Matriz de Adherencia PPQA Review2

ELEMENTOS CMMI DIAGNOSTICO

SG/SP Metas / Prácticas Que tenemos?

PPQA SG1

PPQA SP1.1

PPQA SP1.2

* Lista de Chequeo de productos de trabajo

PPQA SG2

PA (Proce

ss Area) CMMI Adherence of the performed

process and associated work products to applicable process descriptions, standards, and procedures is objectively evaluated.

Objectively evaluate selected performed processes against applicable process descriptions, standards, and procedures.

Inicialmente tenemos un Programa Anual de Auditorias

De otro modo tenemos el proceso "Calidad de Procesos", cuyo objetivo es Garantizar la adherencia de los procesos y procedimientos establecidos. En el cual se referencian varios procedimientos (Ver artefactos generados)

* Ahora Laura, tenemos 2 tipos de Auditorias: Documentales y de Procesos. La primera esta asociada a revisión unicamente de productos de trabajo y la otra a la ejecución del proceso como tal (con todas sus dependencias: productos de trabajo, procedimientos). Para cada una de éstas se cuenta con su respectiva lista de chequeo

Objectively evaluate selected work products against applicable process descriptions, standards, and procedures.

Noncompliance issues are objectively tracked and communicated, and resolution is ensured.

PPQA SP2.1

PPQA SP2.2

PPQA GG2

PPQA GP2.1

PPQA GP2.2

PPQA GP2.3

PPQA GP2.4

PPQA GP2.5

PPQA GP2.6

PPQA GP2.7

Communicate quality issues and ensure the resolution of noncompliance issues with the staff and managers.

* Hoy en día el auditor (ATCAL) nos envía los informes de auditoria, los cuales hacemos llegar al auditado y nos convertimos en coequiperos para el cierre de los hallazgos. Alli se cuenta con un formato para realizar seguimiento

* También por el modelo de ISO, se tiene un Informe Gerencial donde se muestra cobertura del programa anual de auditorías y estado de las acciones correctivas y/o preventivas

* Se cuenta con un informe de las auditorias efectuadas con sus respectivas acciones, con destino al PMO

Establish and maintain records of quality assurance activities.

* También por el modelo de ISO, se tiene un Informe Gerencial donde se muestra cobertura del programa anual de auditorías y estado de las acciones correctivas y/o preventivas

* Tenemos un formato en excel para F-SGC-10 Seguimiento Acciones y F-SGC-15 Categorización Causas Hallazgos

* Hoy en dia tenemos un repositorio para almacenar los resultados de cada auditoría por proceso, el cual tendería a desaparecer con la entrada de Sharepoint.

Institutionalize a Managed ProcessEstablish and maintain an organizational policy for planning and performing the process and product quality assurance process.

Establish and maintain the plan for performing the process and product quality assurance process.

Provide adequate resources for performing the process and product quality assurance process, developing the work products, and providing the services of the process.Assign responsibility for performing the process, developing the work products, and providing the services of the process and product quality assurance process.Train the people performing or supporting the process and product quality assurance process as needed.Place selected work products of the process under appropriate levels of control.Identify and involve the relevant stakeholders of the process and product quality assurance process as planned.

PPQA GP2.8

PPQA GP2.9

PPQA GP2.10

PPQA GG3

PPQA GP3.1

PPQA GP3.2

Monitor and control the process and product quality assurance process against the plan for performing the process and take appropriate corrective action.

Objectively evaluate adherence of the process and selected work products against the process description, standards, and procedures, and address noncompliance.

Review the activities, status, and results of the process and product quality assurance process with higher level management and resolve issues.Institutionalize a Defined ProcessEstablish and maintain the description of a defined process and product quality assurance process

Collect process-related experiences derived from planning and performing the process to support the future use and improvement of the organization’s processes and process assets.

DIAGNOSTICO

Que falta? Artefacto Generado

* Criterios para evaluar productos de trabajo

1. Definir si vamos a seguir manteniendo el esquema de ejecución de auditorías con personal externo (proveedor), o una persona interna. En el caso del primero debemos iniciar la consecución de un proveedor para tal fin.

2. Realizar el programa Anual de Auditorías para este año. Definir programación de auditorías con los líderes, para proyectos que vienen en curso.

3. De la iteración anterior quedo pendiente realizar el procedimiento de planificación de auditorías de proyectos (donde se definen criterios para la ejecución de las mismas). Este punto es importante dado que en este momento no es claro cuando nace un nuevo proyecto, como éste es incorporado de manera programada al Programa de Auditorías, es decir como de manera formal el área de Calidad es informada de la existencia de nuevos proyectos y como se coordina con el líder del proyecto la programación de auditorias para el mismo. Ahora adicionalmente se tiene en el plan del proyecto un capítulo asociado a la Gestión de la Calidad, donde el líder relaciona las auditorias convenidas (sospechamos que esto no esta siendo usado para tal fin)

* Se esta desarrollando en la herramienta Sharepoint, el manejo del flujo de hallazgos provenientes de las auditorías, del siguiente modo: Registro de Hallazgos (para diferentes fuentes), Gestión del Hallazgo con el Auditado con su respectiva generación de acciones correctivas y/o preventivas. Adicionalmente también quedo un flujo para el registro de no conformidades propias de proyectos, el cual queremos validar contigo si es apropiado o es duplicar la información???? Pregunta lortiz: A qué se refieren con "No conformidades propias de proyectos"? Contra qué puede duplicarse la información?

* Informe_Gestion_Calidad\Registros\Auditorias Internas\Programacion\Feb2010_Dic2011\PAA V4.0 07022011_31122011_20111207

* Informe_Gestion_Calidad\CMMI\EPG\Gestión Calidad Procesos\Documentación\Proceso\R-SGC-01 Proceso Calidad de Procesos\R-SGC-01 Proceso Calidad de Procesos_V01_20111014

* Informe_Gestion_Calidad\CMMI\EPG\Gestión Calidad Procesos\Documentación\Procedimiento\Auditorias Internas\P-SGC-02 Procedimiento Ejecución Auditorias Internas

* Informe_Gestion_Calidad\CMMI\EPG\Gestión Calidad Procesos\Documentación\Procedimiento\Auditorias Internas\P-SGC-04 Procedimiento Planeación Auditorias Apoyo

* Informe_Gestion_Calidad\CMMI\EPG\Gestión Calidad Procesos\Documentación\Procedimiento\Acciones Correctivas y Preventivas\P-SGC-03 Acciones Correctivas y Preventivas _V03_20111014

* \Informe_Gestion_Calidad\CMMI\EPG\Gestión Calidad Procesos\Documentación\Formatos\Auditoria Interna\F-SGC-07 Lista Chequeo Auditoria

ARTEFACTOS QUE SE ESTAN AUTOMATIZANDO EN SHAREPOINT

F-SGC-06 Plan AuditoriaF-SGC-08-Informe de AuditoríaF-SGC-09 Acciones Correctivas - PreventivasF-SGC-10 Seguimiento Acciones Correctivas PreventivasF-SGC-15 Categorización Causas Acciones

Estos pueden ser consultados en la siguiente ruta: \Informe_Gestion_Calidad\CMMI\EPG\Gestión Calidad Procesos\Documentación\Formatos

* \Informe_Gestion_Calidad\CMMI\EPG\Gestión Calidad Procesos\Documentación\Formatos\Auditoria Interna\F-FSC-81 LC Auditoria de Documentos\F-FSC-81 Lista de Chequeo Auditoria de Documentos_V1_2011115

* Presentación Ejecutiva con destino a la Alta Gerencia, sobre las auditorias efectuadas con sus respectivos resultados (de modo muy general)

* Revisar que reportes se pueden generar con la información que se tendría en Sharepoint. Reporte para el Líder del Proyecto, Reporte para el PMO, Reporte para la Gerencia.

* Ajustar en el proceso que los problemas no resueltos en el proyecto, pueden ser escalados a otras instancias

* Estrategia de sensibilización a los Funcionarios, sobre la importancia del seguimiento y cierre de sus hallazgos.

* Obtener de los reportes información estadistica que me permita determinar la tendencia de los resultados de las auditorias (adherencia a los procesos, a los productos de trabajo). Laura una pregunta, en este punto no sería importante establecer métricas, de algún modo no estariamos relacionandonos con MA?????

* \Informe_Gestion_Calidad\Registros\Acciones Correctivas - Preventivas\Seguimiento\De Calidad\Procesos Apoyo\Seguimiento Hallazgos General 20120118

* Informe_Gestion_Calidad\CMMI\EPG\PMO\Artefactos\F-FSC-92 Informe Ejecutivo Auditorias Proyectos\F-FSC-92 Informe Ejecutivo Auditorias Proyectos_V01_20111221

* \Informe_Gestion_Calidad\Registros\Reporte Gerencial\2011\Informe Revisión Gerencial 20110610

* Si vamos a manejar todo a través de sharepoint, la idea es trabajar bastante sobre el modulo de reportes y especificar cuales requerimos.

* Definir métricas para las actividades de calidad (auditorias, seguimientos), asociadas a: cobertura, cumplimiento, ... tendencia.

Laura te queremos contar que en el directorio que tienes, encuentras informes de proyectos que fueron auditados. Ver ruta: Informe_Gestion_Calidad\Registros\Auditorias Internas\Fabrica\2011 Y alli en su interior encuentras los códigos de los proyectos que fueron auditados, para luego encontrar el informe de auditoria con su respectiva lista de chequeo de productos de trabajo.

C:\Informe_Gestion_Calidad\CMMI\EPG\Gestión Calidad Procesos\Documentación\Formatos\Acciones Correctivas - Preventivas:

F-SGC-10 Seguimiento AccionesF-SGC-15 Categorización Causas

Review Laura Ortiz

1. Lista Chequeo Auditoria resultados en repositorio de cada proyecto2. SharePoint con hallazgos registrados y seguimiento planes de acción3. Falta generar lista chequeo de procesos OPD OPF y OT

The most important evidence here is the quality assurence result for each project against apllicable process (noncopliance report) and corrective actions plan.

Cada proyecto debe tener su informe de resultados de hallazgos identificados a nivel de adherencia a los procesos que acorde a su ciclo de vida y el plan de QA (debe estandarizarse actividades dentro del proceso de Planeación para este fin) debe cumplir.

Ver Ejemplo_VER_1

1. Lista Chequeo Auditoria resultados en repositorio de cada proyecto2. SharePoint con hallazgos registrados y seguimiento planes de acción3. Validar que en el checklist se tengan items de evaluacion directo a este aspecto (Cumplimiento formatos estandar, revisiones pares)

La evidencia igualmente que para adherencia de proceso, esta dada por las listas de chequeo para cada proyecto acorde a los criterios (aún no definidos) minimos a cumplir, acorde al ciclo de vida y plan PPQA establecido en la planeación del proyecto como mínimos a cumplir.

1. Correo enviado con conclusion de resultados de auditoria (Validar que sea estandar)2. Informe de resultados guardado en el repositori de cada proyecto3. Falta definir a nivel de proceso y politicas de divulgacion de resultados periodicos a Alta Gerencia

Es importante trabajar en un estandar más detallado y orientado a metricas acorde a indicadores para dar visibilidad de cumplimienta de metas dentro de la Ejecucion de Proyectos como del desempeño de la Ejecucion de los procesoss de PPQA

Se debe refinar las politicas de periodicidad de auditorias y generación de informes de manera más oportuna y preventiva.

1. Verificar CM definido estandar para PPQA (Cronogramas, Lista Chequeo reultados, informes seguimiento gerencial)

La evidencia directa esta dada por el repositorio de PPQA y su adecuada CM

De igual manera la evidencia directa esta soportada por los reportes de auditorias que debe tener cada proyecto en su respectivo repositorio administrado bajo politicas de CM.

Evidencia Directa Evidencia Indirecta

Planes de Acción - SharePoint

Planes de Acción - SharePoint

Lista de chequeo Auditoria de Proyectos / ProcesosHallazgos reportado en SharePoint

Lista de chequeo Auditoria de Proyectos / ProcesosHallazgos reportado en SharePoint

Correo enviando el informe de auditoria/Lista de chequeo auditoria, Hoja Informe

Auditoria y hallazgos reportados en SharePointPlanes de Accion SharePoint

Indicadores CalidadInforme Revision Gerencial

Lista de chequeo Auditoria de Proyectos / Procesos- Hoja Informe Planes de Accion - SharePointReportes SharePoint

PARA TENER EN CUENTA EN LA IMPLANTACION

WP SUB AC

Example Work Products1. Evaluation reports2. Noncompliance reports3. Corrective actions

Subpractices1. Promote an environment (created as part of project management) that encourages employee participation in identifying and reporting quality issues.2. Establish and maintain clearly stated criteria for evaluations.3. Use the stated criteria to evaluate selected performed processes for adherence to process descriptions, standards, and procedures.4. Identify each noncompliance found during the evaluation.5. Identify lessons learned that could improve processes.

Appraisal Considerations - “This process area primarily applies to evaluations of projects and services, but also applies to evaluations of non-project activities and work products such as training evaluations.”- Refer to the Project Planning PA for more information about identifying processes to be objectively evaluated- Consider the PPQA PA as an enabler for GP2.9 in the context of other process areas- The frequency of evaluations or audits is typically defined in a quality assurance plan. Look for evaluations performed throughout the lifecycle, not just at the end a project or in close proximity to the assessment- A typical implementation of this practice is through the development and use of a quality assurance plan that may be a standalone document or incorporated into another plan- Depending on the culture of the organization, the process and product quality assurance role may be performed, partially or completely, by peers, and the quality assurance function may be embedded in the process.

Example Work Products1. Evaluation reports2. Noncompliance reports3. Corrective actions

Subpractices1. Select work products to be evaluated, based on documented sampling criteria if sampling is used.2. Establish and maintain clearly stated criteria for the evaluation of selected work products.3. Use the stated criteria during evaluations of selected work products.4. Evaluate selected work products at selected times.5. Identify each case of noncompliance found during evaluations.6. Identify lessons learned that could improve processes.

Appraisal Considerations - Look for in-progress or incremental evaluations of work products and services, and at selected milestones- “This process area primarily applies to evaluations of projects and services, but also applies to evaluations of non-project activities and work products such as training evaluations.”- Refer to the Project Planning PA for more information about identifying work products to be objectively evaluated.- Consider the PPQA PA as an enabler for GP2.9 in the context of other process areas- The frequency of evaluations or audits is typically defined in a quality assurance plan. Look for evaluations performed throughout the lifecycle, not just at the end of the project or in close proximity to the assessment- A typical implementation of this practice is through the development and use of a quality assurance plan that may be a standalone document or incorporated into another plan- Depending on the culture of the organization, the process and product quality assurance role may be performed, partially or completely, by peers, and the quality assurance function may be embedded in the process.

Example Work Products1. Corrective action reports2. Evaluation reports3. Quality trends

Subpractices1. Resolve each noncompliance with the appropriate members of the staff if possible.2. Document noncompliance issues when they cannot be resolved in the project.3. Escalate noncompliance issues that cannot be resolved in the project to the appropriate level of management designated to receive and act on noncompliance issues.4. Analyze noncompliance issues to see if there are quality trends that can be identified and addressed.5. Ensure that relevant stakeholders are aware of results of evaluations and quality trends in a timely manner.6. Periodically review open noncompliance issues and trends with the manager designated to receive and act on noncompliance issues.7. Track noncompliance issues to resolution.

Appraisal Considerations - Noncompliance issues are often resolved within the project, and do not require escalation. Assessment of the escalation path may be assessed by inspection of applicable process descriptions and interview responses- Look for communication of noncompliance issues to those responsible for development, deployment, or management of applicable work products or processes- Look for recording and timely closure of noncompliance issues- Be cautious of too many waivers being issued to resolve noncompliance.

Example Work Products1. Evaluation logs2. Quality assurance reports3. Status reports of corrective actions4. Reports of quality trends

Subpractices1. Record process and product quality assurance activities in sufficient detail so that status and results are known.2. Revise the status and history of quality assurance activities as necessary.

Appraisal Considerations- Look for recording of PPQA activities in sufficient detail such that status and results are known

ElaborationThis policy establishes organizational expectations for objectively evaluating whether processes and associated work products adhere to the applicable process descriptions, standards, and procedures; and ensuring that noncompliance is addressed.This policy also establishes organizational expectations for process and product quality assurance being in place for all projects. Process and product quality assurance must possess sufficient independence from project management to provide objectivity in identifying and reporting noncompliance issues.

Appraisal Considerations- Policies should demonstrate management commitment and establish expectations for the processes to be performed, e.g., “this is the way we do business here”. Other terms besides “policy” may be used in the organizational context to capture this.- Policies need not be specified separately for each PA (1-to-1); a single policy can cover multiple PAs.- Policies are typically high-level. The structure of established policies should fit the organization, not necessarily the CMMI model; i.e., not all PAs or SPs need to be explicitly mentioned, this might be implicitly required by invoking applicable processes and procedures. However, the linkage between PAs, policies, and processes should be discernable to ensure coverage.- Policies should be visible to those in the organization that are affected (e.g., intranet web access). However, recognize that the day-to-day work of engineers does not typically deal with the policies; moreso the processes that comply with the policies.- Policies could exist at multiple levels within the organization (e.g. corporate, division, department, etc.)- A documented and approved waiver to the policy does not count against the satisfaction of this GP.- “This policy establishes organizational expectations for objectively evaluating whether processes and associated work products adhere to the applicable process descriptions, standards, and procedures, and ensuring that noncompliance is addressed.”- “This policy also establishes organizational expectations for process and product quality assurance being in place for all projects. Process and product quality assurance must possess sufficient independence from project management to provide objectivity in identifying and reporting noncompliance issues.”

ElaborationThis plan for performing the process and product quality assurance process can be included in (or referenced by) the project plan, which is described in the Project Planning process area.

Appraisal Considerations- “The purpose of this generic practice is to determine what is needed to perform the process and achieve the established objectives, to prepare a plan for performing the process, to prepare a process description, and to get agreement on the plan from relevant stakeholders.”- See GP 2.2 description in front matter for more details on what is expected and typical plan contents; e.g., process description; standards; requirements; objectives; dependencies; resources; responsibilities; training,; work products to be placed under configuration management; measurements; stakeholder involvement; monitoring; objective evaluation; management review.- “Establishing a plan includes documenting the plan and providing a process description. Maintaining the plan includes changing it as necessary, in response to either corrective actions or to changes in requirements and objectives for the process.” It is permissible for the plan not to have changed if none of these conditions have occurred.- The plan for performing the process “may be a standalone document, embedded in a more comprehensive document, or distributed across multiple documents.” It may be part of the project plan established in the Project Planning PA.- GP2.2 establishes the plans for performing the process, which are implemented in GP2.3 through GP2.10 in accordance with the plan.- " This plan for performing the process and product quality assurance process may be included in (or referenced by) the project plan, which is described in the Project Planning process area."

Appraisal Considerations- Ensure the resources necessary to perform the process as defined by the plan are available when they are needed.- “Resources include adequate funding, appropriate physical facilities, skilled people, and appropriate tools.”- “The interpretation of the term ‘adequate’ depends on many factors and may change over time.” Adequacy is subjective, and most likely determined through affirmations of sufficiency from those performing the work. Listen also for cases where the process failed due to insufficient resources. This may indicate weaknesses in the plan or in the implementation.- Care should be taken in relying on affirmations of "inadequate" resources. A performer often wishes they had more time, money, or tools, but still has "adequate" resources to accomplish their planned tasks.- Separate budgets are not needed for each PA; they may be distributed over several PAs. A key consideration is whether the manager of that process has sufficient visibility to recognize the need for more resources.

.ElaborationTo guard against subjectivity or bias, ensure that those people assigned responsibility and authority for process and product quality assurance can perform their evaluations with sufficient independence and objectivity.

Subpractices1. Assign overall responsibility and authority for performing the process.2. Assign responsibility and authority for performing the specific tasks of the process.3. Confirm that the people assigned to the responsibilities and authorities understand and accept them

Appraisal Considerations- “…ensure that there is accountability throughout the life of the process for performing the process and achieving the specified results. The people assigned must have the appropriate authority to perform the assigned responsibilities.”- Responsibility assignments may be to individuals or groups, and may vary across the life of the process.- Ensure that the people assigned are available to do the work.- Assignments may be defined in various ways; e.g., work authorizations, job descriptions, project plans.- Many PAs will have the various goals/practices assigned to different people; make sure the entire PA has been assigned- These activities may be distributed across different groups within the organization (e.g. one group responsible for process quality and another group responsible for product quality.- “Objective” does not necessarily mean independent.- A separate quality assurance group is not necessarily required.- The assigned individuals or groups responsible for the PPQA function may vary for different processes, and assignments may change across the project life cycle.

Appraisal Considerations- The training provided may be formal (e.g., classroom, CBT) or informal (e.g., structured mentoring), and may vary according to assigned role (e.g. detailed training for those performing the work, orientation overview provided to those who interact or support those performing the work).- Consider other methods besides formal classroom training that might be used (e.g., CBT, mentoring, videotapes). The method should ensure that skills and knowledge are impacted.- Recognize that training need not be provided on a PA basis; a single training course could cover multiple processes.- An approved waiver, stating that an individual possesses the skills and knowledge imparted in the course, is equivalent to having received training.- It is impractical that 100% of the performers of a process are trained at any point in time, due to new hires, transfers, promotions, etc. Judgment is called for in determining whether an excessive number of people are untrained.- See GP elaborations for examples of training topics that might be included for each PA. These elaborations are quoted from the model. - “Examples of training topics include the following: • Application domain • Customer relations • Process descriptions, standards, procedures, and methods for the project • Quality assurance objectives, process descriptions, standards, procedures, methods, and tools”

Appraisal Considerations- This GP is enabled by the CM PA; refer to that PA for additional information on configuration management practices. - Ensure the work products are controlled and revised in accordance with the documented plans for the PA being examined.- Consider the key phrases here: (1) “designated” work products; (2) “appropriate levels” of configuration management. In other words, the formality may vary according to the work product (e.g., version control vs. configuration management) – see GP2.6 description in the front matter for further description.- In examining the work products identified for each PA below, “different versions” are recognizable by version labels, distribution dates, change histories, etc.- “Different levels of configuration management are appropriate for different work products and for different points in time.” It is up to the project or organization to define what level of CM they have determined is adequate for each work product.- “Examples of work products placed under CM include the following: • Noncompliance reports • Evaluation logs and reports”

Subpractices1. Identify stakeholders relevant to this process and their appropriate involvement.2. Share these identifications with project planners or other planners as appropriate.3. Involve relevant stakeholders as planned.

Appraisal Considerations- See GP2.7 description in front matter for typical activities for stakeholder involvement (e.g., planning, decisions, communications, coordination, assessments, requirements definitions, resolution of problems/issues.)- “A “stakeholder” is a group or individual that is affected by or in some way accountable for the outcome of an undertaking. Stakeholders may include project members, suppliers, customers, end users, and others.”- “The term “relevant stakeholder” is used to designate a stakeholder that is identified for involvement in specified activities and is included in an appropriate plan. (See the Plan Stakeholder involvement specific practice in the Project Planning process area and the Identify and Involve Relevant Stakeholders generic practice.)”- The set of relevant stakeholders for each PA may vary across the life cycle or as the organization increases its process capability/maturity. - The identification and involvement of relevant stakeholders may vary according to project characteristics and attributes (e.g., size, complexity, duration).- In some PAs, candidate stakeholders are listed in the GP elaboration and can be used for reference as appropriate.- Include expected relevant stakeholders in the population of FAR group members and ask questions regarding their involvement in project activities.- “Examples of activities for stakeholder involvement include the following: • Establishing criteria for the objective evaluations of processes and work products • Evaluating processes and work products • Resolving noncompliance issues • Tracking noncompliance issues to closure”

Subpractices1. Evaluate actual progress and performance against the plan for performing the process.2. Review accomplishments and results of the process against the plan for performing the process.3. Review activities, status, and results of the process with the immediate level of management responsible for the process and identify issues.4. Identify and evaluate the effects of significant deviations from the plan for performing the process.5. Identify problems in the plan for performing the process and in the execution of the process.6. Take corrective action when requirements and objectives are not being satisfied, when issues are identified, or when progress differs significantly from the plan for performing the process.7. Track corrective action to closure.

Appraisal Considerations- "The purpose of this practice is to perform the direct day-to-day monitoring and controlling of the process. Appropriate visibility into the process is maintained so that appropriate corrective action can be taken when necessary."- “Reviews can be both periodic and event-driven.”- This GP monitors and controls the plan for the process as specified in GP2.2.- See GP description for typical corrective actions. Ensure that corrective actions have been tracked to closure.- Refer to the PMC PA for additional information on project monitoring and control.- Refer to the MA PA for additional information about measurement.- Examples of measures used in monitoring and controlling include the following: • Variance of objective process evaluations planned and performed • Variance of objective product evaluations planned and performed

Appraisal Considerations- "The purpose of this practice is to provide credible assurance that the process is implemented as planned and adheres to its process description, standards, and procedures.” This includes adherence of both the process and the products. It covers organizational policies, customer requirements, and project procedures and standards, if they exist.- Projects may elect not to use additional procedures or standards beyond the organizational policies.- Objectivity is necessary, but independence is not necessarily required. Objective reviews “can be done by independent groups, or by project members themselves.” - “People not directly responsible for managing or performing the activities of the process typically evaluate adherence. In many cases, adherence is evaluated by people within the organization, but external to the process or project, or by people external to the organization. As a result, credible assurance of adherence can be provided even during times when the process is under stress (e.g., when the effort is behind schedule or over budget).”- Refer to PPQA PA for more information about the SG/SPs needed to objectively evaluate adherence.- Note this is the auditing of QA activities, which is typically done by an independent expert, either from inside or outside the project.- Examples of activities reviewed include the following: • Objectively evaluating processes and work products • Tracking and communicating noncompliance issues- Examples of work products reviewed include the following: • Noncompliance reports • Evaluation logs and reports

Appraisal Considerations- "The purpose of this practice is to provide higher-level management with the appropriate visibility into the process."- The purpose of the review is not to duplicate GP 2.8 Monitor and Control, but to focus on whether the process, as implemented, is satisfying organizational goals (e.g., employee morale, customer satisfaction).- “These reviews are expected to be both periodic and event-driven.” The periodicity of the reviews can be defined by the organization, but should be frequent enough to address organizational issues. Typical event-driven reviews would occur at the completion of a major phase of the life cycle.- Reviews do not have to be face-to-face (e.g., submission and review of a status report), but they must show evidence of manager review of pertinent information

Subpractices1. Select from the organization’s set of standard processes those processes that cover the process area and best meet the needs of the project or organizational function.2. Establish the defined process by tailoring the selected processes according to the organization’s tailoring guidelines.3. Ensure that the organization’s process objectives are appropriately addressed in the defined process.4. Document the defined process and the records of the tailoring.5. Revise the description of the defined process as necessary.

Appraisal Considerations- “The purpose of this generic practice is to establish and maintain a description of the process that is tailored from the organization’s set of standard processes to address the needs of a specific instantiation.”- See model for detailed description of a defined process.- “A defined process is a managed process that is tailored from the organization's set of standard processes according to the organization’s tailoring guidelines, and contributes work products, measures, and other process-improvement information to the organizational process assets.”- Process descriptions may exist only at the organizational (not project) level. Projects may also have processes that are not standardized at the organizational level.- See OPD for further guidance on the practices used to establish the standard process- See IPM SP1.1 on how to establish and maintain the project’s defined process- A family of process descriptions may exist for use in different situations.- Separate process description need not exist for every PA; process descriptions may cover multiple PAs or part of a PA. - "Establish and maintain" implies usage, so it is expected that the defined processes are used by the projects or organization, tailored as appropriate, and revised as necessary.

Subpractices1. Store process and product measures in the organization’s measurement repository.

Appraisal Considerations- “The purpose of this generic practice is to collect information and artifacts derived from planning and performing the process. This generic practice is performed so that the

PARA TENER EN CUENTA EN LA IMPLANTACION

AD AI

Direct Artifact Example - Audit reports- Noncompliance reports

Indirect Artifact Example - Corrective actions- Quality assurance plan, identifying the processes subject to evaluation, and procedures for performing evaluations- Applicable process descriptions, standards, and procedures- Action items for noncompliance issues, tracked to closure- Criteria and checklists used for work product evaluations (e.g. what, when, how, who)- Schedule for performing process evaluations (planned, actual) at selected milestones throughout the product development life cycle- Org chart or description identifying responsibility, objectivity, and reporting chain of the QA function- Quality assurance records, reports, or database- Records of reviews or events indicating QA involvement (e.g. attendance lists, signature)

Direct Artifact Example - Audit reports- Noncompliance reports

Indirect Artifact Example - Corrective actions- Quality assurance plan, identifying the work products and services subject to evaluation, and procedures for performing evaluations- Action items for noncompliance issues, tracked to closure- Criteria and checklists used for work product evaluations (e.g. what, when, how, who); may include sampling criteria- Schedule for performing work product evaluations (planned, actual) at selected milestones throughout the product development life cycle- Org chart or description identifying responsibility, objectivity, and reporting chain of the QA function- Quality assurance records, reports, or database- Records of reviews or events indicating QA involvement (e.g. attendance lists, signature)

Direct Artifact Example - Corrective action reports- Audit reports

Indirect Artifact Example - Quality trends- Action items for noncompliance issues, tracked to closure- Revised work products, standards and procedures, or waivers issued to resolve noncompliance issues- Reports or briefings communicating noncompliance issues to relevant stakeholders- Evidence of reviews held periodically to receive and act upon noncompliance issues- Quality metrics and trend analyses- Tracking system or database for noncompliance issues.

Direct Artifact Example- Audit logs- Quality assurance reports]- Records of quality assurance activities

Indirect Artifact Example- Status of corrective actions- Quality trends- Noncompliance actions, reports, logs, or database- Completed evaluation checklists- Schedule for performing process and product evaluations (planned, actual)- Records of reviews or events indicating QA involvement (e.g. attendance lists, signature)- Metrics or analyses used for quality assurance of processes and work products.

Direct Artifact Example- Organizational policy- Version, date, or revision history indicating maintenance of the policies over time.

Indirect Artifact Example- Repository of policies (e.g., intranet web access) making them visible and accessible to the organization- Mapping of policies to CMMI process areas- Organizational process architecture, e.g., linkage of policies, processes, procedures- Signature of policies by authorized senior manager- Audit results for implementation of the policies.

Direct Artifact Example- Documented plan for performing the process.- Revisions to the plan, as necessary.- See Project Planning PA- Quality assurance plan

Indirect Artifact Example- Documented requirements and objectives for the process (e.g., quality, cost, schedule).- Documented process descriptions, including standards and procedures; this may be included as part of the plan or by reference.- Schedules and resources (funding, people, tools) established for performing the process.- Measures tracking and controlling progress of the plan.- Evidence of review and agreement to the plan by relevant stakeholders (e.g., signature, approval, meeting minutes).

Direct Artifact Example- Documented process descriptions and plans (strategic or tactical) for performing the process, which include a characterization of resources needed. (Reference GP2.2)- Evidence that adequate resources (funding, facilities, skilled people, tools, etc.) are actually provided as planned.

Indirect Artifact Example- Staffing profiles and labor reports showing effort spent on performing the process.- Documented skill prerequisites for filling process roles and responsibilities, and evidence that assigned staff meet these criteria.- Development environment and facilities (hardware, software, licenses, tools, labs, test equipment, etc.).- Cost performance measures showing provision of funding in accordance with the plan.- Analyses, reports, or metrics tracking availability of resources vs. plan.- [Tools: evaluation tools; noncompliance tracking tool]

Direct Artifact Example- Documentation assigning responsibility for process activities, work products, or services; e.g., job descriptions, or plans for performing the process (see GP2.2).- Task descriptions and activities for defined roles.

Indirect Artifact Example- Acceptance of responsibility by those assigned; this might be documented in many ways (e.g., signature, commitment, agreement, appearance on an org chart, web page contacts, etc.)- Assignment is often in the project plan or quality assurance plan.

Direct Artifact Example- Training courses, materials, and methods.- Training records (e.g., attendance, course descriptions, evaluation forms).

Indirect Artifact Example- Qualifications and criteria defined for process tasks and assignments.- Training waiver criteria and approvals.- Skills matrix or database.- Training plans, and delivery of training according to the plan.- Training effectiveness data (e.g., surveys, exams, feedback forms).

(Note: Use the indirect artifacts column for any alternative training mechanisms or artifacts that might commonly be found for that PA.)

Direct Artifact Example- List of work products identified for configuration management and the level of configuration management for each work product is identified- Work products that are under configuration management (e.g., work products having version identifiers, change histories)- Change control documentation (e.g., change requests, problem reports, status reports indicating disposition)- Baselines and a description of their contents.

Indirect Artifact Example- Configuration management life cycle for identified work products, i.e., the point at which products are placed under various levels of control, change control authority, etc.- Configuration management processes, populated repository, and tools.- CCB meeting minutes- Written status of work products (e.g., in-work, in review, accepted for baseline, etc.)

Direct Artifact Example- Documentation showing identification of relevant stakeholders (stakeholder list, involvement matrix, memoranda, plans, distribution lists, Conops, etc.)- Plans that identify relevant stakeholders and how they are involved.- Evidence that stakeholders are involved as planned.

Indirect Artifact Example- Mechanisms and documentation of relevant stakeholder involvement (e-mail, memoranda, meeting minutes, signature approval, charters, distribution lists, attendance lists, reviews, surveys, reports, web pages, etc.)- The plan for stakeholder involvement, as specified in the Project Planning PA. This may be part of the project plan.

Direct Artifact Example- Measures of actual performance against plan (e.g., process, work products, and services).- Progress tracking reports, e.g. status reports, financials, graphs, analyses.- Evidence of reviews of activities, status, and results of the process held with immediate level of management responsible for the process and identification of issues; (e.g. briefings, reports, presentations, milestones).- Issues and corrective actions for deviations from plan (e.g., action items, variance reports, change requests).

Indirect Artifact Example- Revisions and change history to plans and commitments (e.g., replanned schedule, costs, resources).- Staffing ratio of PPQA function vs. project headcount.- Actions item status from process and product evaluations

Direct Artifact Example- Records of evaluations or audits being performed as planned (e.g., reports, completed checklists).- Noncompliance issues resulting from objective evaluation of adherence to processes, objectives, and standards.

Indirect Artifact Example- Identification of processes, work products, and services to be objectively evaluated.- Criteria against which processes and work products are evaluated.- Assignment of responsibility for performing objective evaluations (see GP2.4).- Revised plans, work products, or standards reflecting corrective action resulting from objective evaluations.

Direct Artifact Example- Materials and results from reviews (e.g. status reports and briefings) held with higher-level management, on both a periodic and event-driven basis.

Indirect Artifact Example- Action items and corrective action resulting from management reviews.- Metrics and analyses summarizing project status.- Schedule for reviews held with higher-level management.

Direct Artifact Example- Defined process description (purpose, inputs, entry criteria, activities, roles, measures, verification steps, outputs, exit criteria) tailored from the organization’s set of standard processes.- Change records for the defined process descriptions.

Indirect Artifact Example- Records of how the organizational standard process was tailored for a particular project or process application- Artifacts showing that the defined process, as tailored, is followed - Identification of the baseline of standard process used.

Direct Artifact Example- Collected work products (e.g., documentation) for inclusion in the organizational library of process-related assets.

Indirect Artifact Example- Changes resulting from incorporation of improvement information