Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
CISQ Standards in Governing
Digital Transformation and
Digital Suppliers
©2019 CISQ
1
Dave Norton
Executive Director
Conso...
Two Basic Truths
©2019 CISQ 2
Things are more complex and the pace of change is relentless
Finance Cyber Incidents in the UK, 1087% Increase Year
on Year
©2019 CISQ 3
• 21%, are related to third-party
failure, i.e...
The Suppliers Have To Build Quality In From The Start
©2019 CISQ 4
©2019 CISQ 5
The Suppliers Have To Build Quality In From The Start
Complex Technology Stack
©2019 CISQ 6
Increasing Technical Debt
©2019 CISQ 7
Software Quality Iceberg (Code Complete, Steve McConnell)
Code complexity
Maintaina...
Example After 120 Day Project
©2019 CISQ 8
Refactoring
FTE Tech
Debt Refactoring Cost
Team Size
Inject
Rate Rate Days Left...
Drive for Greater Productivity, But Are We Really Improving ?
©2019 CISQ 9
Everyone wants faster time to market, but few w...
Balance
10
Productivity Quality
Building A Trust Relationship Based On Standards
11
RFP
Embed Software Quality & Sizing Standards Into Request For
Proposal or Quotes
12
RFP
RFP
©2019 CISQ 13
Sample RFP
CISQ has been referenced by the U.S. General Services
Administration (GSA), formally citing CISQ ...
Agree Productivity Levels With Suppliers Based On Automated
Sizing Code – Combine With Manual Sizing Of Requirement
RFP
RFP
Embed The Agreed Sizing Method and Productivity Into The
Statements of Work
RFP
RFP
©2019 CISQ 16
1. Contracting and Productivity
1. Productivity
The contracted is based on a bases level of productivity of ...
Suppliers Should Be Ready To Developer To The Standards
RFP
RFP
©2019 CISQ
RFP
RFP
Suppliers Should Be Ready To Develop To The Standards
Suppliers Teams Should Use Tools That Support CISQ
AFP/ISO Sizing Standards
©2019 CISQ 19
Automatic Analysis Of The Size
O...
Team Dashboards Should Clearly Show The Size Of Code
Developed and Enhanced
©2019 CISQ 20
Teams Are Still Free To Use Agile & DevOps Story Point Sizing,
Automated Function Points Counted In The Background
©2019 C...
©2019 CISQ 22
RFP
RFP
Do Not Just Focus On Size of The Code, Verify The Quality –
Automatically
Do Not Just Focus On Size of The Code, Verify The Quality –
Automatically
©2019 CISQ 23
RFP
RFP
Suppliers Teams Should Verify Code Quality, and Check For
Vulnerabilities Against CISQ Standards
•Security: Measures weakn...
End to End Trust Relationship Based On Standards
©2019 CISQ 25
RFP
RFP
Let’s Learn From The Past
©2019 CISQ 26
As industry's mature they automate, from robots
to fly-by-wire
Building A Foundation Quality Standards That Fit Modern
Methods and Architecture
• Automated
• Product focused vs project
...
CISQ Structural Quality Measures
Focus on Outcomes
Build Standards Into The Contract
Sample RFP CISQ has been referenced by the U.S. General Services
Administration (GSA), f...
Working With Suppliers
Scorecard
Measurement and discussion in
governance committees to help
set behavior
SLAs
 Treat so...
CISQ/OMG Standards Process – Short Cycle
CISQ
Executive
Forums
Automated
Function Points
Reliability
Performance
Efficienc...
CISQ Get The Standards – They Are Free
https://www.it-cisq.org/standards/
CISQ Work With Us
Upcoming SlideShare
Loading in …5
×

CISQ Standards in Governing Digital Transformation and Digital Suppliers

An overview of software measurement standards and how to use the standards during digital transformation and with system integrators and software suppliers to reduce risk and cost.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

CISQ Standards in Governing Digital Transformation and Digital Suppliers

  1. 1. CISQ Standards in Governing Digital Transformation and Digital Suppliers ©2019 CISQ 1 Dave Norton Executive Director Consortium for Information & Software Quality david.norton@it-cisq.org
  2. 2. Two Basic Truths ©2019 CISQ 2 Things are more complex and the pace of change is relentless
  3. 3. Finance Cyber Incidents in the UK, 1087% Increase Year on Year ©2019 CISQ 3 • 21%, are related to third-party failure, i.e., systems the reporting organization did not control. • However, many of the other incidents had their origins in third-party developed software now owned by the reporting organization.
  4. 4. The Suppliers Have To Build Quality In From The Start ©2019 CISQ 4
  5. 5. ©2019 CISQ 5 The Suppliers Have To Build Quality In From The Start
  6. 6. Complex Technology Stack ©2019 CISQ 6
  7. 7. Increasing Technical Debt ©2019 CISQ 7 Software Quality Iceberg (Code Complete, Steve McConnell) Code complexity Maintainability Internal Coupling Functional Size Redundant code Testability External Coupling Operating Cost Maintenance Cost Reliability Performance Business Value
  8. 8. Example After 120 Day Project ©2019 CISQ 8 Refactoring FTE Tech Debt Refactoring Cost Team Size Inject Rate Rate Days Left At $240 At $1040 5 10 - 25% 10% 63.2 $15,168 $65,728 10 10 - 25% 10% 126.4 $30,336 $131,456 20 10 - 25% 10% 252.8 $60,672 $262,912 Average Team
  9. 9. Drive for Greater Productivity, But Are We Really Improving ? ©2019 CISQ 9 Everyone wants faster time to market, but few want to hear about the risks
  10. 10. Balance 10 Productivity Quality
  11. 11. Building A Trust Relationship Based On Standards 11 RFP
  12. 12. Embed Software Quality & Sizing Standards Into Request For Proposal or Quotes 12 RFP RFP
  13. 13. ©2019 CISQ 13 Sample RFP CISQ has been referenced by the U.S. General Services Administration (GSA), formally citing CISQ requirements in a Information Technology (IT) statement of work from the Office of the CIO for the Office of Public Buildings. GSA is an independent agency of the U.S. government that supports general services of Federal agencies. See page 21, section 5.9 in GSA’s document, Schedule 70 Blank Purchase Agreement for IT and Development Services… “PB-ITS (Project Based IT Services) is seeking to establish code quality standards for its existing code base, as well as new development tasks. As an emerging standard, PB-ITS references the Consortium for Information Software Quality (CISQ) for guidance on how to measure, evaluate and improve software.” Embed Software Quality & Sizing Standards Into Request For Proposal or Quotes
  14. 14. Agree Productivity Levels With Suppliers Based On Automated Sizing Code – Combine With Manual Sizing Of Requirement RFP RFP
  15. 15. Embed The Agreed Sizing Method and Productivity Into The Statements of Work RFP RFP
  16. 16. ©2019 CISQ 16 1. Contracting and Productivity 1. Productivity The contracted is based on a bases level of productivity of 18 Function Pointers per Staff Month [1]. A staff month is defined as 22 days per calendar month, 8 hours per day, equalling 176 working hours per month. Attentively the contracted is based on a bases level of productivity of 9.5 hours per function point [1]. 1. Rate The supplier shall invoice at a rate of € 300 [2] per function point delivered to the client as measured by ISO 19515 Information technology — Object Management Group Automated Function Points (AFP), 1.0 defined in section 3.4 Exceptions to the rate and activities that will not be invoiced by function point must be agreed in advance of contract signing. Embed The Agreed Sizing Method and Productivity Into The Statements of Work
  17. 17. Suppliers Should Be Ready To Developer To The Standards RFP RFP
  18. 18. ©2019 CISQ RFP RFP Suppliers Should Be Ready To Develop To The Standards
  19. 19. Suppliers Teams Should Use Tools That Support CISQ AFP/ISO Sizing Standards ©2019 CISQ 19 Automatic Analysis Of The Size Of The Code In Function Points
  20. 20. Team Dashboards Should Clearly Show The Size Of Code Developed and Enhanced ©2019 CISQ 20
  21. 21. Teams Are Still Free To Use Agile & DevOps Story Point Sizing, Automated Function Points Counted In The Background ©2019 CISQ 21
  22. 22. ©2019 CISQ 22 RFP RFP Do Not Just Focus On Size of The Code, Verify The Quality – Automatically
  23. 23. Do Not Just Focus On Size of The Code, Verify The Quality – Automatically ©2019 CISQ 23 RFP RFP
  24. 24. Suppliers Teams Should Verify Code Quality, and Check For Vulnerabilities Against CISQ Standards •Security: Measures weaknesses in source code representing the most exploited security weaknesses in software including the CWE/Sans Institute Top 25 Most Dangerous Security Errors and OWASP Top 10 •Reliability: Measures weaknesses in source code impacting the availability, fault tolerance, and recoverability of software •Performance Efficiency: Measures weaknesses in source code impacting response time and utilization of processor, memory, and other resources •Maintainability: Measures weaknesses in source code impacting the comprehensibility, changeability, testability, and scalability of software •Technical Debt: A measure of corrective maintenance effort due to the CISQ code quality weaknesses remaining in a software application
  25. 25. End to End Trust Relationship Based On Standards ©2019 CISQ 25 RFP RFP
  26. 26. Let’s Learn From The Past ©2019 CISQ 26 As industry's mature they automate, from robots to fly-by-wire
  27. 27. Building A Foundation Quality Standards That Fit Modern Methods and Architecture • Automated • Product focused vs project • Support Event and API Architecture • Integrated in to DevOps & DevSecOps Toolchain Quality Standards That Are:
  28. 28. CISQ Structural Quality Measures
  29. 29. Focus on Outcomes
  30. 30. Build Standards Into The Contract Sample RFP CISQ has been referenced by the U.S. General Services Administration (GSA), formally citing CISQ requirements in a Information Technology (IT) statement of work from the Office of the CIO for the Office of Public Buildings. GSA is an independent agency of the U.S. government that supports general services of Federal agencies. See page 21, section 5.9 in GSA’s document, Schedule 70 Blank Purchase Agreement for IT and Development Services… “PB-ITS (Project Based IT Services) is seeking to establish code quality standards for its existing code base, as well as new development tasks. As an emerging standard, PB-ITS references the Consortium for Information Software Quality (CISQ) for guidance on how to measure, evaluate and improve software.”
  31. 31. Working With Suppliers Scorecard Measurement and discussion in governance committees to help set behavior SLAs  Treat software enhancements and maintenance as a service; track levels, penalties, credits Recommendation email  Email to vendor delivery leaders that they should consider using CISQ guidelines for all ADM work Acceptance criteria  Measure and demand minimal set of acceptance criteria for any new development or release RFP  Initial statement of requirements and project definition can set the tone for quality of deliverables SOW  Definition of specific project scope and deliverable can include definition of quality and security Six Levels of Engaging Vendors with CISQ Standards
  32. 32. CISQ/OMG Standards Process – Short Cycle CISQ Executive Forums Automated Function Points Reliability Performance Efficiency Security Maintainability OMG Approved Standards ISO Fasttrack Deployment Workshops OMG
  33. 33. CISQ Get The Standards – They Are Free https://www.it-cisq.org/standards/
  34. 34. CISQ Work With Us

×