Skip to main content

Using the Capability Maturity Model to Improve Privacy and Security

· 2 min read
Predrag Tasevski

The Capability Maturity Model (CMM) is a framework for assessing and improving an organization's process maturity. It offers companies with a set of standards and best practices to follow in order to improve their capabilities in specific areas.

In the Cybersecurity Controls app, Unicis employs CMM levels based on ISO/IEC 21827:2008 methodology. The CMM is divided into five levels, each of which represents a particular state of process maturity:

UnknownHas not even been checked yet
Not ApplicableManagement can ignore them
Not PerformedComplete lack of recognizable policy, procedure, control etc.
Performed InformallyDevelopment has barely started and will require significant work to fulfill the requirements
PlannedProgressing nicely but not yet complete
Well DefinedDevelopment is more or less complete, although detail is lacking and/or it is not yet implemented, enforced and actively supported by top management
Quantitatively ControlledDevelopment is complete, the process/control has been implemented and recently started operating
Continuously ImprovingThe requirement is fully satisfied, is operating fully as expected, is being actively monitored and improved, and there is substantial evidence to prove all that to the auditors
Unicis Platform Beta

With Unicis, you can manage tasks for security, privacy, and compliance team in one place.
Collaborate accross multiple teams about gap analysis, register of procedures and transfer impact assessment.

CSC Unicis Cybersecurity Controls app

Gap analysis is a technique for identifying the gaps or differences between a company's current state (as represented by its process maturity level) and its desired future state. Organizations can identify opportunities for growth and establish plans to bridge those gaps by comparing existing and desired degrees of maturity.

An organization uses the CMM for gap analysis by comparing its current processes to the CMM levels to establish its current maturity level. Then it determines the maturity level it wishes to acquire. The disparities between present and target levels identify areas for improvement.

Organizations can build action plans to remedy gaps after they have been discovered. Implementing new procedures, upgrading current ones, training personnel, adopting industry best practices, or utilizing external knowledge may all be part of this. The goal is to gradually narrow the gaps and advance to greater levels of process maturity, thereby enhancing the organization's overall performance and efficiency.

Using the Unicis Cybersecurity Controls app, together with MVSP checklist you can archive and accomplish an organization gap analysis. See Demo video below.