Maturity model

A maturity model is a framework for measuring an organization's maturity, or that of a business function within an organization,^[1] with maturity being defined as a measurement of the ability of an organization for continuous improvement in a particular discipline: the higher the maturity, the higher will be the chances that incidents or errors will lead to improvements either in the quality or in the use of the resources of the discipline as implemented by the organization.

Several maturity models make qualitative assessments of people/culture, processes/structures, and objects/technology.^[2]

Main approaches

Two main approaches to implementing maturity models exist:

a top-down approach, such as proposed by Becker et al'.,^[3] where a fixed number of maturity stages or levels is specified first, to which characteristics which align with initial assumptions about how maturity evolves (typically in form of specific assessment items);
a bottom-up approach, such as suggested by Lahrmann et al.,^[4] where distinct characteristics or assessment items are determined first and clustered in a second step into maturity levels to induce a more general view of the different steps of maturity evolution.

Notable models

Analytics

Big data maturity model

Cybersecurity

Cybersecurity Maturity Model Certification (CMMC)

Human resources

People Capability Maturity Model (PCMM) (for the management of human assets)

Information security management

Open Information Security Maturity Model (O-ISM3)^[5]

Information technology

Capability Maturity Model (CMM, focusing on software development, largely superseded by CMMI)
Open Source Maturity Model (for open-source software development)
Service Integration Maturity Model (for SOA)
Modeling Maturity Levels (for software specification)
Darwin Information Typing Architecture (DITA) Maturity Model
Richardson Maturity Model (for HTTP-based web services)
ISO/IEC 15504 (for process maturity, deprecated)
ISO/IEC 33000 series (for Information technology Process assessment)

Procurement

Procurement maturity models diagnose an organization's ability to procure goods and services efficiently and cost effectively.^[1] Four potential stages are:

a reactive or non-strategic stage where goods and services are purchased as needs arise,
a stage at which procurement activities are considered and addressed more strategically,
an integrated approach where spend is managed in categories with finance, business operations and supply chain management all contributing to a single process, and
a stage "where procurement becomes a growth driver" for the whole organisation.^[6]

Project management

OPM3 (Organisational Project Management Maturity Model)
P3M3 (Portfolio, Programme and Project Management Maturity Model)

Quality management

Quality Management Maturity Grid (QMMG)

Testing

Testing Maturity Model (TMM) (assessing test processes in an organization)

Universal

Capability Maturity Model Integration (CMMI)

References

^ ^a ^b Capita, How mature is your procurement function?, published 2 February 2021, archived on 23 June 2021, accessed on 6 March 2026
^ Mettler T (2011). "Maturity assessment models: a design science research approach" (PDF). International Journal of Society Systems Science. 3 (1/2): 213–222. doi:10.1504/IJSSS.2011.038934.
^ Becker, J., Knackstedt, R., Pöppelbuß, J. (2009) Developing Maturity Models for IT Management – A Procedure Model and its Application. Business & Information Systems Engineering 1(3), 213-222
^ Lahrmann G, Marx F, Mettler T, Winter R, Wortmann F (2011). "Inductive Design of Maturity Models: Applying the Rasch Algorithm for Design Science Research". Service-Oriented Perspectives in Design Science Research. Lecture Notes in Computer Science. Vol. 6629. Springer. pp. 176–191. doi:10.1007/978-3-642-20633-7_13. ISBN 978-3-642-20632-0.
^ Aceituno, Vicente. "Open Information Security Maturity Model". Archived from the original on 16 February 2017. Retrieved 12 February 2017.
^ Furuseth, H., Procurement Maturity Model: Stages, Frameworks, Checklist, Torg Gmbh, published on 18 November 2025, updated on 23 February 2026, accessed on 6 March 2026

[capita-1] Capita, How mature is your procurement function?, published 2 February 2021, archived on 23 June 2021, accessed on 6 March 2026

[2] Mettler T (2011). "Maturity assessment models: a design science research approach" (PDF). International Journal of Society Systems Science. 3 (1/2): 213–222. doi:10.1504/IJSSS.2011.038934.

[3] Becker, J., Knackstedt, R., Pöppelbuß, J. (2009) Developing Maturity Models for IT Management – A Procedure Model and its Application. Business & Information Systems Engineering 1(3), 213-222

[4] Lahrmann G, Marx F, Mettler T, Winter R, Wortmann F (2011). "Inductive Design of Maturity Models: Applying the Rasch Algorithm for Design Science Research". Service-Oriented Perspectives in Design Science Research. Lecture Notes in Computer Science. Vol. 6629. Springer. pp. 176–191. doi:10.1007/978-3-642-20633-7_13. ISBN 978-3-642-20632-0.

[5] Aceituno, Vicente. "Open Information Security Maturity Model". Archived from the original on 16 February 2017. Retrieved 12 February 2017.

[6] Furuseth, H., Procurement Maturity Model: Stages, Frameworks, Checklist, Torg Gmbh, published on 18 November 2025, updated on 23 February 2026, accessed on 6 March 2026

[1]

[2]

[3]

[4]

[5]

[6]