Systems, software and services process improvement 23rd european conference, EuroSPI 2016

2.1 ISO/IEC 29110The ISO/IEC 29110 Software engineering— Lifecycle profiles for Very Small Entitiesstandard is aimed to approach Software Engineering and Project Management goodpractices

Christian Kreiner

Rory V O'Connor

Alexander Poth

23rd European Conference, EuroSPI 2016

Graz, Austria, September 14–16, 2016

in Computer and Information Science 633Commenced Publication in 2007

Founding and Former Series Editors:

Alfredo Cuzzocrea, DominikŚlęzak, and Xiaokang Yang

Editorial Board

Simone Diniz Junqueira Barbosa

Pontifical Catholic University of Rio de Janeiro (PUC-Rio),

Rio de Janeiro, Brazil

St Petersburg Institute for Informatics and Automation of the Russian

Academy of Sciences, St Petersburg, Russia

Christian Kreiner • Rory V O ’Connor

Alexander Poth • Richard Messnarz (Eds.)

Systems, Software

and Services Process

Improvement

23rd European Conference, EuroSPI 2016

Proceedings

123

ISSN 1865-0929 ISSN 1865-0937 (electronic)

Communications in Computer and Information Science

ISBN 978-3-319-44816-9 ISBN 978-3-319-44817-6 (eBook)

DOI 10.1007/978-3-319-44817-6

Library of Congress Control Number: 2016948222

© Springer International Publishing Switzerland 2016

This work is subject to copyright All rights are reserved by the Publisher, whether the whole or part of the material is concerned, speci fically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on micro films or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.

The use of general descriptive names, registered names, trademarks, service marks, etc in this publication does not imply, even in the absence of a speci fic statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use.

The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made.

Printed on acid-free paper

This Springer imprint is published by Springer Nature

The registered company is Springer International Publishing AG Switzerland

This book comprises the proceedings of the 23rd EuroSPI conference, held duringSeptember 14–16, in Graz, Austria.

Since EuroSPI 2010, we have extended the scope of the conference from softwareprocess improvement to systems, software, and service-based process improvement.EMIRAcle is the institution for research in manufacturing and innovation, whichemerged as a result of the largest network of excellence for innovation in manufac-turing in Europe EMIRAcle key representatives joined the EuroSPI community, andpapers as well as case studies for process improvement on systems and products will beincluded in future

Since 2008, EuroSPI partners packaged SPI knowledge in job role training andestablished a European certification association (www.ecqa.org) to transport thisknowledge Europe-wide using standardized certification and exam processes

Conferences were held in Dublin (Ireland) in 1994, in Vienna (Austria) in 1995,

in Budapest (Hungary) in 1997, in Gothenburg (Sweden) in 1998, in Pori (Finland) in

1999, in Copenhagen (Denmark) in 2000, in Limerick (Ireland) in 2001, in Nuremberg(Germany) in 2002, in Graz (Austria) in 2003, in Trondheim (Norway) in 2004, inBudapest (Hungary) in 2005, in Joensuu (Finland) in 2006, in Potsdam (Germany)

in 2007, in Dublin (Ireland) in 2008, in Alcala (Spain) in 2009, in Grenoble (France) in

2010, in Roskilde (Denmark) in 2011, in Vienna (Austria) in 2012, in Dundalk(Ireland) in 2013, in Luxembourg in 2014, and in Ankara (Turkey) 2015

EuroSPI is an initiative with the following major action lineshttp://www.eurospi.net:

• Establishing an annual EuroSPI conference supported by software processimprovement networks from different EU countries

• Establishing an Internet-based knowledge library, newsletters, and a set of ceedings and recommended books

pro-• Establishing an effective team of national representatives (from each EU- country)growing step by step into more countries of Europe

• Establishing a European Qualification Framework for a pool of professions relatedwith SPI and management This is supported by European certificates and exami-nation systems

EuroSPI has established a newsletter series (newsletter.eurospi.net), the SPI festo (SPI = Systems, Software and Services Process Improvement), an experiencelibrary (library.eurospi.net) that is continuously extended over the years and is madeavailable to all attendees, and a Europe-wide certification for qualifications in the SPIarea (www.ecqa.org, European Certification and Qualification Association)

Mani-A typical characterization of EuroSPI is reflected in a statement made by a company:

“… the biggest value of EuroSPI lies in its function as a European knowledge andexperience exchange mechanism for SPI and innovation.”

Since its beginning in 1994 in Dublin, the EuroSPI initiative has outlined that there

is not a single silver bullet with which to solve SPI issues, but that you need tounderstand a combination of different SPI methods and approaches to achieve concretebenefits Therefore, each proceedings volume covers a variety of different topics, and atthe conference we discuss potential synergies and the combined use of such methodsand approaches These proceedings contain selected research papers under sixheadings:

• Section I: SPI and the ISO/IEC 29110 Standard

• Section II: Communication and Team Issues in SPI

• Section III: SPI and Assessment

• Section IV: SPI in Secure and Safety Critical Environments

• Section V: SPI Initiatives

• Section VI: Selected Key Notes and Workshop Papers

Section I presents three papers related to the new standard ISO/IEC 29110 for VerySmall Entities In thefirst paper Sanchez-Gordón et al present educational issues withrespect to ISO/IEC 29110 The second and third papers in this series present useful casestudies on implementing ISO/IEC 29110 in industrial settings

Section II presents three papers under the umbrella topic of “Communication andTeam Issues in SPI” In the first paper Clarke et al examine the linguistic and ter-minological challenges in the industry, whilst the second paper examines the specificcase of natural language in requirements, andfinally the third paper, by Munoz et al.,models highly effective teams for software development

Section III explores the theme of “SPI and Assessment”, with Cortina et al.examining the area of IT service management and in particular ISO/IEC 15504-8,TIPA, and ITIL In the second paper in this series, Biró et al examine challenges ofautomating traceability assessment In the final paper Picard et al explore TIPA ITservice management issues

Section IV presents three papers dealing with associated issues surrounding thetopic of Secure and Safety Critical Environments In the first paper Rauter et al.examine processes for secure embedded control devices, whilst in paper 2 Nevalainen

et al explore Situational Factors in Safety Critical Software Development In thefinalpaper of this set, Macher et al explore cyber-security challenges in an automotivecontext

Section V discusses issues surrounding “SPI Initiatives” with the first paper cussing risk assessment in SPI In the second paper Stolfa et al present the area ofautomotive quality and education, whilst in thefinal paper Pekki studies critical successfactors in SPI

dis-Section VI presents selected keynotes from EuroSPI workshops concerning thefuture of SPI From 2010 onwards EuroSPI has invited recognized key researchers topresent papers on the future directions of SPI These key messages are discussed ininteractive workshops and help to create SPI communities based on new topics Thefirst set of papers relates to the GamifySPI workshop and explores Gamification andPersuasive Games for Software Process Improvement, Information Technology, andInnovation Management

The second collection of papers relates to the topic of Functional Safety andaddresses a broad range of issues related to cyber security and functional safety Rodic

et al describe the application of the AQUA (Automotive Quality Knowledge Alliance)

at master level at different universities and explain the application of the qualityprinciples based on an in-wheel electric motor design Riel et al describe the Auto-motive Engineer Project where young researchers get introduced to modern qualitystrategies in Automotive which will empower the motivation of young engineers to jointhis leading industry in Europe Larrucea et al discuss how the Goal StructuredNotation (GSN) can be used to build a safety case based on the example of a hall sensorwhich is a most common sensor principle nowadays used in cars In thefinal paper MacAirchinnigh analyses the available information about functional safety and proposes tointegrate the experiences with formal methods in Europe with this growing set offunctional safety standards

Thefinal collection of papers addresses innovation strategies in Europe which willmotivate researchers, engineers, and managers to build an environment whichempowers creativity and innovation in Europe Innovation is a core ability empoweringnew concepts for implementing SPI Messnarz et al provide an overview of differentEuropean innovation initiatives and create a vision of a European network for inno-vation integrating the different approaches into a European innovation knowledgecluster Reiner et al illustrate how innovation strategies can be supported at universities

to empower spin offs of young entrepreneurs Munoz et al describe in their paper howimprovement strategies depend on the organization’s context and how to deal with that,and in thefinal paper Siakas et al describe the concept of open innovation and cus-tomer integration and how this influences the success of and value creation of anorganization

Rory V O’ConnorAlexander PothRichard Messnarz

In [1] the proceedings of three EuroSPI conferences were integrated into one book,which was edited by 30 experts in Europe The proceedings of EuroSPI 2005 to 2015inclusive have been published by Springer in [2–11], respectively.

References

1 Messnarz, R., Tully, C (eds.): Better Software Practice for Business Benefit –Principles and Experience, 409 pages IEEE Computer Society Press, Los Alamitos(1999)

2 Richardson, I., Abrahamsson, P., Messnarz, R (eds.): Software Process ment LNCS, vol 3792, p 213 Springer, Heidelberg (2005)

Improve-3 Richardson, I., Runeson, P., Messnarz, R (eds.): Software Process Improvement.LNCS, vol 4257, pp 11–13 Springer, Heidelberg (2006)

4 Abrahamsson, P., Baddoo, N., Margaria, T., Messnarz, R (eds.): Software ProcessImprovement LNCS, vol 4764, pp 1–6 Springer, Heidelberg (2007)

5 O’Connor, R.V., Baddoo, N., Smolander, K., Messnarz, R (eds): Software ProcessImprovement CCIS, vol 16, Springer, Heidelberg (2008)

6 O’Connor, R.V., Baddoo, N., Gallego C., Rejas Muslera R., Smolander, K.,Messnarz, R (eds): Software Process Improvement CCIS, vol 42, Springer,Heidelberg (2009)

7 Riel A., O’Connor, R.V Tichkiewitch S., Messnarz, R (eds): Software, System,and Service Process Improvement CCIS, vol 99, Springer, Heidelberg (2010)

8 O’Connor, R., Pries-Heje, J and Messnarz R., Systems, Software and ServicesProcess Improvement, CCIS Vol 172, Springer-Verlag, (2011)

9 Winkler, D., O’Connor, R.V and Messnarz R (Eds), Systems, Software andServices Process Improvement, CCIS 301, Springer-Verlag, (2012)

10 McCaffery, F., O’Connor, R.V and Messnarz R (Eds), Systems, Software andServices Process Improvement, CCIS 364, Springer-Verlag, (2013)

11 Barafort, B., O’Connor, R.V and Messnarz R (Eds), Systems, Software andServices Process Improvement, CCIS 425, Springer-Verlag, (2014)

12 O’Connor, R.V Akkaya, M., Kemaneci K., Yilmaz, M., Poth, A and Messnarz R.(Eds), Systems, Software and Services Process Improvement, CCIS 543, Springer-Verlag, (2015)

General Chair

Richard Messnarz ISCN GesmbH, Graz, Austria

Scienti fic Co-chairs

Rory V O’Connor Dublin City University, Ireland

Christian Kreiner Graz University of Technology, Austria

Organization Chair

Adrienne Clarke ISCN Ltd, Ireland

Local Organization Chair

Christian Kreiner Graz University of Technology, Austria

GamifySPI Workshop Chair

Murat Yilmaz Cankaya University, Turkey

Board Members

EuroSPI Board Members represent centers or networks of SPI excellence havingextensive experience with SPI The board members collaborate with different EuropeanSPINS (Software Process Improvement Networks) The following organizations havebeen members of the conference board for a significant period:

EuroSPI Scienti fic Program Committee

EuroSPI established an international committee of selected well-known experts in SPIwho are willing to be mentioned in the program and to review a set of papers each year.The list below represents the Research Program Committee members EuroSPI alsohas a separate Industrial Program Committee responsible for the industry/experiencecontributions

Miklós Biró Software Competence Center Hagenberg GmbH,

AustriaLuigi Buglione Ingegneria Informatica S.p.A., Italy

Jose Antonio

Calvo-Manzano

Universidad Politécnica de Madrid, SpainPaul M Clarke Dublin City University, Ireland

Darren Dalcher University of Hertfordshire, UK

Masud Fazal-Baqaie S&N CQM, Germany

Elli Georgiadou Middlesex University, UK

Christian Kreiner Graz University of Technology, Austria

Dieter Landes Fachhochschule Coburg, Germany

Micheal Mac An

Airchinnigh

ISCN, Ireland

Timo Mäkinen Tampere University of Technology, Finland

Antonia Mas Pichacos Universitat de les Illes Balears, Spain

Miranda Mejia CIMAT-Zacatecas, Mexico

Antoni Mesquida Universitat de les Illes Balears, Spain

Mirna Muñoz CIMAT-Zacatecas, Mexico

Rory V O’Connor Dublin City University, Ireland

Markku Oivo University of Oulu, Finland

EgemenÖzalp Tubitak Uzay, Turkey

Efi Papatheocharous SICS Swedish ICT AB, Sweden

Keith Phalp Bournemouth University, UK

Tomas San Feliu Universidad Politécnica de Madrid, Spain

Jakub Stolfa Technical University of Ostrava, Czech RepublicSvatopluk Stolfa Technical University of Ostrava, Czech RepublicTimo Varko Tampere University of Technology, Finland

Paula Ventura Martins University of Algarve, Portugal

Murat Yilmaz Cankaya University, Turkey

Acknowledgements

Some contributions published in this book have been funded with support from theEuropean Commission European projects (supporting ECQA and EuroSPI) con-tributed to this Springer book including AQU (Automotive Quality Universe), and AE(Automotive Engineer)

In this case the publications reflect the views only of the author(s), and theCommission cannot be held responsible for any use, which may be made of theinformation contained therein.

SPI and the ISO/IEC 29110 Standard

Bridging the Gap Between SPI and SMEs in Educational Settings:

A Learning Tool Supporting ISO/IEC 29110 3Mary-Luz Sanchez-Gordón, Rory V O’Connor,

Ricardo Colomo-Palacios, and Eduardo Herranz

Implementing the New ISO/IEC 29110 Systems Engineering Process

Standard in a Small Public Transportation Company 15Claude Y Laporte, Nicolas Tremblay, Jamil Menaceur,

and Denis Poliquin

A Multi-case Study Analysis of Software Process Improvement in Very

Small Companies Using ISO/IEC 29110 30Claude Y Laporte and Rory V O’Connor

Communication and Team Issues in SPI

Refactoring Software Development Process Terminology Through the Use

of Ontology 47Paul M Clarke, Antoni Lluís Mesquida Calafat, Damjan Ekert,

J.J Ekstrom, Tatjana Gornostaja, Milos Jovanovic, Jørn Johansen,

Antonia Mas, Richard Messnarz, Blanca Nájera Villar,

Alexander O’Connor, Rory V O’Connor, Michael Reiner,

Gabriele Sauberer, Klaus-Dirk Schmitz, and Murat Yilmaz

Cardion.spec: An Approach to Improve the Requirements Specification

Written in the Natural Language Through the Formal Method 58Masao Ito

Establishing Effective Software Development Teams: An Exploratory

Model 70Mirna Muñoz, Jezreel Mejia, Adriana Peña, and Nora Rangel

SPI and Assessment

Using a Process Assessment Model to Prepare for an ISO/IEC 20000-1

Certification: ISO/IEC 15504-8 or TIPA for ITIL? 83

Stéphane Cortina, Béatrix Barafort, Michel Picard, and Alain Renault

Towards Automated Traceability Assessment through Augmented

Lifecycle Space 94Miklós Biró, József Klespitz, Johannes Gmeiner, Christa Illibauer,

and Levente Kovács

Measuring Readiness for Compliance: A Gap Analysis Tool to Complete

the TIPA Process Assessment Framework 106Michel Picard, Alain Renault, Béatrix Barafort, and Stéphane Cortina

SPI in Secure and Safety Critical Environments

Development and Production Processes for Secure Embedded Control

Devices 119Tobias Rauter, Andrea Höller, Johannes Iber, and Christian Kreiner

Situational Factors in Safety Critical Software Development 132Risto Nevalainen, Paul Clarke, Fergal McCaffery, Rory V O’Connor,

and Timo Varkoi

Supporting Cyber-Security Based on Hardware-Software Interface

Definition 148Georg Macher, Harald Sporer, Eugen Brenner, and Christian Kreiner

SPI Initiatives

Collective Intelligence-Based Quality Assurance: Combining Inspection

and Risk Assessment to Support Process Improvement

in Multi-Disciplinary Engineering 163Dietmar Winkler, Juergen Musil, Angelika Musil, and Stefan Biffl

Automotive Quality Universities - AQUA Alliance Extension to Higher

Education 176Jakub Stolfa, Svatopluk Stolfa, Andreas Riel, Serge Tichkiewitch,

Christian Kreiner, Richard Messnarz, Miran Rodic, and Monika Gaisch

How the Company Manages Critical Success Factors in Software Process

Improvement Initiatives: Pilot Case-Study in Finnish Software Company 188Jaana Pekki

Selected Key Notes and Workshop Papers

GamifySPI

Software Developer’s Journey: A Story-Driven Approach to Support

Software Practitioners 203Murat Yilmaz, Berke Atasoy, Rory V O’Connor, Jean-Bernard Martens,

and Paul Clarke

Gamification Proposal for Defect Tracking in Software Development

Process 212Gloria Piedad Gasca-Hurtado, María Clara Gómez-Alvarez,

Mirna Muñoz, and Jezreel Mejía

Process Improving by Playing: Implementing Best Practices through

Business Games 225Antoni-Lluís Mesquida, Milos Jovanovic, and Antònia Mas

Gamification and Human Factors in Quality Management Systems:

Mapping from Octalysis Framework to ISO 10018 234Mary-Luz Sanchez-Gordón, Ricardo Colomo-Palacios,

and Eduardo Herranz

Gamifying the Onboarding Process for Novice Software Practitioners 242Mehmet Kosa and Murat Yilmaz

Functional Safety

Functional Safety Considerations for an In-wheel Electric Motor

for Education 251Miran Rodic, Andreas Riel, Richard Messnarz, Jakub Stolfa,

and Svatopluk Stolfa

A Compact Introduction to Automotive Engineering Knowledge 259Andreas Riel, Monique Kollenhof, Sebastiaan Boersma, Ron Gommans,

Damjan Ekert, and Richard Messnarz

A GSN Approach to SEooC for an Automotive Hall Sensor 269Xabier Larrucea, Silvana Mergen, and Alastair Walker

Formal Methods and Functional Safety 281Micheal Mac an Airchinnigh

Supporting Innovation and Improvement

Forming a European Innovation Cluster as a Think Tank and Knowledge

Pool 293Richard Messnarz, Andreas Riel, Gabriele Sauberer,

and Michael Reiner

Innovative Marketing in Low-Tech Micro Companies - Lessons Learned

from Study Projects 302Michael Reiner, Christian Reimann, and Elena Vitkauskaite

Method to Establish Strategies for Implementing Process Improvement

According to the Organization’s Context 312Mirna Muñoz, Jezreel Mejia, Gloria P Gasca Hurtado,

Maria C Gómez-Álvarez, and Brenda Durón

User Orientation through Open Innovation and Customer Integration 325Dimitrios Siakas and Kerstin Siakas

Author Index 343

SPI and the ISO/IEC 29110 Standard

in Educational Settings: A Learning Tool

Supporting ISO/IEC 29110

Mary-Luz Sanchez-Gordón1(&), Rory V O’Connor2,

Ricardo Colomo-Palacios3, and Eduardo Herranz1

1 Computer Science Department, Universidad Carlos III de Madrid,

Av Universidad 30, Leganés, 28911 Madrid, Spain mary_sanchezg@hotmail.com, eduardo.herranz@uc3m.es

2

School of Computing, Dublin City University, Glasnevin, Dublin 9, Ireland

rory.oconnor@dcu.ie 3

Faculty of Computer Sciences, Østfold University College,

1783 Halden, Norway ricardo.colomo-palacios@hiof.no

Abstract The software development industry is dominated by a myriad of smaller organizations world-wide, including very small entities (VSEs), which have up to 25 people Managing software process is a big challenge for practi- tioners In 2011, due to the VSEs ’ increasing importance, a set of ISO/IEC 29110 standards and guides were released Although other initiatives are devoted to small entities, ISO/IEC 29110 is becoming the widely adopted standard But it is

an emerging standard and practitioners need to be actively engaged in their learning In this sense, serious games offer the potential to entertain and educate This study shows empirical evidence to support the overall applicability of the game proposed as learning tool Moreover, the results indicate that the learning tool creates a positive experience, and therefore could be used as a strategy to promote the standard.

Keywords: VSE
ISO/IEC 29110
Very small entity
Project management
Game-based learning
Game-based training

1 Introduction

Typically project teams tend to be small, even in large companies In 2011, driven bythe increasing importance of very small entities’ (VSEs) and the growing need forsystems and software life cycle profiles and guidelines, the International Organizationfor Standardization (ISO) and the International Electro technical Commission jointlypublished a set of standards and guides ISO/IEC 29110 [1], which are targeted atmeeting the specific needs of “an enterprise, organization, department or projecthaving up to 25 people” [2,3] The software industry recognizes the value of VSEs incontributing valuable products and services [4, 5], where certain VSEs also providesoftware components that are being assembled in larger software companies in order togenerate critical and intensive software configurations [6] In fact, there are a myriad of

© Springer International Publishing Switzerland 2016

DOI: 10.1007/978-3-319-44817-6_1

small software companies According [4], the OECD (Organization for EconomicCo-operation and Development) SME and Entrepreneurship Outlook report (2005)

“SMEs constitute the dominant form of business organization in all countries wide, accounting for over 95 % and up to 99 % of the business population depending

world-on country”

Previous experiences in software process improvement (SPI) in graduate softwareengineering programs [7] reveled that a large percentage of students attending the SPIcourse were working in small organizations The emphasis on the use of the CMMIframework in that course was gradually reduced to switch to the ISO/IEC 29110.Besides, it may not be appropriate at the undergraduate level to dedicate significant time

of a related course and provide details about process models such as CMMI [8].Likewise, the acceptance level and priority of any type or model of software quality orlifecycle standard in VSEs is very low [9] but the level of awareness of standards andpotential benefits are high Software is a complex product, difficult to develop [10].Accordingly to the Standish Group“a low percentage of successful projects deliveringsoftware on time, on budget, and with required features and functions” VSEs deal withthis fact every day therefore the implementation of controls and structures to properlymanage their software development activities is necessary and challenging [11] Theknowledge and skills required to do that imply training For instance, software engi-neering courses at the university usually consist of lectures along with a small softwareproject [12], but software process is often treated as an additional module to the corecurriculum Trainings in an industry environment are, on the other hand, organized in aworkshop style with theoretical and practical parts interwoven [13] Although ISO/IEC

29110 is well-structured and described in great details in the guides, it is a technical text

on complex subject It is easier than the ISO/IEC 12207 but practitioners couldfindsoftware development difficult to understand and deploy it [14] Thus internationalsoftware standards are considered important in improving the software process butteaching them remains a challenging issue [15,16] Therefore new tools to facilitateteaching and learning process can be useful There is also a growing interest in games forpurposes beyond entertainment [15,17,18] and a consensus that serious games have asignificant potential as a tool for instruction [19] Thus the goal of our study is toinvestigate the potential of a learning tool for the Project Management (PM) process ofISO/IEC 29110

The remainder of this paper is structured as follows: Sect.2presents the background

of this study Section3outlines the learning tool In Sect.4authors report on the results

of the pilot study Section5 summarizes a conclusion as well as outlines future workplans

This section summarizes the ISO/IEC 29110 standard (Sect.2.1) and related work ongames in software engineering (Sect.2.2)

2.1 ISO/IEC 29110

The ISO/IEC 29110 Software engineering— Lifecycle profiles for Very Small Entitiesstandard is aimed to approach Software Engineering and Project Management goodpractices to VSEs It is aimed at addressing the specific needs of VSEs [2,20,21] and totackle the issues of low standards adoption by small companies [9,22–24] Althoughthere is still much work to be completed, there is an increasing interest on the stan-dard [25] There are profile Groups which are a collection of profiles related either bycomposition of processes (i.e activities, tasks), by capability level, or both The

“Generic” profile group has been defined [3] as applicable to a vast majority of VSEsthat do not develop critical software and have typical situational factors To date theBasic Profile [3] and Entry Profile [26] has been published It is worth noting that theEntry profile is contained in the Basic Profile The guides are based on subsets ofappropriate standards elements, referred to as VSE Profiles (ISO/IEC 12207, ISO/IEC

15289, ISO/IEC 15504, ISO 9001) [4,6] The so-called guides are gathered into theISO/IEC 29110 Software engineering — Lifecycle profiles for Very Small Entitiesstandard, which describes processes for project management and software implemen-tation [27] and pretends to facilitate access to, and utilization of, ISO software engi-neering standards in VSEs [5]

Additionally, the guides are available in several languages: English, French,Portuguese and Spanish Moreover, there is a series of Deployment Packages(DPs) and Implementation Guides which are not prescriptive but outline guidelines andexplain in detail the processes defined in the ISO/IEC 29110 profiles in order to assistwith its deployment and to provide guidance on its actual implementation in VSEs [28].DPs are freely available fromhttp://29110.org

2.2 Games in Software Engineering

Given that there are some concepts related to the term“game”, this section include thefollowing discussion which is based on [29, 30] But it is not comprehensive and isonly intended to avoid misconceptions Games are played just for entertainment Theyinclude game thinking, game elements and gameplay Examples are poker, solitaire andmonopoly (see Fig.1)

Fig 1 Examples of games, playful design, gami fication and serious game adapted from [ 29 ]

Playful design or Gameful design is using game-based aesthetics or limitedusability based on game elements in non-game contexts with the purpose of drawingthe user’s attention These elements are used to amuse users and cause an emotionalresponse [29] One successful example is the fail whale from Twitter Rather than aboring old error when twitter is over capacity, they have the Fail Whale (Fig.1-b).Gamification is the use of game design elements in non-game contexts [30] (Fig.1-c).

In recent years, there is a growing interest in gamification [29,31] as well as its cations and implications in thefield of Education since it provides an alternative to engageand motivate students during the process of learning [29] It proved to have potential tosupport education [32], although further research is needed Moreover, there are fewgamification approaches to improve the software development process [33,34], and fewexperiences in education, for example project gamification of an introductory computerscience class [35] and gamified Software Engineering courses [36,37]

appli-Serious games are games designed for non-recreational environments and foreducational purposes The term“serious” is employed because these games can focus

on areas as diverse as economics, education, health, industry, military, engineering, andpolitics [29] The main goal of this sort of training-environment is to convey infor-mation to the user Seen from the perspective of the designer, serious games have allthe elements of a real game (Fig.1-d)— i.e gameplay Therefore, they are completegames whereas gamification is a way of designing products and services with theintention of a system that includes elements from games, not a full‘game proper’ [30].There are only several games related to software PM which have been used in edu-cational area as a supplement to classroom-based teaching with some success [15,38].They fall into two broad groups: work based on computer games, and work based onnon-computerized games Authors focus on the last one because it is simple and fun toplay, and also include relatively low development overhead, tactile immediacy, anddirect face-to-face player interaction [39] — e.g Problems and Programmers (PnP),SimulES, Killer App and PlayScrum Moreover, the international initiative Semat(Software Engineering Methods and Theory) is aiming to collect the core elementsessential to the development of software projects It has games [40] such as SemCards,MetricC, Semat board-crossing and Semat game that are being used as a strategy topromote it In relation to specialized decks of cards are not uncommon in the profes-sional field [41–43] They are used in poker planning, delegation poker, movingmotivators, and so on Moreover, some games have also been designed to teach thepractices, values and concepts behind XP and object-oriented programming, one of thebest known is XP War game

Finally, as far as authors know, there are not any serious games in the state of theart for the ISO/IEC 29110 standard

3 Learning Tool for Project Management Process of ISO/IEC 29110

This section describes different aspects of the learning tool (see our previous work [44]for details about its design Regarding with the key requirement of the learning tool,our approach should be fast, painless and cost-effective because of VSEs having

limited resources That means it should not need software and hardware resources.Therefore, the learning tool for project management of ISO/IEC 29110 could be used

by a wide audience of software engineers at different stage of their career– graduates, graduates or education for industry professionals - in order to promote andprovoke awareness, and ultimately, understanding of the standard Moreover, the gameshould be quick to play, and easy to learn and use in order to create a positive attitudetowards their adoption and eventually promote the introduction of the standard beyondthe academic and research areas Thus, the idea behind non-computerized games wasvery attractive for us because they include relatively low development overhead, tactileimmediacy, and direct face-to-face player interaction as they are simple and fun to play

under-If the game were complex, it would lose most of its effectiveness as a learning tool.And enjoyable is certainly important due to the players would want to play the game.Consequently, authors adopted a familiar and popular game concept: Card Game andauthors created a specialized deck of cards

In order to facilitate comprehension, learning, memory, communication andinference of the PM process, authors define a virtual board and color code based on thefour activities in the PM process Figure2 shows as each activity is a suit: ProjectPlanning (blue), Project Plan Execution (green), Project Assessment and Control(yellow), and Project Closure (red) The white color represents the input and the output

of the PM process– «Statement of Work» and «Software Configuration» Each suit hastwo types of cards: an activity card and a state card The first one depicts the workproducts and has a list of tasks related The second one depicts the possible states ofeach work products

The game can be played between 2 to 5 players, new or relatively new to projectmanagement process They are the project team members and their mission is tocomplete the project management during which each player must develop a set of tasks.Thus, the relationships between the game’s rules and best practices make the last onemore intuitive and easy to remember The Fig.3 depicts the elements of the game:activity and state cards (mentioned before) and card reference guide

Fig 2 An example of Virtual Board

In this study, the proposed gameplay is a variation of our previous study [44] Thetime activity was restricted up to 30 min, including a brief introduction of the game andthe standard Instead of the single elimination tournament, there are two leaderboards:one for teams and one for team members Before starting the game, the participants aregrouped in teams— every team has up to 5 members Then, the cards are distributedamong the team members Thefirst sub-mission starts with the player who holds the

«Statement of Work» activity card The player reads it and asks other players for thetasks, so they raise their hands to answer and he/she will add one point for each correctanswer The player who holds the activity card decides if the answer is valid and places

it faces up on the table to make afirst pile of the virtual board (see Fig.2) After that,the state card should be played by the player who holds it Play continues with the bluesuit until the highest card of it is reached Next, the second and third mission must becarried out in the same way The fourth mission starts with the player who holds the

«Software Configuration» card Finally, the red suit is played The game is over whenplayers run out of cards or time is up The winner of this game is the team that hadmore point

The biggest challenge was the integration of learning content with core mechanic ofthe game in order to gain balance of fun and learning The idea is to provide a participantengagement loop (i.e theflow [45]), which helps player to learn and participate morefrequently and ultimately create planned participant behavior Therefore, the playersinteract with each other and the game In addition, some degrees of accomplishment andwhose outcomes can directly affect the session game were included in order to raise theplayer’s experience Also, some rewarding mechanisms were threaded throughout thegame

4 Pilot Project

Before launching the pilot project, the game was positively evaluated by an expert inthe ISO/IEC 29110 The aim of this study is to provide empirical evidence in order tosupport the overall applicability of the game proposed as learning tool The game was

Fig 3 Elements of the game

applied to three sub-groups: a 16-student sub-group (A) belonging of the course

“Software Engineering” from the National Polytechnic School of Ecuador and30-student group distributed in two sub-groups (B/C) belonging of the course“Soft-ware development projects management” from the Carlos III University of Madrid.The major difference between them is that participants in subgroup C were studying adual degree in Computer Science Engineering and Business Administration After thegame, it was applied a 20-item survey with the aim of gathering information from theplayers It is important to note that this survey has been used in our exploratory studyabout the design of this tool [44] The results are summarized as follows

Table1shows an overview of the background of the participants in this study All theparticipants (39 men and 7 women) accepted voluntarily to take part in the study Onlythree of them had previous Software Engineering experience in the industry Three gamesessions were held, one per sub-group, in two countries Participants heard about thestandard for thefirst time during the sessions Two sessions lasted about 20–25 min Theother one lasted less (10–15 min) It was observed that participants in Ecuador over-whelmingly (100 %) agreed that would like to play again Whilst 37 % of participants inSpain would not want to play again the reason behind could be that one of the sessionslasted less than 15 min such as one participant point out“a short time to assimilate therules and performance” and other one claims “more time is required to play”

Table2 summarizes the answers of all participants about the game in terms ofarithmetic means and standard deviation Responses were based on afive-point Likertscale ranging from“Strongly Disagree” (1) to “Strongly Agree” (5) Authors can seethat two groups arose from the data In thefirst group, the means vary between 4.04 and3.70 74 % of students stated that they were involved and engaged during the gamewhile 78 % of participants pointed it was fun It is worth noting that 30 % of out of thetotal strongly agreed with the last statement In addition, 70 % of participants reportthat the game is an alternative to a traditional classroom activity Although 63 % of theparticipants kept themselves interested during the game when authors analyzed the rawdata, the remaining 35 % was neutral and 56 % of them are belonging to the sub-group

C therefore the short playing time could be a disruptive factor as exemplified by the

Game Length per round (minutes) 20-25 10-15 20-25

Would Play Again (YES/NO) 16/0 9/7 10/4

next quotes from two of the participants“It [the game] is not well understood it would

be better if you will understand it” and “It [the game] may be interesting, but there wasnot time neither was clear what had to be done” The rest (2 %) belongs to oneindividual In this group, 67 % of the students also pointed that the game design isuseful They think that the game has a meaningful design because the cards includecolor coding and numbered linked with the processesflow Once again, authors ana-lyzed the raw data the 47 % of the remaining (33 %) are belonging to the sub-group C

In addition to the aforementioned quotes from this sub-group C another respondentstating that“… It [the game] was explained too fast”

In the second group, the means vary between 3.41 and 3.28 Authors note that 43 %

of the students say that they improved their knowledge on the standard and 48 % of therespondents report that they are more encouraged to know more about the standard.Therefore, no indication for a significant difference on learning effectiveness could beshown In order to understand the lowest scores, the data were analyzed by participantand by answers 9 participants (20 % of the respondents) strongly disagree with some ofthe six issues studied - i.e 100 % of these answers not included the issues: Fun Factorand Knowledge acquisition However 4 of them (45 %) are belonging sub-group C Andanother 12 participants (26 % of the respondents) disagree with some of the six issuesstudied - i.e 100 % of these answers not included the issues: Engaging and Kept MeInterested However 7 of them (58 %) are belonging sub-group C Authors can see that ashort playing time can affect perceptions of the players during the game and after.Moreover, the lowest scores in each issue, excluding Encourage to Knowledge,appeared as outliers point when Pierces criterion were applied [46] (see Table3) Inorder to do that, we obtained R from the table for one measured quantity assuming onedoubtful observation and 46 measurements: R = 2.560 Then, authors calculated themaximum allowable deviation |xi – xm| max= R * SD = 2.92 where xiis a measureddata value and xm is the mean of the data set Finally, authors obtained the actualdeviations for the suspicious measurements |xi– xm| = 3.04 and authors eliminated thesuspicious measurements if: |xi – xm| > |xi – xm| max As a result, there are 8 respon-dents (17 %) strongly disagree with five issues: Participant Involvement, Engaging,Kept Me Interested, Alternative to Classroom and Useful Design and disagree with theissue Fun Factor

Table 2 Frequencies, mean and standard deviation

1 2 3 4 5 Mean Standard

Deviation Participant Involvement 1 6 5 12 22 4.04 1.141252

The two open questions shed light on the above results Certainly, one importantissue is that everyone has enough playing time as before mentioned In general, themost respondents commented that the game was interesting, fun, didactic and intuitive

as exemplified by one respondent “I think it was an interesting and funny experience”another participant stated “Thus it is much easier to learn the ISO” Most playerspositively embraced the game as someone put it concisely“It is a good experience…”with another respondent confirming that “It [game] has a great future” The gameplayenvironment forced participants become familiar with the ISO/IEC 29110 standard.Finally, the respondents suggested (i) make more iterations of the game, and (ii) create

a game mechanics to link task

5 Conclusions and Future Work

This paper describes the proposal of a learning tool, which is based on a serious game

as a way to understand and support the project management process and activities ofthe ISO/IEC 291110 standard The main limitation is the sample size of the studywhich was limited Although it consisted of a pilot project carried out among students

in two countries, Ecuador and Spain The learning tool allows learners to gain anunderstanding of the standard quickly that might otherwise have been poorly under-stood or overlooked altogether Indeed, the card game could be used as a checklist andsupport the project management in both academic and professional settings, but furtherstudy is needed The present findings are consistent with the previous one [44],although there is a variation of gameplay, the game seems to be fun, immersive andcertainly involve the participants Nevertheless short playing time could be a disruptionand the participants suggest“make more iterations of the game” Finally, the resultsgive us confidence that this is a positive experience Therefore, the game could be used

as a strategy to promote the standard and show practitioners that learning a standarddoes not have to be boring and painful In future work, authors propose to focus onimproving the game mechanics in order to make the game as simple as possible, but nosimpler Moreover, authors are planning to increase the sample size and the learningtool could eventually become a software application

Table 3 Pierces criterion Mean Standard Deviation Pierce’s Criterion

R * SD |x i – x m | Participant Involvement 4.04 1.141253 2.92 3.04

Acknowledgments The authors would like to thank Sandra Sanchez-Gordon, who is tutor of course “Software Engineering” of the National Polytechnic School of Ecuador Also, a special thanks to all the students in Ecuador and Spain, who participated in the evaluation of the game.

2011 CCIS, vol 155, pp 227–230 Springer, Heidelberg (2011)

3 International Organization for Standardization (ISO): Software engineering – Lifecycle profiles for Very Small Entities (VSEs) Part 5-1-2: Management and engineering guide: Generic profile group: Basic Profile, Geneva (2011)

4 ISO/IEC: ISO/IEC TR 29110-5-1-1:2012 Software engineering – Lifecycle profiles for Very Small Entities (VSEs) – Part 5-1-1: Management and engineering guide: Generic profile group: Entry pro file (2012)

5 Laporte, C.Y., April, A., Renault, A.: Applying ISO/IEC software engineering standards in small settings: historical perspectives and initial achievements In: Proceedings of SPICE Conference, Luxembourg (2006)

6 Moreno-Campos, E.J., Sanchez-Gordón, M.-L., Colomo-Palacios, R.: ISO/IEC 29110: current overview of the standard Rev Procesos M étr 10, 24–40 (2013)

7 Laporte, C., O’Connor, R.: Software process improvement in graduate software engineering programs Presented at the Proceedings of the 1st International Workshop on Software Process Education, Training and Professionalism, Sweden, June 2015

8 Biberoglu, E., Haddad, H.: A survey of industrial experiences with CMM and the teaching

of CMM practices J Comput Sci Coll 18, 143–152 (2002)

9 Sanchez-Gordon, M.-L., O’Connor, R.V., Colomo-Palacios, R.: Evaluating VSEs viewpoint and sentiment towards the ISO/IEC 29110 standard: a two country grounded theory study In: Rout, T., O’Connor, R.V., Dorling, A (eds.) SPICE 2015 CCIS, vol 526, pp 114–127 Springer, Heidelberg (2015)

10 Fuggetta, A., Di Nitto, E.: Software process In: Proceedings of the on Future of Software Engineering, pp 1 –12 ACM, New York (2014)

11 O’Connor, R.V., Laporte, C.Y.: An innovative approach to the development of an international software process lifecycle standard for very small entities Int J Inf Technol Syst Approach 7, 1–22 (2014)

12 Baker, A., Oh Navarro, E., van der Hoek, A.: An experimental card game for teaching software engineering processes J Syst Softw 75, 3 –16 (2005)

13 Kuhrmann, M., Fernández, D.M., Münch, J.: Teaching software process modeling In: Proceedings of the 2013 International Conference on Software Engineering, pp 1138 –1147 IEEE Press, Piscataway (2013)

14 Borstler, J., Carrington, D., Hislop, G.W., Lisack, S., Olson, K., Williams, L.: Teaching PSP: challenges and lessons learned IEEE Softw 19, 42–48 (2002)

15 Aydan, U., Yilmaz, M., O’Connor, R.V.: Towards a serious game to teach ISO/IEC 12207 software lifecycle process: an interactive learning approach In: Rout, T., O’Connor, R.V., Dorling, A (eds.) SPICE 2015 CCIS, vol 526, pp 217–229 Springer, Heidelberg (2015)

16 Heredia, A., Colomo-Palacios, R., de Amescua-Seco, A.: A systematic mapping study on software process education In: Proceedings of 1st International Workshop on Software Process Education, Training and Professionalism, pp 7 –17 Ceur Workshop Proceedings, Gothenburg, Sweden (2015)

17 Kosa, M., Yilmaz, M.: Designing Games for Improving the Software Development Process In: O’Connor, R.V., Umay Akkaya, M., Kemaneci, K., Yilmaz, M., Poth, A., Messnarz, R (eds.) EuroSPI 2015 CCIS, vol 543, pp 303 –310 Springer, Heidelberg (2015) doi: 10 1007/978-3-319-24647-5_25

18 Yilmaz, M., Saran, M., O ’Connor, R.: Towards a quest-based contextualization process for game-based learning In: Busch, C (ed.) 8th European Conference on Games Based Learning, Academic Conferences and Publishing International Limited, pp 645–651 Academic Conferences International Limited (2014)

19 Bellotti, F., Kapralos, B., Lee, K., Moreno-Ger, P., Berta, R.: Assessment in and of serious games: an overview Adv Hum Comput Interact 2013, 1 –11 (2013)

20 O’Connor, R.V., Laporte, C.Y.: Towards the provision of assistance for very small entities

in deploying software lifecycle standards In: Proceedings of the 11th International Conference on Product Focused Software (PROFES 2010), pp 4–7 ACM (2010)

21 O’Connor, R.V., Laporte, C.Y.: Using ISO/IEC 29110 to harness process improvement in very small entities In: O`Connor, R.V., Pries-Heje, J., Messnarz, R (eds.) EuroSPI 2011 CCIS, vol 172, pp 225–235 Springer, Heidelberg (2011)

22 Coleman, G., O ’Connor, R.: Investigating software process in practice: a grounded theory perspective J Syst Softw 81, 772–784 (2008)

23 O ’Connor, R., Coleman, G.: Ignoring “best practice”: why Irish software SMEs are rejecting CMMI and ISO 9000 Australas J Inf Syst 16 (2009)

24 S ánchez-Gordón, M.-L., O’Connor, R.V.: Understanding the gap between software process practices and actual practice in very small companies Softw Qual J 24, 549–570 (2015)

25 Moreno-Campos, E., Sanchez-Gordón, M.-L., Colomo-Palacios, R., de Amescua Seco, A.: Towards measuring the impact of the ISO/IEC 29110 standard: a systematic review In: Barafort, B., O’Connor, R.V., Poth, A., Messnarz, R (eds.) EuroSPI 2014 CCIS, vol 425,

pp 1 –12 Springer, Heidelberg (2014)

26 International Organization for Standardization (ISO): Software engineering — Lifecycle pro files for Very Small Entities (VSEs) — Part 5-1-1: Management and engineering guide: Generic profile group: Entry profile, Geneva (2012)

27 Varkoi, T., Mäkinen, T.: A process assessment model for very small software entities In: Rout, T., Lami, G., Fabbrini, F (eds.) Process Improvement and Capability Determination in Software, Systems Engineering and Service Management Proceedings of 10th International SPICE Conference 2010, Pisa, Italy (2010)

28 Laporte, C.Y., O’Connor, R.V., Paucar, L.H.G.: The implementation of ISO/IEC 29110 software engineering standards and guides in very small entities In: Maciaszek, L.A., Filipe,

J (eds.) ENASE 2015 CCIS, vol 599, pp 162–179 Springer, Heidelberg (2016) doi: 10 1007/978-3-319-30243-0_9

29 de Sousa Borges, S., Durelli, V.H.S., Reis, H.M., Isotani, S.: A systematic mapping on gamification applied to education In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp 216 –222 ACM, New York (2014)

30 Deterding, S., Dixon, D., Khaled, R., Nacke, L.: From game design elements to gamefulness: de fining “gamification.” In: Proceedings of the 15th International Academic MindTrek Conference: Envisioning Future Media Environments, pp 9–15 ACM, New York (2011)

31 Pedreira, O., García, F., Brisaboa, N., Piattini, M.: Gamification in software engineering – a systematic mapping Inf Softw Technol 57, 157–168 (2015)

32 von Wangenheim, C.G., Thiry, M., Kochanski, D.: Empirical evaluation of an educational game on software measurement Empir Softw Eng 14, 418–452 (2008)

33 Herranz, E., Colomo-Palacios, R., de Amescua Seco, A., Yilmaz, M.: Gami fication as a disruptive factor in software process improvement initiatives J Univers Comput Sci 20,

885 –906 (2014)

34 Yilmaz, M., Yilmaz, M., O’Connor, R.V., Clarke, P.: A gamification approach to improve the software development process by exploring the personality of software practitioners In: Clarke, P.M., O’Connor, R.V., Rout, T., Dorling, A (eds.) SPICE 2016 CCIS, vol 609,

pp 71 –83 Springer, Heidelberg (2016) doi: 10.1007/978-3-319-38980-6_6

35 Sheth, S., Bell, J., Kaiser, G.: A competitive-collaborative approach for introducing software engineering in a CS2 class In: 2013 IEEE 26th Conference on Software Engineering Education and Training (CSEE&T), pp 41 –50 (2013)

36 Barata, G., Gama, S., Jorge, J., Goncalves, D.: engaging engineering students with gami fication In: 2013 5th International Conference on Games and Virtual Worlds for Serious Applications (VS-GAMES), pp 1–8 (2013)

37 Thomas, C., Berkling, K.: Redesign of a gami fied software engineering course In: 2013 International Conference on Interactive Collaborative Learning, pp 778–786 (2013)

38 Calderón, A., Ruiz, M.: Coverage of ISO/IEC 12207 software lifecycle process by a simulation-based serious game In: Clarke, P.M., O ’Connor, R.V., Rout, T., Dorling, A (eds.) SPICE 2016 CCIS, vol 609, pp 59–70 Springer, Heidelberg (2016) doi: 10.1007/ 978-3-319-38980-6_5

39 Jaramillo, C.M.Z., Alvarez, M.C.G.: Incorporating playful activities in the software engineering teaching Dev Bus Simul Exp Learn 41, 248 –255 (2014)

40 Zapata-Jaramillo, C.M., Lopez, M.D.R., Sanchez, R., Pinzon, L., Jimenez, D., Arango, E.: SEMAT GAME: applying a project management practice Dev Bus Simul Exp Learn 42, 133–143 (2015)

45 Abuhamdeh, S., Csikszentmihalyi, M.: The importance of challenge for the enjoyment of intrinsically motivated Goal-Directed Activities Pers Soc Psychol Bull 38, 317–330 (2012)

46 Ross, S.M.: Peirce’s criterion for the elimination of suspect experimental data J Eng Technol 20, 38 –41 (2003)

Engineering Process Standard in a Small

Public Transportation Company

Claude Y Laporte1(&), Nicolas Tremblay1, Jamil Menaceur2,

and Denis Poliquin2

1 École de technologie supérieure, Montréal, Canada Claude.Y.Laporte@etsmtl.ca, nicolas.tremblay.9@ens.etsmtl.ca

2 CSiT, Montréal, Canada {jamil.menaceur,den-is.poliquin}@csintrans.com

Abstract The recently published ISO/IEC 29110 for systems engineering has been used as the main framework for the development of the management and systems engineering processes at CSinTrans Inc (CSiT), a Canadian company, founded in 2011 CSiT specializes in the integration of communication and security systems in transit industry such as trains, subways and buses as well as railway stations, subway stations and bus stops CSiT approved an internal project to de fine and implement project management and systems engineering processes The project’s history, purpose and rationale that prompted CSiT to adopt the new systems engineering process standard are presented The imple- mentation of the ISO/IEC 29110 is described The reflections and decisions made during the implementation are presented Recommendations and advice for organizations wanting to implement ISO/IEC 29110 are described ISO/IEC

29110 has helped raise the maturity of the young organization by implementing proven practices and developing consistent work products from one project to another ISO/IEC 29110 was a good starting point to align processes of CSiT with practices of CMMI® ISO/IEC 29110 has helped CSiT with developing light processes as well as remaining flexible and quick in its ability to respond to its customers.

Keywords: Very small entities
VSEs
ISO/IEC 29110
Systems engineering
Process
Standards

1 Introduction

CSiT is a Canadian company, established in 2011 in Montreal, specializing in theintegration of interactive systems, communication and security in the domain of publictransport such as trains, subways and buses and railway stations, stations and stopsBus In transit industry, customers often require a CMMI® [1] maturity level fromsuppliers such as CSiT An independent evaluation confirming a CMMI® maturitylevel 2 increases the opportunity of winning contracts Similarly, to ensure better work

© Springer International Publishing Switzerland 2016

DOI: 10.1007/978-3-319-44817-6_2

coordination and reduce risks, customers in this industry prefer working with maturesuppliers in order to get timely quality products and within the agreed budget.

2 ISO/IEC 29110 Software and Systems Engineering

Standards and Guides

As defined in ISO/IEC 29110 (ISO 29110 hereon), a Very Small Entity (VSE) is acompany, an organization (e.g government, not-for profit), a department or a projecthaving up to 25 people [2] VSEs can play different roles in systems engineering: either

as suppliers or integrators, and sometimes both Since most large organizations arestructured in a way to be more manageable (e.g project, department), VSEs are present

at all stages of a product manufacturing chain

A four-stage roadmap, called ISO 29110 profiles, has been developed for VSEs that

do not develop critical systems or critical software: Entry, Basic, Intermediate andAdvanced profiles VSEs targeted by the Entry profile are those working on smallprojects (e.g., at most six person-months of effort) and for start-ups The Basic profiledescribes the development practices of a single application by a single project team.The Intermediate profile is targeted at VSEs developing multiple projects with morethan one team The Advanced profile is targeted at VSEs wishing to sustain and grow

as independent competitive businesses

ISO 29110 has been successfully implemented in VSEs developing software(SW) in many countries [3] ISO 29110 has been implemented, amongst others, in ITstart-ups in Canada [4], in Peru [5] and in a VSE co-located in Tunisia and in Canada[6], in a largefinancial institution [7] and in a large utility provider [8] VSEs that haveimplemented ISO 29110 management and engineering guides have improved one ormore aspects of competitiveness (e.g quality, cost, schedule) As an example, projectsusing ISO 29110 for the first time had only 10 % to 18 % of rework A Canadiandivision of a large American engineering company has developed and implementedproject management processes for their small-scale and medium-scale projects Theengineering organization used the Entry and Basic profiles of ISO 29110 for thedevelopment of their small and medium scale project management processes Ananalysis of the cost and the benefits of the implementation of their small and mediumscale project management processes was performed using an ISO economic benefits ofstandard methodology The engineering enterprise estimated that, over a three-yeartimeframe, savings of about 780,000CA$ would be realized due to the implementation

of project management processes using ISO 29110 [9,10]

Systems, in the context of ISO/IEC 29110, are typically composed of hardware andsoftware components The systems engineering (SE) ISO 29110 has been developedusing, as its main frameworks, the SW ISO 29110 [11] and ISO/IEC/IEEE 15288 [12].With some exceptions, document descriptions are based on ISO/IEC/IEEE 15289 [13].The SE Basic profile, as illustrated in Fig 1, is composed of two processes: ProjectManagement (PM) and System Definition and Realization (SR) [14] An acquirer (i.e acustomer) provides a Statement of Work as an input to the PM process and receives aproduct as a result of SR process execution

The SE ISO 29110 standard and guides are designed to work hand-in-hand with the

SW ISO 29110 guides ISO 29110 does not impose a specific life cycle model,therefore leaving VSEs free to choose the model that best suits their needs among thecascade, iterative, incremental, evolutionary and agile models Similarly, ISO 29110does not impose a specific method to its users [15]

Beside the published SW Entry and Basic profiles, the SE Entry profile [16] and the

SE Basic profile [14] have been published The SE Intermediate profile developmentshould be completed in 2016 and published in 2017 The SE Advanced profiledevelopment should start in 2017 and should be published in 2018 The SE Basicprofile guide is freely available in English and French from ISO The German chapter

of INCOSE (International Council on Systems Engineering), GfSE (Gesellschaft fürSystems Engineering e.V.), has sponsored the translation of the systems engineeringBasic profile The German standard organization DIN (Deutsches Institut für Normung)should publish in 2017 the Basic profile in its catalogue Finally, a translation in Arabic

is led by a member of (International Council on Systems Engineering) INCOSE

3 Motivations and Objectives of the Implementation of ISO

29110 at CSiT

Shortly after its creation in 2011, CSiT learned that an event in Montréal would be held

on the new ISO 29110 management and engineering guide for systems engineering.This standard was seen as a good starting point towards implementing CMMI level 2.Thus, CSiT has undertaken a new project to implement the ISO 29110 standard toguide the project management and system development activities The Intermediateprofile was targeted as it applies to VSEs that conduct several projects simultaneouslywith more than one team However, the Basic profile was selected since the Inter-mediate profile was not published when the project was initiated at CSiT

Fig 1 Processes and activities of the ISO 29110 systems engineering Basic pro file [ 14 ]

3.1 Motivations for the Implementation of Project Management

and Engineering Processes

Several factors prompted CSiT to develop and document their processes Theirfirstprojects were based on employees’ experience as well as recognized practices Thisapproach was effective and agile, but it was not possible to produce consistent deliv-erables from one project to another and be able to demonstrate that the work could bedone over again since these practices were not documented into company’s processes.Also, since there were no templates or checklists, project management and productdevelopment activities were done rather informally Finally, considering business andnature of projects of CSiT, customers often require proof demonstrating rigorous workand a level of maturity

The company considered the development and implementation of processes as aneed, in other words the situation could become problematic if no action was taken.Specifically, the lack of a CMMI maturity level or compliance with internationalstandards, such as ISO 29110, was not an option CSiT wanted to ensure the com-pany’s growth and show its expertise and organizational maturity to its customers.Guidance for the implementation project To avoid making the process cumber-some and producing too many documents, participants gave themselves 2 sets ofguidelines:

• For processes, the guideline was to add tasks not described in the SE Basic profileonly if they bring value to the context and projects of the company or provide analignment with CMMI level 2

• For document templates, the guidelines were:

– Group different documents into one where possible;

– Each template’s section must be relevant and applicable If a section does notprovide added value, it should not be included

4 Approach to the Implementation of the SE ISO 29110

at CSiT

Thefirst phase of the improvement project was to determine the set of documents to beproduced during a typical project and how they should be organized in the documentstructure of the company Thefive types of documents (i.e policy, process, procedure,standard, support material) at the foundation of the company’s quality system areillustrated in Fig.2

For the moment, CSiT decided to leave aside the creation of training materialbecause this material can take time to develop and does not really bring value at thistime The company prefers to promote interactive training in person rather than thereading of a document or the viewing of a presentation Documented processes of thecompany can be used as training material for new employees

4.1 Processes and Procedures Description

To better respond to different types of projects, CSiT decided to develop three processgroups (i.e light, standard, full), each being adapted to meet the attributes of projectssuch as the size and nature Table1shows the three process groups and the frameworks

to be used as reference

Fig 2 Identi fication of documents and their relationships

Table 1 Classification of CSiT processes Light process Standard process Full process

Product Deployment at Customer Site

Product intended to

be installed at Customer Site

Product intended to be installed at Customer site

Small Project Medium Project Large Project

ISO/IEC TR 29110-5-6-2 - Basic profile +

CMMI - Supplier Agreement Management

CMMI (Level 2)

4.2 Using the Management and Engineering Guide of ISO 29110

To document CSiT processes, the management and engineering guide of ISO 29110 SEBasic profile was used as the main reference The SW management and engineeringguide of ISO 29110 Basic profile was also used as a reference to complement the SEguide The SW guide was used to document processes involving the development of

SW elements of a system It is during the execution of the System Construction activity

of the SE Basic profile that software components are developed Then, in the nextactivity, as illustrated in Fig.1, hardware and software components are integrated

4.3 Using Deployment Packages

Members of the INCOSE VSE working group have created Deployment Packages(DPs) to facilitate the adoption and implementation of ISO 29110 [17] These freeresources, available on Internet, have been used to support the documentation of CSiTprocesses Figure3shows the SE set of DPs

4.4 Process Documentation

For the description of processes, CSiT decided to break down processes into activitiesand tasks There are two reasons for this representation First, this representation issimple and it is commonly used in industry and literature Second, it is consistent withISO 29110, which is structured the same way

It was decided that documentation of CSiT processes would consist of two parts: agraphical part and a textual part Each of these parts has different but complementarygoals The graphical part is primarily targeted at“experts”, while the textual part istargeted mainly at“beginners” (e.g a new employee) or an intermediate user (e.g anemployee who has participated to an engineering project) [18,19]

The ETVX notation (i.e Entry-Task-Validation-eXit) was developed in the 80s byIBM [20] Given its simplicity of use, this notation has been adopted by many

Fig 3 Deployment packages to support the SE Basic profile

organizations The template for the graphical description of the activities and tasks isshown in Fig.4 The textual part is a detailed description of activities, tasks andinteractions between the activities of a process The textual part describes the tasks, i.e.what to do, and the roles associated with each task.

At CSiT, the format used to describe the activities is the notation used in the DPs ofISO 29110 Some adjustments were made to add a few attributes, such as measures tocollect, entry criteria and exit criteria

4.5 Techniques Used to Help Defining and Implementing ISO 29110

The Basic profile presents the project management and development processes using awaterfall lifecycle to simplify its understanding However, the ISO 29110 guideindicates that it does not require the waterfall lifecycle, leaving VSEs to use thelifecycle that best suits their needs Thus, CSiT decided to develop their own lifecyclemodels: a project lifecycle and a system development lifecycle The definition of theselifecycle models have facilitated the description of the processes because they provided

a clear understanding of when the processes need to be executed In addition, thelifecycles have shown the importance of some processes that are not mentioned in thestandard, but that must be used during the execution of projects For example, it ispossible that the company has to perform validation tests on the customer’ site, to getthefinal acceptance of the system For CSiT, this type of work is essential and wasdocumented as a separate process

Fig 4 Template for the graphical part of an activity

4.6 Identification of Verification, Validation and Acceptance Activities

Applicable to Work Products

An important decision, made during the development of CSiT’s processes, was todetermine the types of peer review activities to be applied to the various work products

of a project ISO 29110 states that verifications of work products must be made, butwithout specifying the type This leaves VSEs free to decide what best verificationmethod applies to their context For each deliverable, a decision was made for theadequacy or the need to perform at least one type of peer review Four types of reviewswere selected: personal review, desk-check, walkthrough and inspection

For each review, the output documents have been defined The four types ofdocument are: a document review report, an annotated document, minutes of meetingand a completed checklist Table2 illustrates an example of the type of verification,validation and acceptance activities selected for the System Requirement Specification.ISO 29110 defines the roles needed to produce and review the project deliverables(documentation and product components), but it does not define the roles of the peoplewho must approve and/or sign deliverables before they are sent to a customer, asupplier or other external stakeholders The right side of Table2 indicates, for eachdeliverable, whether or not an internal approval is needed, whether or not it should besent to the customer and whether or not a customer approval is required If needed, thetable could easily be tailored to meet the needs of a specific project

4.7 Selection of Measures

The ISO 29110 management and engineering guide lists the tasks associated to thecollection and use of measures (e.g resource, cost, time) The Basic profile does notdetail how to collect and analyze the measures The Intermediate and Advanced pro-files will provide more details about the collection, analysis and utilisation of measures.The selection of measures was based on two principles: (1) a measure must meet acompany’s needs for information and, (2) a measure must be easy to collect andanalyze A subset of the measures selected is described in Table3

An electronic time sheet has been established to record the number of hours worked

on each work product of a project The timesheet allows to classify efforts in 3 gories: (1) efforts spent on the initial production of a work product; (2) efforts spent onreviewing it; (3) efforts spent on correcting identified defects This data providesvaluable information when improving a process or a work product

cate-Table 2 Subset of the veri fication, validation and acceptance activities

4.8 Traceability Between Work Products

ISO 29110 includes tasks to trace information between work products Based on thesetasks, a graphical representation was set up to show how traceability is generatedbetween the various work products of CSiT Only a few adjustments were made to thetasks of ISO 29110 to better reflect the context of CSiT:

• Traceability between unit tests and detailed design elements has been added

• Traceability between the detailed design and architecture document has been

defined as optional This customization does not cause any problem for compliancewith ISO 29110 since this type of traceability is not mentioned

• Names of ISO 29110 documents have been adapted to fit documents’ titles used byCSiT

4.9 Definition of a Supplier Management Process

Since CSiT is a system integrator, the company uses suppliers for the purchase anddevelopment of components that will be used in a product Therefore, it was imperativefor CSiT to establish a supplier management process that defines how to work withthem and to reduce project risks The SE Basic profile has only a few tasks about the

‘make or buy’ decisions and follow-up actions (e.g document, review and issue apurchase order) Unfortunately, the current version of the SE Basic profile does notdescribe a supplier management process This process will be included in the Inter-mediate and Advanced profiles The CMMI® for Development has been consulted,

Table 3 Subset of process and product measures Measure

ID

MET-01 Number of errors detected by

document type and by phase of the

development cycle

To know the overall quality of each work product

MET-02 Number of hours worked for each

phase of the system development

cycle

To be able to use the performance of past projects to estimate new projects MET-03 The cost of each project

MET-04 The attributes of each project:

Number of change requests;

Level of risk;

Predominance hardware/software.

MET-05 Distribution of effort related to the

production, review and correction

of deliverables

To be able to analyze the efficiency of processes on product quality MET-06 Resources spent versus those that

were planned in the project plan

To be able to analyze if the project is successful, to identify gaps and take the necessary remedial action

as well as ISO/IEC/IEEE 15288, the INCOSE SE Handbook [21] and the PMBOK®Guide [22] The documentation of this process led to the creation of additional tem-plates: request for proposal, supplier selection matrix, purchase order and purchaseagreement Also, three new sections have been added to the project plan of the SE ISO

29110 Basic profile: a list of acquisitions and potential suppliers, an acquisitionplan/strategy, and a supplier management plan

5 Coverage Between Frameworks

As mentioned earlier, the goal of the process project was to implement the SE Basicprofile of the ISO 29110 and to complement it with CMMI level 2 requirements Inorder to determine the achievement of this objective, an analysis of the coverage ofCSiT processes was performed This analysis was done in two stages First, the cor-respondences between the CSiT processes with ISO 29110 have been defined Then,connections between the processes of CSiT and those of CMMI were defined

An analysis confirmed that the processes of CSiT fully cover the objectives andtasks of the processes defined in the Basic profile During this analysis, mappings andtailoring have been documented This documentation also explains the tailoring deci-sions of CSiT

The mapping of CSiT processes with CMMI-DEV level 2 process areas, illustrated

in Table4, revealed that many of the generic practices and specific practices arecovered However, some practices still remain to be implemented or improved

An analysis of the coverage of CSiT processes with CMMI-DEV level 3 processareas has also been completed

6 Bene fits for the VSE

Two categories of benefits were observed by CSiT: observable benefits in day-to-dayproject activities and benefits to the VSE as a business The day-to-day benefits to theVSE are:

• Standardized work and consistent deliverables across projects

• Avoids reinventing the wheel for each project

Table 4 Approximate coverage of CSiT processes to CMMI-DEV

CMMI-DEV Level 2 – Process Areas Percentage of Coverage

Configuration Management 50–70 %

Measurement and Analysis 20 –40 %

Project Monitoring and Control 70–90 %

• Work is done in a systematic and disciplined way

• Better quality of deliverables and products

• Better project management and project monitoring

• Reduction of project risks

• Better communication within the team because the semantic of communication isstandardized

CSiT obtained the following business benefits as a result of the of their effort to

define and improve their processes:

• Better credibility to bid on tenders

• Access to markets that require certification of a quality system in line with thebusiness practices of the company

• Better recognition of the quality of work done and products developed

• Better trust from customers and business partners

• An important step towards a maturity level of the CMMI (a CMMI level is arequirement of some customers)

7 Implementation of ISO 29110 and Self-assessment

and Audit

In 2012, CSiT started the development of a product suite called‘TRANSIS’ TRANSIS

is a multimodal information data integration system with interactive extensions foroperators and users of public transport This project was intended to apply the pro-cesses and adjust them if necessary, ensuring a gradual adoption of the new workmethods CSiT has tested the degree of implementation of its processes in theTRANSIS project To do this, the self-assessment score sheet of ISO 29110 was used.This score sheet was used to indicate the activities, tasks and documents producedduring a project and determine the level of compliance with the standard At the middle

of the project, an assessment showed that most of the project management and systemdevelopment tasks have been executed The tasks that have not yet been covered will

be executed in subsequent phases of the TRANSIS project Recently, the processes ofCSiT, based on the Basic Profile of the ISO 29110, have been successfully audited by athird-party audit composed of 2 independent auditors One member of the audit teamwas a systems engineering domain expert

Resulting from the development and implementation of project management andsystem engineering processes at CSiT, a set of recommendations was developed to helpVSEs in implementing ISO 29110 Table5 describes our mains recommendations