Making Process Real, a seminar in preparing to meet new regulations for controls as proposed by the Sarbanes-Oxley Law was presented by Robin Basham, in Boston, MA 2003, while participating on the board of the Association for Women in Computing. This marked the first use of "Maturity Through Process", and was the basis for preparing ISO 9000 compliant companies to map to their needed SOX CobiT controls.  The work was implemented through SamePage Software, which would later be branded "Facilitated Compliance Management".  The model would be donated to open source and to this day would remain free.

 

Achieving Maturity Through Process

Over a period of three years (2002 to 2005), this governance and compliance model would evolve to the RunBook UML, presented at OASIS as a "method of participation" in compliance controls. This Unified Model Language seen here has launched numerous off the shelf applications, is documented in the "Perils of Mount Must Read" as a solution to evolving regulations, and provided the baseline to deliver what is one of the world's first published regulatory databases. The entire contents of the Facilitated Compliance Management Source documents database were contributed to the ORCA project at OMG and later added to supporting knowledge use for the OCEG Redbook V1. The GRC UML (delivered as RunBook UML for the Configuration Management TC) explained relationships necessary to any set of Governance Risk and Compliance Platforms. Where Maturity through process spoke to the observed maturation in enterprise procedures, the GRC UML focusses on the automation of all areas across the enterprise.

GRC UML

Consider one more image on the maturity spectrum.  How far along is your company in cloud and virtualization adoption?

Virtual Maturity Model