Fog Creek Software
Discussion Board

CMM & Off-Shore

... I just read another white-paper by an off-shore provider claiming to be CMMi 5 and PCMM 5 and Six Sigma.

Having read the 768-page implementation guides to CMMi and browsed the rest, knowing when CMMi came out (2002?) and when these companies began chasing CMM (generally 1998 or so) ...

... Is it just me, or are some of these CMM level 5 companies completely bogus?

Seriousy, CMMi requires an intensely, heavyweight, documented process structure that must be built from the ground up over a period of years.  Then these companies come in and say "oh, yeah, we got Cmmi5 last week ..."

I just don't buy it, especially when there is not true audit system in place for CMMi.  Thoughts?

anon this time
Sunday, February 22, 2004

I think a more pertinent question would be is how well do these companies maintain their CMM 5 status, given the nature of the industry that they are in.

What I mean is that it's hard enough for IT/IS shops to turn out internal applications when they work in the same company, understand the business and work closely with each other.

Now throw in the issues that off-shoring brings and try to do it under CMM Level 5. That's gotta be difficult to do since CMM 5 has such stringent change control procedures and now we've introduced some level of "static" in the communication between client and development shop.

I dunno..I've not worked in a CMM 5 company, nor do I have much experience working with an off-shore company. My gut reaction makes me wonder how they do it.

Sunday, February 22, 2004

CMM-5 just means they've got documents for everything and there are web status reports for projects. It looks terrific if you're a typical CIO or CEO.

Of course, the typical CIO or CEO doesn't know the difference between C and sea.

Monday, February 23, 2004

…I  may disappoint some readers here, but my feeling is: YES, it is bogus. And no wonder: it is the way we shaped this industry in the recent years (decades ?).
It is the fate of this industry: rapid and superficial, time-to-market rules over quality, hype is good - realism is retarding… something that hasn’t been really seen in any other industries in the past, in spite of economic opportunities.

…Do I care anymore if that provider chose to “cram” the certification ( is that possible ?), they forged the papers or they are just good at their sleight ? I guess not ! Maybe I should look for a provider that  – based on good references and decent pilot cycles – will do a good job without claiming the latest and hardest certification.

…………..Here is a laughable fact:
watching and contemplating the job market for a couple of years now (starting after the crash) I realized that there is a tendency among those employers:  they beg to be lied to ! Dozen of job opportunities asking for Java geeks with xx years of experience  with the platform !  Do you realize the counterproductive, stupid extremism here: we don’t ask for smart, creative people with just-enough ( 3 hard-core years, 5 years, …) experience. They ask for those early adopters that eventually woke up one morning back in 1994, and lined up for the alpha release of the JDK, similar to those Krispy Cream addicts J Only those qualify for the job !

… Back to CMM 5… chances are the boss at the top, when signing up partners for some gigs has one, single, exclusive evaluation criteria: CMM/ISO/PCMM credentials; their competency does not allow for more.
Well, because this is a demand/offer game chances are that more ad more ( be it off-shore or home-land) such providers will show off their credentials. Bogus… or not.

Sounds a bit off topic, doesn’t it :-) ?

Monday, February 23, 2004

"CMM-5 just means they've got documents for everything and there are web status reports for projects. It looks terrific if you're a typical CIO or CEO."

1) Sorry, this is completely wrong.  "True" CMM complaince requires man-years of effort.

2) One amazing thing about CMM is that the SEI doesn't actually certify anyone.  Various organizations do.  Those "certification" vendors are not certified.  Bringing in a certification vendors costs big $$$.

Think about it ...

Matt H.
Monday, February 23, 2004

IMHO, it is important to keep in mind that the CMM was originally designed for dealing with large, U.S. defense contractors.

Semi-Anonymous Coward
Monday, February 23, 2004

I seem to recall that the essential difference between level 5 and lower levels is managing contract work.

Since contract work is what the off-shore companies do, level 5 appropriate for them to attain.

It is not necessarily appropriate universally.

There's a bit of diminishing return for levels above 3. It takes a lot of work getting to the other levels and the benefit, for many, will be small.

If your organization is tightly managed and has to have very specific contracts and specifications to survive (e.g. like an off-shore company), it probably is easier to attain level 5.

The off-shore company need to inspire confidence in the service they provide. The major purpose of attaining "severe" certification is to provide this confidence.

Monday, February 23, 2004

>One amazing thing about CMM is that the SEI doesn't actually certify anyone.  Various organizations do.  Those "certification" vendors are not certified.

Exactly. I onced worked for a CMM Level 3 company, and the assessors aren't really interested in finding flaws. Evaluating CMM levels was really intended as a self-assessment exercise but many companies have hijacked it and used it as a marketing tool.

A few months after they were "certified" at level 3, they brought in a couple guys from a newly acquired subsidiary to do an honest but internal evaluation, as those guys had previously done assessments of other companies.  The purpose of the evaluation was to gain understanding of what we needed to do to reach level 4 or 5.  However, they tore us apart, pointing out the numerous holes in our processes, saying that we would be lucky to be considered even as level 2.

The company was simply able to put up a front to look good for the assessors to get rated at level 3, but the reality was quite different.  That company hasn't made a profit in over 5 years and is now a penny stock.

The SEI-CMM people should stop allowing the lax CMM level assessments to go on, if they want people to see any value in it.  It has been so hijacked and diluted that it isn't a measure of quality any more.

Monday, February 23, 2004

Hi All
This is a very interesting subject.  This is similar to ISO 9000 certification I guess. In one of my previous company,  we ware informed that ISO audit is going to be held in a Weeks time and we need to prepare documentation. As I was the only person with "Atleast Some" documentation. My Manager decided to make those documents the show piece.  Auditors came in and must have had not more that 2 minute chat with me. What ever the process they certified as we follow, I happend to see after one or two years when my boss forward that document to me. Funny issue is,  Most of us never knew such procedure exists and We never had such procedures in place.

I presume CMM also a similar case.

Anyways, now I am doing a research on Actual meanings of Quality certification and would like to pass few questioneers around. If any one interested participating please contact me on my email

Kuminda Chandimith
Wednesday, June 16, 2004

*  Recent Topics

*  Fog Creek Home