CMMI provides five maturity levels that demonstrate a visible path for improvement. As an organization advances its capabilities, it can expect to achieve a higher maturity level by identifying areas of improvement, working to correct these areas, and integrating these solutions across the organization. By communicating your organization’s maturity level to stakeholders, you highlight your organization’s capability and commitment to excellence.
CMMI®(Capability Maturity Model® Integration) models are collections of best practices that help organizations to improve their processes. These models are developed by product teams with members from industry, government, and the ISACA-CMMI Institute. These models, called CMMI for Development(CMMI-DEV) and CMMI for Services (CMMI-SVC), provide a comprehensive integrated set of guidelines for developing products and services.
Receiving a certification for ISO 9001 informs your customers that your company is committed to providing enhanced customer satisfaction and meeting all applicable customer and regulatory requirements. In other words, it helps solidify your customers belief that you will get the job done right because you have instituted a quality management system that confirms you meet your obligations. ISO 9001 is a broad-based management system standard, and therefore can be applied to any manufacturing or service industry. The newest version of the internationally recognized standard, ISO 9001:2015 was published September 15, 2015.
A worldwide standard specifically aimed at IT Service Management. It details an integrated set of management processes for the effective delivery of services to the business and its customers. The standard complements the process approach defined within ITIL from the Office of Government Commerce (OGC). ISO/IEC 20000 consists of two parts: ISO/IEC 20000-1:2011 is the formal Specification and defines the requirements for an organization to deliver managed services of an acceptable quality for its customers. ISO/IEC 20000-2:2011 is the Code of Practice and describes the best practices for Service Management processes within the scope of ISO/IEC 20000-1. This will be of particular use to organizations preparing to be audited against ISO/IEC 20000 or planning service improvements.
ISO/IEC 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization and the International Electro-technical Commission in 2005 and then. It sets out the specification for an information security management system (ISMS). Its best-practice approach helps organizations manage their information security by addressing people and processes as well as technology. ISO27001 requires that management:
· Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts;
· Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
· Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.