process outsourcing (BPO), applications outsourcing (AO) and infrastructure outsourcing.
"CEOs don’t buy software anymore… they buy service level agreements” – George Fischer, gy pp
the customer's business process. An IT service is made up from a combination of people, processes and technology and should be defined in a Service Level Agreement.”
Gartner’s Definition:
• IT services refers to the application of business and technical expertise to enable organizations in the creation management
g g Global Technology & Software Executive, CA Technologies, SEPG Asia Pacific 2010
Examples:
• Software and application development
• Web development & hosting
• Management and support of applications
organizations in the creation, management and optimization of or access to information and business processes.
• The IT services market can be segmented by the type of skills that are employed to deliver the service (design, build, run). There are also different categories of service: business process services, application services and infrastructure
• Technical support and help desk
• Development and management of databases
• Telecommunications
• Infrastructure
application services and infrastructure services.
• If these services are outsourced, they are
5
Service industries (grouped into sectors)
business functions (that apply to all organizations in general): consulting, customer service human resources
stock brokerages, tax preparation
foodservice industry
personal grooming: hairdressing, manicurist/pedicurist, body hair removal, dental hygienistcustomer service, human resources
childcare
cleaning, repair and maintenance services: janitors, gardeners, mechanics
construction: carpentry, electricians, plumbing
death care: coroners, funeral homes
dispute resolution and prevention services:
dental hygienist
health care
hospitality industry
information services: data processing, database services, interpreting, translation
risk management: insurance, security
social servicesdispute resolution and prevention services: arbitration, courts of law, diplomacy, incarceration, law enforcement, lawyers, mediation, military, negotiation
education: library, museum, school
entertainment: gambling, movie theatres, performing arts productions, sexual services, sport, television
social services
transport
public utility: electric power, natural gas, telecommunications, waste management, water industry
fabric care: dry cleaning, self-service laundry
financial services: accountancy, banks and building societies, real estate,
6
CMMI for Services (CMMI-SVC)
CMMI-SVC guides all types of service providers to establish, manage, and improve services to meet business goals.
• Information Technology Services Capability Maturity Model (ITSCMM)
Like every CMMI model, CMMI-SVC:
• helps to set process improvement goals and The Software Engineering Institute (SEI)
published in 2009 the first version of CMMI for Services based on the success of CMMI model. The current version 1.3 was published in November 2010. At the beginning of 2013, the SEI has transferred CMMI-related products and activities to the CMMI Institute.
CMMI SVC draws on concepts and practices
priorities, provide guidance for quality processes, and provide a point of reference for appraising current processes
• can be applied internally or externally
• works well with other frameworks
• represents the consensus of thousands of practitioners about the essential elements of CMMI-SVC draws on concepts and practices
from CMMI and other service focused standards and models, including the following:
• Information Technology Infrastructure Library (ITIL)
• ISO/IEC 20000: Information Technology—Service Management
practitioners about the essential elements of service delivery
• can be used in whole or in part
CMMI-SVC addresses the needs of a wide range of service types by focusing on common processes.
• many existing models are designed for
• Control Objectives for Information and related Technology (CobiT)
specific services or industries.
• other existing models do not provide a clear improvement path.
7
Example Use Cases & Scenarios by Industry
Accounting services
Aircraft maintenance
Aluminum packaging
Fertilizer manufacturer
Fitness club
Fitness equipment maintenance
Loan broker
Logistics
Maintenance
Management consulting
Securities investment
Software benchmarking service
Software development
Software testing Aluminum packaging manufacturer
Ambulatory
Auto service
Auto insurance
Banking
Billing
Food services
Gardening and lawn care
Genealogy
Gutter maintenance
Healthcare
H h l h
consulting
Military communications support
Nuclear power
Oilfield services
Organizational performance
Software testing
Sports officiating
Staff augmentation
Stock trading
Textiles
Thermal diagnostics
Training Call center
Church administration
Client staffing
Database management
Defense contractor
Education
Home health care
Home inspection
Infrastructure management
Internal process group
Internet retail
Internet cable provider
performance improvement
Pharmaceutical
Process consulting
Project management
Providing PCs
Public health information
Training
Training and other aviation services
Training and technology deployment for COTS software
Translation services Education
Eldercare
Electric generation and supply
Employment
p
ISO audits
IT services
Letting a holiday home
information
Publishing
Quality assurance
Recommending technology
Travel agency
Travel services
University
Voice and data services
8
My own experience
• Three SCAMPI Class A for CMMI-SVC Maturity Level 2.
• SME organizations with less than 25 employees within the organizational unit
methods are used by trading partners, such as customers and their suppliers, to present and monitor transactional documents between one another and ensure the terms of their trading agreement are being met. These documents include invoices employees within the organizational unit.
• Two service types for each company, not necessarily IT Services.
Examples:
• Mobile Campaign: is a campaign, usually marketing, advertising, or public relations-related, through which organizations contact their audience
These documents include invoices, purchase orders, debit notes, credit notes, payment terms and instructions and remittance advices.
• Fund management: Financial management of funds of national and international organizations including obtaining donor funds, the investment of the assets received and their disbursedorganizations contact their audience
through SMS (text messaging). This form of campaigning allows organizations to reach out and establish relationships with an audience in a more individualized, intimate way. A campaign’s goal can have varied consumer consumption objectives including flashing (showing an image), informing (informational text / product info) or
and their disbursed.
engaging (response or click required).
• Electronic invoicing: Electronic invoicing is a form of electronic billing. E-invoicing
9
Service establishment
1. Service provider has an business idea for a new (or improved) service.
2. Service provider reviews available customer and end user needs and datacustomer and end-user needs and data.
3. Service provider identifies the service delivery approach (service strategy) to achieve the objectives and provide the capabilities.
4. Service provider develops the work plan to prepare the service system operations
5 Service provider executes the work plan to 5. Service provider executes the work plan to implement the service and request management system.
6. Service provider ensures that the service and request management system fulfills the service requirements.
10
Service Delivery
1. Customers provide requirements to service provider for a new (or renewed) agreement.
2 A new (or renewed) service level
described in the service agreement.
9. Service provider reviews service request status and resolution, and confirms results with relevant stakeholders.
10 Service provider collects customer 2. A new (or renewed) service level agreement is defined, negotiated and reviewed by customers and service provider.
3. Service provider prepares the service system to enable the delivery of services.
4. Service provider confirms the readiness of the service and request management
10.Service provider collects customer satisfaction information after services are delivered or service requests are fulfilled.
11.Service provider maintains the service system to ensure the continuation of service delivery based on customer satisfaction information and maintenance requests.
system.
5. End users provide service requests for their processing by service provider.
6. Service provider determines the actions to be taken to satisfy the service request.
7. Service provider operates the service system to deliver services in accordance
with agreements.
8. Service provider monitors the status of service requests until they are fulfilled as
11
Service Delivery (SD)
Setting up agreements, taking care of service requests, and operating the service system.
Th S i D li f The Service Delivery process area focuses on the following:
• Establishing and maintaining service agreements
• Preparing and maintaining a service delivery approach
• Preparing for service delivery
• Delivering services
• Receiving and processing service requests
• Maintaining service systems
12
Requirements Management (REQM)
Keeping clear with your customers and other stakeholders about the service you provide, and adjusting when you find inconsistencies or mismatched expectations. p
Requirements management processes manage all requirements received or generated by the work group, including both technical and nontechnical requirements as well as requirements levied on the work by the organization.
The work group maintains a current and approved set of requirements over the life of approved set of requirements over the life of the project by doing the following:
• Managing all changes to requirements
• Maintaining relationships among requirements, plans, and work products
• Ensuring alignment among requirements, plans, and work products
• Taking corrective action
13
Work Planning (WP)
Estimating costs, effort, and schedules, figuring out how you’ll provide the service, and involving the right people—all while watching your risks and making sure you’ve got the y g y g resources you need.
Planning is one of the keys to effectively managing work. The Work Planning process area involves the following activities:
• Developing the work plan
• Interacting with relevant stakeholders appropriately
• Getting commitment to the plan
• Maintaining the plan
14
Work Monitoring and Control (WMC)
Making sure what’s supposed to be happening in your service work is happening, and fixing what isn’t going as planned.
A documented work plan is the basis for A documented work plan is the basis for monitoring activities, communicating status, and taking corrective action. Progress or status is primarily determined by comparing actual work product and task attributes, effort, cost, and schedule to the plan at prescribed intervals, milestones, or control levels in the schedule or WBS.
Appropriate visibility of progress enables Appropriate visibility of progress enables timely corrective action to be taken when performance deviates significantly from the plan. A deviation is significant if, when left unresolved, it precludes the work activities from meeting its objectives.
15
Configuration Management (CM)
Controlling changes to your crucial work products. CM involves:
• Identifying the configuration of selected work products that compose baselines at
storage, reporting, and feedback
• Implementing the analysis techniques and mechanisms for data collection, data reporting, and feedback
• Providing objective results that can be used work products that compose baselines at given points in time
• Controlling changes to configuration items
• Building or providing specifications to build work products from the configuration management system
• Maintaining the integrity of baselines
• Providing objective results that can be used in making informed decisions and taking appropriate corrective action
Process and Product Quality Assurance (PPQA)
Checking to see that you are actually doing things the way you say you will in your policies, standards, and procedures. PPQA
• Providing accurate status and current configuration data to developers, end users, and customers
Measurement and Analysis (MA)
Knowing what to count and measure to manage your service. MA involves:
• Specifying objectives of measurement and
involves:
• Objectively evaluating performed processes and work products against applicable process descriptions, standards, and procedures
• Identifying and documenting noncompliance issues
analysis so that they are aligned with identified information needs and work, organizational, or business objectives
• Specifying measures, analysis techniques, and mechanisms for data collection, data
• Providing feedback to work group staff and managers on the results of quality assurance activities
• Ensuring that noncompliance issues are addressed
16
Strategic Service Management (STSM)
Deciding what services you should be providing, making them standard, and letting people know about them.
Incident Resolution and Prevention (IRP)
Getting new systems in place, changing existing systems, or retiring obsolete systems—all while making sure nothing goes terribly wrong with the service.
Incident Resolution and Prevention (IRP)
Handling what goes wrong—and preventing it from going wrong if you can.
Capacity and Availability Management (CAM)
Making sure you have enough of the resources you need to deliver services and that they are available when needed—at an appropriate costappropriate cost.
Service Continuity (SCON)
Being ready to recover from a disaster and get back to delivering your service.
Service System Development (SSD)
Making sure you have everything you need to deliver services, including people, processes,
consumables, and equipment.
Service System Transition (SST)
17
Coverage of CMMI-SVC on ITIL
The CMMI-SVC model is based on international models and standards such as ITIL and ISO 20000. Therefore, if we perform a high-level analysis, the process areas of
the IT Service Provider.
These are the Information Management sub-processes and their process objectives:
• Design of Security Controls: To design
g y p maturity level 3 cover between 93% and 95% of organized processes both in the latest version of ITIL (v3 2011) and ISO 20000 (2011).
In the ITIL case, three processes are not covered at 100%:
Information Security Management (0%)
appropriate technical and organizational measures in order to ensure the confidentiality, integrity, security and availability of an organization's assets, information, data and services.
• Security Testing: To make sure that all security mechanisms are subject to regular testing.
The major disadvantage of CMMI inrelationship with other models is the lack of a process area dedicated solely to information security. Process areas as Configuration Management or WP and WMC practices related to Data Management (SP2.3 and SP1.4 respectively) cover this process only tangentially but not directly.
g
• Management of Security Incidents: To detect and fight attacks and intrusions, and to minimize the damage incurred by security breaches.
• Security Review: To review if security measures and procedures are still in line with risk perceptions from the business side,
ITIL Information Security Management aims to ensure the confidentiality, integrity and availability of an organization's information, data and IT services.
ITIL Security Management usually forms part of an organizational approach to security management which has a wider scope than
p p , and to verify if those measures and procedures are regularly maintained and tested.
Currently, CMMI Institute published a draft PA on security management out for use and comment.
18
Coverage of CMMI-SVC on ITIL
Financial Management for IT Services (50%)
CMMI-SVC has some practices related to financial management:
levels of control)
• WP SP1.3 Plan data management (establishing requirements and procedures to ensure the privacy and security of data)
• WMC SP1 4 Monitor data management• WP SP1.5 Estimate effort and cost
• WP SP2.1 Establish the budget and schedule
• WMC SP1.1 Monitor work planning parameters (one of these parameters would be the budget)
However it is clear that this ITIL process is
• WMC SP1.4 Monitor data management
However, aspects such Identity Management and Management of Rights and Privileges for groups and individuals are not covered.
broader and includes other activities such as accounting, billing requirements of the service provider, estimates and forecasts, ...
Access Management (50%)
Although Access Management is closely related to Information Security Management, CMMI-SVC has some practices that support this process:this process:
• CM SP1.2 Establish a configuration management system (including access and
19
Coverage ITIL/ISO20K on CMMI-SVC
In the opposite case, the processes of ITIL and ISO 20000 can provide a coverage of 75% in the process areas of CMMI-SVC maturity levels 2 and 3. There are six process y p areas where it should be done an additional work:
Requirements Management (50%) ML2
Mainly, there is a lack of the practice of bidirectional traceability of requirements. Difficulty of implementation: medium.
Work Planning (50%) ML2
Aspects such as estimating and commitment to the work plan are missing (mainly the review of plans that affect the work and the reconciliation between estimates and available resources). Difficulty of implementation: medium.
20
Coverage ITIL/ISO20K on CMMI-SVC
Process and Product Quality Assurance (0%) ML2
Practices associated with this process area are not directly linked to any process ISO; but
Risk Management (0%) ML3
This process area is not directly linked to any ITIL process; but the ITIL model considers within the definition of each process a section for the management of risks. The
are not directly linked to any process ISO; but the ISO standard considers both internal and external audits to assess the Service Management System. The same mechanism could be implemented at a lower level in order to review the adherence to processes in a continuous way. Difficulty of implementation: low.
Organizational Training (0%) ML3
g management of event, incidents and problems are closely linked to the implementation of the practices of this process area. Difficulty of implementation: low.
Decision Analysis and Resolution (0%) ML3
Not considered by ITIL/ISO; the formal decision-making is usually easy to implement, although its institutionalization can cost some Organizational Training (0%) ML3
Not considered by ITIL/ISO; these practices usually are already implemented in most organizations and managed by Human Resources department. This process area organize activities related to organizational training in a better way; generally, it is necessary a few adjustments in the current methodology for achieving full
although its institutionalization can cost some effort. This is because decisions normally are taken daily naturally without to follow a formal process. Difficulty of implementation: low/medium.
In summary, there is a high degree of coverage between CMMI-SVC and ITIL/ISO 20000. The missing points can be covered with extra effort although not significant methodology for achieving full
implementation. Difficulty of implementation: low.
with extra effort, although not significant compared to the total effort of the implementation of each model or standard.
21
“Do you prefer your mom or dad?“
Based on “Match point: Who will win the game, ITIL or CMMI-SVC?”, Anju Saxena & John Maher, TATA Consultancy Services, SEPG NA 2011:
• Complementary models provide leverage
• The CMMI suite can be augmented by ITIL
• An ITIL shop can benchmark with CMMI
• Together they offer a balance of improvement and management focus, detail and service cycle orientation, and effective implementation implementation.
• An organization can begin to move toward full development / service integration using CMMI + ITIL to fulfill business goals.
The choice of one model or another should be aligned with the needs, strategies and business objectives of the organization.
22
• As of January 9, 2013, 301 formal SCAMPIs were reported in the SCAMPI Appraisal System (SAS).
• This represents a little more than 3 years of CMMI-SVC appraisals. For comparison, it pp p took 5 years for the Software CMM to reach 100 appraisals.
• ISO20K 609 in the last three years.
• We have four ML5 appraisals. The first was also enterprise and multi model.
• We see an increase in CMMI-SVC appraisals quarter over quarter.
• More than 190 lead appraisers have been certified.
• More than 280 instructors have been certified.
• More than 6,500 students have been taught CMMI-SVC CMMI-SVC.
23
What are early users saying?
Dramatic returns on investment from early adopters
• 13.5X income with one CMMI-SVC process area
measured.
Combined use of CMMI-SVC and CMMI-DEV
• people using CMMI-SVC as their foundation, but adding the engineering PAs for large complex service systems area
• 3.5X capacity to deliver service with one CMMI-SVC practice
Conversion from internal cost center to profit center
• Cost Center: is a division within a business which is financed from the profit margin adding to the cost of
for large, complex service systems
• high maturity users of CMMI-DEV begin with ML3 of CMMI-SVC when they transition
CMMI-SVC in use for development more than expected
• For example, companies that offer Software as a service (SaaS) SaaS is margin adding to the cost of
the organization, but contributing to its profit indirectly. Typical examples include research and development, marketing and customer service.
• Profit Center: is a section of a company treated as a separate business. Thus profits or losses for a profit center are calculated
as a service (SaaS). SaaS is a software delivery model in which software and associated data are centrally hosted on the cloud. SaaS is typically accessed by users using a thin client via a web browser.
• Saas is supplied by Application Service Providers (ASPs) and also it is referred as "on-demand software“or losses for a profit center are calculated
separately. Typical examples are a store, a sales organization and a consulting organization whose profitability can be
on-demand software .
24
What does the CMMI-SVC deliver?
The CMMI-SVC offers a proven approach to
• maintaining competitiveness
• increasing revenue
service performance and quality
• Fosters stronger employee motivation and better retention, as they participate in making service coordination and delivery better g
• improving efficiency
by strengthening service delivery and service management.
• Promotes assured, consistently high-quality service delivery that cements, retains, and increases customer loyalty
• Provides a roadmap for continuous service
• Can be the basis for regional and global strategies, as all work becomes service
• Provides a roadmap for continuous service improvement: benchmark, set goals, prioritize activities, take action, measure progress
• Supports efficiency and reduces complexity through an enterprise-wide common service improvement vocabulary that is critical for multi model use and outsourcing
• Reduces time-to-market (or field) delivery of new services to customers
• Enables the rapid fine-tuning of existing
25
PIA Consultores
Who we are?
Professionals with more than 20 years of experience and recognized prestige in the sector
• Consulting and implementation of improvement projects based on international reference models: CMMI, PMBOK, ITIL, ISO20000
• Applying agile methods, Kanban and Lean sector.
What we do?
We help to optimize the processes of production of our clients
Where we are?
Basque Country, Spain
What are our services?
pp y g g Sig Sixma for project management and high maturity companies.
• Implementation of project management offices, tools and methodology for management support.
What are our services?
• Official training and evaluation of CMMI models (Development, Services and Acquisitions)
omore than 800 people trained in 60 official CMMI courses
o73 organizations formally appraised based on CMM/CMMI model since 2001on CMM/CMMI model since 2001
operforming services in 23 countries on 4 continents
26
27