An Analysis of the Difference Between CMMI vs ISO

An Analysis of the Difference Between CMMI vs ISO
Page content

Explaining CMMI and ISO

Capability Maturity Model Integration (CMMI), developed by the Software Engineering Institute at Carnegie Mellon University in Pittsburgh, Pennsylvania is an imporvement on the earlier CMM model that determined the maturity of software intensive systems. The latest version, CMMI 1.2, released in August 2006 address Development (CMMI-DEV), Services (CMMI-SVC) and Acquisition (CMMI-ACQ). CMI-DEV is a yardstick to judge the maturity of an organization’s software development systems by comparing it to the best industry practice.

ISO is a family of quality management standards developed and maintained by the International Organization for Standardization (ISO). ISO 9001, for instance relates to standards in the supply chain and ISO 14000 relates to environment related standards. ISO specifications change with time.

CMMI vs ISO: Conceptual Difference

The fundamental difference between CMMI vs ISO is conceptual. CMMI is a process model and ISO is an audit standard.

CMMI is a set of related “best practices” derived from industry leaders and relates to product engineering and software development. Businesses receive CMMI ratings from Level 1 to Level 5 depending upon the extent of compliance to key performance areas specified in the selected CMMI process area.

ISO is a certification tool that certifies businesses whose processes conform to the laid down standards.

CMMI vs ISO: Scope

CMMI is rigid and extends only to businesses developing software intensive systems. ISO is flexible and applicable to all manufacturing industries. CMMI focuses on engineering and project management processes whereas ISO’s focus is generic in nature.

CMMI mandates generic and specific practices and businesses have a choice of selecting the model relevant to their business needs from 22 developed process areas. ISO requirements are same for all companies, industries, and disciplines.

CMMI vs ISO: Approach

CMMI requires ingraining processes into business needs so that such processes become part of corporate culture and do not break down under the pressure of deadlines. ISO specifies to conformance and remains oblivious as to whether such conformance is of strategic business value or not.

CMMI approaches risk management as an organized and technical discipline by identifying risk factors, quantifying such risk factors, and tracking them throughout the project life cycle. ISO was until recently neutral on risk management. ISO 31000:2009 now provides generic guidelines for the design, implementation, and maintenance of risk management processes throughout an organization.

Although CMMI focuses on linkage of processes to business goals, customer satisfaction is not a factor in the ranking whereas customer satisfaction is an important part of ISO requirements.

CMMI vs ISO Implementation

Components of CMMI Model Wikimedia Commons

Neither CMMI nor ISO requires the establishment of new processes. CMMI compares the existing processes to industry best practices whereas ISO requires adjustment of existing processes to confirm to the specific ISO requirements.

In practice, some organizations tend to rely on extensive documentation while implementing both CMMI and ISO. Most organizations tend to constitute in-house teams, or rely on external auditors to see through the implementation proess.

The comparison of CMMI vs ISO reveals that while CMMI is more focused, complex, and aligned with business objectives, ISO is flexible, wider in scope and not directly linked to business objectives. The attainment of either a CMMI ranking or ISO certification nevertheless help organizations establish a quality management system and focus on continuous improvement.


Image Credits: Wikimedia Commons