Skip to content

Page391

Software Capability Maturity Model Integration (CMMI)

The Software Capability Maturity Model Integration (CMMI) is a maturity framework for evaluating and improving the software development process. Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI) developed the model. It is now managed by the CMMI Institute: “CMMI was originally developed at the Software Engineering Institute, a federally funded research and development center within Carnegie Mellon University. In 2016, CMMI Institute was acquired by ISACA” [32].

The goal of CMMI is to develop a methodical framework for creating quality software that allows measurable and repeatable results: “Even in undisciplined organizations, however, some individual software projects produce excellent results. When such projects succeed, it is generally through the heroic efforts of a dedicated team, rather than through repeating the proven methods of an organization with a mature software process. In the absence of an organization-wide software process, repeating results depends entirely on having the same individuals available for the next project. Success that rests solely on the availability of specific individuals provides no basis for long-term productivity and quality improvement throughout an organization. Continuous improvement can occur only through focused and sustained effort towards building a process infrastructure of effective software engineering and management practices” [33].

The five levels of CMMI are described in (see https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=11955):

  1. Initial: The software process is characterized as ad hoc, and occasionally even chaotic. Few processes are defined, and success depends on individual effort.
  2. Repeatable: Basic project management processes are established to track cost, schedule, and functionality. The necessary process discipline is in place to repeat earlier successes on projects with similar applications.
  3. Defined: The software process for both management and engineering activities is documented, standardized, and integrated into a standard software process for the organization. Projects use an approved, tailored version of the organization’s standard software process for developing and maintaining software.
  4. Managed: Detailed measures of the software process and product quality are collected, analyzed, and used to control the process. Both the software process and products are quantitatively understood and controlled.
  5. Optimizing: Continual process improvement is enabled by quantitative feedback from the process and from piloting innovative ideas and technologies [33].

Acceptance Testing

Acceptance testing tests whether software meets various end-state requirements, from a user or customer, contract or compliance perspective. The ISTQB (International Software Testing Qualifications Board) defines acceptance testing as: “a formal testing with respect to user needs, requirements, and business processes conducted to determine whether or not a system satisfies the acceptance criteria and to enable the user, customers or other authorized entity to determine whether or not to accept the system” [34].

The ISTQB also lists four levels of acceptance testing:

  • The User Acceptance test: focuses mainly on the functionality thereby validating the fitness-for-use of the system by the business user. The user acceptance test is performed by the users and application managers.
  • The Operational Acceptance test: also known as Production acceptance test validates whether the system meets the requirements for operation. In most of the organization the operational acceptance test is performed by the system administration before the system is released. The operational acceptance test may include testing of backup/restore, disaster recovery, maintenance tasks and periodic check of security vulnerabilities.
  • Contract Acceptance testing: It is performed against the contract’s acceptance criteria for producing custom developed software. Acceptance should be formally defined when the contract is agreed.
  • Compliance acceptance testing: It is also known as regulation acceptance testing is performed against the regulations which must be adhered to, such as governmental, legal or safety regulations” [35].