Reach New Heights of Organizational Performance

Domain: Frameworks; Models; Standards; and Methodology Integration 

Most organizations start with one standard or model and then expand to the next one based on market needs. The result is a Quality group that is conducting CMMI audits, ISO audits, and any other audit against the applicable model or standard. What is missing are the ingredients needed to streamline and have an integrated PQA process that supports multiple models and/or standards.  Streamlining and integrating PQA activities save the organization time and resources and provide better results by focusing on the organization’s own processes in an integrated manner.

This presentation will go over main concepts that are overlooked when standing up the PQA program only for CMMI or for multiple standards and models. We will also provide examples on how these were successfully implemented in several organizations. 

We will cover the importance of proper definition and understanding of the organization’s process architecture and its relationship to PQA to define critical process aspects and therefore objective criteria.  Although it is not traditionally considered as part of PQA activities, peer reviews should be an initial mechanism to start the inclusion of standard/model requirements. It can be the foundation for PQA driven by the defined processes and not the model or standards.

We will discuss how to use the analysis of historical quality data to scope what processes shall be selected for PQA activities for a given period. We will cover what objective evaluation means and entails, beyond auditing. We will provide examples of established evaluation criteria that integrated model and standard expectations but also considers the defined process expectations.

We will also discuss alternate mechanisms, beyond internal audits, that also meet the intent of PQA, if established appropriately, such as project and/or process dashboards, life-cycle stage gates and sprint retrospectives that can be used to objectively evaluate the processes as well as the resulting work products. 

More Information Coming Soon!

Domain: CMMI Adoption – V3.0 Experiences and Transition

GE Aerospace Edison Works Controls organization develops, tests and qualifies electronic engine control systems for military fixed wing and rotorcraft applications.  The complex highly integrated systems consist of an electronic engine control unit, that through embedded software along with sensors, actuators, and other accessories work together to optimize fuel management and engine performance.  Since 2015, GE has been appraised at Dev Maturity Level 3.  In February 2024, GE will conduct a CMMI V3.0 Benchmark Appraisal consisting of Development, Suppliers & Safety Domains, with the target level of Maturity Level 5. Achievement of this goal will place the GE Aerospace Edison Works Controls organization as the first company in the world to certify at Maturity Level 5 under Version 3.0 of the model with Development, Suppliers and Security Domains.

Our goal is to meet or exceed the business performance goals of safety, delivery, quality, and cost. GE seeks to continuously mature engineering practices and create a culture of technical excellence and accountability.  GE believes that maturing engineering practices requires increasing the repeatability of processes, developing technical capability of resources and standardizing robustness of quantitative analysis.  As our work produces a safety critical product that plays a key role in our national security, our engineering practices are paramount to delivering our critical business performance objectives.

GE will share experiences, lessons learned and best practices that enabled the adoption of CMMI and transition to Version 3.0 Maturity Level 5.

More Information Coming Soon!

More Information Coming Soon!

Come learn about the latest updates to the CMMI Model. CMMI V3.0 was released April 6, 2023 and includes 8 domains: Data, Development, People, Safety, Security, Services, Suppliers, and Virtual. Key updates include: maturity level requirements; enhanced Supplier Agreement Management Practice Area; addition of new Practice Areas for the Data and People domains (Data Management, Data Quality, Workforce Empowerment); addition of Context Specific information for Data, DevSecOps, and People; and updates to Agile Development Context Specific information.  Also covered are the multiple global opportunities for CMMI V3.0 with various government agencies, such as the DoD, US Federal Government, and the European Union (EU).

Domain: CMMI Adoption – V3.0 Experiences and Transition

This white paper explores the imperative of achieving Total Experience (TX) by leveraging the Capability Maturity Model Integration (CMMI) version 3.0. In contrast to solely focusing on Customer Experience (CX), in current context focusing on experience of all key stakeholders is crucial to business success. TX encompasses customer and employee experiences, as well as vendor participation and inputs. The integration of overall organizational technical and domain-specific experience data, aligned with metrics for continuous improvement, is at the core of TX strategy.

Stakeholder management, a vital aspect of any business, is explicitly addressed by CMMI 3.0, considering both internal and external stakeholders. The identification and involvement of these stakeholders align with achieving long-term and short-term business strategies. Recognizing the impact of various internal and external factors, including PESTLE considerations, is essential for Stakeholder success.

The paper delves into Stakeholder metrics, challenges faced, and how CMMI v3.0 serves as a solution. It emphasizes utilizing data to predict Stakeholder involvement for future business success. Workforce involvement, a participatory culture, and effective communication and coordination are highlighted as integral components. Furthermore, the importance of cross-functional team involvement and the impact of supplier participation on business requirements, revenue, and technical data security are explored.

This white paper explores the imperative of achieving Total Experience (TX) by leveraging the Capability Maturity Model Integration (CMMI) version 3.0. In contrast to solely focusing on Customer Experience (CX), in current context focusing on experience of all key stakeholders is crucial to business success. TX encompasses customer and employee experiences, as well as vendor participation and inputs. The integration of overall organizational technical and domain-specific experience data, aligned with metrics for continuous improvement, is at the core of TX strategy.

Stakeholder management, a vital aspect of any business, is explicitly addressed by CMMI 3.0, considering both internal and external stakeholders. The identification and involvement of these stakeholders align with achieving long-term and short-term business strategies. Recognizing the impact of various internal and external factors, including PESTLE considerations, is essential for Stakeholder success.

The paper delves into Stakeholder metrics, challenges faced, and how CMMI v3.0 serves as a solution. It emphasizes utilizing data to predict Stakeholder involvement for future business success. Workforce involvement, a participatory culture, and effective communication and coordination are highlighted as integral components. Furthermore, the importance of cross-functional team involvement and the impact of supplier participation on business requirements, revenue, and technical data security are explored.

The paper also explores employing a comprehensive set of metrics like Customer Satisfaction Index (CSI), Employee Engagement Score, Vendor Performance Ratings, Stakeholder Involvement Index, Total Experience Index (TXI) to measure the holistic impact on stakeholders which encompasses customer, employee and supplier experiences and build prediction models on aspects like Predictive Stakeholder Involvement Analysis.

CMMI v3.0 is positioned as an enabler of an inclusive approach to achieve business success through a carefully orchestrated Total Experience philosophy, where everyone's experience contributes to the overall success of the organization.

Come hear early feedback from organizations adopting CMMI V3.0. This session will include a panel discussion on lessons learned feedback and both positive and negative experiences from adopting CMMI V3.0.

Domain: CMMI Adoption – V3.0 Experiences and Transition

Our association with CMMI started over 15 years ago when we were a young organization. We were looking to organize ourselves then and CMMI was something we chose as a guiding light. Over the years as we have grown as an organization and faced diverse challenges, we have used CMMI as one of the vehicles to navigate our evolution and drive change. Over the years CMMI has evolved as well, and this evolution has served us well. In this presentation we would like to share how we have used the CMMI framework to focus on various parts of our business and address diverse business challenges along our evolution and growth journey over the past two decades, what benefits we have accrued, and the valuable lessons learnt.  

Domain: Frameworks; Models; Standards; and Methodology Integration 

Managing threats and vulnerabilities is a 24/7/365 task for IT professionals in organizations, and one aspect that keeps CEOs, CIOs and Board members awake at night! With proven methods from existing standards such as the NIST 800-171, organizations small and big have shown to improve their capability of identifying threat sources, vectors, types, and even specific information on what type of attack was forthcoming. With this information (data and quantitative analysis), they can forecast and harden their end points and overall security infrastructure and most times prevent attacks from these sources and the attack vectors. A recent addition is the best practices in ISACA's CMMI Security practice areas and practices. We will look at these best practices and how a small and medium sized organization has actually been able to perform quantitative and statistical analysis on the data emanating every day from logs and flow, and build models to constantly take actions to ensure a correction and prevention of threats. This includes discussion on specific methods and quantitative analysis and models that can be used along with Threat Intelligence analysis to even better harden resources and overall improve the security posture of the organization. Will include discussion of the new best practices in the two new CMMI areas, and existing other models, and insight into an actual instance of applying these for tangible benefits, thereby resulting in solid learning and implementation that small or large company attendees can take away. 

More Information Coming Soon!

Domain: Frameworks; Models; Standards; and Methodology Integration 

In the fast-paced realm of artificial intelligence (AI) development, a multitude of complexities and challenges continue to confound practitioners. These challenges span a spectrum from the lack of comprehensive insights into the development process to the intricacies of transitioning from deterministic to probabilistic development models. Moreover, the complexities of knowledge handoff, retention, and transfer pose significant obstacles. AI systems are inherently dynamic, making it challenging to correctly rollback to previous versions or effectively transfer them into operational environments while continually improving their models.

This paper presents a practical solution. We have combined the Capability Maturity Model Integration (CMMI) framework with insights from the Software Technology Institute (STI) of Institute for Information Industry (III) benchmark appraisal results. We start by setting clear improvement goals and a plan. Then, a pilot project is put to action and test our improvement ideas in an iterative cadence with results documented and evaluated. Finally, we integrate these pilot project findings into existing processes and create a quality assurance checklist and a tailoring guideline. This endeavor serves to elevate the level of maturity in AI development within our organization, while also contributing to the broader IT industry by furnishing a reference model that facilitates the establishment of customized processes tailored to individual organizational needs.

We focus on several key areas within the CMMI core and DEV Domain such as Process Management (PCM), Managing Performance and Measurement (MPM), Requirement Development and Management (RDM), Technical Solution (TS), and Product Integration (PI). We also pay attention to foundational areas like Improvement Infrastructure (II) and Governance (GOV).

By implementing these practical steps and making the most of the CMMI framework, our paper outlines a structured and tested approach to tackle AI development challenges head-on. The overarching objective is to facilitate seamless knowledge sharing and a smooth transition to operational environments, all while continually enhancing AI capabilities. Ultimately, our vision is to create a future where AI development is characterized not only by efficiency but also sustainability through our MLOps and AI Generated Content (AIGC) initiatives. We aspire to assist the industry in achieving a well-structured evolution towards maturity in AI development processes, fostering a resilient and organized AI ecosystem.

Domain: Performance and Quality Measurement Results

Consistent with the CMMI models for Development and Services, high maturity organizations use measures to predict and validate the benefit(s) of processes and process improvements to business operations. Included is an evolution of the concept of “Quality” from a culture of compliance to one of continuous improvement.

Based on corporate process improvement objectives, PeopleTec recently modified our internal Quality Audit activities. Process usability, scalability, and innovation were all addressed in evaluating proposed improvements. Our primary focus was to use a risk-based (versus compliance-based) approach to internal quality audits. Noting that risk-based audits include the risk of non-compliance, we implemented a hybrid approach that also addresses compliance.

We established expected outcomes, then used statistical and other quantitative techniques to validate this performance improvement against our proposed improvement expectations and our process improvement objectives. We not only achieved our proposed improvement expectations, but also realized unexpected favorable results in the areas of quality assurance AND risk mitigation.

Domain: Performance and Quality Measurement Results

CMMI for Services is a very strong model, especially at the High Maturity Practice Areas, when it comes to calculating time as a derived data tied to performance.  Services can also give insight on the productivity or defects in a Service System that may have not been able to be realized before applying analytical or statistical techniques. When services are not producing the result that is being expected, it can be helpful to employ the measurement of a services capability to understand what is being expected from that service and how to change the capability of a service by determining the controllable subprocesses which can assist in the capability being targeted.

These examples explore the time of expectation vs. the time of capability. Examples that we may all be familiar with in areas such as Staff Augmentation to waiting for your hotel room to be available at check in. Come see what we discover, why we are counting the wrong things, and how to count the right things to show us how we are really performing in a service environment.

Domain: CMMI Adoption – V3.0 Experiences and Transition

Nowadays, problems related to information security in companies have increased exponentially. It is common for several medium-sized companies to have fallen into threats or oversights that resulted in loss of information and/or money. Midsize businesses try to protect themselves with some basic tools like an antivirus or a firewall, but that's not enough for cutting-edge threats. On the other hand, many companies have not considered the importance of providing a safe environment for staff, seeking to maintain their health and providing optimal working conditions.  In an era defined by digital interconnectivity, the Safety (SAF) and Security (SEC) domains of the Capability Maturity Model Integration (CMMI) emerge as indispensable pillars for the sustainability and success of medium-sized enterprises. In this session we will review the differences between the value provided by the ESAF, ESEC and MST practice areas. Likewise, the difference between a threat and a vulnerability will be explained. The session will conclude with some tips for real-life implementation of these practice areas.

This session will provide attendees with insight into how the FDA and medical device companies are using CMMI to help improve quality, performance, and delivery while reducing safety risk. The panelists will include both MDDAP lead appraisers as well as employees from medical device companies.

Domain:  Highly Regulated Projects (like Government Contracting/Aerospace/Defense) 

This presentation will trace the history of the performance and measurement driven culture at a Washington, D.C. based company that deliver innovative technology, consulting services, digital solution and operationalized data to ensure mission success for its government customers in the defense, intelligence and federal civilian sectors. As early adopters of quality frameworks, this organization has progressed from using the early versions of Software CMM to currently beginning the migration to CMMI V3.0. Along the way they have added multiple ISO certifications including ISO 9001, 20000, 27001 and 14000, AS9100 etc. and have also adopted CMMI for Services View in addition their CMMI Development credentials.

We will show how their Strategic Planning has evolved due the the adoption of CMMI eventually leading to the establishment of a Chief Performance Office role. The strategic goals include being the best mission partner for their national security customers, providing game changing technical capabilities, rapid delivery of innovative capabilities and accelerating growth and profitability. Business objectives include ensuring high customer satisfaction scores, award fees and high labor utilization. These are then decomposed into specific improvement objectives like customer objectives, capability objectives and infrastructure objective and their related measurement objectives. A Goal-Objective-Measure Map is set up at each level rolling up to the company's business objective.  A delivery organization and a quality management organization have been set up to provide services to  programs to achieve their specific objectives. The quality organization is responsible for ensuring that programs follow the integrated quality system and relevant standards, internal auditing and  ensuring credentials are maintained. An innovative Metrics Office, reporting up to the Chief Performance Officer not only analyzes a multitude of company wide performance, quality and services metrics, it also provides data analysis services to functions and programs as a service. This is supplemented by recompete services, program control infrastructure and customer satisfaction programs.

The presentation will not only take the audience through the strategic and organizational evolution, but will also show how the alignment of CMMI principles, performance metrics with delivery on the one hand and strategic planning on the other have enabled this organization to achieve high growth rates in a  highly regulated and competitive environment. Examples of sophisticated metrics analysis and reports will also be shared to round out the success story.

Domain:  Performance and Quality Measurement Results

In this competitive and complex business scenario it is important for any organization to satisfy their customers and to maintain a sustainable future business growth.  To achieve the same, it is imperative to achieve operational excellence to provide experiential delivery within allocated budget and contracted timeline.  We have defined two major business goals, namely, improvement of net promoter score (NPS) and sustain engagement margin (EM) for all the assignments. These larger business goals were drilled down through balance score card analysis to actionable quality process performance objectives (QPPO). These Key Performance Indicators (KPIs) were regularly communicated to all the employees to make them aware of the performance that the organization expected and embed into the organization quality culture. As a high maturity organization, we defined process performance models (PPM) to understand the capability of the processes. While doing so, we found that a few high maturity experts (HME) could only do such analysis and provide the input to projects to change the course of action as needed. This was a major bottleneck for statistical process improvement. It was analyzed and understood that democratization of making sense from data would be an important way to predict the achievement of KPIs and moderate the course of action of the projects according to the output of prediction.  It was understood that the knowledge on statistical process analysis (SPA) was lacking in general, and quality of data was not measured upfront by the project teams, instead those were responsibilities of HMEs. To overcome the challenge and to implement a holistic high maturity environment, we developed a R (a language and environment for statistical computing and graphics) based tool that could support data quality assessment, predict the attainability of the KPIs and provide output aligning to the business vocabulary.

This allowed the project managers to take corrective actions without having knowledge of SPA. Project teams could act before the risks could culminate to issues. Pilot implementation showed measurable improvement in project performance achievement timeline. We could observe within a quarter of deployment of the tool, improvement in the overall business objectives of the firm. The developed tool was found to be accurate, efficient, and effective in predicting the future performance of different KPIs arising from projects having different lifecycles, like agile, waterfall, service management, annual maintenance services and others. The tool is easy to use, cost effective, and supporting the firm to democratize the SPA for better predictive project management and achieving the defined QPPO. 

In this competitive and complex business scenario it is important for any organization to satisfy their customers and to maintain a sustainable future business growth.  To achieve the same, it is imperative to achieve operational excellence to provide experiential delivery within allocated budget and contracted timeline.  We have defined two major business goals, namely, improvement of net promoter score (NPS) and sustain engagement margin (EM) for all the assignments. These larger business goals were drilled down through balance score card analysis to actionable quality process performance objectives (QPPO). These Key Performance Indicators (KPIs) were regularly communicated to all the employees to make them aware of the performance that the organization expected. As a high maturity organization, we defined process performance models (PPM) to understand the capability of the processes. While doing so, we found that a few high maturity experts (HME) could only do such analysis and provide the input to projects to change the course of action as needed. This was a major bottleneck for statistical process improvement. It was analyzed and understood that democratization of making sense from data would be an important way to predict the achievement of KPIs and moderate the course of action of the projects according to the output of prediction.  It was understood that the knowledge on statistical process analysis (SPA) was lacking in general, and quality of data was not measured upfront by the project teams, instead those were responsibilities of HMEs. To overcome the challenge and to implement a holistic high maturity environment, we developed a R (a language and environment for statistical computing and graphics) based tool that could support data quality assessment, predict the attainability of the KPIs and provide output aligning to the business vocabulary.

This allowed the project managers to take corrective actions without having knowledge of SPA. Project teams could act before the risks could culminate to issues. Pilot implementation showed measurable improvement in project performance achievement timeline.  We could observe within a quarter of deployment of the tool, improvement in the overall business objectives of the firm. The developed tool was found to be accurate, efficient, and effective in predicting the future performance of different KPIs arising from projects having different lifecycles, like agile, waterfall, service management, annual maintenance services and others. The tool is easy to use, cost effective, and supporting the firm to democratize the SPA for better predictive project management and achieving the defined QPPO.

Come ask ISACA leadership any questions you have about the CMMI past, present, and future!  

Celebrate those who exemplify the best of the IS/IT industry by attending the ISACA Awards. Mingle with winners and network with industry leaders, all in a friendly atmosphere. 

All registrations come with an Awards and Social Event ticket, to purchase a guest ticket, please visit here

As artificial intelligence algorithms keep improving, we see their use increasing in many fields, including use in bionic limbs. For example, PSYONIC’s Ability Hand is the fastest bionic hand on the market, the first to provide users with touch feedback, is robust to impacts, and covered by Medicare in the US. These technological advances use AI in several ways:

1. Pattern Recognition: AI algorithms can analyze signals from residual muscles or nerve endings in the user's residual limb to recognize patterns associated with different movements. This allows users to control their bionic hands intuitively, with gestures and muscle movements translating into corresponding actions of the prosthetic hand.
2. Machine Learning: Bionic hands can employ machine learning algorithms to adapt and personalize their behavior according to the user's preferences and habits. For example, the prosthetic hand can learn the user's preferred grip patterns for different objects and adjust its response accordingly over time.
3. Sensory Feedback Integration: Advanced bionic hands equipped with sensors can provide sensory feedback to the user, such as pressure sensations when grasping objects. AI algorithms can interpret these sensory inputs and adjust the grip strength or hand posture in real-time to provide a more natural and intuitive user experience.
4. Predictive Control: AI algorithms can anticipate the user's intended movements based on their previous actions and environmental cues. This predictive control allows the bionic hand to respond more quickly and accurately to the user's commands, enhancing dexterity and reducing the cognitive effort required for controlling the prosthesis.

However, along with these advances come risks associated with using AI, including the following:

1. Reliability and Safety Concerns: AI algorithms may not always perform as intended, leading to unexpected behavior or malfunctions in the bionic hand. This could pose safety risks for the user, especially in situations where precise control is critical, such as handling fragile objects or operating machinery.
2. Privacy and Security Risks: Bionic hands equipped with AI capabilities may collect sensitive user data, such as muscle signals or sensory feedback patterns. There is a risk of this data being intercepted or exploited by malicious actors, potentially compromising the user's privacy and security.
3. Ethical Considerations: AI algorithms used in bionic hands may raise ethical concerns related to autonomy, consent, and decision-making. For example, who holds responsibility if the AI-driven prosthesis makes a decision that leads to harm or injury? Ensuring transparent and ethical design principles is essential to address these issues.
4. Dependency and Overreliance: Users of AI-powered bionic hands may become overly dependent on the technology, potentially reducing their ability to adapt to situations where the prosthesis is unavailable or malfunctioning. It's crucial to provide users with appropriate training and support to maintain their independence and resilience.

In this talk, you will learn about the advances made in bionic limbs using AI, especially as we these human-machine interfaces become more seamless. You will also learn about the risks associated with this technology and how we might be able to mitigate them.

Artificial Intelligence and Machine Learning, Digital Trust, and Smarter Devices are just a few of the technology trends. As we continue to move along the Digital Transformation spectrum, join us for a panel discussion with the Chiefs: a Chief Risk Officer (CRO), Chief Audit Executive (CAE) and two Chief Executive Officers (CEOs). These four experts will discuss some of the most prevalent emerging technologies, their impact on the business community, and best practices on how to assess and manage them.

Risk became a 4-letter word during the pandemic, but as ambitious professionals and organizations hungry to meet our potential, we need to take risks at work.  

Risk-taking sounds good in theory, but most of us need help moving from wishful thinking to execution. Why? Because when we have a chance to take a risk in the moment, we feel awkward—and that awkwardness bumps up against our deep desire for others to approve of us and what we do. As it turns out, what we improve in the face of taking risks—often despite others’ judgment—leads to the greatest growth. After all, the fastest path to major improvement comes from strengthening what’s weak rather than what’s strong.  

Join 2x TEDx Speaker, Executive Coach, and Workplace Performance Expert Henna Pryor and learn why conditioning for awkwardness is your secret weapon for strengthening your risk-taking muscle—and how to do it right.  

After completing this session, the participant will be able to: 

• Pinpoint the exact reason it’s been difficult to take risks at an individual or organizational level - and how to move past it.
• Learn how to use the concepts of deliberate discomfort and strategic microstressors to strengthen mental muscle.
• Formulate a personalized game plan to be risk-ready whenever the chance arises.