First let’s look at what the dictionary says about these words (taken from http://www.m-w.com/) – which is relevant to our context:
- Standard - something set up and established by authority as a rule for the measure of quantity, weight, extent, value, or quality
- Model – a system of postulates, data, and inferences presented as a mathematical description of an entity or state of affairs; a computer simulation based on such a system
- Framework – a basic conceptual structure (as of ideas) ; a skeletal, openwork or a structural frame
Here are specific definitions of these words:
- Standard - Very rigid, generally accepted methods of doing something. Very specific. A standard will usually only include a single element (i.e. do this, this way) whereas a framework or model defines a system of doing things.
- Model - This is the process of how we get from point A to point B. If we were using the house analogy, if we were a builder then we would construct houses the same way every single time. Other builders might to it different ways, some might be faster, some might produce a better quality product, but they all arrive at the destination. The model is just the path we take to get there. These are our processes. We aren't going to be building one house one way and another house completely different, right?
- Framework - A framework is a support system. It may not be the whole picture, but it provides a strong base for building upon. I always liken it to the frame of a house. It can stand on its own, but it's really there to be added to. However, you can never just take it away.
So, as you can see, ITIL is a framework, it is used for a specific purpose and can be implemented in more than one way, but what needs to be achieved is very rigid.
All ISO’s are standards – very rigid – in terms of the outcome and also on how it has to be done.
CMMI on the other hand is a model. It is a combination of ideas and experience put together for the business to interpret – in the context of the business. The model would expect certain things to be in place (like SEPG, SQA), but is not very rigid in terms of how it is done. All it focuses on is that the end result should benefit the business.
All the three have a focus on the satisfaction of how the business can be bettered, but the usage will depend on what is required for the business. In my view, for ensuring proper rigor in the members, an implementation of standard is very important – like ISO27K, ISO20K or ISO 9000. These standards have fixed objectives and can be easily be assessed against. But the ‘how to’ can be tailored to fit the need of the business. So, the standards are assessed based on the objectives rather than the how to.
To ensure that the members abide by a certain set of rules that guide them to achieve the how to of coding, or incident management etc, ITIL, PMI or various SDLC can be considered. These are all frameworks that have been proven to help in ensuring that activities are done within a certain boundaries – so it may vary across different businesses. The interpretation of the framework will impact both the objective and the “how to”. This is the reason why we cannot assess organizations against a Framework.
A model (like CMMI) on the other hand has a different way of addressing the issue. It provides a set of “how to”, but also gives a very wide set of ideas to implement them. The objective here is to address just the “How to” part of it which in turn is mapped to the BUSINESS OBJECTIVES – where the organization has to define the business objective. The assessment in this case happens on how the various processes that are required to be in place are mapped to the Business Objectives of the organization.
It is only the right combination of all the three that drives the true improvements in an organization.