Abstract of The LEGO maturity & capability model approach: “Maturity model (MM) (based on Crosby’s original idea) has been one of the main buzzwords over the past 20 years. A variety of MMs have been created in several application domains, from Software Engineering to Contract Management. Despite several models intending to cover the same domain, their PRMs (Process Reference Models) typically have different scopes, do not always cover the same set of processes, or have different levels of depth, or do not express the same level of granularity when describing concepts. Thus some important questions from the MM users’ viewpoint arise: how to choose the right models for our needs? After selecting those models, how to build a new, tailored MM based on several sources and customized to a specific domain? This paper motivates these important questions and proposes a way to choose, combine and adapt the contents from multiple MMs within a generic-domain approach we call ‘LEGO’ (Living EnGineering prOcess), based upon the well-known kids’ toy that stimulates creativity through combining different bricks. We present three case studies, one of them based upon the development of the Medi SPICE model, illustrating how the proposed approach may be used to develop MCM (Maturity & Capabilty Models) in this context.”
Risk management capability model
Abstract of Risk management capability model for the development of medical device software: “Failure of medical device (MD) software can have potentially catastrophic effects, leading to injury of patients or even death. Therefore, regulators penalise MD manufacturers who do not demonstrate that sufficient attention is devoted to the areas of hazard analysis and risk management (RM) throughout the software lifecycle. This paper has two main objectives. The first objective is to compare how thorough current MD regulations are with relation to the Capability Maturity Model Integration (CMMI®) in specifying what RM practices MD companies should adopt when developing software. The second objective is to present a Risk Management Capability Model (RMCM) for the MD software industry, which is geared towards improving software quality, safety and reliability. Our analysis indicates that 42 RM sub-practices would have to be performed in order to satisfy MD regulations and that only an additional 8 sub-practices would be required in order to satisfy all the CMMI® level 1 requirements. Additionally, MD companies satisfying the CMMI® goals of the RM process area by performing the CMMI® RM practices will not meet the requirements of the MD software RM regulations as an additional 20 MD-specific sub-practices have to be added to meet the objectives of RMCM.“