Skip to Main Content
An ongoing proliferation of so-called maturity models promises no end in sight for the development of new ones. Such models cover the entire spectrum of IT activity, from enterprise architecture to software development. The majority of these variants do not have associated assessment models. Consequently, these models' primary purpose is to be informative rather than normative in the sense of being able to use objective data to determine the actual level of maturity attained. These maturity models possess the key attribute of a concept in which each stage represents a significant attainment in an organization's evolutionary path along its journey to maturity. The earliest step in the journey represents the state of lacking awareness or being in a high-risk position, whereas the loftiest level of maturity indicates the attainment of a high degree of control and the minimization of risk. To explore how three maturity models can help minimize such risk, this paper examines ISO 9001, the CMMI, and the recently published ISO/ IEC 15504-7 standard.