CMMI V2.0 is expected to get extended much beyond the three domains it has conventionally been applied till date - development, services and supplier management (acquisition).
The plan seemingly is to extend CMMI V2.0 by augmenting it with newer domains like workforce management (people), security and safety.
Workforce Management
It is, however, interesting to note that "people" area was already there as part of a separate model called as P-CMM (written with a "dash after "P").
P-CMM had its last release more than a decade earlier in July 2009.
The version was quite incidentally 2.0!
P-CMM never saw much traction and hence never had another release.
In a way, having a separate model for people practices was never a logical thing to do in the first place.
Managing people practices in isolation has no meaning and must be seen as one of the several elements that form part of effective management of work in an organization.
Following people practices will find a place in CMMI V2.0 under the capability area "Managing the Workforce (MWF)":
Organizational Training was already there in the first release of CMMI V2.0, and has been a part of CMMI framework for quite a long time.
P-CMM has continued on life-support for many years and CMMI V2.0 will help resuscitate it by subsuming it in a manner that makes sense.
That is why there are just five people practices that will there in CMMI V2.0.
It is actually just four if one were to take out the Organizational Training also.
It is easy to see the right-sizing of P-CMM in CMMI V2.0 from 22 practices to just 4!
The HR folks who used to make a lot of unnecessary hullabaloo, misplaced hype and a big mountain out of the P-CMM mole-hill have also been right-sized along with their pet model.
For more details about P-CMM, read the following post:
Security (Management)
Another extension to CMMI V2.0, is the Security domain which has conventionally been associated with ISO 27001, the ISO standard for information security.
The above should be extended further by organizations to the Data Privacy domain though it is not explicitly asked for.
This is crucial given the importance of Data Privacy, which has extended the information security domain to special protection of personal information through regulations such as GDPR.
For more details about Data Privacy, read the following posts:
Following security practices will find a place in CMMI V2.0 under the capability area "Managing Security (MSEC)".
For more details about Information Security, read the following posts:
Safety (Management and Engineering)
Another extension to CMMI V2.0, is the Safety domain which has conventionally been associated with specific safety standards.
In addition, there is a framework known as CMMI + SAFE that was developed to provide a safety add-on the to CMMI-DEV model.
The last version of +SAFE, version 1.2, was released more than a decade back, in March 2007.
Following safety practices will find a place in CMMI V2.0 under the capability area "Managing Safety (MSAF)".
For more details about Safety, read the following posts:
The plan seemingly is to extend CMMI V2.0 by augmenting it with newer domains like workforce management (people), security and safety.
Workforce Management
It is, however, interesting to note that "people" area was already there as part of a separate model called as P-CMM (written with a "dash after "P").
P-CMM had its last release more than a decade earlier in July 2009.
The version was quite incidentally 2.0!
P-CMM never saw much traction and hence never had another release.
In a way, having a separate model for people practices was never a logical thing to do in the first place.
Managing people practices in isolation has no meaning and must be seen as one of the several elements that form part of effective management of work in an organization.
Following people practices will find a place in CMMI V2.0 under the capability area "Managing the Workforce (MWF)":
- Compensation and Rewards
- Staffing and Workforce Management
- Career and Competency Development
- Empowered Work Groups
- Organizational Training
Organizational Training was already there in the first release of CMMI V2.0, and has been a part of CMMI framework for quite a long time.
P-CMM has continued on life-support for many years and CMMI V2.0 will help resuscitate it by subsuming it in a manner that makes sense.
That is why there are just five people practices that will there in CMMI V2.0.
It is actually just four if one were to take out the Organizational Training also.
It is easy to see the right-sizing of P-CMM in CMMI V2.0 from 22 practices to just 4!
The HR folks who used to make a lot of unnecessary hullabaloo, misplaced hype and a big mountain out of the P-CMM mole-hill have also been right-sized along with their pet model.
For more details about P-CMM, read the following post:
Security (Management)
Another extension to CMMI V2.0, is the Security domain which has conventionally been associated with ISO 27001, the ISO standard for information security.
The above should be extended further by organizations to the Data Privacy domain though it is not explicitly asked for.
This is crucial given the importance of Data Privacy, which has extended the information security domain to special protection of personal information through regulations such as GDPR.
For more details about Data Privacy, read the following posts:
- EU GDPR (General Data Protection Regulation) - Some Key Points
- Personal Data Privacy Regulations - Some Interesting Corollaries
Following security practices will find a place in CMMI V2.0 under the capability area "Managing Security (MSEC)".
- Managing and Planning Security
- Developing Secure Solutions
- Managing Security Threats and Vulnerabilities
- Selecting and Managing Secure Suppliers
- Planning and Supporting Security in Work
For more details about Information Security, read the following posts:
Safety (Management and Engineering)
Another extension to CMMI V2.0, is the Safety domain which has conventionally been associated with specific safety standards.
In addition, there is a framework known as CMMI + SAFE that was developed to provide a safety add-on the to CMMI-DEV model.
The last version of +SAFE, version 1.2, was released more than a decade back, in March 2007.
Following safety practices will find a place in CMMI V2.0 under the capability area "Managing Safety (MSAF)".
- Communication and Coordination
- Managing and Planning Safety
- Ensuring Safety
For more details about Safety, read the following posts: