Give a general presentation of CMMI for Services and examples of implementation in areas beyond the typical IT services.

1. Abstract
IT project manager with extensive experience
in the Banking and Finance, in recent years
Over the last three years, there are more than
has worked as Senior Consultant in the areas
300 formal appraisals using CMMI for
of quality processes for Information
Services as model reference. Over 70% of the
Technology and Services industry, having a
appraised organizations belong to sectors that
pp
g
g
wide experience in training consulting and
training,
are not directly related to Information
evaluation for improvement projects in Spain,
Technology.
Portugal and Latin America.
I have had the opportunity to evaluate
He has worked as Senior Consultant in
businesses and services related to fund
European Software Institute (ESI-Tecnalia)
management, marketing campaigns, and
and Process Quality Engineering (ProQua),
billing services. The objective of this
and SEPG Leader of Systems Division of the
presentation is to show the generic aspects of
Banco de Credito del Peru (BCP) having
CMMI for Services and give some examples
achieved maturity level 3 of CMMI model
model.
of implementation in areas beyond the typical
IT services.
He has participating in Software Engineering
Process Group Latin America Conferences
Biography
(SEPG LA) as program committee member
Master in Business Administration (MBA) by and speaker. He is also a member of the
ESADE Business School (Barcelona, Spain) training staff in the PUCP and he has
extensive training experience at universities
and Systems Engineer by Pontificia
and institutions.
Universidad Catolica del Peru (PUCP).
Certified SCAMPI Lead Appraiser for CMMI
for Development (DEV), Acquisitions (ACQ) &
Services (SVC) by CMMI Institute. Managing
Director in PIA Consultores since 2013.
1

2. Why do we need effective management of
services?
“Throughout the latter half of the twentieth
century, the service sector has been both the
largest and the fastest growing component of
g
g
g
p
the U.S. economy. Fifty years ago, the service
sector accounted for about sixty percent of
U.S. output and employment. Today, the
service sector‘s share of the U.S. economy
has risen to roughly 80 percent.” - The Role of
This increase is due, in part, because today
the products have a higher service component
than in previous decades. For example, large
infrastructure vendors such as IBM, HP and
Cisco, offer services that go beyond the sale
of a particular product
product.
Services in the Modern U.S. Economy, Office
of Service Industries, January 1999
“Services constitute the engine of economic
growth of the EU, since they account for 70%
of GDP and employment in most Member
States.” - Access to European Union: law,
economics, policies., Nicholas Moussis, 19th
updated edition, 2011
“According to one study of DoD contracts,
“services” constituted more than one-third of
purchases in 1984, but 56% by 2003.” Outsourcing the Pentagon: Who benefits from
the Politics and Economics of National
Security?, Larry Makinson, September 2004
2

3. Why do we need effective management of
services?
Based on “The Cost of Poor Customer
Service: The Economic Impact of the
Customer Experience and Engagement in 16
p
g g
Key Economies” - Genesys
Telecommunications Laboratories, Inc,
November 2009:
causes of poor service are:
• Being trapped in automated self-service
• Being forced to wait too long for service
• Repeating themselves
p
g
• Representatives that lack the skills to
answer their inquiry
Nearly 8,800 consumers were surveyed, with
• The associated cost with the poor customer
a minimum sampling of 500 per country:
service in 16 major world economies
Australia, Brazil, Canada, China, Czech
amounted to US$ 338.5 billions (= € 250
Republic, France, Germany, India, Italy,
thousand million).
Mexico, Netherlands, New Zealand, Poland,
• “In virtually every country customers ended Russia U K U S
In
country,
Russia, U.K., U.S.
at least one relationship per year due to
poor service.”
• “Across all countries surveyed, about 7 in
10 consumers have ended a relationship.”
• “Nearly two-thirds of consumers who have
ended relationships turn to a competitor,
with the remainder lost or abandoned
completely as consumers decide not to
purchase from anyone.”
Consumers feel the most significant root
3

4. Why do we need effective management of
services?
• IF causes of poor service delivery are
corrected THEN customer satisfaction are
increased.
the service rather than reacting to incidents
or questions of clients.
• Personalization: deliver different services to
satisfy personal qualities or characteristics.
These factors can be met if the service
• IF customer satisfaction are increase THEN management is improved so that can be
provided effectively and efficiently.
customers become loyal and repeat their
purchases.
There are many models and standards that
• IF customers repeat purchases THEN they are used as a basis to improve services
management. Many of them are designed for
become communicators of good
specific industries and services. Some others
experiences to potential clients.
do not offer a clear path for continuous
• Repeated purchases PLUS new customers
service improvement Services providers are
improvement.
EQUAL more turnover & increased
confused about which could be more
economics benefits
beneficial and appropriate for their business.
According to the Genesys Labs' study,
customer satisfaction would increase when
four key needs are met:
• Competency: staff with needed abilities and
skills to provide the service
• Convenience: usefulness and suitability of
the delivered services.
• Proactivity: initiative of providers to improve
4

5. IT Services
IT Service (ITILv3): “A service provided to one
or more customers, by an IT Service Provider.
An IT service is based on the use
of Information Technology and supports
gy
pp
the customer's business process. An IT
service is made up from a combination of
people, processes and technology and should
be defined in a Service Level Agreement.”
Gartner’s Definition:
• IT services refers to the application of
referred to as business process outsourcing
(BPO), applications outsourcing (AO) and
infrastructure outsourcing.
"CEOs don’t buy software anymore… they buy
service level agreements” – George Fischer,
g
g
Global Technology & Software Executive, CA
Technologies, SEPG Asia Pacific 2010
Examples:
• Software and application development
• Web development & hosting
business and technical expertise to enable • Management and support of applications
organizations in the creation, management
creation
• Technical support and help desk
and optimization of or access to information
and business processes.
• Development and management of
• The IT services market can be segmented
by the type of skills that are employed to
deliver the service (design, build, run).
There are also different categories of
service: business process services,
application services and infrastructure
services.
databases
• Telecommunications
• Infrastructure
• If these services are outsourced, they are
5

6. Service industries (grouped into
sectors)
stock brokerages, tax preparation
business functions (that apply to all
organizations in general): consulting,
customer service human resources
service,
personal grooming: hairdressing,
manicurist/pedicurist, body hair removal,
dental hygienist
childcare
health care
cleaning, repair and maintenance services:
janitors, gardeners, mechanics
hospitality industry
death care: coroners, funeral homes
risk management: insurance, security
dispute resolution and prevention services:
arbitration, courts of law, diplomacy,
incarceration, law enforcement, lawyers,
mediation, military, negotiation
social services
foodservice industry
information services: data processing,
construction: carpentry, electricians, plumbing database services, interpreting, translation
education: library, museum, school
entertainment: gambling, movie theatres,
performing arts productions, sexual services,
sport, television
transport
public utility: electric power, natural gas,
telecommunications, waste management,
water industry
fabric care: dry cleaning, self-service laundry
financial services: accountancy,
banks and building societies, real estate,
6

7. CMMI for Services (CMMI-SVC)
CMMI-SVC guides all types of service
providers to establish, manage, and improve
services to meet business goals.
• Information Technology Services Capability
Maturity Model (ITSCMM)
Like every CMMI model, CMMI-SVC:
• helps to set process improvement goals and
The Software Engineering Institute (SEI)
priorities, provide guidance for quality
published in 2009 the first version of CMMI for
processes, and provide a point of reference
Services based on the success of CMMI
for appraising current processes
model. The current version 1.3 was published
• can be applied internally or externally
in November 2010. At the beginning of 2013,
• works well with other frameworks
the SEI has transferred CMMI-related
products and activities to the CMMI Institute. • represents the consensus of thousands of
practitioners about the essential elements of
CMMI-SVC
CMMI SVC draws on concepts and practices
service delivery
from CMMI and other service focused
standards and models, including the following: • can be used in whole or in part
• Information Technology Infrastructure
Library (ITIL)
• ISO/IEC 20000: Information Technology—
Service Management
• Control Objectives for Information and
related Technology (CobiT)
CMMI-SVC addresses the needs of a wide
range of service types by focusing on
common processes.
• many existing models are designed for
specific services or industries.
• other existing models do not provide a clear
improvement path.
7

8. Example Use Cases & Fertilizer
Scenarios by Industry manufacturer
Accounting services
Fitness club
Aircraft maintenance
Fitness equipment
maintenance
Aluminum packaging
manufacturer
Food services
Loan broker
Securities investment
Logistics
Software
benchmarking service
Maintenance
Management
consulting
Software development
Software testing
Gardening and lawn
care
Military
communications
support
Sports officiating
Genealogy
Nuclear power
Stock trading
Gutter maintenance
Oilfield services
Textiles
Healthcare
Thermal diagnostics
Home h l h care
H
health
Organizational
performance
improvement
Home inspection
Pharmaceutical
Client staffing
Infrastructure
management
Process consulting
Database
management
Internal process group
Defense contractor
Public health
Internet cable provider information
p
ISO audits
Publishing
Ambulatory
Auto service
Auto insurance
Banking
Billing
Call center
Church administration
Education
Eldercare
Electric generation
and supply
Employment
Internet retail
Project management
Providing PCs
IT services
Quality assurance
Letting a holiday
home
Recommending
technology
Staff augmentation
Training
Training and other
aviation services
Training and
technology
deployment for COTS
software
Translation services
Travel agency
Travel services
University
Voice and data
services
8

9. My own experience
• Three SCAMPI Class A for CMMI-SVC
Maturity Level 2.
• SME organizations with less than 25
employees within the organizational unit
unit.
• Two service types for each company, not
necessarily IT Services.
Examples:
• Mobile Campaign: is a campaign,
usually marketing, advertising, or public
relations-related, through which
organizations contact their audience
through SMS (text messaging). This form of
campaigning allows organizations to reach
out and establish relationships with an
audience in a more individualized, intimate
way. A campaign’s goal can have varied
consumer consumption objectives including
flashing (showing an image), informing
(informational text / product info) or
engaging (response or click required).
methods are used by trading partners, such
as customers and their suppliers, to present
and monitor transactional documents
between one another and ensure the terms
of their trading agreement are being met.
These documents include invoices
invoices,
purchase orders, debit notes, credit notes,
payment terms and instructions and
remittance advices.
• Fund management: Financial management
of funds of national and international
organizations including obtaining donor
funds, the investment of the assets received
and their disbursed
disbursed.
• Electronic invoicing: Electronic invoicing is a
form of electronic billing. E-invoicing
9

10. Service establishment
1. Service provider has an business idea for
a new (or improved) service.
2. Service provider reviews available
customer and end user needs and data
end-user
data.
3. Service provider identifies the service
delivery approach (service strategy) to
achieve the objectives and provide the
capabilities.
4. Service provider develops the work plan to
prepare the service system operations
5.
5 Service provider executes the work plan to
implement the service and request
management system.
6. Service provider ensures that the service
and request management system fulfills
the service requirements.
10

11. Service Delivery
described in the service agreement.
1. Customers provide requirements to
service provider for a new (or renewed)
agreement.
9. Service provider reviews service request
status and resolution, and confirms results
with relevant stakeholders.
2.
2 A new (or renewed) service level
agreement is defined, negotiated and
reviewed by customers and service
provider.
10.Service
10 Service provider collects customer
satisfaction information after services are
delivered or service requests are fulfilled.
11.Service provider maintains the service
system to ensure the continuation of
service delivery based on customer
satisfaction information and maintenance
4. Service provider confirms the readiness of
requests.
the service and request management
system.
3. Service provider prepares the service
system to enable the delivery of services.
5. End users provide service requests for
their processing by service provider.
6. Service provider determines the actions to
be taken to satisfy the service request.
7. Service provider operates the service
system to deliver services in accordance
with agreements.
8. Service provider monitors the status of
service requests until they are fulfilled as
11

12. Service Delivery (SD)
Setting up agreements, taking care of
service requests, and operating the service
system.
The Service Delivery process area f
Th S i D li
focuses
on the following:
• Establishing and maintaining service
agreements
• Preparing and maintaining a service
delivery approach
• Preparing for service delivery
• Delivering services
• Receiving and processing service
requests
• Maintaining service systems
12

13. Requirements Management (REQM)
Keeping clear with your customers and other
stakeholders about the service you provide,
and adjusting when you find inconsistencies
or mismatched expectations.
p
Requirements management processes
manage all requirements received or
generated by the work group, including both
technical and nontechnical requirements as
well as requirements levied on the work by the
organization.
The work group maintains a current and
approved set of requirements over the life of
the project by doing the following:
• Managing all changes to requirements
• Maintaining relationships among
requirements, plans, and work products
• Ensuring alignment among requirements,
plans, and work products
• Taking corrective action
13

14. Work Planning (WP)
Estimating costs, effort, and schedules,
figuring out how you’ll provide the service, and
involving the right people—all while watching
y
your risks and making sure you’ve got the
g
y
g
resources you need.
Planning is one of the keys to effectively
managing work. The Work Planning process
area involves the following activities:
• Developing the work plan
• Interacting with relevant stakeholders
appropriately
• Getting commitment to the plan
• Maintaining the plan
14

15. Work Monitoring and Control (WMC)
Making sure what’s supposed to be
happening in your service work is happening,
and fixing what isn’t going as planned.
A documented work plan is the basis for
monitoring activities, communicating status,
and taking corrective action. Progress or
status is primarily determined by comparing
actual work product and task attributes, effort,
cost, and schedule to the plan at prescribed
intervals, milestones, or control levels in the
schedule or WBS.
Appropriate visibility of progress enables
timely corrective action to be taken when
performance deviates significantly from the
plan. A deviation is significant if, when left
unresolved, it precludes the work activities
from meeting its objectives.
15

16. Configuration Management (CM)
Controlling changes to your crucial work
products. CM involves:
• Identifying the configuration of selected
work products that compose baselines at
given points in time
• Controlling changes to configuration items
• Building or providing specifications to build
work products from the configuration
management system
• Maintaining the integrity of baselines
storage, reporting, and feedback
• Implementing the analysis techniques and
mechanisms for data collection, data
reporting, and feedback
• Providing objective results that can be used
in making informed decisions and taking
appropriate corrective action
Process and Product Quality Assurance
(PPQA)
Checking to see that you are actually doing
things the way you say you will in your
policies, standards, and procedures. PPQA
involves:
• Providing accurate status and current
configuration data to developers, end users,
• Objectively evaluating performed processes
and customers
and work products against applicable
process descriptions, standards, and
Measurement and Analysis (MA)
procedures
Knowing what to count and measure to
• Identifying and documenting noncompliance
manage your service. MA involves:
issues
• Specifying objectives of measurement and
analysis so that they are aligned with
• Providing feedback to work group staff and
identified information needs and work,
managers on the results of quality
organizational, or business objectives
assurance activities
• Specifying measures, analysis techniques,
and mechanisms for data collection, data
• Ensuring that noncompliance issues are
addressed
16

17. Strategic Service Management (STSM)
Deciding what services you should be
providing, making them standard, and letting
people know about them.
Getting new systems in place, changing
existing systems, or retiring obsolete
systems—all while making sure nothing goes
terribly wrong with the service.
Incident Resolution and Prevention (IRP)
Handling what goes wrong—and preventing it
from going wrong if you can.
Capacity and Availability Management (CAM)
Making sure you have enough of the
resources you need to deliver services and
that they are available when needed—at an
appropriate cost
cost.
Service Continuity (SCON)
Being ready to recover from a disaster and
get back to delivering your service.
Service System Development (SSD)
Making sure you have everything you need to
deliver services, including people, processes,
consumables, and equipment.
Service System Transition (SST)
17

18. Coverage of CMMI-SVC on ITIL
the IT Service Provider.
The CMMI-SVC model is based on
international models and standards such as
ITIL and ISO 20000. Therefore, if we perform
a high-level analysis, the process areas of
g
y
p
maturity level 3 cover between 93% and 95%
of organized processes both in the latest
version of ITIL (v3 2011) and ISO 20000
(2011).
These are the Information Management subprocesses and their process objectives:
In the ITIL case, three processes are not
covered at 100%:
Information Security Management (0%)
The major disadvantage of CMMI in
relationship with other models is the lack of a
process area dedicated solely to information
security. Process areas as Configuration
Management or WP and WMC practices
related to Data Management (SP2.3 and
SP1.4 respectively) cover this process only
tangentially but not directly.
ITIL Information Security Management aims
to ensure the confidentiality, integrity and
availability of an organization's information,
data and IT services.
ITIL Security Management usually forms part
of an organizational approach to security
management which has a wider scope than
• Design of Security Controls: To design
appropriate technical and organizational
measures in order to ensure the
confidentiality, integrity, security and
availability of an organization's assets,
information, data and services.
• Security Testing: To make sure that all
security mechanisms are subject to regular
testing.
g
• Management of Security Incidents: To
detect and fight attacks and intrusions, and
to minimize the damage incurred by security
breaches.
• Security Review: To review if security
measures and procedures are still in line
with risk perceptions from the business side,
p
p
,
and to verify if those measures and
procedures are regularly maintained and
tested.
Currently, CMMI Institute published a draft PA
on security management out for use and
comment.
18

19. Coverage of CMMI-SVC on ITIL
Financial Management for IT Services (50%)
CMMI-SVC has some practices related to
financial management:
• WP SP1.5 Estimate effort and cost
• WP SP2.1 Establish the budget and
schedule
levels of control)
• WP SP1.3 Plan data management
(establishing requirements and procedures
to ensure the privacy and security of data)
• WMC SP1.4 Monitor data management
SP1 4
However, aspects such Identity Management
and Management of Rights and Privileges for
groups and individuals are not covered.
• WMC SP1.1 Monitor work planning
parameters (one of these parameters would
be the budget)
However it is clear that this ITIL process is
broader and includes other activities such as
accounting, billing requirements of the service
provider, estimates and forecasts, ...
Access Management (50%)
Although Access Management is closely
related to Information Security Management,
CMMI-SVC has some practices that support
this process:
• CM SP1.2 Establish a configuration
management system (including access and
19

20. Coverage ITIL/ISO20K on CMMI-SVC
In the opposite case, the processes of ITIL
and ISO 20000 can provide a coverage of
75% in the process areas of CMMI-SVC
maturity levels 2 and 3. There are six process
y
p
areas where it should be done an additional
work:
Requirements Management (50%) ML2
Mainly, there is a lack of the practice of
bidirectional traceability of requirements.
Difficulty of implementation: medium.
Work Planning (50%) ML2
Aspects such as estimating and commitment
to the work plan are missing (mainly the
review of plans that affect the work and the
reconciliation between estimates and
available resources). Difficulty of
implementation: medium.
20

21. Coverage ITIL/ISO20K on CMMI-SVC
Risk Management (0%) ML3
This process area is not directly linked to any
ITIL process; but the ITIL model considers
within the definition of each process a section
Practices associated with this process area
for the management of risks. The
g
are not directly linked to any process ISO; but
management of event, incidents and problems
the ISO standard considers both internal and
are closely linked to the implementation of the
external audits to assess the Service
practices of this process area. Difficulty of
Management System. The same mechanism
implementation: low.
could be implemented at a lower level in order
Decision Analysis and Resolution (0%) ML3
to review the adherence to processes in a
continuous way. Difficulty of implementation:
Not considered by ITIL/ISO; the formal
low.
decision-making is usually easy to implement,
Organizational Training (0%) ML3
although its institutionalization can cost some
effort. This is because decisions normally are
Not considered by ITIL/ISO; these practices
taken daily naturally without to follow a formal
usually are already implemented in most
process. Difficulty of implementation:
organizations and managed by Human
low/medium.
Resources department. This process area
In summary, there is a high degree of
organize activities related to organizational
coverage between CMMI-SVC and ITIL/ISO
training in a better way; generally, it is
20000. The missing points can be covered
necessary a few adjustments in the current
methodology for achieving full
with extra effort although not significant
effort,
implementation. Difficulty of implementation: compared to the total effort of the
low.
implementation of each model or standard.
Process and Product Quality Assurance (0%)
ML2
21

22. “Do you prefer your mom or dad?“
Based on “Match point: Who will win the
game, ITIL or CMMI-SVC?”, Anju Saxena &
John Maher, TATA Consultancy Services,
SEPG NA 2011:
• Complementary models provide leverage
• The CMMI suite can be augmented by ITIL
• An ITIL shop can benchmark with CMMI
• Together they offer a balance of
improvement and management focus, detail
and service cycle orientation, and effective
implementation.
implementation
• An organization can begin to move toward
full development / service integration using
CMMI + ITIL to fulfill business goals.
The choice of one model or another should be
aligned with the needs, strategies and business
objectives of the organization.
22

23. • As of January 9, 2013, 301 formal SCAMPIs
were reported in the SCAMPI Appraisal
System (SAS).
• This represents a little more than 3 years of
CMMI-SVC appraisals. For comparison, it
pp
p
took 5 years for the Software CMM to reach
100 appraisals.
• ISO20K  609 in the last three years.
• We have four ML5 appraisals. The first was
also enterprise and multi model.
• We see an increase in CMMI-SVC
appraisals quarter over quarter.
• More than 190 lead appraisers have been
certified.
• More than 280 instructors have been
certified.
• More than 6,500 students have been taught
CMMI-SVC.
CMMI-SVC
23

24. What are early users saying?
Dramatic returns on investment from early
adopters
• 13.5X income with one CMMI-SVC process
area
• 3.5X capacity to deliver service with one
CMMI-SVC practice
Conversion from internal cost center to profit
center
• Cost Center: is a division within
a business which is financed from the profit
margin adding to the cost of
the organization, but contributing to
its profit indirectly. Typical examples
include research and
development, marketing and customer
service.
measured.
Combined use of CMMI-SVC and CMMI-DEV
• people using CMMI-SVC as their
foundation, but adding the engineering PAs
for large complex service systems
large,
• high maturity users of CMMI-DEV begin
with ML3 of CMMI-SVC when they
transition
CMMI-SVC in use for development more than
expected
• For example, companies that offer Software
as a service (SaaS) SaaS is
(SaaS).
a software delivery model in which software
and associated data are centrally hosted on
the cloud. SaaS is typically accessed
by users using a thin client via a web
browser.
• Profit Center: is a section of a company
• Saas is supplied by Application Service
Providers (ASPs) and also it is referred as
treated as a separate business. Thus profits
"on-demand software“.
or losses for a profit center are calculated
on-demand software
separately. Typical examples are a store, a
sales organization and a consulting
organization whose profitability can be
24

25. What does the CMMI-SVC deliver?
The CMMI-SVC offers a proven approach to
• maintaining competitiveness
• increasing revenue
g
• improving efficiency
by strengthening service delivery and service
management.
service performance and quality
• Fosters stronger employee motivation and
better retention, as they participate in
making service coordination and delivery
better
• Can be the basis for regional and global
strategies, as all work becomes service
• Promotes assured, consistently high-quality
service delivery that cements, retains, and
increases customer loyalty
• Provides a roadmap for continuous service
improvement: benchmark, set goals,
prioritize activities, take action, measure
progress
• Supports efficiency and reduces complexity
through an enterprise-wide common service
improvement vocabulary that is critical for
multi model use and outsourcing
• Reduces time-to-market (or field) delivery of
new services to customers
• Enables the rapid fine-tuning of existing
25

26. PIA Consultores
Who we are?
Professionals with more than 20 years of
experience and recognized prestige in the
sector.
sector
What we do?
We help to optimize the processes of
production of our clients
Where we are?
• Consulting and implementation of
improvement projects based on
international reference models: CMMI,
PMBOK, ITIL, ISO20000
• Applying agile methods, Kanban and Lean
pp y g g
Sig Sixma for project management and high
maturity companies.
• Implementation of project management
offices, tools and methodology for
management support.
Basque Country, Spain
What are our services?
• Official training and evaluation of CMMI
models (Development, Services and
Acquisitions)
omore than 800 people trained in 60 official
CMMI courses
o73 organizations formally appraised based
on CMM/CMMI model since 2001
operforming services in 23 countries on 4
continents
26

27. 27