Record of Processing Activities 
Transfer Impact Assessment 
Privacy Impact Assessment 
Cybersecurity Controls 
Cybersecurity Risk Management 
Interactive Awareness Program Using the Capability Maturity Model to Improve Privacy and Security - Unicis.Tech OÜ
Explore how the Capability Maturity Model (CMM) can help organizations enhance their cybersecurity, privacy, and compliance practices through gap analysis.
The Capability Maturity Model (CMM) is a framework for assessing and improving an organization’s process maturity. It offers companies with a set of standards and best practices to follow in order to improve their capabilities in specific areas.
In the Cybersecurity Controls app, Unicis employs CMM levels based on ISO/IEC 21827
methodology.The CMM is divided into levels, each of which represents a particular state of process maturity:
| Status | Meaning |
|---|---|
| Unknown | Has not even been checked yet |
| Not Applicable | Management can ignore them |
| Not Performed | Complete lack of recognizable policy, procedure, control etc. |
| Performed Informally | Development has barely started and will require significant work to fulfill the requirements |
| Planned | Progressing nicely but not yet complete |
| Well Defined | Development is more or less complete, although detail is lacking and/or it is not yet implemented, enforced and actively supported by top management |
| Quantitatively Controlled | Development is complete, the process/control has been implemented and recently started operating |
| Continuously Improving | The requirement is fully satisfied, is operating fully as expected, is being actively monitored and improved, and there is substantial evidence to prove all that to the auditors |
Gap analysis is a technique for identifying the gaps or differences between a company’s current state (as represented by its process maturity level) and its desired future state. Organizations can identify opportunities for growth and establish plans to bridge those gaps by comparing existing and desired degrees of maturity.
An organization uses the CMM for gap analysis by comparing its current processes to the CMM levels to establish its current maturity level. Then it determines the maturity level it wishes to acquire. The disparities between present and target levels identify areas for improvement.
Organizations can build action plans to remedy gaps after they have been discovered. Implementing new procedures, upgrading current ones, training personnel, adopting industry best practices, or utilizing external knowledge may all be part of this. The goal is to gradually narrow the gaps and advance to greater levels of process maturity, thereby enhancing the organization’s overall performance and efficiency.
Using the Unicis Cybersecurity Controls app, together with the MVSP checklist you can achieve and accomplish an organization gap analysis.
Unicis Platform
Ready to automate your GRC workflow?
Join teams using Unicis to manage privacy compliance, cybersecurity controls, and regulatory frameworks — all in one open-source platform.