This capability maturity model can be used to measure the maturity of an organization’s regulatory compliance process and to assist its progress from the initial/ad-hoc stage toward the optimized state.
The capability maturity model describes a maturity curve on these capability levels: INITIAL, which describes a poorly aligned function with non-documented strategies, manual management processes, lack of integrated systems and heavy reliance on spreadsheets/manual documents; REPEATABLE, which describes a loosely aligned function supported by informal policies applied to processes performed by personnel with mixed skill levels; DEFINED, which describes a strategic management structure in place with well-defined processes supported by an organized and highly trained team; MANAGED, which describes a function aligned with the organizational strategic plan and personnel; and OPTIMIZED, which describes a management process performed at an optimal level with best practices in full use.
In this sample, an OPTIMIZED organization’s compliance vision is aligned with its mission and goals. Best-in-class program design, tools and methodologies that proactively focus on risk are in place and compliance requirements are fully integrated into line-of-business functions.
The capability maturity model is a framework that describes an improvement path from an ad hoc, immature process to a mature, disciplined process focused on continuous improvement. The CMM defines the state of a process using a common language that is based on the Carnegie Mellon Software Engineering Institute Capability Maturity Model.