i3 Design and Consulting LLC
Inspire - Imagine - Improve



Part Two: Implementing ISO and CMMI for Staffing Services Contractors

This article is the second in a five-part information series on implementing ISO standards and the CMMI model in a U.S. government contractor environment.  This installment focuses on designing an efficient and effective system to support staffing services contractors.

The scope of this article is focused on U.S. government contractors that provide staffing and expertise to supplement and enhance the federal workforce.  The types of personnel provided can range from data entry clerks to cyber security experts.  Many work on-site shoulder to shoulder with federal employees striving to achieve the agency or department's mission.  Regardless of function and status (SETA/Non-SETA), what and how work is completed is largely under the direction of the government.  

This installment will dive into the following three areas offering straightforward solutions to each of them:

  • Scoping an Efficient and Effective System
  • Taking a Services Approach
  • Choosing the Correct Measures

Scoping an Efficient and Effective System

One initial challenge is that many staffing contractors market themselves as IT, Cyber, and software development companies.  While their staff is certainly doing this type of technical work under the auspices of the government, the company itself may only be providing staffing resources. This situation is especially common for small businesses looking to grow a contracting presence and past performance record.  Understanding the scope of the work to be performed is at the heart of ISO and CMMI.

This may be a proven business model, but it creates a challenge in the initial scoping of the management system because many staffing resource companies view their set of capabilities as linked to their contractor staff.  However, because the company has little to no control over the processes the contractor personnel is executing day-to-day, it's not appropriate to include them in the management system scope.  In which case, the contractor’s ISO or CMMI system should appropriately focus on how to plan, manage, measure, and improve the delivery of the staff.

For most staffing services companies, this plan will include the following service delivery processes:

  • Work Solicitation Responses. Includes items such as reviewing solicitation, bid/no bid decisions, developing technical proposals, creating a BOE and cost proposal, review of the proposal, and delivery.
  • Hiring.  Processes for hiring qualified staff.
  • Onboarding.  Process for ensuring an efficient and effective onboarding experience.
  • A Project Management Process.  There are two basic options for addressing this area
    • Develop a simple process to prompt the creation of simplified project management plans and basic project monitoring activities (Cost, schedule, quality, risk)
    • Create a single master project management plan for use with all similar projects.  This is a great approach when the companies are small, and projects are similar in scope.
  • Personal management.  How to monitor personnel and performance. These tend to be standard Human Resources processes focused on employee performance and development.  If the company is small, this could be included in the project plan as well.
  • Customer Satisfaction.  Process for establishing a customer satisfaction baseline and plans to improve it.
  • Contractual Reporting.  Process for ensuring the delivery of contractually required reporting.  These often include Monthly Status Reports, Invoices, etc.
  • Others as needed or to satisfy contractual agreements.

There are also “standard” processes beyond the items listed above that are needed for ISO (and sometimes CMMI).  These include:

  • Document and Records Management.  A generic term also covered in the CMMI Change Management Process area and the Generic Practice 2.6.
  • Quality Assurance. Process for planning and managing the audit processes.  Referred to as Internal Audit in ISO and Product and Process Quality Assurance in CMMI.
  • Risk Management.  A much more prevalent process within ISO 9001:2015.  Included as a Level 3 process area in CMMI.
  • Management Review.  One of the most helpful processes.  Required by ISO and a straightforward way of addressing the CMMI Generic Practice 2.10 requirements.
  • Corrective Action.  This process area also addresses preventive actions in ISO standards before the ISO 9000:2015 version.  No direct CMMI process area requirements in Level 3 or below.  However, recommended for a CMMI implementation as it significantly improves the quality of most systems.
  • Supplier Management (if applicable).  May not be needed if significant supplier relationships or agreement are not present.  Can be excluded from ISO and CMMI as appropriate.

ISO requirements related to design and development, and the calibration of tools tend to be excluded in staffing services implementations.  These exclusions must be validated by the external auditor and registrar.

The system also requires a variety of records. These may vary based on the contractual requirements, type of work, or other factors.  Required (or expected) types of records will almost always include:

  • Training and Skills Records
  • Audit records
  • Corrective Actions
  • Change Requests
  • Risks
  • Document Repositories for:
    • Processes, Records, Plans, and Other related documentation

Most of the record keeping can be built into automated tools.  There are several quality products on the market that can handle all these functions.  For many small and medium-sized businesses, they can be easily built in an MS SharePoint environment.

Taking a Services Approach

Working with staffing services customers over the past 20 years, we have discovered that there are many approaches to meeting the ISO and CMMI requirements.  However, after all our year's of research, we've found that the best approach is to think of staffing services…as a service.  Take the principles from frameworks like ITIL and apply them generically to the provision of staffing as a service.

This approach is important from a business perspective, because it forces the company to define the services it provides, develop measures that are intimately linked to that service's success, and integrate a service improvement methodology that supercharges the business.  Using a service catalog, the organization breaks down the core services (provision of staff) into discrete categories of staffing, such as Help Desk, Cyber, Tier 2 Desktop Support, Telecommunication Engineers, or others.  As part of that categorization, the organization defines the parameters and characteristics of those staffing service categories.  For example, while most staffing organizations know they provide help desk personnel, they likely have not gone beyond that simple characterization.  Doing so enables the organization to clearly articulate what they are offering their customer and its specific service characteristics (location, skills, etc).

Once the services are defined, it is critical to next define the delivery requirements using a service level agreement. Rarely will the government provide or agree to a traditional service level agreement for this type of work, but that should not stop the company from establishing one with itself for delivery accountability.  Many of the service targets contained within the agreements will come from the contractual requirements (staffing turnaround times, fill times, contractual reporting requirements, etc) and some will come from the business (customer satisfaction, attrition rates, etc). Together with a service reporting structure (aka., management review), this approach will greatly improve management accountability structures and focus the organization on improving the core staffing services.

Other processes such as incident management and problem management (aka., corrective action), capacity, availability, and business continuity borrowed from the service management literature (and ISO 20000/CMMI for Services) are also useful processes for taking your staffing business infrastructure to the next level.  For a business providing staff services, the core elements found in ISO 20000 and CMMI for Services are much more appropriate than the ISO 9000 series and will go further to improve the quality AND lower the internal costs of providing the service to the customer.  Taking this approach will also help provide companies in the DoD arena get a leg up on NIST requirements like 800-171 and 800-53, as well as ISO 27000 validation, as it includes many of the core processes.

Lastly, instead of using a Project Management Plan, tie the system together with a service management plan.  This documents all the operational nuances of the system and provides key information on roles and responsibilities, risk management, reporting, etc.  The three key service management documents- the Service Catalog, Service Level Agreement, and Service Management Plan- form the triad of system documentation and significantly streamline documentation and artifact collection.

Choosing the Correct Measures

Most everyone has heard some version of the adage, “You only improve what you measure.”  The provision of staff is no exception.  Whether you choose to take a services approach or go at it from a different direction, you must collect measurements.  In most cases, you will want to focus on three to five measures that make a difference in your delivery of services or are contractual requirements.  While any number of measures could be included, these tend to be useful for this type of work:

  • Percent of contractual reporting requirements met on time
  • Percent of candidates accepted by the customer/prime
  • Percent of qualified candidates provided within specified contractual timeframes
  • Customer satisfaction scores of 4.6 (1 to 5 scale) or above for all contracts
  • Contract attrition rate below 10%.


Over the next few weeks, this informational series will explore details of various implementation scenarios and the unique challenges of implementation in the U.S. Contractor environment.  Stay tuned for the next installments in this series:

  • Part One: Common Challenges for Implementing in a U.S. Government Contractor Environment. 
  • Part Two: Implementing ISO and CMMI for Staffing Services Contractors
  • Part Three: Implementing CMMI and Government Requirements in an Agile Development Shop
  • Part Four: Leveraging ISO 27000 to Address FISMA and NIST 800-53 Cyber Security Requirements
  • Part Five: Implementing ISO 20000 as a Practical Path to Address Government ITIL Implementation Requirements


i3 Design and Consulting LLC is a boutique Information Technology, process consulting, and products firm headquartered in Leesburg, Virginia.  Our company is defined by its deep content knowledge of its staff and partners.  We bring twenty years of information technology and business process improvement knowledge to the table, with a record of success producing business value, increasing operational efficiency through IT innovation and process improvement, and driving customer focused service excellence.  i3 provides consulting support to senior executives, as well as, leadership to transition organizations to the next level by transforming business processes and improving growth, margin, customer engagement, IT, and quality.