Does anybody know if there is an online resource, or rather, online version - preferably free - of ITIL (IT Infrastructure Library) books?

On a similar note, can anybody recommend a good book, or a website other than that of SEI, on CMMI (Capability Maturity Modeling Integration)?

Hey Sgy, I don't know if you're around. I have just finished working on a huge ITIL and Governance research project. Sybex has recently published an excellent book primarily for the CISA certification candidates. That's basically what I referred to while working on my project. I do have an electronic copy of the book; email me if you're interested-- I will open my ftp port, and you can copy the file! It is 480 pages long, and has flashcards + Q/As related to Governance, ITIL, CIMM, Security & Assurance, CobiT, ISO17799, S-OX, and HIPAA.
~@~

If you subscribe to IExplore (the IEEE digital library) ,they have pretty comprehensive resources related to software process improvement (CMM, CMMI, SPICE and it's successor). You can also search the US Mil. Software Technology Support Center. They used to have some fine resources on CMM.

My experience with CMM implementation (been involved in it twice - once in Scotland, once in Ireland), have been nothing short of painful. It generates more paperwork than imagined and as far as I have been able to see, the benefits were negligible (if you are involved in ordinary software developments) . It certainly gives you a boasting right, but unless you are involved in real mission critical software developments (like avionics (as was the case in Ireland), hospital equipment automation), it is more trouble than it is worth. It simply adds more layers and bureaucracy. But for high reliability software development (where failures can't be tolerated), CMM is indeed useful.

My experience has been, even though once a company attains a certain maturity level, a sort of fatigue sets in things start sliding down their own merry way.

cheers
Brat

Thanks guys. Yahoo, finally got some responses after so long. I almost gave up on this thread.

Saajha, I just emailed you. Please check your mailbox and reply at your earliest convenience, hai?

Brat, I am sure you are not a brat, could not agree with you more. These standards and procedures do tend to slow the process somewhat, at least initially. But as you said, for those mission critical projects, those are very necessary. Now with SOX regulations here in the US, they are must-haves. I would certainly like to hear more about your projects, if you care to write more.

Cheers, friends, and thanks again for responding.

Sgy, please check your email!

~@~

I am indeed a brat :-) (well figuratively at least) .

The first project in Scotland was for a financial system (it was owned by a fairly big financial service company). There was already a system in place - for treasury/bond/etc management. The system was working fairy well. Got a new CIO, who had heard all sort of buzz things. There was a fair bit of pretty involved C (not C++) code and a homegrown domain specific language compiler (for the rule based inference engine) which did all sort of fancy calculations. The CIO insisted that the process be improved. We had a bunch of consultants brought in from a big name consultancy company and they managed to convince the management that the whole system needed a overhaul. We had a fairly mature process in place with extremely disciplined programmers, - bug tracking system, source control system, nightly automated builds/testing/automatic code analysis/testing, peer reviews, bug triage, quality gate checkpoints - we had the whole nine yards. As far as we could determine we were already at CMM level 3 (at least 2).

The consultants decide that this was not good enough. They ripped apart the whole system, installed new systems for bug tracking/source control (we lost our code revision history/bug tracking history going back 15 years + , we had to use two distinct set of systems) - and decided on an onerous set of procedures (layers upon layers). Productivity/staff morale plummeted and the bug turn around time increased. They also decided that development system needed overhaul (the homegrown DSL compiler was abandoned and the rules engine was written in C++). It was a complete nightmare. I left soon after the project was implemented, but last I heard, the CIO was being let go and they were in the process of simplifying the whole process again and were going back to the old rule based engine. Several people had already left. It was a complete chaos.

The second implementation was much better. It was in a development house in Ireland which was developing avionics software. We were already meeting with FAA standards (which if you look at it is in a way much more stringent than the requirements for CMMI) which require strict control of development environment, and we were developing in Ada (a great language if I might add). We brought just two consultants (independent ones - not from big consultancy houses) and two university professors (one CS/one Project Management). The extra paperwork required was not a significant addon to the process management system required for FAA compliance. It was basically a cakewalk.

So unless you really need CMMI, and you do have a real mature process in place, there is as far as I can see, no need exactly go for it. Also CMMI doesn't really mean that your bug count or bug turnaround time will go down. Improperly implemented, it can really f**k up the system. And keep clear of big consultancy houses (you will definitely need to bring in the consulants).

cheers
Brat