Tuesday, March 10, 2009

Evaluating the CMMI for Services

I'm currently involved in an evaluation of different types of assessments for the area of IT Service Management (ITSM) and therefore challenging the CMMI for Services 1.2 (CMMI-SVC).

A major problem I see in CMMI-SVC, is the disregarded sufficient differentiation of practices over different maturity levels. Maybe I´m wrong with my opinion and someone can help me fixing this mess.

I´d like to give a background for a better understanding o f what I mean:
  1. In my opinion many (internal) IT service units in mid-size companies don´t have any official agreements (nor contracts) with their business customer to specify service content, service levels or support. Sometimes these things are partly available and if at all, then often are informally and silently accepted.
  2. In such (above) described IT service units you will find quite often an official HelpDesk (mostly official because it´s a specific function within IT) or minimum some guys necessary for service support (like handling service incidents) to keep the business process running.

Now take a look at the CMMI-SVC Process Areas and their associated Maturity Levels. You will find Service Development (SD) at Maturity Level 2 including specific practices:

SP 1.1 Analyze Existing Agreements and Service Data
SP 1.2 Establish the Service Agreement
SP 2.1 Establish the Service Delivery Approach
SP 2.2 Prepare for Service System Operations
SP 2.3 Establish a Request Management System
SP 3.1 Receive and Process Service Requests
SP 3.2 Operate the Service System
SP 3.3 Maintain the Service System

and you will find Incident Resolution and Prevention (IRP) at maturity level 3 including specific practices:

SP 1.1 Establish an Approach to Incident Resolution and Prevention
SP 1.2 Establish an Incident Management System
SP 2.1 Identify and Record Incidents
SP 2.2 Analyze Incident Data
SP 2.3 Apply Workarounds to Selected Incidents
SP 2.4 Address Underlying Causes of Selected Incidents
SP 2.5 Monitor the Status of Incidents to Closure
SP 2.6 Communicate the Status of Incidents
SP 3.1 Analyze Selected Incident Data
SP 3.2 Plan Actions to Address Underlying Causes of Selected Incidents
SP 3.3 Establish Workarounds for Selected Incidents

To come to an end I would expect that it is an essential part of any IT unit to solve service incidents, to fulfill the main goal of the company, and keep the business process working. Therefore I would assign half of the listed IRP practices to Maturity Level 2 and would other way around assign half of the SD practices to Maturity Level 3. The CMMI-SVC therefore seems for me to be not sufficient in differentiating practices over Maturity Levels, and would lead to the conclusion that CMMI-SVC is not useful for Maturity Level determination.

I appreciate any explanation if there is a misunderstandig or if there exists a grain of truth.

Your position is much the same as the kind of statements we heard regarding the engineering practices being at ML 3 in the CMMI-DEV. Just because these practices are at ML 3 does not mean that they are not important and are probably even performed at ML 1. What you have to bear in mind is that the CMMI is a set of process improvement guidelines , as well as the definition and purpose of ML 2 and ML 3. At ML 2, projects establish the foundation for an organization to become an effective service provider by institutionalizing basic project management and service establishment and delivery practices. Basically, ML 2 is about gaining control over the projects and service delivery and that is why there is only one service PA at ML 2. You have to get delivery under control before you can focus improving the other aspects of services like Incident Resolution and Prevention. And at ML 3, service providers use defined processes for managing projects. They embed tenets of project management and services best practices, such as service continuity and incident resolution and prevention, into the standard process set.


Manoj Kumar said...

Dear Sir,

We feel that incident resolution should get equal priority if not more than process improvment. Hence ML 2 is rightly placed.



Henry Schneider said...

Dear Manoj,
Even though you may feel that incident resolution should be at ML 2, the SEI feels differently and they placed this Process Area at ML 3. And as my original posting explained, from the staged perspective, to properly implement the CMMI-SVC, you have to stabilize your service projects at ML 2 first before attempting ML 3.
Incident resolution is important and can be addressed at any time, but if you want to be appraised to the CMMI-SVC and include incident resolution, you must be appraised to ML 3.