Papers by Mario Piattini Velthuis
Globalization, is pushing companies towards continuous improvement. Quality frameworks addressing... more Globalization, is pushing companies towards continuous improvement. Quality frameworks addressing SPI practices are classifiable in ones describing: "what" should be done (ISO9001,CMMI); "how" it should be done (Six Sigma, GQM). When organizations adopt improvement initiatives, many models may be implied, each leveraging best practices for addressing improvement challenges. This may generate confusion, extra effort and cost, as well as increase the risk of inefficiencies and redundancies. So, it is important to harmonize quality frameworks, i.e. identify intersections and overlapping parts and create a multi-model improvement solution. Our aim is to propose a Harmonization Process supporting organizations interested in introducing/improving SPI practices. We present: a what/what combination of ISO9001 and CMMI-DEVv.1.2 models in the direction from ISO-CMMI; and detail the what/how perspective by showing how GQM is used to define operational goals that address ISO9001 statements, reusable in CMMI appraisals. The harmonization process has been applied to a SME certified ISO9001:2000.
Computer Standards & Interfaces, 2013
Many organizations are implementing process improvement models, seeking to increase their organiz... more Many organizations are implementing process improvement models, seeking to increase their organizational maturity for software development. However, implementing traditional maturity models involves a large investment (as regards money, time and resources) which is beyond the reach of vast majority of small organizations. This paper presents the use and adaptation of some ISO models in the creation of an organizational maturity model for the Spanish software industry. This model was used satisfactorily to (i) improve the software processes of several Spanish small firms, and (ii) obtain an organizational maturity certification for software development, granted by the Spanish Association for Standardization and Certification.
Small and medium enterprises are a very important piece in the gear of the world economy. The sof... more Small and medium enterprises are a very important piece in the gear of the world economy. The software industry in most of countries is composed of an industrial scheme mainly of small and medium software organizations-SMEs. To strengthen this type of organizations, efficient Software Engineering practices adapted to their size and business type are necessary. The Software Engineering community in the latest decade has expressed a special interest in software process improvement (SPI) with the purpose of improving the quality and productivity of the software. Nevertheless, there is a widespread tendency to stand out that the success of SPI is only possible for large companies. In this article a systematic review of the literature on the SPI efforts carried out in SMEs is presented. The objective is to know what has been carried out and achieved about software process improvement in this type of companies.
Método de integración para soportar la armonización de múltiples modelos y estándares
ABSTRACT Resumen. Actualmente, el sector empresarial está cada vez más interesado en implementar ... more ABSTRACT Resumen. Actualmente, el sector empresarial está cada vez más interesado en implementar múltiples modelos y estándares (como marcos de referencia) para mejorar sus procesos con el objetivo de incrementar el nivel de competitividad y garantizar el adecuado control, gestión y rendimiento de las actividades, procesos y procedimientos en distintas áreas y jerarquías organizacionales. Sin embargo, actualmente las organizaciones llevan a cabo la implementación de dos o más marcos de forma separada, sin identificar: (i) sus diferencias y semejanzas, (ii) la forma en que pueden complementarse, (iii) la reducción del costo de implementación, (iv) rápido retorno de la inversión, entre otros. En ese sentido, este artículo presenta un método de integración formado por un conjunto de actividades, tareas, roles y criterios para soportar la integración sistemática de múltiples marcos. Asimismo, se presenta un caso de estudio en el que se aplicó el método definido para la definición de un marco integrado para el gobierno de las Tecnologías y Sistemas de Información (TSI) aplicable al sector bancario. Además, se presenta un extracto del marco integrado obtenido, beneficios y lecciones aprendidas. Palabras clave: Armonización de múltiples modelos, estándares, marcos de referencia, integración de múltiples modelos y estándares, COBIT, ITIL, RISK IT, VAL IT, ISO 27002, BASEL II.
Modelo Ligero Para La Evaluación De Procesos Software
RESUMENLa mejora en los procesos de desarrollo de software garantiza a las empresas, alcanzar al... more RESUMENLa mejora en los procesos de desarrollo de software garantiza a las empresas, alcanzar altos niveles de madurez en los procesos e incrementa la competitividad internacional. Es necesario adecuar los modelos de mejora, evaluación y calidad que son reconocidos internacionalmente, a las características propias de los países donde son aplicados. Estos modelos difícilmente pueden ser aplicados en la mayoría de las empresas de muchos países iberoamericanos debido a la gran inversión en dinero, tiempo y recursos que requieren, así como a la complejidad de las recomendaciones que proporcionan y a un retorno de la inversión a largo plazo. Especialmente, las pequeñas empresas que inicien una cultura de mejora continua tienen la necesidad de realizar una evaluación respecto a un modelo de calidad. El primer paso en el proceso de mejora es determinar el estado en el que se encuentran sus procesos software. El proceso de evaluación permite conocer las fortalezas y debilidades que guían un programa de mejora de procesos al interior de la organización. El objetivo de este articulo es presentar MECPDS, un modelo ligero de evaluación de la calidad de procesos de desarrollo de software basado las normas ISO/IEC 12207:2002 e ISO/IEC 15504:2003 aplicable a las micro, pequeñas y medianas empresas, de manera fácil y económica, con pocos recursos y en poco tiempo. PALABRAS CLAVESModelos de EvaluaciónFramework de MedidaModelos de Proceso de ReferenciaCapacidad del ProcesoCumplimiento del ProcesoISO/IEC 12207:2002ISO/IEC 15504:2003. ABSTRACTThe Software Process Improvement guarantees to organizations, to reach high maturity levels in processes and increases international competitiveness. It is necessary to adapt the Improvement, Evaluation and Quality Models that are recognized internationally, to the own characteristics of countries where they are applied. These models hardly can be applied in the companies of many Latin American countries due to the great investment in money, time and resources that they require, as well as the complexity of the recommendations that they provide and a return of the investment in the long term. Specially, small organizations that initiate a culture of continuous improvement have the necessity to make an evaluation with respect to a Quality Model. The first step in the improvement process is to determine the current state of their software processes. The evaluation process allows us to know the strengths and weaknesses that guide a processes improvement program within an organization. The goal of this paper is to present MECPDS, a light model of evaluation of the quality of software development processes based on norms ISO/IEC 12207:2002 and ISO/IEC 15504:2003 applicable to micro, small and medium organizations, of easy and economic way, with investment of few resources and time. KEYWORDSEvaluation ModelsMeasurement FrameworkProcess Reference ModelsProcess CapabilityFulfillment of ProcessISO/IEC 12207:2002ISO/IEC 15504:2003
Software process improvement is an important aspect in achieving capable processes, and so organi... more Software process improvement is an important aspect in achieving capable processes, and so organizations are obviously concerned about it. However, to improve software process it is necessary to assess it in order to check its weaknesses and strengths. The assessment can be performed according to a given assessment process or any other and the processes of the organization can also use one particular process model or any other. The goal of this work is to provide an environment that allows us to carry out assessments that are in accord with various different process assessment models, on several process reference models. We have developed an environment composed of two components; one of these generates the database schema for storing the process reference model and assessment information and the other one assesses the process with reference to this information, generating results in several formats, to make it possible to interpret data. With this environment, assessment of softwar...
Proceedings of the 7th Workshop on Quantitative Approaches in Object-Oriented Software Engineering (QAOOSE’2003)
Papel de las TIC en el envejecimiento
Caracterización del sistema de interrelaciones para una integración de modelos de objetos
En la presente ponencia se discute el sistema de interrelaciones de un Metamodelo (MIMO) que inte... more En la presente ponencia se discute el sistema de interrelaciones de un Metamodelo (MIMO) que integra los principales Modelos de Objetos existentes (SQL3, ODMG-93. Metodo Unificado), abarcando todas las fases de desarrollo de una base de datos: MIMO se define en el marco del proyecto ENEAS/BD (ENtorno para la Ensenanza Avanzada de Bases de Datos), desarrollado por el Grupo de Bases de Datos del Departamento de Informatica de la Universidad Carlos III de Madrid.
Fundamentos y modelos de bases de datos
SUMARIO En resumen: El procomún del conocimiento 2
PISCIS. Comercio Electrónico basado en una infraestructura de certificación avanzada y tarjetas inteligentes
The use of Web applications in order to provide data with an acceptable level of quality is curre... more The use of Web applications in order to provide data with an acceptable level of quality is currently of paramount importance for any enterprise that wishes its business processes to succeed. The adequate management of the corresponding data resources through the introduction of all those aspects whose aim is to monitor the levels of quality for the task in hand is therefore essential. We claim that the introduction of such elements and mechanisms should take place during the Web application development process. To the best of our knowledge, there is still a lack of methodological and technological proposals with which to design data quality aware applications in the field of Web application development. Based principally on the benefits provided by the Model Driven Web Engineering (MDWE), this paper proposes a metamodel and a UML profile ( DAQ_UWE) for the management of Data Quality elements in the design of Web applications. The main objective is to provide the designer with the n...
The use of Web applications in order to provide data with an acceptable level of quality is curre... more The use of Web applications in order to provide data with an acceptable level of quality is currently of paramount importance for any enterprise that wishes its business processes to succeed. The adequate management of the corresponding data resources through the introduction of all those aspects whose aim is to monitor the levels of quality for the task in hand is therefore essential. We claim that the introduction of such elements and mechanisms should take place during the Web application development process. To the best of our knowledge, there is still a lack of methodological and technological proposals with which to design data quality aware applications in the field of Web application development. Based principally on the benefits provided by the Model Driven Web Engineering (MDWE), this paper proposes a metamodel and a UML profile (DAQ_UWE) for the management of Data Quality elements in the design of Web applications. The main objective is to provide the designer with the ne...
2011 37th EUROMICRO Conference on Software Engineering and Advanced Applications, 2011
Software process models need to be variant-rich, in the sense that they should be systematically ... more Software process models need to be variant-rich, in the sense that they should be systematically customizable to specific project goals and project environments. It is currently very difficult to model Variant-Rich Process (VRP) because variability mechanisms are largely missing in modern process modeling languages. Variability mechanisms from other domains, such as programming languages, might be suitable for the representation of variability and could be adapted to the modeling of software processes. Mechanisms from Software Product Line Engineering (SPLE) and concepts from Aspect-Oriented Software Engineering (AOSE) show particular promise when modeling variability. This paper presents an approach that integrates variability concepts from SPLE and AOSE in the design of a VRP approach for the systematic support of tailoring in software processes. This approach has also been implemented in SPEM, resulting in the vSPEM notation. It has been used in a pilot application, which indicates that our approach based on AOSE can make process tailoring easier and more productive.
Proceedings of the 4th International Workshop on Security in Information Systems, 2006
Security analysis of computer systems studies the vulnerabilities that affect an organization fro... more Security analysis of computer systems studies the vulnerabilities that affect an organization from various points of view. In recent years, a growing interest in guaranteeing that the organization makes a suitable use of personal data has been identified. Furthermore, the privacy of personal data is regulated by the Law and is considered important in a number of Quality Standards. This paper presents a practical proposal to make a systematic audit of personal data protection-within the framework of CobiT audit-based on SIREN. SIREN is a method of Requirements Engineering based on standards of this discipline and requirements reuse. The requirements predefined in the SIREN catalog of Personal Data Protection (PDP), along with a method of data protection audit, based on the use of this catalog, can provide organizations with a guarantee of ensuring the privacy and the good use of personal data. The audit method proposed in this paper has been validated following the Action Research method, in a case study of a medical center, which has a high level of protection in the personal data that it handles.
2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS), 2016
Future Internet, 2016
Society is increasingly dependent on Information Security Management Systems (ISMS), and having t... more Society is increasingly dependent on Information Security Management Systems (ISMS), and having these kind of systems has become vital for the development of Small and Medium-Sized Enterprises (SMEs). However, these companies require ISMS that have been adapted to their special features and have been optimized as regards the resources needed to deploy and maintain them, with very low costs and short implementation periods. This paper discusses the different cycles carried out using the 'Action Research (AR)' method, which have allowed the development of a security management methodology for SMEs that is able to automate processes and reduce the implementation time of the ISMS.
Uploads
Papers by Mario Piattini Velthuis