CMMi _and_amp; SOX 1574
-
Hello…
I am in the (un)lucky position of being involved in two of my companies initiatives:
The first is CMMi Level 3 implementation and the second is SOX compliancy for Application Management for one of our larger clients.
I have realised and read that there is a degree of overlap in the two areas. Basically i would like to ensure that people dont end up redoing documentation and reviewing procedures…and also ensure that in the future, all CMMi3 subsidiaries will be more or less SOX compliant before they even start.
Has anyone read or carried out any study on the relationship between the CMMi model and SOX requirements?
Thanks in advance,
Aoife
-
Hi Aoife and welcome to the forums I’m not involved in this directly and I did some research to understand CMM integration framework better myself.
SOX defines the regulatory requirements for financial controls, including IT based best practices and requirements to meet SEC requirements. CMMi is one of the acceptable frameworks for IT development methodologies. There are some logical tie-ins, as SOX defines ‘what to do’ and CMMi is an acceptable framework for ‘how it can be done’.
Hyperlinking is discouraged in the forums, please cut/paste into your browser
Search String
google.com/search?hl=en-and-q=SOX and Capability Maturity Model Integration
CMMi, RUP, and SOX relationships
www-128.ibm.com/developerworks/rational/library/sep05/cancilla-bennet/
www-128.ibm.com/developerworks/rational/library/06/0411_myerson/
www-128.ibm.com/developerworks/rational/library/compliance.html
cmcrossroads.com/content/view/6675/135/
softlanding.com/tlz/3q04/sox.htm
itcinstitute.com/display.aspx?id=33
CMMI resources
searchcio.techtarget.com/originalContent/0,289142,sid19_gci1170298,00.html
atlantic-ec.com/cmmi.html
sei.cmu.edu/pub/documents/02.reports/pdf/02tr011.pdf
-
Hello again
Many thanks for your speedy response.
Will trawl through the links you have sent me…
If I find anything else of interest I will keep everyone informed
Regards
Aoife