NOW THAT YOU HAVE TAKEN BRIEF LOOKS AT ISO 9001:2000, THE CAPABILITY MATURITY MODEL Integration, and Six Sigma, you may want to compare these three against some common considerations for adoption.
First, however, it's important to note that these three leading standards are not really choices that are mutually exclusive; they can coexist quite well together. A large company might operate under the umbrella of ISO 9001 and have its IT shops working at CMMI Level 2 under this umbrella. And it might measure the performance of this CMMI program using Six Sigma.
On the other hand, smaller organizations (or those new to process) will probably want to make something of choice, focusing on the standard that, at least initially, appears best suited to its needs.
In this chapter, I'll make a rough comparison between ISO, CMMI, and Six Sigma. I say rough because the three standards do not really share a common structure. And each has a focus that is, in application, somewhat different from the others. But they do have some major traits in common. Each of the three represents an approach to process improvement. Each presents a framework that can be used to structure process improvement efforts. Each has been shown to be effective for the IT industry. And each has a large base of users that constitute a substantial support community.
I'll make the comparison two ways. First, by looking at a series of program traits you might consider when thinking about your organization. And second, by examining a set of traits typically found in quality management and process programs and looking at how each of the three tends to deal with them.
Let's begin with the first. Here there are 12 common adoption considerations. I'll take a look at how each of the three programs compare with respect to:
ISO 9001 is a "generic" quality standard. ISO 9001 can be applied to any production environment, including environments that produce technology products. ISO 9001 is expressed at a level high enough that it can fit IT shops. At the same time, it is not built to directly address the industry-specific needs of IT. So while it is not what we might call an IT standard, it is suitable for use in IT development organizations.
CMMI is a process improvement framework built specifically for technology development. It contains recognized best practices for systems engineering, software engineering, supplier sourcing, and integrated product and process development. This model was specifically designed for use in technology shops, so much so that it is not readily applicable outside of the realm of IT.
Six Sigma is typically applied in manufacturing environments or in business environments that are transaction-heavy. Six Sigma can and has been applied in technology development shops, but its full range of application may not be suitable for projects like mid-level software and systems development. Six Sigma may offer greater value to IT operations and system maintenance organizations in which performance has stabilized and can now be measured and improved.
Required knowledge and skills include those special assets you and your teams will need to implement an improvement program effectively. Aside from basic knowledge of process improvement and a good sense of proportion about what's right for your culture, ISO 9001 does not require a large degree of specialized knowledge and skills. The Standard is expressed in generic language that can be interpreted in ways that will fit within your groups. The most important tip here could be to work with people who know the business you're in and appreciate how process can potentially help it flourish.
CMMI naturally requires knowledge of the model and what is recommended under the model. The specific technology slant embedded in CMMI supports the requirement that its implementers be knowledgeable about technology development life-cycle phases and considerations. Additionally, because CMMI emphasizes the application of recognized best practices, its teams should have solid experience with the execution and management of technology projects.
Six Sigma, when used to its full scope, can be considered the most specialized of the three programs. Like ISO 9001 and CMMI, it uses a set methodology, and its impetus is founded in the principles of process improvement. But Six Sigma carries with it the additional dimension of statistical and quantitative analysis. Concepts like Design of Experiments, control charting, and standard deviation run throughout the program and require a degree of formal analytical and design experience.
Of the three leading standards, ISO 9001 probably has the greatest adoption depth. What makes this Standard different in part from CMMI or Six Sigma is that it is a collection of requirements. To be in compliance with the Standard, you must implement its requirements. And these requirements cover five sections of instruction: Sections 4 (Quality Manual), 5 (Management Responsibility), 6 (Resources), 7 (Product and Service Provision), and 8 (Measurement and Improvement). All of these make up ISO 9001:2000, and so you are required to implement them all.
CMMI is a collection of 22 Process Areas. If an organization elects to implement CMMI using the Continuous Representation, then it can choose to work on whatever Process Areas best meet the needs of the company's quality goals. That can be 1, 6, or 20. If the organization uses the Staged Representation, it must follow the SEI's fixed adoption path.
Six Sigma can be implemented to whatever degree you want to implement it. You can turn teams loose on the whole organization. You can start with one small team looking at one specific issue. Unlike ISO 9001 and CMMI, the methodologies of Six Sigma impact how the Six Sigma team works, usually not how the organization works. And so, Six Sigma can be said to have a shallow adoption depth.
The idea of cultural shift relates to change management. With a process program like ISO 9001, CMMI, or Six Sigma, you are introducing change, something new, something different. That requires an organizational shift. ISO 9001 is structured in a way that allows you to control the amount of shift. It is a series of management requirements, but the requirements are defined in such a way as to promote customization. You can implement ISO 9001 in a "heavy" way, one that pushes for significant cultural shift, or you can implement it in a "light" way, one that calls for less directed shift.
Of the three standards, CMMI may—on average—require the strongest cultural shift for an IT shop. This is because CMMI is focused on technology. Its practices are all technology and technology management practices. And so when an IT shop implements CMMI, it is going to impact the way the shop operates. IT activities will change based on the Process Areas being adopted, but they will change. For the changes to be effective and to have their intended impacts, cultural behavior will have to change, too.
Because Six Sigma employs such a focused methodology, and because it targets very specific issues, it does not tend to have broad immediate cultural impact. But when adopted in the right spirit, the spirit of Six Sigma tends to have a significant influence on the cultural position. With Six Sigma, there are no organizational sacred cows. Everything is up for improvement. And so the organization should adopt the philosophy that business as usual is never good enough. This may be a natural progression for some organizations. For others, it might be torture.
The number and diversity of resources you are required to commit to your ISO 9001 program is going to depend on the scope of your Quality Management System. But at the very least, you will need people to create and document the program, people to run the program, and people to monitor the use of the program. This is very similar to CMMI. The difference from Six Sigma is that ISO 9001 and CMMI reach in to impact all those who operate in the Process Areas that you are defining. With ISO 9001, this touches on management, requirements, design, execution, test, and all the other facets of production.
The Process Areas and best practices in CMMI will impact your organization three ways: they have to be created, they have to be followed, and they have to be monitored. That's very similar to ISO 9001. But CMMI reaches down a little deeper, and so it probably involves a greater percentage of the organization. For the program you build from it to be successful, you will need the cooperation of those whose activities are being defined. These people will then have to exercise these definitions in practice, and others in the organization will have to monitor and report on the use of these practices.
You can implement a robust Six Sigma program without having to commit a lot of resources to it. The commitment you will have to make is to bring in people who are skilled in Six Sigma methodologies, who are skilled in statistical and analytical techniques, and who have some foundation in process improvement and organizational change. But from a sizing perspective, a competent Six Sigma team can be represented by a handful of people.
The International Organization for Standardization in Geneva is the most recognized standards body in the world. And ISO 9001:2000 is the world's most recognized quality standard. Because we have no evidence yet of life on other planets, we might say it is the most recognized quality standard in the cosmos. Over its life, the ISO 9001 Standard has become recognized by more countries, industries, and companies than any other comparable offering. It is indisputably the most widely accepted quality standard we have.
CMMI is widely recognized, not just in the U.S., its sponsor, but around the world. When it comes to process programs designed specifically for technology development, it's generally seen as the leading contender. Like ISO 9001 and Six Sigma, CMMI has been receiving a lot of press lately, as the value of process and process management becomes more ingrained in IT cultures. There are other options in the marketplace—surprisingly many—but CMMI, ISO 9001, and Six Sigma continue to hold place as entities recognized for their own values.
Six Sigma is a widely known process improvement program. It has lately received more press perhaps than either CMMI or ISO 9001. There is a lot of interest within the IT community for what Six Sigma might be able to offer IT shops. But the depth of knowledge that gives these shops a critical capability to judge Six Sigma still seems to be maturing.
The ISO is made up of over 140 member countries from around the world. These countries fund the activities of the ISO, including standards maintenance and revisions. That makes ISO 9001:2000 one of the best-funded and best-backed quality standards on the planet. There is no doubt that the ISO will continue to develop and maintain 9001:2000 now and in the future. And the organization will no doubt augment the Standard with add-ons and support tools.
CMMI's continued development and support is funded in large part by the U.S. Congress by way of the Department of Defense and Carnegie Mellon University in Pittsburgh, Pennsylvania. This level of official support is a great benefit for a process program. It ensures that the standard will continue to be maintained, extended and developed, and monitored through a centrally coordinated governing body and a well-supported user community.
Six Sigma has no legislated support. It is not an official program of any governing organization. It is a form of shareware. It is a type of open source process improvement program. How organizations develop it, extend it, or augment it is strictly up to individual groups.
Because the ISO is made up of member countries from around the globe, it has a huge support community. There are ISO-sponsored conferences, user-group meetings, and symposiums. There are consultants and auditors through the U.S. who can help you establish a program and then evaluate it for registration with the ISO. There are books, white papers, tip sheets and a host of supporting material from the community to back up the Standard with information and assistance.
CMMI has a very large support community, both nationally and internationally. There are annual and quarterly conferences for SEPGs, the Software Engineering Process Groups that are common in organizations implementing CMMI, and these are held around the globe. There are also groups and clubs for CMMI Appraisers and Instructors. And the SEI itself hosts a variety of CMMI symposiums, meetings, and user sessions.
Six Sigma has a very broad and diverse support community. The plus side to this is that there are multiple and plentiful resources where you can find Six Sigma support, training, and services. The other side to this carries a bit of caution with it. Because Six Sigma is an unregulated standard, there is nobody to govern how the support community uses or shapes the program. In fact, there is no standard shape for this standard. So it's advisable to screen your Six Sigma resources for competency, experience, and credentials.
ISO 9001:2000 provides a basis for establishing a Quality Management System and institutionalizing it inside an organization. Its purpose is to give you a foundation upon which you can build a quality management program. And so we probably shouldn't think of ISO 9001 as relevant to any short-term view of process improvement. It represents an integrated approach to the strategic management of the organization's production activities. Such integration, and its effectiveness, takes time to evolve.
Like ISO 9001, there really is no short term for CMMI. The goal of CMMI is to help an organization set processes into place that improve the way it creates technology products. But this proof takes time to realize, just as the results of any change take time to realize. Some organizations move to adopt CMMI because they will be able to win restricted contracts or because their management said they had to, and so they approach the task with the short-term view in mind. But with CMMI, the short term tends to reflect the costs and the investment required. The real benefit does not become apparent until the organization has committed to its use and monitoring over time.
Of the three standards, Six Sigma probably provides the most potential for short-term success. Because it is used to address specific and pre-identified performance issues, it is by nature a short-term solution. The aim of Six Sigma is not to implement global or strategic improvements. Too many variables exist in those domains. Its aim is to pinpoint and target opportunities to refine current processes. And so you can implement Six Sigma with a view to taking quick action (a relative term) to modify how the organization operates.
ISO 9001:2000, like CMMI, is a strategic solution for organizational quality. It is also a program that touches most groups within an organization that are involved in any aspect of production or production support. Because of its scope and its depth, this is a Standard that performs best when the long-term view is taken. ISO 9001 programs set processes in place to guide, monitor, and measure production work flows. To get the most out of these processes, the organization needs to make a long-term commitment to setting them into place, using them, and working to continually make them better.
CMMI has a "great" long-term view. I put "great" in quotes because it's a correlative great. CMMI takes time to show its rewards, and the stretch of time allows in variables. But here is what I can report: organizations that adapt well-designed CMMI programs and stick to them over time tend to demonstrate significant improvement in their abilities to meet schedules, budgets, and quality expectations. They are able to perform in a predictable manner. They are able to control the unforeseen better than in the past. And so they are able to deliver in much more reliable function. Were other variables involved in this stretch of time? Maybe. But the data reported to the SEI and anecdotal confirmations seem to reliably link one to the other. (See "Documented ROIs," later in this chapter.)
Just like ISO 9001 and CMMI, Six Sigma can deliver on its promise of long-term results only through the commitment of the organization to its methods and methodology. Relatively speaking, Six Sigma does not provide long-term solutions. It provides for continuous short-term refinements. Over time, these refinements can add up to a significant improvement from where you started and where you are now.
In many industries in Europe, you can't even bid on a contract if you do not carry ISO registration. That requirement alone says something about the effectiveness of ISO 9001. Over the years, its effectiveness and value have been well documented. With standards like ISO 9001 and CMMI, there will always be something of a soft fix on issues like effectiveness and ROI. But the fact that ISO 9001 has a track record that is, at the very least, highly correlated with success indicates strongly that the program can and does make a difference when conscientiously applied.
Many U.S. and international organizations now insist on CMMI "certification" (not the most accurate term, but it will work here) when contracting out IT work. For example, the U.S. Department of Defense and Housing and Urban Development rely on certification as a way to select qualified vendors. CMMI has the same soft-fix issue when it comes to effectiveness that ISO 9001 has. Organizations don't tend to measure the effectiveness of the program. They tend to measure success factors that tend to come from the program, and so we can only correlate CMMI with proven effectiveness. Nevertheless, there is plenty of evidence that shows this correlation to be strong.
Six Sigma has a solid track record of proven performance. It lacks the broadcloth application of ISO 9001 or CMMI, but its targeted focus may be seen as a plus for measuring effectiveness. You implement Six Sigma on a targeted issue: to address a specific problem. Because it is applied with such a fine focus, and because it is based on data and data analysis, you can directly tie Six Sigma activities to improvements in environmental performance, efficiencies, and effectiveness.
Studies of ISO adoption show ROIs in the range of 2:1 to 24:1. As you'll see next with CMMI, that's a pretty big range. Measuring process ROIs has always been tricky. It's easy to measure the delta in a product or the improvement in efficiencies, but because systems are usually large or complex things, ROIs can only be generalized because there is a tendency for so many variables to be at play. And then there is the fact that ROIs come in different sizes and shapes, depending on how the program was implemented.
Studies of CMMI adoption—admittedly limited in scope and with only medium-sized samples—show ROIs in the range of 1.85:1 to 45:1. That's a pretty big range, and it's one of the problems with ROI data on practice-based process improvement programs. ROIs come in different sizes and shapes, depending on how the program was implemented.
Six Sigma leads the pack here with documented returns-on-investments in the billions of dollars. Billions. Motorola and General Electric alone have credited Six Sigma with these kinds of savings. Six Sigma lends itself to ROI analysis because of its own empirical data. With Six Sigma, you measure both before and after performance. So it's relatively easy to see what your process improvements have done for you in terms of investment and return.
In the next section, I'll discuss 23 traits that are usually addressed, in some form or fashion, by quality management program or process improvement methodologies.
The 23 are as follows:
Third-party recognition
Customer satisfaction
Focus on quality
Documentation requirements
Required actions
Management responsibility
Organizational oversight
Continuous improvement
Resource requirements
Training
Planning
Requirements management
Configuration management
Design
Verification
Validation
Defect management
Root-cause analysis
Measurement activity
Statistical process controls
Supplier management
Reporting
Auditing
ISO provides official recognition of compliance with the 9001:2000 Standard through the use of registration. Select independent companies can act as registration bodies for the ISO. Certified auditors conduct assessments of the organization to ensure adequate compliance with the requirements contained in the Standard. A successful audit results in the organization being registered at the ISO.
Registration audit
Conducted by a certified ISO auditor
Organizations that adopt CMMI can receive third-party recognition through a SCAMPI A appraisal. This is an event similar to an ISO audit. A Lead Appraiser authorized by the SEI appraises the organization's compliance with selected parts of the model and, based on the findings, awards the organization a maturity-level or capability-level rating.
SCAMPI Class A (and also B and C) appraisals
Conducted by an SEI Authorized Lead Appraiser
Unlike ISO or CMMI, Six Sigma lacks a central governing body. So the program has no form of third-party registration or certification. Organizations that wish to publicize their progress using Six Sigma often publish the sigma levels of their processes, or point to the number of trained Master Black Belts, Black Belts, etc., on their staff.
No official third-party recognition
Process sigmas often cited as a level of accomplishment
The 9001:2000 Standard adopted a stronger position on customer satisfaction, perhaps borrowing from Six Sigma. The Standard focuses on the customer by first directly linking the definition of quality to meeting the customer requirements, making this a management responsibility. It then obligates technical and production activities to be responsive to customer involvement. Finally, the organization is required to periodically measure customer satisfaction.
CMMI does not address the topic of customer satisfaction as directly as ISO 9001 and Six Sigma do. The model focuses chiefly on what the organization should do to ensure that it is prepared to manage its projects in a responsible manner and that, by extension, it meets customer requirements. But there are no goals or practices that promote activities centered on customer satisfaction.
No practices directly addressing customer satisfaction
Support for eliciting customer needs and verifying customer requirements
Six Sigma has a strong foundation in customer satisfaction. The program defines quality in large part as an organization's ability to deliver to customers those features and services that are important to them. Using this "Voice of the Customer" approach, the organization designs its efforts around product/service traits deemed to be CTQ, Critical to Quality.
Strong focus on the Voice of the Customer
Critical-to-Quality issues directly reflect customer needs
The underlying aim in all three of these programs is better quality management. ISO 9001 has at its base the Quality Management System. The Standard is designed to help an organization thoroughly think through its quality values. First it is required to define its quality objectives. Then it is required to design its Quality Management System around those objectives.
Section 4.2, Document a Quality Policy and a Quality Management System
Two process areas in CMMI address the management of quality in project work. The Process and Product Quality Assurance Process Area is designed as the auditing element of the model. PPQA provides, in part, objective insight into the organization's ability to produce product according to its quality standards. Peer reviews (described under the Verification Process Area) provide a complementary, albeit more technical, level of inspection into the quality of project products.
Process Area: Process and Product Quality Assurance
Process Area: Peer-review practices described under Verification
In Six Sigma, the idea of quality is born solely out of the needs of the customer. The obligation of the organization is to produce products (or services) specifically tailored to what the customer wants. Missing features result in a deficient product. Too many features result in a superfluous one. Both states are considered wanting in terms of quality. The entire focus of Six Sigma is to produce processes and products that meet customer requirements.
Quality equates to the feature set defined (or required) by the customer
The Standard requires the organization to define and document the major elements of its Quality Management System. This includes documenting the quality objectives, the organizational Quality Policy, all the components of the Quality Management System, and the required QMS records.
CMMI requires that you document your program as it grows in maturity and capability. Generic Goals 1 through 5 direct the organization to "establish and maintain" appropriate sets of processes. This phrase connotes documenting the processes and then maintaining them as they evolve within the organization.
Generic Goals 1 through 5: Establish processes that are performed, managed, defined, quantitatively managed, and optimizing
The push of Six Sigma is to measure processes, and then to perhaps redefine them. As a rule, the program does not require you to document anything. However, the "define" part of the DMAIC life cycle does call for the definition of a project plan. This plan details the approach the team will follow when it undertakes its measurement, analyze, and improvement activities. The program also features steps in the control phase to define documentation that may be needed to redefine, monitor, and maintain improvements in the field.
Promotes a documented project plan defining the measurement, analyze, and improvement approach
Promotes use of control documentation that defines how improved process performance will be redefined, monitored, and maintained
Across its five main sections, ISO 9001 contains a series of requirements that the organization must meet in order to be seen as officially compliant with the Standard. The requirements are expressed as "shall" statements—for example, "The organization shall document a quality policy."
Provides a series of requirements that must be realized for compliance
Requirements are presented as "shall" statements
The contents of the CMMI spec fall into three general categories: required, expected, and informative components. The only required components are the specific and generic goals described for each Process Area. The specific and generic practices that support the goals are expected components: you are generally expected to follow something similar to reach the goals. The rest of the material is informative in nature.
Required components: specific goals and generic goals
The program has no defined requirements. But Six Sigma does promote two methodologies, each with sequential steps. DMAIC is used to improve existing processes and includes the steps define, measure, analyze, improve/implement, and control. DMAVD (or Design for Six Sigma) is used to design new processes and includes the steps design, measure, analyze, validate, and deploy.
No fixed requirements
DMAIC methodology for existing processes
DMAVD methodology for the design of new processes
Section 5 of the Standard deals with management responsibility, and the ISO places a strong emphasis on this responsibility. In general, management is responsible for three broad activities: designing the focus of the Quality Management System, defining and allocating the resources needed to run the system, and periodically reviewing the use of the system by the organization.
Throughout CMMI, the model places emphasis on the involvement of senior management in the direction and use of the organization's process program. The Process Area Organizational Process Focus promotes the design of a strategic improvement plan. Process and Product Quality Assurance provides senior management with insight into quality and compliance issues. And GP 2.10 recommends that senior management periodically review the status of process components at play across projects.
Process Area: Organizational Process Focus
Process Area: Process and Product Quality Assurance
Generic Practice 2.10, Involve Senior Management
There are no direct management responsibilities defined for Six Sigma. However, there is broad recognition in the Six Sigma community that management's support of and involvement in Six Sigma projects is essential to program success.
Management often represented as Six Sigma Champions
Section 5.6 of the Standard calls for management to review the workings of the QMS on a regular basis. This typically covers measures of process performance, product quality, and customer satisfaction.
Two process areas in CMMI promote an organizational approach to the direction, design, and management of the process program. Organizational Process Focus establishes an organizational strategy for process improvement. Organizational Process Definition establishes an organizational repository of process assets for use by the organization's project teams.
Process Area: Organizational Process Focus
Process Area: Organizational Process Definition
Six Sigma projects can take place at nearly any level within an organization. This being the case, the program does not define any requirements for organizational control. The role of the Champion does imply the need for organizational support, and in many organizations, Champions guide Six Sigma programs, but this at the discretion of the organization.
No requirements for organizational control
The ISO Standard devotes an entire section to continuous improvement.
At its core, CMMI is itself a model for continuous process improvement. One Process Area that addresses this directly is Organizational Innovation and Deployment. Here, practices are defined for identifying opportunities for process improvement, opportunities for process innovations, and methods for evaluating, piloting, and deploying process advancements. Additionally, Generic Practice 3.2 promotes the collection of improvement information, a support activity that can feed into OID.
Process Area: Organizational Innovation and Deployment
Generic Practice 3.2, Collect Improvement Information
One philosophy of Six Sigma is that all processes should be open to analysis, that nothing should be immune from investigation and potential improvement. In this way, Six Sigma supports continuous improvement. Additionally, the control phase of DMAIC promotes the periodic remeasurement of improved processes in the field.
Continuous improvement through cyclical measurement and analysis of select processes
Section 6 of the Standard defines the resource requirements needed to properly run the QMS. This includes human resources, people skilled and trained in their job responsibilities; infrastructure resources, providing appropriate facilities; and work environment resources, the tools and equipment needed to run the system.
When a managed process is implemented under CMMI, the model recommends that adequate resources be provided so that the process can be effectively practiced. Generic Practice 2.3 defines this practice. The term adequate resources includes the people, tools, equipment, and facilities needed to support the process.
Generic Practice 2.3, Provide Adequate Resources
Process Area: Organizational Environment for Integration
Six Sigma does not stipulate resource requirements. However, the use of roles such as Master Black Belt, Black Belt, and Green Belt are promoted across various project design and execution activities.
No fixed resource requirements
Promotes appropriate use of Master Black Belt, Black Belt, and Green Belt roles
Training for ISO 9001 is addressed under Section 6, Resources. The standard requires that the people assigned to manage the QMS are appropriately skilled to carry out their job duties. This includes assigning competent people, orienting them to the mission and reach of the QMS, and training them in their specific job responsibilities.
Training is an area that is continually supported under CMMI. The model devotes a Process Area to this domain, Organizational Training. Here the organization establishes an appropriate training capability and then delivers required training to its people. Additionally, Generic Practice 2.5 promotes training for those people who will be required to carry out the processes established for a project.
Process Area: Organizational Training
Generic Practice 2.5, Provide Training
Recommendations for process training appear in the control phase of DMAIC. Control activities can include training people to properly use the new or improved processes. Outside of the program, the industry has developed a series of courses that support Six Sigma's potential to use sophisticated statistical process control techniques. These courses are built around Six Sigma belt designations: Master Black, Black, and Green.
No specific program training stipulations; industry support for belt training
Process training recommended in the control phase of DMAIC
Planning takes on a two-dimensional emphasis under ISO 9001. The first dimension is the planning of the Quality Management System. Management is responsible for ensuring that the systems objectives, policies, and process components are planned and then created. The second deals with product realization. Project plans are required to be established before product realization activities are begun.
Planning is a core theme that runs throughout all Process Areas in CMMI. In the model, planning is an essential act for sound management. The Process Area Organizational Process Focus helps the organization establish strategic plans for process management and improvement. Project Planning provides practices and guidelines for planning projects. Integrated Project Management extends PP by emphasizing the use of a standardized set of project processes. And GP 2.2 recommends that all activities embedded in a process be planned, monitored, and controlled.
Process Area: Organizational Process Focus
Process Area: Project Planning
Process Area: Integrated Project Management
Generic Practice 2.2, Plan the Process
Planning activities are described in the define phase of DMAIC. Here, the Six Sigma team documents the approach the Six Sigma project will take. Planning is also suggested in the implement phase: plans for how to deploy the improved processes into the production environment.
Planning is included in the define phase of DMAIC
Plans for improvement rollout are often included in the implement phase
Requirements management is customer-based under ISO 9001. Section 1 presents this focus as being threefold: work to understand the customer requirements, design and select processes to meet those requirements, and periodically confirm that the system is operating in such a way as to meet the requirements. (Related activities occur for configuration management.)
Section 1.1, Understanding and Meeting Customer Requirements
CMMI devotes two Process Areas to requirements management. Requirements Development presents practices for establishing customer and product requirements, and for validating these for completeness and appropriateness. Requirements Management presents practices for understanding the requirements, obtaining commitment to them, and tracking and controlling changes to the requirements.
Process Area: Requirements Development
Process Area: Requirements Management
Requirements in Six Sigma are used as the basis for evaluating the performance and suitability of processes. Desired requirements are defined as Critical-to-Quality traits. Undesired traits are defined as defects. Both of these are used to shape the aim of the Six Sigma project and so are usually contained in the project plan and reflected in the project's scope and purpose.
Emphasis on the definition of Critical-to-Quality issues
Emphasis on the precise definitions of defects
Requirements are bounded in the project purpose and scope
Control is a major trait in the 9001 Quality Management System. Elements within the program and elements managed by the program are required to be controlled. Section 4 defines requirements for the version control of system documents and records. Section 7 deals with requirements for the configuration management of design and development changes, and for preserving audit trails of product components and establishing traceability of these components.
CMMI defines a Process Area for configuration management practices. Configuration Management promotes the establishment of product baselines, the management of changes to the baselines, and auditing baseline repositories to confirm ongoing integrity. Additionally, Generic Practice 2.6 promotes version or configuration control of important project work products that may emerge under process activity.
Process Area: Configuration Management
Generic Practice 2.6, Manage Configurations
Configuration management is typically employed in Six Sigma during the measure and analyze phases of DMAIC. Data collection occurs in the measure phase. Here it is important that the integrity of the data be protected. This includes control over data access as well as data manipulation. In the analyze phase, the integrity of the data must be maintained in order to ensure the validity of the results that spring from statistical analyses.
Data integrity is stressed in the measure and analyze phases of DMAIC
Section 7 of the Standard deals with Product and Service Provision, and this includes requirements for product design. Here are contained the requirements for planning the design, for managing design inputs and outputs, for reviewing designs, and for verifying and validating design components.
The Process Area Technical Solution presents practices for establishing proper technical solutions for a project, designing product components, designing component interfaces, validating these against customer needs, and then implementing the designs.
Process Area: Technical Solution
Design activities may encompass the most crucial step in the DMAIC process. They have the potential to address investigations that are simple or highly complex. The statistical guidelines in Design of Experiments are often called into play here. These are typically described in the definition phase and continued in the analyze phase. For new process development, the DMAVD methodology includes a distinct design phase.
Design of Experiments is a technique to apply the appropriate statistical approach to a specific project or theory
Design of new processes is also a key step in the DMAVD methodology
Verification is covered under Section 7.3.5 of the Standard. The activities defined here are set into place to verify that the design components can be traced back to the customer requirements, that no requirements have been omitted, and that the represented set constitutes the proper system configuration.
The Process Area Verification covers two types of test and inspection activities under CMMI. Verification activities are conducted to verify that resulting products explicitly meet the requirements as defined for the project. Peer reviews are conducted to ensure that the iterative quality of products is maintained and controlled across selected phases of product development.
Process Area: Verification
Verification Goal: Conduct Peer Reviews
The general purpose of the DMAIC methodology is to verify that improvements to a process will result in closer allegiance to customer needs. In this way, Six Sigma supports verification. This inspection point typically occurs during the analyze phase, when the performance data is examined and analytical results are interpreted to surmise the level of compliance with CTQs.
The analyze phase of DMAIC is used to verify the process's goodness-of-fit to CTQs
Two sections in the Standard deal with validation. The first occurs under design activities. Here the product (service) designs are validated to ensure that they are appropriate for the operating environments. The next occurs later on in the production cycle. Elements of the product to be delivered are validated to ensure that they will operate properly in the intended production environments.
Validation is a Process Area under CMMI that deals with ensuring that the products produced by the project teams will operate properly in the intended customer environments. Practices are defined to prepare for validation and to define specific validation activities, as well as to conduct these activities.
Process Area: Validation
The implement phase of Six Sigma precedes the control phase, and here the guidelines for process validation are typically established. These can describe tests to ensure the new or revised processes will work properly in the production environment.
The implement phase can be used to define process deployment and validation rules
Defect management is addressed in Section 8 of ISO 9001. Section 8 deals with measuring and monitoring product and processes. If a product nonconformance is found—a defect—the Standard defines requirements for identifying, labeling, and managing the defect. If process or product defects are found, the Standard also describes requirements for taking corrective actions to remove the defect.
Defect management under CMMI is mainly addressed through three Process Areas. Verification activities are defined to ensure that products fully meet customer requirements; and that results of verification activities (defects) are analyzed for follow-on actions. The same approach applies to Validation, although here the emphasis is on product performance in a production environment. Causal Analysis and Resolution deals with practices to identify and remove the root causes of defects in processes and products.
Process Area: Verification
Process Area: Validation
Process Area: Causal Analysis and Resolution
Early on in Six Sigma projects, defects are precisely defined. They are usually expressed as traits that detract from or impact Critical-to-Quality elements. Defects are typically defined in the define phase of DMAIC and then they are evaluated in the analyze phase and addressed in the improve/implement phase.
Defects are defined in the define phase
Defects are addressed in the analyze and improve phases
The sections of the 9001 Standard that deal with defect correction are described in the previous section. The other side of this issue—prevention—enters here with root-cause analysis. Section 8.5.3 describes requirements to identify the root cause of process and product defects, and then work to remove those causes, thus preventing the defects from entering into the system.
Causal Analysis and Resolution deals with finding the root causes of product and process issues and then taking action to remove these causes. CAR defines practices to identify opportunities for causal analysis, to initiate plans to address the causes, and then to implement these plans.
Process Area: Causal Analysis and Resolution
At its heart, Six Sigma is a root-cause analysis tool. Its purpose is to identify the root causes of problems in processes and to identify ways to remove or reduce them.
Six Sigma is a root-cause analysis regimen
Section 8 of ISO 9001 is heavily focused on measurement and analysis. Here the Standard describes three basic areas where measurements should be taken: measurements of customer satisfaction, measurements of product quality, and measurements of process performance. These measures should then be analyzed to determine overall improvement opportunities.
The Measurement and Analysis Process Area defines practices for establishing a measurement capability that is in line with business objectives. This PA also describes practices to define measurements, collection and storage procedures, analytic techniques, and reporting mechanisms.
(This area is complemented by the use of statistical process controls; see the following section.)
Process Area: Measurement and Analysis
Six Sigma is heavily based on the collection and analysis of measurements. The measure phase in DMAIC includes activities to collect process performance measures. This is extended in the analyze phase where the measures are analyzed and interpreted.
Data is systematically collected during the measure phase of DMAIC and then interpreted in the analyze phase
ISO 9001 places strong emphasis on measuring process performance and product quality. But the Standard has no requirements for the use of statistical process controls or quantitative analysis.
No requirements for statistical or quantitative analysis
The use of statistical process controls is typically introduced at higher levels of sophistication under CMMI, the assumption being that an organization will need time to reach a stage where quantitative management can be employed. Quantitative Project Management defines practices for managing a project's quality and performance objectives quantitatively. Organizational Process Performance establishes practices for defining process performance baselines and models.
Process Area: Quantitative Project Management
Process Area: Organizational Process Performance
More so than either ISO 9001 or CMMI, Six Sigma is able to rely on the full scope of statistical process controls as part of its approach to process improvement. In the define phase, the program establishes the range of measures and statistical techniques it will apply to the analysis of process performance. This is then carried out in the measure, analyze, and implement phases.
Designs of Experiment along with measurement and analysis techniques are established in the design phase
Data is systematically analyzed, evaluated, and interpreted during the analyze phase of DMAIC
Section 7.4 of the Standard deals with requirements that center on the control of purchasing activities. These requirements define activities to ensure that suppliers are adequately qualified, that product selection is based on established criteria, and that supplier activities are monitored.
Two Process Areas deal with managing suppliers. Supplier Agreement Management defines practices for selecting and working with qualified suppliers. Integrated Supplier Management defines practices for establishing ongoing and participatory working relationships with suppliers.
Process Area: Supplier Agreement Management
Process Area: Integrated Supplier Management
Six Sigma makes no independent stipulations for dealing with suppliers.
No stipulations for managing or evaluating suppliers.
ISO requires that the organization produce 23 kinds of records in order to demonstrate adequate management of the Quality Management System.
Documentation records
Management review records
Resource records
Design records
Product and service provision records
Measurement and monitoring records
CMMI does not require the kinds of system reporting that are found in ISO 9001. However, it does require that measurement activities and results be reported to the organization. It also requires that the results of compliance and quality audits be reported to management. And across the Process Areas in the model are practices for the general reporting of status and updates to management and stakeholders.
Process Area: Measurement and Analysis
Process Area: Process and Product Quality Assurance
General status and update reporting recommendations throughout
There are no fixed reporting requirements in Six Sigma, but they are implied in the analyze phase, as results of the Six Sigma efforts are typically reported to management to clear the way for implementing improvements.
No fixed reporting requirements
ISO 9001 requires that the organization periodically audit the activities of its teams with the guidelines of the Quality Management System. Two areas are required to be audited. First, audit activities must be conducted against the processes of the QMS. Second, audits must be conducted to assess the quality of the products being produced under the QMS.
Auditing under CMMI is similar to ISO 9001. The Process and Product Quality Assurance Process Area defines auditing and compliance reporting practices. Under this PA, process compliance is periodically audited, work product quality is assessed, noncompliance issues are resolved, and results are reported to senior management.
Process Area: Process and Product Quality Assurance
While there is no auditing feature embedded within Six Sigma, one can think of the program as an oversight capability in and of itself. Six Sigma is built as a tool to support data-driven decision making in pursuit of process improvement. It can be used to provide insight into performance and quality objectives at the executive level.
Six Sigma itself can be thought of as performance oversight for an organization
Activities in the control phase of DMAIC encourage periodic performance re-measures