Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CISQ Standards in Governing Digital Transformation and Digital Suppliers

77 views

Published on

An overview of software measurement standards and how to use the standards during digital transformation and with system integrators and software suppliers to reduce risk and cost.

Published in: Software
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

CISQ Standards in Governing Digital Transformation and Digital Suppliers

  1. 1. CISQ Standards in Governing Digital Transformation and Digital Suppliers ©2019 CISQ 1 Dave Norton Executive Director Consortium for Information & Software Quality david.norton@it-cisq.org
  2. 2. Two Basic Truths ©2019 CISQ 2 Things are more complex and the pace of change is relentless
  3. 3. Finance Cyber Incidents in the UK, 1087% Increase Year on Year ©2019 CISQ 3 • 21%, are related to third-party failure, i.e., systems the reporting organization did not control. • However, many of the other incidents had their origins in third-party developed software now owned by the reporting organization.
  4. 4. The Suppliers Have To Build Quality In From The Start ©2019 CISQ 4
  5. 5. ©2019 CISQ 5 The Suppliers Have To Build Quality In From The Start
  6. 6. Complex Technology Stack ©2019 CISQ 6
  7. 7. Increasing Technical Debt ©2019 CISQ 7 Software Quality Iceberg (Code Complete, Steve McConnell) Code complexity Maintainability Internal Coupling Functional Size Redundant code Testability External Coupling Operating Cost Maintenance Cost Reliability Performance Business Value
  8. 8. Example After 120 Day Project ©2019 CISQ 8 Refactoring FTE Tech Debt Refactoring Cost Team Size Inject Rate Rate Days Left At $240 At $1040 5 10 - 25% 10% 63.2 $15,168 $65,728 10 10 - 25% 10% 126.4 $30,336 $131,456 20 10 - 25% 10% 252.8 $60,672 $262,912 Average Team
  9. 9. Drive for Greater Productivity, But Are We Really Improving ? ©2019 CISQ 9 Everyone wants faster time to market, but few want to hear about the risks
  10. 10. Balance 10 Productivity Quality
  11. 11. Building A Trust Relationship Based On Standards 11 RFP
  12. 12. Embed Software Quality & Sizing Standards Into Request For Proposal or Quotes 12 RFP RFP
  13. 13. ©2019 CISQ 13 Sample RFP CISQ has been referenced by the U.S. General Services Administration (GSA), formally citing CISQ requirements in a Information Technology (IT) statement of work from the Office of the CIO for the Office of Public Buildings. GSA is an independent agency of the U.S. government that supports general services of Federal agencies. See page 21, section 5.9 in GSA’s document, Schedule 70 Blank Purchase Agreement for IT and Development Services… “PB-ITS (Project Based IT Services) is seeking to establish code quality standards for its existing code base, as well as new development tasks. As an emerging standard, PB-ITS references the Consortium for Information Software Quality (CISQ) for guidance on how to measure, evaluate and improve software.” Embed Software Quality & Sizing Standards Into Request For Proposal or Quotes
  14. 14. Agree Productivity Levels With Suppliers Based On Automated Sizing Code – Combine With Manual Sizing Of Requirement RFP RFP
  15. 15. Embed The Agreed Sizing Method and Productivity Into The Statements of Work RFP RFP
  16. 16. ©2019 CISQ 16 1. Contracting and Productivity 1. Productivity The contracted is based on a bases level of productivity of 18 Function Pointers per Staff Month [1]. A staff month is defined as 22 days per calendar month, 8 hours per day, equalling 176 working hours per month. Attentively the contracted is based on a bases level of productivity of 9.5 hours per function point [1]. 1. Rate The supplier shall invoice at a rate of € 300 [2] per function point delivered to the client as measured by ISO 19515 Information technology — Object Management Group Automated Function Points (AFP), 1.0 defined in section 3.4 Exceptions to the rate and activities that will not be invoiced by function point must be agreed in advance of contract signing. Embed The Agreed Sizing Method and Productivity Into The Statements of Work
  17. 17. Suppliers Should Be Ready To Developer To The Standards RFP RFP
  18. 18. ©2019 CISQ RFP RFP Suppliers Should Be Ready To Develop To The Standards
  19. 19. Suppliers Teams Should Use Tools That Support CISQ AFP/ISO Sizing Standards ©2019 CISQ 19 Automatic Analysis Of The Size Of The Code In Function Points
  20. 20. Team Dashboards Should Clearly Show The Size Of Code Developed and Enhanced ©2019 CISQ 20
  21. 21. Teams Are Still Free To Use Agile & DevOps Story Point Sizing, Automated Function Points Counted In The Background ©2019 CISQ 21
  22. 22. ©2019 CISQ 22 RFP RFP Do Not Just Focus On Size of The Code, Verify The Quality – Automatically
  23. 23. Do Not Just Focus On Size of The Code, Verify The Quality – Automatically ©2019 CISQ 23 RFP RFP
  24. 24. Suppliers Teams Should Verify Code Quality, and Check For Vulnerabilities Against CISQ Standards •Security: Measures weaknesses in source code representing the most exploited security weaknesses in software including the CWE/Sans Institute Top 25 Most Dangerous Security Errors and OWASP Top 10 •Reliability: Measures weaknesses in source code impacting the availability, fault tolerance, and recoverability of software •Performance Efficiency: Measures weaknesses in source code impacting response time and utilization of processor, memory, and other resources •Maintainability: Measures weaknesses in source code impacting the comprehensibility, changeability, testability, and scalability of software •Technical Debt: A measure of corrective maintenance effort due to the CISQ code quality weaknesses remaining in a software application
  25. 25. End to End Trust Relationship Based On Standards ©2019 CISQ 25 RFP RFP
  26. 26. Let’s Learn From The Past ©2019 CISQ 26 As industry's mature they automate, from robots to fly-by-wire
  27. 27. Building A Foundation Quality Standards That Fit Modern Methods and Architecture • Automated • Product focused vs project • Support Event and API Architecture • Integrated in to DevOps & DevSecOps Toolchain Quality Standards That Are:
  28. 28. CISQ Structural Quality Measures
  29. 29. Focus on Outcomes
  30. 30. Build Standards Into The Contract Sample RFP CISQ has been referenced by the U.S. General Services Administration (GSA), formally citing CISQ requirements in a Information Technology (IT) statement of work from the Office of the CIO for the Office of Public Buildings. GSA is an independent agency of the U.S. government that supports general services of Federal agencies. See page 21, section 5.9 in GSA’s document, Schedule 70 Blank Purchase Agreement for IT and Development Services… “PB-ITS (Project Based IT Services) is seeking to establish code quality standards for its existing code base, as well as new development tasks. As an emerging standard, PB-ITS references the Consortium for Information Software Quality (CISQ) for guidance on how to measure, evaluate and improve software.”
  31. 31. Working With Suppliers Scorecard Measurement and discussion in governance committees to help set behavior SLAs  Treat software enhancements and maintenance as a service; track levels, penalties, credits Recommendation email  Email to vendor delivery leaders that they should consider using CISQ guidelines for all ADM work Acceptance criteria  Measure and demand minimal set of acceptance criteria for any new development or release RFP  Initial statement of requirements and project definition can set the tone for quality of deliverables SOW  Definition of specific project scope and deliverable can include definition of quality and security Six Levels of Engaging Vendors with CISQ Standards
  32. 32. CISQ/OMG Standards Process – Short Cycle CISQ Executive Forums Automated Function Points Reliability Performance Efficiency Security Maintainability OMG Approved Standards ISO Fasttrack Deployment Workshops OMG
  33. 33. CISQ Get The Standards – They Are Free https://www.it-cisq.org/standards/
  34. 34. CISQ Work With Us

×