Archive | Uncategorized RSS feed for this section

Categorization of CMMI Processes Area

6 Sep

Once again back with process improvement topic, when we though of process oriented organization, few of us think that it can be achieved easily but believe me it don’t happens over the night. There are teams who sweats day & night to establish a formal process and in every organizations there are people who don’t like changes but change in inevitable in nature and we must be ready for the same. CMMI is a framework for process improvement and today we are going to categories CMMI processes area.

CMMI Process area are divided into two categories respectively:

  1. Maturity Level wise
  2.  Category Level wise

Further if we categories maturity level, it can be divided into 5 maturity level. Any company or organization which is having no process is by default at level 1.

  1. Maturity Level 1 – Initial (Having no processes and nothing being followed)
  2. Maturity Level 2 – Managed
    1. Configuration Management
    2. Measurement & Analysis
    3. Project Monitoring & control
    4. Project Planning
    5. Process & Product Quality Assurance
    6. Supplier Agreement Management (SAM)
  3. Maturity Level 3 – Defined
    1. Decision Analysis & Resolution
    2. Integrated Project Plan
    3. Organizational Process Defination
    4. Organizational Training
    5. Organizational Process focus
    6. Producut Integration
    7. Requirement Development
    8. Risk Management
    9. Technical Solution
    10. Verification
    11. Validation
  4. Maturity Level 4- Quantitatively Managed
    1. Organization Process Performance
    2. Quantitative Project Management
  5. Maturity Level 5 – Optimizing 
    1. Casual Analysis & Resolution (CAR)
    2. Organizational Performance Management

If you want to divide category wise process area then it can be divided into four category ;

  1. Project Management
    1. Integrated Project Plan (IPP)
    2. Project Monitoring & Control (PMC)
    3. Project Plan (PP)
    4. Quantitative Project Management (QPM)
    5. Requirement Management (REQM)
    6. Risk Management (RM/RSKM)
    7. Supplier Agreement Management (SAM)
  2. Engineering
    1. Product Integration (PI)
    2. Requirement Development (RD)
    3. Technical Solution (TS)
    4. Validation (VAL)
    5. Verification (VER)
  3. Process Management
    1. Organizational Performance Management (OPM)
    2. Organizational Process Definition (OPD)
    3. Organizational Process Focus (OPF)
    4. Organizational Training (OT)
  4. Support
    1. Casual Analysis & Resolution (CAR)
    2. Configuration Management (CM)
    3. Decision Analysis & Resolution (DAR)
    4. Measurement & Analysis (MA)
    5. Product & Process Quality Assurance (PPQA)

If you have counted there are 22 process areas and each represent some activity in Maturity Level. If you want to learn more about these areas, I would encourage you to read my book on CMMI for Development.

 

If you are looking to hire an consultant for CMMI implementation, you can reach me on mukund002(at)gmail.com.

Advertisements

Top Misconceptions about PCI

5 Sep

Today I am going to focus on the major misconceptions that people have about PCI. So before getting started with the misconceptions, lets understand what is PCI & to whom it applies.

PCI DSS

What is PCI ?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all the companies that accept, process, store or transmit credit card information maintain a secure environment. The PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB card.)  Now since you have some knowledge about PCI, you might have understood that it applies to all the organizations regardless of  their size or the number of transactions, that accepts, transmits or stores any cardholder data.

Myth PCI

Let us now see the common misconceptions:

  • Since we don’t store credit card information, we don’t have to be PCI compliant. This statement is false as PCI DSS does not only apply to the storage of credit card data but it also applies to the handling of data while it is processed or transmitted over networks. Since you are not storing credit card data it does eliminate compliance requirements as the majority of the controls dictated by the DSS remain in effect. The only way to avoid PCI compliance is to transfer the risk entirely to someone else, such as third party payment,for example; PayPal’s Website Payments Standard service where customers interact with the PayPal SDK directly and credit card information never traverses to own servers.
  • The PCI Data Security Standards is only a recommendation and not a requirement. This is also a false statement. The Payment Card Industry Security Standards Council (PCI SSC) is a private regulatory body that enforce the PCI DSS standard for merchants and service providers, regardless of their number & size. If the company stores, processes, or transmits any of the information recorded on a credit or debit card then they must abide by the PCI DSS else they have to face significant fines, higher opex costs through increased compliance requirements, and potential suspension or expulsion from card processing networks.
  • Since we process a few number of credit cards only, so we don’t have to be compliant. Again a false statement. The merchants who process less than 20k transactions a year is not bound to seek the compliance validation  but the obligations of PCI compliance is still there as the data you store can be compromised and have serious consequences.
  • Since we use PayPal/Authorize.NET therefore we don’t have to be PCI complaint. People often thinks that we have transferred the burden of PCI compliance to the payment services provider but there are certain services (e.g. PayPal’s Website Payments Pro).If your website integrates with PayPal via an API then you are still liable for PCI compliance since your servers capture and transmit the credit card data first.
  • PCI  compliance only applies to eCommerce. The compliance is not applicable to any particular domain and hence it is applicable to every domain including eCommerce.

There are lots of other misconceptions about PCI which are not listed in this post. The purpose of the post is to share the general information and misconceptions of payment compliance. Please do share your feedback about this post.

References: 

https://www.pcisecuritystandards.org/document_library?association=PCI-DSS
https://www.pcisecuritystandards.org/

 

 

 

You’re always beginning when you are moving forward.

25 Apr

You never fully become a leader. Goals are achieved. Character is pursued. Humility is the most challenging pursuit. Illusive: All character qualities are illusive. Courage, restraint, and love have new expressions in new circumstances. One day’s success is, at best, another days platform. Humility of all character qualities is most illusive. Mac Davis mockingly sang, “Oh […]

via Oh Lord it’s Hard to Be Humble — Leadership Freak

Women Use Pinterest, But They Don’t Run It

24 Jul

Product Manager Day 77: More than Requirements

24 Apr

wasabi geek

It’s been a month since we launched a new feature – and last I checked, no one was using it.

View original post 178 more words

History of ecommerce

21 Oct

This site is moved to new address (www.mukundtechie.com)

18 Oct

Dear Friends,

This site is moved to new address:- http://www.mukundtechie.com

For latest post and updates please visit my new site.

http://www.mukundtechie.com

Thanks,
Mukund Chaudhary