The CMMI or Capability Maturity Model is an established, generally applied framework for business process management. CMMI has been successfully used to help map meaningful strategies and align objectives in many business circumstances and industries over the years.
The time is ripe to apply this framework to GRC Technology implementation. The model itself is highly flexible and easily conveyed in most organizations. This is significant, given the fact that GRC, as a term, is now often used to represent a specific layer of governence, risk and compliance management in the context of one group of responsibilities, users or technologies. This manipulated use of the GRC concept causes unnecessary confusion between the context of a process in a sub-set of GRC (such as information security) and its connection to the primary objectives of GRC across the organization served by all processes.
Evidence of the opportunity to develop a clear set of guidelines for GRC Technology Maturity comes from the ISM3 (Information Security Management maturity Model). This framework maps the InfoSec maturation process in an applicable format for organizations as they face increasing information complexity and growth in IT systems and applications over time. With such models in hand, OCEG is beginning to develop the first version of CMMI for GRC Technology implementation. The current OCEG Capability Model for GRC process management provides a strong and consistent set of guidleines for the development of an aligned GRC Technology CMM.
L. Leskela
Friday, July 25, 2008
Subscribe to:
Posts (Atom)
