GAITS - Global Analytic Information Technology Services

Solutions

About GAITS

News & Events

Portfolio

Careers

GAITS Brochures

	Home / News & Events 2008

Get your ducks in a row
Contractors find quality certifications help them compete � and thrive

By Michael Hardy

A cursory glance at information about technology quality certifications reveals a bewildering array of cryptic acronyms and numbers. A casual reader can be forgiven for not knowing ISO from CMMI from ITIL. But to contractors and agencies, the certifications denote specific accomplishments in implementing methodical, disciplined processes.

To attain certifications, an organization must establish the practices required to meet the desired designation and then submit to an audit, often from a private company whose business it is to conduct such assessments. The process can be difficult and almost certainly will be costly, but it will pay off in increased ability to win contracts, say business leaders who have been through it.

"People come on site and they live with you for a while," said David E. Bower, president and chief operating officer of Data Computer Corp. of America, a systems and software engineering company in Ellicott City, Md. "You have to make people available to them to interview. If you say your processes have been institutionalized, those people they talk to should understand what those processes are."

Carnegie Mellon University's Software Engineering Institute (SEI) developed the Capability Maturity Model Integration (CMMI) in 2001, as a blending of earlier CMM models for software engineering, systems engineering, software acquisition and related disciplines. DCCA earned a CMMI Level 2 in 2004, and a Level 3 in 2007.

The company probably will try to earn a Level 4 rating � CMMI Level 5 is the highest possible � and Bower is concentrating on laying the groundwork that may ultimately make that possible.

"It is a grueling effort to go from [CMMI Level] 2 to 3," Bower said. "Some may say it's easier to go from 3 to 4. We're institutionalizing and continually improving on our processes and looking at how we might improve those processes to get to Level 4. At some point, we may try to get an assessment."

A CRUCIAL INVESTMENT

Earning certifications is costly and time-consuming, but companies cannot avoid making the investment and expect to remain competitive, said Thomas Asefi, president of Global Analytic IT Services (GAITS) in Alexandria, Va. The certifications themselves are just the outward sign of the company's internal quality, he said. "Once you have that in place, the company will sell itself. The customer more and more is looking for processes that can be incorporated into the [company's] environment."

GAITS recently earned International Standards Organization 20000-1:2005 certification, developed by ISO, which pertains to processes for information technology service management. The standard is closely aligned with the best practices outlined in the IT Infrastructure Library (ITIL) and replaces BS 15000, a British standard also based on ITIL.

The company also holds ISO 9001:2000 certification, which covers quality control systems in production environments. GAITS is working to earn an ISO 27000 certification for information security. In 2006, it earned a CMMI Level 2 rating.

Robert Frey, a principal at Successful Proposal Strategies LLC and an adviser to GAITS, said agency solicitations are increasingly likely to specify minimum certifications they want their contractors to have. The trend is tied to performance-based contracting, which holds contractors accountable for meeting agency needs. The various certifications "give the federal customer a much greater level of confidence that contractors can perform to acceptable levels of quality," he said. "It's an important credential for a company to be able to offer a government customer that kind of external accreditation."

However, the cost and commitment of resources involved can be difficult for smaller companies to meet because they usually have limited means. Nevertheless, Frey said, it's vital that they incorporate appropriate certifications into their strategic plans.

"I would wager that many of them don't have a strategic plan," he said. "They're worried about how to get through next Tuesday. My advice would be to do a certain amount of strategic planning. There are all sorts of things the government customer needs to see [in a potential contractor]. They would be ignoring these credentials at their peril."

Past performance still counts a lot when agencies choose contractors, and a company with a record of good performance can outcompete one with a certification or two but little experience � if the agency's solicitation doesn't explicitly require certain certifications, Frey said. If the certification is required, "your competitor without them is not even likely to make the competitive range."

MATCH TO THE DOMAIN

Ruth Buys, vice president of process and quality management at QinetiQ North America's IT Services Group, said it's important for companies to determine the most useful certifications to pursue. Certifications and ratings do not always apply to an entire company. Often, a single business unit will pursue credentials that are specific to the unit's activities.

"The domain you're looking at tends to drive the certification rating or standard you go after," she said. "At ITSG, we have organizational units that focus on infrastructure support. Many times those units will go after ISO or ITIL certification. Those areas involved in software development will go after CMMI."

Coordinating the credentials with the company's overall strategy is important, she said, but it tends to happen automatically because of the necessary management involvement in the process.

The company's business development team has "a vested interest in being able to offer the best picture to a procuring organization that they can," she said. "On the other hand, going after one of these ratings really requires commitment from senior management. You can't get these ratings without being able to demonstrate that senior management is involved."

Once the company has the credential, it falls to proposal writers to make the best use of it for competition, she said.

"One thing I've found that appears to be successful is if you can show how the reason you got the certification reflects the way you do business � not something just to hang on the wall, but the way we do business," she said. "That adds a lot of credibility and helps them believe that this really is internalized."

Companies should allow adequate time to put the needed processes into place, get their employees comfortable and familiar with them and have the needed external assessments, she advised.

"For CMMI, the SEI has some standard times that they tell you," she said. "Level 2 takes approximately 24 months. To go to Level 3 is another 18 to 24 months, and so on through levels 4 and 5. A lot of companies are doing a lot of good things anyway, and insofar as they can leverage that, they can cut the time significantly. But my experience is that doing it in less than a year is very unusual if it's done at all."

Management support is also important after the certification is awarded and not just because companies have to renew their certifications periodically, Bower said. Management support makes it clear to employees that the quality processes are not just window-dressing for procurement officials.

"What needs to happen in any organization that has a CMMI certification is an understanding that the senior executives within the organization see the value," Bower said. "That needs to flow down through the whole enterprise, so that everyone in the organization sees the value."

Michael Hardy (mhardy@1105govinfo.com) is an associate editor at Washington Technology.