What It Is

Capability Maturity Model Integration (CMMI) is a performance improvement framework for process institutionalization. Primarily a certification model governed by ISACA's CMMI Institute, it focuses on software development, services, and acquisition across industries. Its maturity-based approach progresses organizations from ad-hoc to optimizing processes via structured levels.

Key Components

• **4 Category AreasDoing, Managing, Enabling, Improving.
• 25 Practice Areas (v2.0) like Requirements Development, Configuration Management, Causal Analysis.
• Maturity Levels 0-5 and Capability Levels 0-3.
• Generic Practices for institutionalization; SCAMPI appraisals (A/B/C) for validation.

Why Organizations Use It

• Enhances predictability, reduces rework (up to 50% schedule gains).
• Meets contract requirements in defense, regulated sectors.
• Builds risk management, stakeholder trust via benchmarks.
• Drives competitive edges like procurement eligibility.

Implementation Overview

• Phased: assessment, piloting, rollout, appraisal.
• Involves gap analysis, training, tooling integration.
• Suits mid-to-large firms in IT, aerospace; voluntary but appraisal-driven.
• Targets 12-24 months with executive sponsorship.

What It Is

UK GDPR (UK General Data Protection Regulation) is the UK's post-Brexit adaptation of the EU GDPR, a binding regulation enforced by the Information Commissioner’s Office (ICO). It governs personal data processing with a risk-based, accountability-focused approach, applying to UK-established organizations and those targeting UK individuals extraterritorially.

Key Components

• Seven core principles: lawfulness, purpose limitation, data minimisation, accuracy, storage limitation, integrity/confidentiality, accountability.
• Individual rights (access, rectification, erasure, portability, objection).
• Controller/processor obligations, DPIAs, breach notifications, lawful bases.
• No formal certification; compliance demonstrated via records (RoPA), audits, ICO enforcement.

Why Organizations Use It

• Mandatory for legal compliance, avoiding fines up to 4% global turnover.
• Enhances risk management, builds trust, enables secure data use in AI/marketing.
• Drives efficiency via minimisation, supports cross-border operations.

Implementation Overview

Phased: gap analysis, RoPA mapping, policies, training, DPIAs, vendor contracts. Applies to all sizes handling UK data; ICO audits enforce.