Welcome Login

You are here

Interact Question #4 – Quality/Technical Certifications

In an effort to assure customers that the GSA Alliant 2 GWAC program will maintain the highest levels of Information Technology (IT) services by awarding to premier IT contractors with quality/technical competencies, the GSA Alliant 2 GWAC program is considering adding requirements of generally accepted certifications as criteria for the next Alliant 2 family of GWAC contracts (Alliant 2 and Alliant 2 Small Business). The quality/technical certifications that are emerging thus far as appropriate for consideration are ISO 9000 series and CMMI.

  • Are there any other generally accepted certifications that the government should consider?

As always, we appreciate your valuable input and commentary.


Views: 1444


<p>We applaud those firms that support the standards referenced in this discussion - ISO 9001, ISO/IEiC 20000-1, and CMMi - however, we are leaving out an equally important standard - ISO/IEC 27000 Information Security Management System (ISMS) series. With data breaches in the public and private sector reported on an almost weekly basis, GSA might consider including registration to the ISO/IEC 27000 ISMS standard as a desired feature of a contractor&#39;s proposal - perhaps, awarding additional points.</p>
<p>There are lots of small businesses with CMMI Level 2 or 3 appraisals. There are others with ISO:9001 certifications. A few have both. And then there are many small businesses with neither. It&#39;s great that GSA is requesting input on this but please do a little Googling to identify the perspective from which commenters are providing input on this particularly contentious issue.</p><p>Some key considerations we would recommend GSA examine include:</p><ul><li>If you require CMMI appraisal (at any level), make sure the company has been appraised by an SEI-accredited appraiser, and that their name is included on the CMMI Institute Published Appraisal Results system (https://sas.cmmiinstitute.com/pars/pars.aspx).</li><li>Acknowledge that the government obtains unique benefits by having the process repeatability of CMMI&nbsp;<em><strong>and</strong></em>&nbsp;the quality assurance management of ISO. They are NOT the same. Each has value by itself, and together they provide continual improvement of a repeatable process.</li><li>Acknowledge the difference between CMMI Level 2 and Level 3, and its value to GSA in determining the process-adherence of companies with each.</li><li>Consider whether CMMI Level 4 or Level 5 provides benefits to the government at the GWAC level. (We would argue they do not, although they may be essential for some high-performance engineering and military task orders.)</li></ul><p>Finally, GSA should remember that CMMI and ISO are merely indicators of process maturity and commitment to quality assurance. At best, they indicate that a company is&nbsp;<em>more likely to be successful</em>&nbsp;in executing work under A2 or A2SB. Consequently:</p><ul><li>To assess true quality of offerors&#39; work, GSA should identify awards and recognitions bestowed upon bidders by GWAC users (e.g. customer agencies), and key success criteria (e.g. cost savings, metric-based performance indicators) that will be of value to future GWAC users.</li><li>To ensure solid performance at the GWAC level, GSA should assess contract management, marketing/outreach, and other key considerations, separately to quality certifications.</li></ul><p>&nbsp;</p>
Alliant 2 Blogger (not verified)
<p><span id="docs-internal-guid-9eb5c6b2-b451-38ce-f047-9a462c21849b"><span style="font-size: 15px; font-family: Arial; color: rgb(76, 76, 76); vertical-align: baseline; white-space: pre-wrap;">@dgcassidy: Thank you for your feedback. Careful consideration will be given as we continue to move forward with our research. </span></span></p>
AS9000 is not directly relevant to the IT industry and would unreasonably favor those companies that are primary Aerospace centric but also provide IT services. Would suggest that GSA considers more relevant IT certifications such as ITIL, PMP, Scrum Master, CISP etc. Also CMMI Level 3 is now the minmum entry level and therefore suggest GSA provides extra credit for organizations that are CMMI Level 4 and 5.; In addtion, there should be some recognition for for the pool of resources an organization has access to for each key certification i.e. it is not enough to have one ITIL trained person, should be greater than a specific number i.e. >500
Alliant 2 Blogger (not verified)
<p><span id="docs-internal-guid-a7664a74-6682-7deb-3de8-d2c4094986e7"><span style="font-size: 13px; font-family: Arial; color: rgb(76, 76, 76); vertical-align: baseline; white-space: pre-wrap;">@amyersburton: Thank you for your feedback. Careful consideration will be given as we continue to move forward with our research.</span></span></p>
<p>QUESTION: The question was asked,</p><p>&quot;What is the status on requiring ISO, CMMI, or other quality certifications for contracts? &nbsp; Do you have a timeline for implementation? Small companies without certifications will need some lead time to meet certification requirements.&quot;</p><p>ANSWER: At this time, questions and comments on specific technical c<span style="font-family: arial, sans-serif; font-size: 13px;">ertifications to be used for evaluation criteria are for government market research purposes only. The&nbsp;</span>c<span style="font-family: arial, sans-serif; font-size: 13px;">ertifications&nbsp;</span><span style="font-family: arial, sans-serif; font-size: 13px;">requirement has not been determined on this issue plus not on other technical requirements. They will be addressed and decided upon in the official Request for Proposal (RFP) release via FedBzOpps. There is plenty of time before you will see the final RFP posted. &nbsp;However, we will eventually release a draft RFP on&nbsp;</span><span style="font-family: arial, sans-serif; font-size: 13px;">FedBzOpps where all this information on requirements will be revealed. &nbsp;(The timing of the draft RFP is not known at this time.) &nbsp; - JC&nbsp;</span></p>
<p>In order to assure Federal customers that the GSA Alliant II GWAC program will maintain the highest levels of IT services we recommend that the certifications listed below should be given some consideration.</p><p><strong>1) CMMI Level 3</strong></p><p>CMMI Level 3is a defined process improvement training and appraisal program that can be used to guide process improvement across a project, division, or an entire organization. Under the CMMI methodology, processes are rated according to their maturity levels, which are defined as:</p><p>&nbsp;</p><p>Level 1) Initial,</p><p>Level 2) Repeatable</p><p>Level 3) Defined</p><p>Level 4) Quantitatively Managed</p><p>Level 5) Optimizing &nbsp;</p><p>&nbsp;</p><p>We believe that CMMI Level 3- Defined is the most appropriate certification for Alliant 2 as this level consists of processes characterized for the organization as proactive and projects tailor their processes from the organization&rsquo;s standards.&nbsp; At this level, an appraisal indicates that the organization can and does perform at a defined level.&nbsp; In other words, all processes, standards, and methods are all established and understood across the organization.&nbsp; We contend that this is the appropriate level for Alliant 2.</p><p><strong>2) ISO/IEC 20000</strong></p><p>ISO/IEC is an international IT standard that allows companies to demonstrate excellence and prove best practices in IT management. &nbsp;The standard ensures companies can achieve evidence-based benchmarks to continuously improve their delivery of IT services.&nbsp; The adoption of ISO/IEC 20000 has grown quite rapidly in the international arena of IT service providers and it has become a competitive differentiator for delivery of IT services. &nbsp;&nbsp;The benefits to the Alliant II GWAC program of requiring an ISO/IEC 20000 certification are include the following:&nbsp;</p><p>&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Establishing an on-going culture of continual improvement and learning to achieve and maintain continual improvements in the quality of IT services provided.&nbsp; This in turn will increase business and customer confidence in the service provider and their ability to deliver.&nbsp;</p><p>&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Ensuring that organizations focus on the implementation of a set of integrated processes and solutions that are appropriate, suitable and effective in meeting the needs of the business processes, the customers and the users they serve.&nbsp;</p><p>&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Increasing the rate of change and the productivity of staff and the use of their skills and expertise. This in turn leads to reduced long-term costs and a reduced risk of being unable to meet business objectives.&nbsp;</p><p>&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Enabling organizations to adopt a structured approach to service management based on best practice guidance, allowing them to better understand their business and their needs, their roles and their processes. This leads to an improved reputation, relationships, inter-working and communication with their business and customer contacts.&nbsp;</p><p>&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Allowing organizations to internally assess their processes and activities against international standards as a method of identifying and implementing improvements.&nbsp;</p><p>&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Allowing an organization to be independent and externally audited for compliance using a scheme and standard that is internationally recognized and respected.</p><p><strong>3) ISO 9001:2008</strong></p><p style="margin-left:5.75pt;">ISO 9001:2008 specifies requirements for a&nbsp;quality management system where an organization: 1) needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements, and (2) aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.&nbsp; The Alliant 2 PMO should consider ISO 9001:2008 and its corresponding quality management principles (all fundamental to good business practice). We believe that when fully adopted, the principles listed below will improve organizational performance:</p><p style="margin-left:41.75pt;">&middot;&nbsp;&nbsp;&nbsp;&nbsp; Customer focus:&nbsp;organizations depend on their customers, and therefore need to shape activities around the fulfillment of market need.</p><p style="margin-left:41.75pt;">&middot;&nbsp;&nbsp;&nbsp;&nbsp; Leadership:&nbsp;is needed to provide unity of purpose and direction.</p><p style="margin-left:41.75pt;">&middot;&nbsp;&nbsp;&nbsp;&nbsp; Involvement of people:&nbsp;creates an environment where people become fully involved in achieving the organization&#39;s objectives.</p><p style="margin-left:41.75pt;">&middot;&nbsp;&nbsp;&nbsp;&nbsp; Process approach:&nbsp;to achieve organizational objectives, resources and activities need to be managed as processes, with an understanding of how the outputs of one process affect the inputs of another.</p><p style="margin-left:41.75pt;">&middot;&nbsp;&nbsp;&nbsp;&nbsp; System approach to management:&nbsp;the effectiveness and efficiency of the organization depends on a systemized approach to work activities.</p><p style="margin-left:41.75pt;">&middot;&nbsp;&nbsp;&nbsp;&nbsp; Continual improvement:&nbsp;adopting this as a part of everyday culture is a key objective for an organization.</p><p style="margin-left:41.75pt;">&middot;&nbsp;&nbsp;&nbsp;&nbsp; Fact based decision-making:&nbsp;effective decisions are based on the logical and intuitive analysis of data and factual information.</p><p style="margin-left:41.75pt;">&middot;&nbsp;&nbsp;&nbsp;&nbsp; Mutually beneficial supplier relationships:&nbsp;such relationships will enhance the ability to create value.</p><p><strong>4) AS9100&nbsp;</strong></p><p>AS9100 is a widely adopted and standardized&nbsp;<a href="http://en.wikipedia.org/wiki/Quality_management_system" title="Quality management system">quality management system</a>&nbsp;for the&nbsp;<a href="http://en.wikipedia.org/wiki/Aerospace" title="Aerospace">aerospace</a>&nbsp;industry. &nbsp;AS9100 replaces the earlier&nbsp;<a href="http://en.wikipedia.org/wiki/AS9000" title="AS9000">AS9000</a>&nbsp;and fully incorporates the entirety of the current version of&nbsp;<a href="http://en.wikipedia.org/wiki/ISO_9000" title="ISO 9000">ISO 9000</a>, while adding additional requirements relating to quality and safety.&nbsp; This certification is an important consideration because as a condition, major aerospace manufacturers and suppliers worldwide require compliance and/or registration to AS9100 in order to do business with them.</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p>
<p>While both ISO and CMMI provide certain added depth in value, GSA should consider utilizing both...Requiring contractors to have one or the other.</p>
<p>We have taken a hard look at CMMI (SCAMPI) certification over the last three years and initially thought that it might add value to our already existing competencies. &nbsp;However the more organizations that we train in Lean and Agile methodologies that have CMMI certifications, the more we&rsquo;re questioning its value of ensuring the delivery of quality software. &nbsp;The concerns around this question have recently increased based on conversations we&rsquo;ve had, some as late as last week, with officials from the Software Engineering Institute at Carnegie Mellon University as to why they have distanced themselves from the CMMI certifications.&nbsp; We respectfully submit that while CMMI assesses that a repeatable process is in place, it doesn&rsquo;t really address the quality of that process.</p><p>We would suggest that the government not use a CMMI requirement as it would eliminate vendors who have made a well thought out decision to take a different approach to process improvement.&nbsp; Instead GSA could consider relevant experience and past performance as your primary evaluation criterion. We believe your evaluation will be much more accurate if it is based on the experiences that clients have had with a offerors quality delivery model rather than any particular certification.</p><p>For further discussion of just some of the issues with CMMI:&nbsp;<a href="http://www.computerworld.com/s/article/9244923/The_firm_behind_Healthcare.gov_had_top_notch_credentials_and_it_didn_t_help">http://www.computerworld.com/s/article/9244923/The_firm_behind_Healthcare.gov_had_top_notch_credentials_and_it_didn_t_help</a></p>
<p>Thank you for the opportunity to comment on this important topic.&nbsp;</p><p>Regarding CMMI, we believe it would be advantageous for GSA to do two things. First, it would be beneficial for&nbsp;GSA to identify each CMMI model &ndash; Development and Services &ndash; and second,&nbsp;GSA should specify that companies be appraised at Maturity Level 3 or higher.</p><p>Generically, the CMMI models are process improvement approaches that provide organizations with the essential elements of effective processes for development or servicing. Specifically, the <a href="http://cmmiinstitute.com/resource/cmmi-for-development-version-1-3/">CMMI for Development</a> (CMMI-DEV) model is a collection of best practices that organizations follow to improve the effectiveness, efficiency, and quality of their product development work and the <a href="http://cmmiinstitute.com/resource/cmmi-for-services-version-1-3/">CMMI for Services</a> (CMMI-SVC) model is a collection of best practices that organizations follow to establish, manage, and deliver services that meet or exceed customer needs.</p><p>An appraisal at Maturity Level 3 indicates the organization is performing at a &ldquo;defined&rdquo; level. At this level, processes are well characterized and understood, and are described in standards, procedures, tools, and methods. The organization&rsquo;s set of standard processes, which is the basis for maturity level 3, is established and improved over time.</p>
Alliant 2 Blogger (not verified)
<div class="gmail_default" style="text-transform: none; background-color: rgb(255,255,255); text-indent: 0px; letter-spacing: normal; font: small arial; white-space: normal; color: rgb(34,34,34); word-spacing: 0px; -webkit-text-stroke-width: 0px"><font face="trebuchet ms, sans-serif">Thank you all for your important input relative to the subject of certification and the team can assure you that your comments are taken very seriously. &nbsp;In that view, we are currently researching the ISO 20000 certification further and very much appreciate the suggestion. We would also ask small business to weigh in heavily on the subject. &nbsp;Are there certifications &ndash; specific to small business &ndash; that government should be considering? &nbsp;Do a significant number of small businesses working in the federal space possess the certifications mentioned?</font></div><div class="gmail_default" style="text-transform: none; background-color: rgb(255,255,255); text-indent: 0px; letter-spacing: normal; font: small arial; white-space: normal; color: rgb(34,34,34); word-spacing: 0px; -webkit-text-stroke-width: 0px">&nbsp;</div><div class="gmail_default" style="text-transform: none; background-color: rgb(255,255,255); text-indent: 0px; letter-spacing: normal; font: small arial; white-space: normal; color: rgb(34,34,34); word-spacing: 0px; -webkit-text-stroke-width: 0px"><font face="trebuchet ms, sans-serif">As always, we value your input.</font></div>
<p>Most if not all our customers are requiring a CMMI Level 3 certification.&nbsp; It is imperative that the government get the companies that are matured in processes and benefecial to have the CMMI Level 3 requriements at the Alliant level as opposed to having to do it at a task order level.</p>
<p>The most relevant certification for ensuring that companies maintain the highest levels of Information Technology (IT) services is ISO/IEC 20000-1:2011. This certification demonstrates a company&rsquo;s commitment to &ndash; and institutionalization of &ndash; ITIL best practices. &nbsp;ISO 20000 includes the following:</p><ul><li>Service management system general requirements</li><li>Design and transition of new or changed services</li><li>Service delivery processes</li><li>Relationship processes</li><li>Resolution processes</li><li>Control processes</li></ul><p>Critical elements of ISO 9000, such as HR and risk management, corrective and preventive action process management, and internal audit processes, are also included in the ISO 20000 standard, reinforcing the tenants of ISO 9000.&nbsp;</p><p>Because an ISO 20000 certification is based on a company&rsquo;s service catalog, any service can be included and managed under the standard.&nbsp; Software development services, for example, could be contained in a company&rsquo;s catalog.&nbsp; This could replace the requirement for a separate CMMI certification.</p><p>For Alliant, we feel those companies with ISO 9001:2008 and <em>either </em>ISO/IEC 20000:1-2011 or CMMI Level 3 (in Development or Services) will have demonstrated a robust quality program able to support the services under this contract.</p><p>Annette Chashin<br />Information Innovators Inc (Triple-i)</p>
<p>I would recommend that GSA address at the task order level. Alliant PWS has been broad in the past. Some task orders may need to recognize ISO 9001:20000 for ITIL related tasks while others may need to recognize CMMI L2 (for Services) or CMMI L3+ for pure software life cycle development.&nbsp;</p><p>Also, important not to limit small business participation. Unlike numerous Tier 1 F&amp;O contractors who posess with their vast corporate domain many if not all of these types of certifications, it is expensive and time consuming for a small business to pursue. No question the majority of good small businesses have either acheived or are pursing 1 or more certifications as part of their vision, but if they pursue multiple certifications, they are more likely very close to becoming a non-small business anyway.</p><p>Finally, the debate goes on regarding ISO 9001: 2008 versus CMMI L2 certification. It would not be prudent to penalize a business &nbsp;for choosing one and not having the other, so recommend either/or requirement if Alliant is trying to set a baseline requirement but use as task order requirement and no initial contract pass/fail.&nbsp;</p>
<p>This topic is one of much debate in our current contracting environmet.</p><p>Organizations which are willing to put forth the&nbsp;time, investment and effort&nbsp;to ensure they operate at the highest level of industry best practices, shows true commitment to&nbsp;successful delivery of solutions. By adding such a&nbsp;requirement&nbsp;as a pre-award criterion, GSA will receive responses&nbsp;only from those organizations that have&nbsp;taken rigorous steps towards excelling as a company.&nbsp;</p>
Welcome! Thank you for visiting the GSA Alliant 2 (A2) & Alliant 2 Small Business (A2SB) GWACs Community. The purpose of this site is to... More

To stay informed on the group's latest updates, subscribe here.

  • Stormfield's picture
  • Alliant2@leidos.com's picture
  • shikha.miglani's picture