Organizations and companies often go for certifications/assessment like ISO 9001 or ISO 27001 or CMMI. A company may decide to seek certification for many reasons, as certification can:

  • Meet Customer Requirements
  • Result in more revenue and business from new customers
  • Improve Company and Product Quality

Assessment process is a continuous cycle. There are some stages/steps in this continuous cycle leading to certification and sustenance.  For organizations that are new to the implementation process, attaining certification can be a little bit troublesome activity. This article helps to make the implementation stress-free through the ten points explained below. Assessment

1. Determine scope of registration

Determine whether the entire organization or a part of the organization is going for certification. Sometimes only a particular product in the organization is seeking for certification.

2. Get quotes from accredited third-party certifying bodies

The certifying bodies must be accredited to conduct audits. After evaluating several certification bodies (Transition partners in case of CMMI) based on their quotes and many other factors, the best suited certification body is selected by the organization. Once the quote is accepted by both parties – client and certification body, an auditor contacts the client to schedule the assessment audits. It’s vital to clarify and check for other hidden costs such as ‘registration’ and travel fees when obtaining quotes from the certification bodies.

3. Study of standard/model requirements

The first step in any certification/assessment process is ‘to have a clear understanding of the standard/model’. If people are not comfortable with the new standard, perhaps the first step in any implementation could be training on the new standard/model from experts in the industry. If required, organization can opt external consultancy to get help in implementation strategy. A good consultant can increase the value of the process.

4. Gap Analysis

It has to be evaluated how far away is the present management system or the product compliance from the new standard. Gap analysis, Pre-assessment, Internal audits etc. can be used for this evaluation. For more details on gap analysis, please refer Performing gap analysis. The Gap analysis documentation provides the input to the sub sequent phases.

5. Establish an implementation plan

An implementation team, work division, milestones of activities etc. need to be set up. Training has to be to be provided to the implementation team. Implementing the new management system needs to be an organization-wide target developed by senior management. (‘organization’ refers to the entire organization, a part of the organization or a project team as per the scope defined)

6. Ensure the implementation as per plan

The steps include preparation and review of procedures, manuals, other supporting documents, training to the affected parties on the new/changed system and deploying new/changed system.

7. Practice and live with the new system

During this period, observe and evaluate the new/changed system for its effectiveness. Audits need to be conducted to evaluate the changed system. Auditors must be trained to conduct the audits. Existing loop holes, inefficiencies, etc. are corrected and corrective actions are deployed. This leads to continuous improvement of the system. After a few months, the new system and the organization should be ready for the registration audit.

8. Third party Assessment/ certification

The number of auditors needed, and the time involved to conduct a registration audit may vary according to the size and complexity of the organization. Pre-assessments/Stage1 audits are conducted before the final assessment. During the pre-assessments, auditor reviews the existing systems and provides a report identifying further actions required to meet the standard requirements. Once the organization is ready and has fixed the gaps reported in the pre-assessment, the auditor performs the registration/final audit. The final audit is held in accordance with the audit plan. Upon completion of the audit, the auditor generates an audit report identifying non-conformances, if any are there. The client resolves these non-conformances. Once the auditor approves the closure of non-conformances, organization (or client) is recommended for certification. The auditor’s report is then verified via an approval process and if no anomalies are identified, certification is officially granted. Then the auditor works with the client to set up subsequent surveillance audits/health checks to ensure continuous adherence to the standard.

9. Sustaining the standard/model

Attaining a certification is not a one time job. The sustenance of the same is also equally important. So proper attention must be paid to ensure that level of certification is not degraded. To achieve the benefits of improvement from the new/changed system, an organization has to be committed in maintaining and amending the system over time to best suit its requirements. The tough work really starts with the maintenance of the new/changed system. And hence continued buy-in from everyone is important for the implementation to succeed, and for the organization to obtain the true advantages of becoming certified. So proper training needs to be carried out regularly to ensure on-going awareness. In addition, internal audits must be conducted to ensure the compliance to the requirements of the standard/model.

10. Get Buy-In

Getting full support from management and employees is crucial for the success of any certification/assessment program. The company executives need to be well clear on the advantages, requirements and costs etc. It’s also important that the employees are confident on the new system.

In continuation to the earlier article Easily ignored certain key points in CMMI implementation,  this article talks more on misconceptions in CMMI implementation. Misusing the model results in unproductive or unnecessary process, waste of resources, loss of credibility towards upcoming process improvement events and finally frustration and dissatisfaction. These could be avoided through proper senior management attention and clear understanding of the standard/model. The common misconceptions observed during CMMI implementation are explained below.

1. Treating CMM as a fast answer for short-term problems

We have a tendency to reach a Maturity Level ‘N’ soon. Adopting the CMMI will not double the productivity all of a sudden. In fact during the initial period of implementation, there will be negligible improvements or rather we can say that there will be an inverse relationship. But once the improved practices are incorporated into the current development process and sustained these practices, visible improvements are observed with CMMI adoption.

2. Treating CMMI as a standard rather than as a process improvement guide

Days and nights of hard work resulted in the successful completion of CMMI appraisal. What is next? Parties and get-together. We can hear people telling like ‘let us relax now’. But sadly the relaxation period/ break time extends till the next SCAMPI A. And it is often seen companies going down instead of improving after the appraisal, because everyone gets relaxed and next audit is far away, so people tend to move away from the processes that were created with lot of hard work. It is because the improvement efforts were put on the projects in the focus of appraisal only rather than on meaningful long lasting organizational wide improvements. Senior management must pay special attention on the value of process improvements rather than the value of rating.

3. PA implementation team focusing merely on specific PAs

Normally it is observed certain work division in the form of Process Areas (PAs) in the CMMI implementation team. And interestingly these mini teams tend to do exactly that. i.e. they focus on specific PAs. They simply ignore the relationship with other PAs which they are not supposed to do. They prepare and define processes without having any common connection with other processes. These process definitions are written as if a person or a team would perform one process in total isolation from other organizational processes. Another problem is that these PA focused team either ignore the sub practices or implement them literally. They use the CMMI language itself while making procedures or policies. They make process audit Check Lists using the CMMI sub-practices /CMMI terms directly. At a later point of time when these are deployed in the organization, it won’t be easy for the people and customers to tie it to their work. Also these PA focused team tends to ignore the institutionalization aspects of process improvement. CMMI provides more explicit guidance for addressing the institutionalization aspects of processes through its Generic Practices.

4. Treating Requirements management (REQM) same as Requirements Development (RD).

Requirements management, a ML 2 PA, focuses on establishing and maintaining an agreement between the customer and the project team on the requirements. It also covers documenting requirements changes and maintaining bidirectional traceability between source requirements, all product and product component requirements, and other specified work products. However, this PA does not deal with requirements development, the tasks of eliciting the requirement, analysing them and documenting them, and so forth. These tasks are handled by RD

5. Measuring everything, but not the required

We start any new model implementation with high spirit, energy and good support from senior management. But later, most often, less involvement of management is found. They tell like they are not getting any benefit from the system. In other words, process improvement is not visible to them. Implementation team is not able to answer to their questions which are pointing on return on investment or cost benefit ratio. A qualitative answer won’t satisfy them. Here what we need is a reply in terms of ‘useful numbers’. We might be measuring something, but is that required for the senior management/ is that useful for the organization? Most probably we might have ignored those aspects and we simply measured as it is measurable.

6. Considering tailoring as a way to escape from certain defined process

People often apply organizational standard process to different projects uniformly without tailoring. In such cases organizations don’t offer project a choice of process elements with a range of capabilities to select with. Another case is people think that having a “tailorable” process means, one can do whatever he/she wants. At the Defined Level, a standard process is developed for the organization, as well as guidelines and criteria for tailoring this standard process for each project. Each project’s defined process must be adapted in a structured way from the bigger organizational standard process.

7. ML 5 PAs interpreted qualitatively and not quantitatively.

It is easy to interpret Maturity Level 5 Process Areas as qualitative. One can assume that: Casual Analysis and Resolution (CAR) is all about brainstorming causes and Organizational Performance Management (OPM) is about making qualitative improvement. But in fact qualitative improvement is the focus of ML3 Organizational Process Focus (OPF) PA. Maturity Level 5 practices must be built upon the stable ML 4 practices.

8. Hoping a metric or statistics wiz can do it all

Managers often assume that a metrics person can do all Quantitative Project Management (QPM) and thus allowing project managers to focus on their regular day-to-day tasks. But it is primarily the managers’ job to run projects quantitatively and sub processes statistically. It is the managers who have to take base decisions and predict ahead. Definitely metric team can support these managers.

9. Senior managers merely focussing on ordinary project status reviews

Getting full support from senior management is crucial for the success of any new model implementation. The company executives need to be well clear on the advantages, requirements and costs etc. But in majority of the cases, it is found that senior managers are merely focussing on ordinary project status reviews rather than involving in process issues. They often fail to see the value of incremental improvements. CMMI implementation effort must receive high priority and continuous senior management attention.

10. Assumption: No need of training, our team can handle it

Considering the short term cost benefits or so, employees (implementation team) are often imposed to have self-study of the new model instead of a formal training. Ultimately it may lead to wrong interpretations and unwanted results (Exceptions could be there). Implementing a change is never a small thing and it can happen only when the team implementing it is trained to handle the change. So investing on appropriate trainings is always a better move. Managers at all levels , leaders of CMMI efforts and implementation team must have basic understanding of what the CMMI is and how it should be used

11. Assumption: The QA team can take it forward

A common trend that we have observed over years is that project manager does not really take responsibility of process activities in the project and it is left to some QA Manager or Process team. These managers are often forgetting the fact that ‘it is the team effort that brings in real benefits’. If they are not serious about process improvements, how can they expect the team to do it?

12. Assumption: The CMMI mandates wasteful paperwork

The CMMI states often about carrying out an activity according to a documented procedure. This doesn’t mean that we need a number of procedures. Processes are defined to ensure repeatable, consistent and effective output. Defined processes are not intended to be barriers to productivity. Rather than dogmatically applying everything in the CMMI to every project, apply the activities that will add the most value to each project.

13. Appraisal Preparation: Cooking up evidences

When the appraisal date approaches, people are engaged in creating lot many evidences. In fact they are wasting a lot of time chasing down documents. If practices are institutionalized appropriately, the evidence needed already exists. Evidence should never be created to please an appraiser. Artifacts examined must be the real work of the organization

14. Appraisal Interview Preparation : Conducting mock interviews

In many a cases, it is seen some master brain interviewing the appraisal participants / project team and thereby trying to make them equipped for the real appraisal interview. In fact these mock interview sessions will spoil the real stuffs of the team who are actually practicing the processes. Also time to practice for an appraisal takes away the team from getting real work done. Participants should be able to answer the questions because the answers describe how they do their jobs.

15. Thinking that CMMI Institute certifies an organization.

CMMI Institute does not produce any certification as a part of CMMI appraisal. CMMI Institute maintains a database of SCAMPI A appraisal results. An organization can have a certificate issued by the transition partner organization with whom they are associated and not by CMMI Institute

CMMI Assessment is the process for evaluating compliance and measuring the effectiveness of Specific Practices (SPs) and Generic Practices (GPs) of Process Areas (PAs) in the CMMI Framework. Every assessment process starts with scope definition and finally leading to assessment and sustenance. These common procedures are well explained in Stages in an assessment/certification process .

In additional to this common procedures, there are certain specific points to be ensured if an organization is seeking for compliance to CMMI model. These are detailed below.



Organization needs to have two separate teams- Functional Area Representative (FAR) Team and Assessment Team. These members are elected from/by the organization.

FAR team is further subdivided to multiple sub teams based on

TL 9000 is a quality management practice set up by the QuEST Forum in 1998 for telecom industry. TL 9000 is grounded on ISO 9001 with industry specific adders.  It adds specific telecom hardware (H), software (S) and service (V) requirements to the more generic practices of ISO 9001. QuEST forum administrates the TL 9000 certification process ( ). The QuEST forum was originated by a number of telecommunication companies, e.g. Bell Atlantic, BellSouth, Pacific Bell and South Western Bell. QuEST stands for ‘Quality Excellence for Suppliers of Telecommunications Leadership’

TL9000 is defined by two documents.

  • TL 9000 Quality Management System Requirements Handbook
  • TL 9000 Quality Management System Measurements Handbook

There are certain specific points to be ensured if an organization is seeking for compliance to this standard in additional to the common procedures as explained in Stages in an assessment/certification process . The specific points are explained below.

1. Registration Options

The process is the same as other registrations (e.g. ISO 9001) except that the scope of registration includes reference to product categories chosen and adders (H, S, V) involved. The registration options available are Hardware (H), Software (S), and Services (V). An organization can choose all or any combination of the options that apply to it. The registration option determines which of the TL 9000 specific requirements apply to the registration. Once an organization finalizes the registration scope and options, it starts the process of mapping its products to the TL 9000 product categories. TL 9000 has over a hundred product categories covering hardware, software and services.

2. Setting the company up in Quest Forum Portal

The TL 9000 Administrator needs to be contacted to initiate setting the company up in Quest Forum Portal. Any person authenticated by the organization can do the same through the TL 9000 administrator. Once access is gained, using the given Registration ID, a Registration ID Profile is created, and maintained.

3. Data Submission

One of the requirements of the TL 9000 registration is the reporting of the measurements data specific to that registration. The Registration Management System (RMS) facilitates online submission of this data on a monthly basis through its web-based interface in the Quest Forum Portal. Based on the product category, decide which all measurements should be collected against the selected product categories, as per the latest version of the measurement handbook. Start uploading to Quest website against the organization. At least 3 iterations of measurement data are required before starting the final assessment of TL 9000.

4. Assessment Process

Once the process of determining, collecting and analysis of measurement data has been formalized and initiated, and the quality management system has been updated to reflect all the TL 9000 Requirements, the company is ready to go for TL 9000 audit/assessment. The assessor/auditor needs to view the data confirmation reports received from the UTD (University of Dallas, TX) who maintain the RMS. If the assessment is successful, then a TL 9000 Certificate is issued. Information is sent to QuEST, and TL 9000 registration follows. Information is found within the QuEST Forum Portal (which includes access to the RMS) on the QuEST Forum website.