FRancisco Pino

Information Technologies (IT) play a crucial role in the development of activities concerning banking organizations. To achieve IT Governance, while at the same time giving special consideration to the attainment of business objectives, is of essential interest to any banking organization. This article presents a model for IT Governance which is applicable to the banking sector, which begins with the identification of COBIT processes that support the fulfilment of the principles of operative risk defined by BASEL II. It also integrates best practices oriented to risk and investment management for IT, information security and service lifecycle administration, described in models like: RISK IT, VAL IT, ISO 27002 and ITIL respectively. This model allows a banking organization to govern, evaluate and monitor its IT, thus fitting it to its strategic objectives. It also permits it to manage the operative risk from the perspective of normative fulfilment in banking.

ISO has recently published Part 7 of the ISO/IEC 15504 standard, with the aim of determining the extent to which an organization consistently implements processes that contribute to achievement of its business goals. This new Part 7 of ISO/IEC 15504 has addressed issues related to the assessment of organizational maturity, as the CMMI-DEV model also does. Recently, growing interest has been shown towards the need to harmonize different improvement models or standards, thereby presenting an integrated vision about them. All this being so and in an effort to offer information on how the maturity levels described in these two models are related, we have carried out the harmonization of these two models. It is based, firstly, on a mapping between processes of ISO 12207:08 and process areas of CMMI-DEV, and in second place, on a matching between processes of ISO 12207:08 and ISO 15504-5. For this work, we have taken into account the latest versions of the models, and defined a suitable process to carry out the mapping in a systematic way. We established differences and similarities between the maturity levels (and their processes) described in these models, our goal being to support organizations which are interested in tackling organizational maturity. Copyright © 2009 John Wiley & Sons, Ltd.

The CMMI-ACQ and the ISO/IEC 12207:2008 are process reference models that address issues related to the best practices for software product acquisition. With the aim of offering information on how the practices described in these two models are related, and considering that the mapping is one specific strategy for the harmonization of models, we have carried out a mapping of these two reference models for acquisition. We have taken into account the latest versions of the models. Furthermore, to carry out this mapping in a systematic way, we defined a process for this purpose. We consider that the mapping presented in this paper supports the understanding and leveraging of the properties of these reference models, which is the first step towards harmonization of improvement technologies. Furthermore, since a great number of organizations are currently acquiring products and services from suppliers and developing fewer and fewer of these products in-house, this work intends to support organizations which are interested in introducing or improving their practices for acquisition of products and services using these models.

A process assessment method provides elements in order to produce information which gives an overall view of the process capability. This information helps to determine the current state of software processes, their strengths and weaknesses. Owing to the fact that the assessment can be performed according to a given assessment process or any other and the processes of the organization can also use one particular process model or any other, we have developed an environment composed of two components; one of these generates the database schema for storing the process reference model and assessment information and the other one assesses the process with reference to this information, generating results in several formats, to make it possible to interpret data. The goal of this work is to show an environment that allows us to carry out assessments that are in accord with various different process assessment models, on several process reference models. This assessment environment has been developed and used in the context of the COMPETISOFT project in order to support its process assessment activities.

Small and medium enterprises are a very important cog in the gears of the world economy. The software industry in most countries is composed of an industrial scheme that is made up mainly of small and medium software enterprises—SMEs. To strengthen these types of organizations, efficient Software Engineering practices are needed—practices which have been adapted to their size and type of business. Over the last two decades, the Software Engineering community has expressed special interest in software process improvement (SPI) in an effort to increase software product quality, as well as the productivity of software development. However, there is a widespread tendency to make a point of stressing that the success of SPI is only possible for large companies. In this article, a systematic review of published case studies on the SPI efforts carried out in SMEs is presented. Its objective is to analyse the existing approaches towards SPI which focus on SMEs and which report a case study carried out in industry. A further objective is that of discussing the significant issues related to this area of knowledge, and to provide an up-to-date state of the art, from which innovative research activities can be thought of and planned.

Globalization, is pushing companies towards continuous improvement. Quality frameworks addressing SPI practices are classifiable in ones describing: “what” should be done (ISO9001,CMMI); “how” it should be done (Six Sigma, GQM). When organizations adopt improvement initiatives, many models may be implied, each leveraging best practices for addressing improvement challenges. This may generate confusion, extra effort and cost, as well as increase the risk of inefficiencies and redundancies. So, it is important to harmonize quality frameworks, i.e. identify intersections and overlapping parts and create a multi-model improvement solution. Our aim is to propose a Harmonization Process supporting organizations interested in introducing/improving SPI practices. We present: a what/what combination of ISO9001 and CMMI-DEVv.1.2 models in the direction from ISO-CMMI; and detail the what/how perspective by showing how GQM is used to define operational goals that address ISO9001 statements, reusable in CMMI appraisals. The harmonization process has been applied to a SME certified ISO9001:2000.

Abstract Software process improvement is an important aspect in achieving capable processes, and so organizations are obviously concerned about it. However, to improve software process it is necessary to assess it in order to check its weaknesses and ...

... Especialmente a mi director de tesis Dr. Iván A. García Pacheco, por sus instrucciones, vasto conocimiento y paciencia para llevar por buen ... A mis amigos, Román, Memo, Gus, Oma y Paco que me acompañaron en numerosas aventuras durante el transcurso de la carrera y ...

If companies are to fulfil their business goals then they must implement more than one software process improvement or information technology management model. The heterogeneity of these models signifies that their harmonization in accordance with company goals has become a key initiative. It is therefore necessary to provide companies with suitable software tools which facilitate the implementation and management of the activities, methods, techniques and reference models involved in a harmonization project, thus allowing the harmonization to be properly carried out. This paper therefore presents the HProcessTOOL which guides harmonization projects by supporting specific techniques, and supports their management by controlling and monitoring the resulting harmonization projects. The tool has been applied in two case studies, and has allowed the work products, effort, time and roles involved in the harmonization projects, and the knowledge generated, to be correctly managed.

Software process improvement is a planned, managed and controlled effort which aims to enhance the capability of the software development processes of an organization. In particular, SPI often involves process reference models, process assessment methods and models that guide process improvement though specific standards such as the ISO and CMMI families. Recently, growing interest has been shown towards the need

... models that can be taken as reference, eg CMMI, ISO 9001, ISO 12207, ISO 90003, ITIL, SWEBOK, and ... implementation in an organization, which allowed us to support the harmonization of the ISO 27001 and ISO ... Harmonizing maturity levels from CMMI-DEV and ISO/IEC 15504 ...

A success factor in Software Process Improvement -SPI- in very small enterprises -VSEs- is that improvement effort must be guided and managed by means of specific process. Nonetheless, many proposals related to this issue have not considered that type of process explicitly. So, aiming to establish SPI in VSEs systematically and coherently, we have defined a light process for managing and leading the improvement process step-by-step, called PmCOMPETISOFT. This paper introduces that process, which guides the implantation of an improvement cycle in an iterative and incremental manner. It also describes our experience of the application of the proposed process in four VSEs, through case studies. The results of the case studies show that the companies increased the capability of their processes, and that it is feasible to implement this process in this type of organizations, by investing an effort which corresponds to the particular characteristics of each.

To support Small Software Enterprises -- VSEs-- when they are dealing with the first processes that must be considered as they undertake a project of Software Process Improvement --SPI--, we have defined a set of processes which we consider to be of high-priority when initiating the implementation of an improvement project in VSEs. This paper introduces this set of processes