Standard & Regulations affecting IT

A major role of the CIO is to ensure that organizations comply with regulations (such as SOX) and follow standards (such as CMM, ITIL, and ISO). 

 

For example, Capability Maturity Model (CMM) aims to standardize, predict, and continuously improve IT software development.  There are five maturity levels, with 5 indicating the highest level of process maturity for software development.  Ever since the push towards more outsourcing, certifications have become an important way IT suppliers demonstrate quality of software development processes.  CMM standards  also dictate the way suppliers and customers communicate IT requirements.  But some US IT managers claim that mistakes in upstream CMM processes replicate like a virus downstream, that documentation is no substitute for experience, or that some CMM processes generate more costs than value.  Thus there are significant IT management issues with this topic.  In addition, students seeking IT careers will need to be familiar with the assessment process (how organizations get assessed), the software development processes used to standardize, predict, and continuously improve IT software development, and how to interact with external software suppliers.

 

 

ITIL is a standard use to improve the quality of IT services within organizations.  The purpose of the standards is to help run IT as a business within a business.  ITIL focuses upon service level management,  including service support and service delivery.   Although started by the UK government, ITIL is increasingly being adopted in US companies.

 

 

 

Your group should begin with an overview of the major regulations and standards affecting IT within organizations, including the purpose of the regulation/standard, important dates in its history, the number of adopters world-wide.  Identify the promised benefits of regulations/standards as well as the limitations and controversies. 

 

Your group should then present two or three organizations that have gone through a compliance/certification/assessment process (either CMM, ISO, ITIL, SOX or other that is approved by the professor).

For each organization studied, provide the company background by including:

• Size of company in terms of sales and profits
• Major products the company sells
• General characteristics of their customers
• Organizational chart--who does the CIO report to?
• How many people work for the IT organization?
• What is the annual IT budget?

The compliance/certification/assessment portion of the case should include:

• Description of the organization's compliance/certification./assessment level
• Who championed the pursuit of IT compliance/certification/assessment? (vendor-pushed/ IT or business led)
• Who is responsible for IT compliance/certification/assessment within the organization
• Specific examples of artifacts generated by the compliance/certification/assessment (business requirement documents, change request impact analysis reports,etc.)
• What are the perceived benefits and limitations of the compliance/certification/assessment as described by IT managers within the organization
• What plans does the organization have for the future of certification
• Lessons learned by the company

The group should end the presentation on best practices for compliance/certification/assessment, then map how your cases fit into best practices.  This is essentially a cross-case comparison that integrates your primary (case studies) and secondary (journal articles & books) research.

 

Good sources for CMM include:

 

Griggs, M., and Sauter, V., "Quality Management in the Software Industry,", University of Missouri Working Paper, 2004.

 

Sam Ramanujan, Someswar Kesh, "Comparision of Knowledge Management and CMM/CMMI,". Journal of American Academy of Business, Cambridge. Hollywood: Mar 2004. Vol. 4, Iss. 1/2; p. 271

 

Craig M Shakarji, John Raffaldi, "Managing CMM Software Uncertainties," Quality. Troy: Mar 2004. Vol. 43, Iss. 3; p. 48

 

An exploration of the relationship between software development process maturity and project performance
James J Jiang, Gary Klein, Hsin-Ginn Hwang, Jack Huang, Shin-Yuan Hung. Information & Management. Amsterdam: Jan 2004. Vol. 41, Iss. 3; p. 279

 

 

Rottman, J., and Lacity, M., "Proven Practices for IT Offshore Outsourcing," Cutter Consortium, Vol. 5, 12, 2004, pp. 1-27.

 

   BOOK: Jalote, P. CMM in Practice, Addison Wesley, Boston, 2000.

      Koch, C., "Bursting the CMM Hype," CIO Magazine, March 1, 2004, Vol, 17, 10, p. 1.

      Anthes, G., "Model Mania," Computerworld, March 8, 2004, Vol. 38, 10, P. 41

      Glazer, H., "What is CMMI and why should you care?," The Daily Record, Baltimore, MD, Sept 5, 2003.

      BOOK: Beaumont, Leland,  IS 9001: The Standard Interpretation, ISO Easy, New Jersey, 2002.

 

 

 

 

1.			The Capability Maturity Model: Guidelines for Improving the Software Process -- by Software Engineering Inst. Carnegie Mellon Univ.; Hardcover (Rate it) Buy new: $55.89 -- Used & new from: $25.50
2.			Implementing the Capability Maturity Model -- by James R. Persse; Hardcover (Rate it) Buy new: $64.40 -- Used & new from: $49.01
3.			CMM in Practice: Processes for Executing Software Projects at Infosys (The SEI Series in Software Engineering) -- by Pankaj Jalote; Hardcover (Rate it) Buy new: $56.54 -- Used & new from: $19.90
1.			ISO 9000:2000 In a Nutshell, Second Edition by Jeanne Ketola, Kathy Roberts (Paperback ) Avg. Customer Rating: (Rate this item) Other Editions: Paperback | See all (2)

 

4.			ISO 9001, The Standard Interpretation by Leland R. Beaumont (Paperback ) Avg. Customer Rating: (Rate this item)
			ISO 9000:2000 Survival Guide, 30 minutes to understanding the process, Second Edition by Doug Anton, Carole Anton (Paperback ) Avg. Customer Rating: (Rate this item)

 

I am sure that your group will have many creative ideas, so please feel free to discuss them with me.