article

SPICE in brief

(For more detailed information on SPICE see www.sqi.gu.edu.au.)

The ISO9000 standards deliver one assessment of the quality of an organisation’s software development (or other) processes, but it’s a 'binary' assessment - the organisation is either ISO9001-compliant, or it’s not.

An assessment methodology called CMM (Capability and Maturity Model) was developed by the Software Engineering Institute of Carnegie Mellon University in the US. CMM delivers a multi-level assessment of software processes, as follows:

Level

Rough assessment

1

Processes are ad-hoc, quality is very variable, nothing is written down

2

Processes are repeatable, but nothing is written down

3

Processes and standards are written down (roughly equivalent to ISO9001 compliance)

4

Processes are written down, and metrics are in place

5

Metrics have been collected, and statistical methods are used for continuous improvement

CMM is aimed squarely at certification - it’s not intended primarily as a tool for driving process improvement. And it gives a single figure for the whole organisation.

SPICE (Software Process Improvement and Capability dEtermination) is an international initiative that is now under the umbrella of ISO. The SPICE documents (there are over a dozen) are published as ISO15404. SPICE takes the maturity levels of CMM and extends them:

  • by giving a different number for each process within the organisation, or within a part of the organisation, and
  • by adding a level ‘0’ which indicates that the process is not being carried out at all

For example, the following assessment shows the level of maturity for an organisation for three ‘processes’:

Process

Level of maturity

CUS.1.3 Supplier monitoring process

3

SUP.2 Configuration management process

2

MAN.4 Risk management process

0

... in this example, the organisation has a documented process for supplier monitoring, and is doing configuration management in an ad-hoc but repeatable way. There is no risk management process in this area.

The outcome from this assessment might be:

  • management decides that the levels of maturity for this area are sufficient (perhaps there’s no need for risk assessment?)
  • management decides that improvements are needed in CUS.1.3 (which is particularly critical) and MAN.4, but that SUP.2 is sufficient for the time being

... in other words, the significance of the maturity levels depends entirely on the organisation’s needs and aspirations. There is no assumption that all processes have to move immediately to level 5. In practice, SPICE is used for process improvement to direct the efforts of the organisation to areas that need more work.

By carrying out SPICE assessments on a regular basis, the growth of maturity in individual processes can be tracked:

Process

Original level of maturity

Current level of maturity

CUS.1.3 Supplier monitoring process

3

3

SUP.2 Configuration management process

2

3

MAN.4 Risk management process

0

2

A SPICE assessment involves a series of structured interviews with individuals in the client company, to assess the artefacts of development (mainly, plans, specifications, minutes of meetings, etc) which indicate the current level of maturity of a particular process within a particular area.  A SPICE assessment should be carried out by a qualified SPICE assessor.

------------------------------------------------------------------------


This is one of a series of articles written by Phil Cohen and Onno van Ewyk, HCi. This article may be reproduced only with the permission of HCi (email HCi ). Copyright HCi, 1993-2000.

back to ARTICLES Etc Contents
to HCi Services

HCi has formed a new consulting arm called Realisation.  Click here to visit the Realisation site for further information.