The ISO 9000 shares an objective with the Capability Maturity Model (CMM). They both seek to improve the software (project) development process. The CMM provides a progressive-stage model of an organization growing in its capability to manage processes. The ISO takes a different approach.

The ISO 9000's general purpose is to provide a system for monitoring an organization's internal quality system. It also provides guidance on assuring the quality system of the organization's suppliers. It is a series of documents describing a set of criteria to achieve a minimum level of quality assurance in an organization's product or services. The quality assurance flows in two directions: from the organization to its customers; and second from the organization to its suppliers to ensure they provide quality in the components or materials supplied to the organization.

Unlike the CMM, ISO 9000 is a pass-fail system. It is not a progressive model by which an organization may grow in its competencies such as provided by the CMM.

A clause-by-clause comparison performed in 1994 by the Software Engineering Institute (SEI), concluded

  1. an ISO 9000 compliant organization would not necessarily satisfy all the key process areas of Level 2, Repeatable, in the CMM;
  2. But it would satisfy most of Level 2 and many of the goals of Level 3;
  3. However, there are elements in each of the two systems that are not contained in the other;
  4. A CMM Level 3 compliant organization will have no trouble obtaining ISO 9000 Certification;
  5. A Level 2 organization will have distinct advantages to obtaining the ISO certification.1
The more significant differences between the two are:
  1. CMM emphasizes continuous process improvement.
  2. ISO 9000 sets the minimum criteria for an acceptable quality system;
  3. CMM focuses strictly on software while ISO 900 covers more territory including hardware, software, materials, and services.
  4. ISO 9000 only specifies in general terms that quality objectives be defined and documented, but not that those objectives be quantitatively measured - as in Level 4, Managed, of the CMM.2

This analysis was performed in 1994. The similarities may have been increased over the last 10 years. CMM has evolved to CMMI, the Capability Maturity Model Integration, which broadened its scope to areas more general than just software development. The ISO 9000 standards have been updated to ISO 9000:2000 and "continuous quality improvement" is now part of the new standard.

I prefer the CMM because of my background in public school education. I have a world-view that assumes entities may grow in their skill and knowledge and should do so. The CMM provides a progressive-growth model that fits my world-view while the ISO 9000 provides only a minimum level to achieve.

In summary, the ISO 9000 shares a similar goal to the CMM in providing guidance on achieving quality control. ISO 9000 provides a set of standards that, if implemented, will ensure a minimum level of quality in an organization's products and services.


  1. Paulk, page 1.
  2. Paulk, page 19.


  • Paulk, Mark, Comparison of ISO 9001 and the Capability Maturity Model for Software, Pittsburg, PA: Software Engineering Institute, Carnegie Mellon University, 1994.