maturity model [English]

Other Languages

Syndetic Relationships

InterPARES Definition

n. ~ A process to rank the reliability and sustainability of an entity's behaviors, practices, and processes, relative to some function or outcome.

General Notes

Capability is expressed in terms of maturity levels. InterPARES Trust identifies those levels as none, initial, repeatable, defined, managed, and optimizing. The levels are also expressed as nominal, minimal, intermediate, advanced, and optimal; and initial, repeatable, defined, managed, and optimized.


  • Chen, et al. 2014 (†646 p.191): CMM/CMMI is the collective term for two models: CMM, and CMMI. CMM is a formal model that contains only the software engineering discipline. As successful software development should include not only software engineering, systems engineering, but also people (including suppliers) and process management. Therefore, all of the required disciplines are comprehensively integrated into one model, that is, CMMI, in which “I” stands for integration. The process focused CMM/CMMI suggests that sustainable software development relying on processes that define and manage software development. In this regard, the CMM/CMMI identifies sets of recommended practices in a number of key process areas that comprehensively cover the lifecycle of technical software development and both the organization and project level of managing the development. (†1460)
  • Chen, et al. 2014 (†646 p.191-192): Specifically, in CMM/CMMI, process area (PA) is a cluster of functionally related practices. Each process area has Specific Goals (SGs) which must be satisfied, and each SG contains several Specific Practices (SPs) for achieving the SG. The aforementioned process areas and their process ingredients tell software organizations what to do in implementing quality software development. In order to help organizations to sustain their process implementation continually, CMMI/CMMI has established a concept that is called “Level of Institutionalization”. In the models of CMM/CMMI, institutionalization of process implementation has different levels, each level must be satisfied by achieve their Generic Goal (GG) and Generic Practices (GP). (†1461)
  • Chen, et al. 2014 (†646 p.192): The usage of CMM/CMMI has two representations, continuous and staged. If an organization would like to concentrate on a particular process area, they may choose the continuous representation of CMM/CMMI. In this case, the continuous representation uses capability levels to characterize the state of the organization’s processes relative to individual process areas, and provides a recommended order for approaching process improvement within each specified process area. If organizations would like to receive a collective result, they may choose the staged representation of CMM/CMMI. The staged representation focuses on overall maturity as measured by maturity levels, and uses maturity levels to characterize the overall state of the organizational performance relative to a set of related process areas as a whole. (†1462)
  • CMMI 2002 (†651 p. 13): Capability levels focus on growing the organization’s ability to perform, control, and improve its performance in a process area. Capability levels enable you to track, evaluate, and demonstrate your organization’s progress as you improve processes associated with a process area. Capability levels build on each other, providing a recommended order for approaching process improvement. ¶  There are six capability levels, designated by the numbers 0 through 5: 0. Incomplete – 1. Performed – 2. Managed – 3. Defined – 4. Quantitatively Managed – 5. Optimizing (†1547)
  • Cohen 2008 (†652 p. 158): The Capability Maturity Model for Security (CMM-SEC) provides a way to measure progress of an overall program in terms of normalization into enterprise operations. It associates any of levels 0 through 5 (none, initial, repeatable, defined, managed, and optimizing) with each of 11 process areas and 11 organizational issues and is mapped against each of risk management, engineering processes, assurance, and coordination to provide an overall picture of the maturity of the information protection function within an enterprise. (†1472)
  • Cohen 2008 (†652 p. 82): The security interpretation of CMM (CMM-SEC) codifies the maturity level of a security engineering capability. Variations are very useful as management tools because they codifies capabilities from a standpoint of how effectively they are managed. . . . CMM-SEC is not a formal standard. Rather, it is the best codification of these issues available and has utility for the CISO. It differentiates 6 levels of maturity; (0) none, (1) initial, (2) repeatable, (3) defined, (4) managed, and (5) optimizing. (†1473)
  • Dollar and Ashley 2014 (†650 p. 1): We developed a Digital Preservation Capability Maturity Model© (DPCMM) that can be used to conduct a gap analysis of your organization’s current capabilities and to delineate a multi- year roadmap of incremental improvements. . . . The DPCMM is used to identify core digital continuity requirements which form the basis for debate and dialogue regarding the desired future state of each organization’s digital preservation capabilities and the level of risk its leadership is willing to take on with regard to its electronic records. (†1465)
  • Dollar and Ashley 2014 (†650 p. 4-5 (paraphrased)): The Digital Preservation Capability Maturity Model (DPCMM) identifies at a high level where an electronic records management program is in relation to optimal digital preservation capabilities; report gaps, capability levels, and preservation performance metrics5 to resource allocators and other stakeholders; and establish priorities for achieving enhanced capabilities to preserve and ensure access to long-term electronic records. ¶ Stage 1. Nominal digital preservation capability. Standards may be known but not implemented, and practically all electronic records that merit long-term preservation are at risk. ¶ Stage 2. Minimal digital preservation capability. Any repository does not fully comply with standards for a trustworthy repository; preservation efforts are likely uncoordinated; and may result from exceptional efforts of an individual or small team. Most electronic records that merit long-term preservation are at risk. ¶ Stage 3. Intermediate Digital Preservation Capability. The repository complies with standards for a trustworthy repository and other best practices for sustaining digital preservation capabilities over time. Many electronic records that merit long-term preservation are likely to remain at risk. ¶ Stage 4. Advanced Digital Preservation Capability. The repository infrastructure and digital preservation services are robust and comply with relevant standards; preservation efforts take place in a collaborative environment that proactively bring long-term records under lifecycle control and management. Some electronic records that merit long-term preservation may still be at risk. ¶ Stage 5. Optimal Digital Preservation Capability. The highest level of digital preservation readiness capability that an organization can achieve. It includes a strategic focus on digital preservation outcomes by continuously improving the manner in which electronic records lifecycle management is executed. Few, if any, electronic records that merit long-term preservation are at risk. (†1468)
  • ISACA Glossary (†743 s.v. Capability Maturity Model (CMM)): 1. Contains the essential elements of effective processes for one or more disciplines.It also describes an evolutionary improvement path from ad hoc, immature processes to disciplined, mature processes with improved quality and effectiveness. 2. CMM for software, from the Software Engineering Institute (SEI), is a model used by many enterprises to identify best practices useful in helping them assess and increase the maturity of their software development processes. Scope Notes: CMM ranks software development enterprises according to a hierarchy of five process maturity levels. Each level ranks the development environment according to its capability of producing quality software. A set of standards is associated with each of the five levels. The standards for level one describe the most immature or chaotic processes and the standards for level five describe the most mature or quality processes.A maturity model that indicates the degree of reliability or dependency the business can place on a process achieving the desired goals or objectives.A collection of instructions that an enterprise can follow to gain better control over its software development process. (†1787)
  • Stefanczak 2014 (†645 p.34): Although Level 3 is not the highest step in the maturity model, it’s the primary goal for most organizations. When implemented successfully, it enables a business to more efficiently understand and use its resources. This is achieved by using objective information (centralized for access in the previous maturity level) to make business decisions. Success at this level differs greatly from the lower maturity levels. It is less about the initial implementation of a standard measurement system and more about the continual cultivation of an optimization process over time. (†1459)
  • Wikipedia (†387 s.v. Capability Maturity Model): There are five levels defined along the continuum of the model... 1- Initial (chaotic, ad hoc, individual heroics) - the starting point for use of a new or undocumented repeat process. 2- Repeatable - the process is at least documented sufficiently such that repeating the same steps may be attempted. 3 - Defined - the process is defined/confirmed as a standard business processes. 4 - Managed - the process is quantitatively managed in accordance with agreed-upon metrics. 5 - Optimizing - process management includes deliberate process optimization/improvement. (†1457)