See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/327431346

Maturity Models for Data and Information Management

Chapter · September 2018

DOI: 10.1007/978-3-030-00066-0_7

CITATIONS READS

17 14,970

2 authors:

Diogo Proença José Borbinha

Inesc-ID University of Lisbon
34 PUBLICATIONS 464 CITATIONS 201 PUBLICATIONS 1,608 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Diogo Proença on 12 November 2018.

The user has requested enhancement of the downloaded file.

Maturity Models for Data and Information Management
A State of the Art

Diogo Proença1,2, José Borbinha1,2

1Instituto
Superior Técnico, Universidade de Lisboa, Lisboa, Portugal
2INESC-ID, Lisboa, Portugal

{diogo.proenca, jlb}@tecnico.ulisboa.pt

Abstract. A Maturity Model is a widely used technique that is proved to be val-

uable to assess business processes or certain aspects of organizations, as it repre-
sents a path towards an increasingly organized and systematic way of doing busi-
ness. A maturity assessment can be used to measure the current maturity level of
a certain aspect of an organization in a meaningful way, enabling stakeholders to
clearly identify strengths and improvement points, and accordingly prioritize
what to do in order to reach higher maturity levels. This paper collects and ana-
lyzes the current practice on maturity models from the data and information man-
agement domains, by analyzing a collection of maturity models from literature.
It also clarifies available options for practitioners and opportunities for further
research.

Keywords: Maturity, Maturity Model, Maturity Assessment, Data Manage-

ment, Information Management.

1 Introduction
A maturity model is a technique that proved valuable in measuring different aspects of
a process or an organization. It represents a path towards increasingly organized and
systematic way of doing business in organizations.
A maturity model consists of a number of “maturity levels”, often five, from the
lowest to the highest, initial, managed, defined, quantitatively managed and optimizing
(however, the number of levels can vary, depending on the domain and the concerns
motivating the model). This technique provides organizations: (1) a measuring for au-
diting and benchmarking; (2) a measuring of progress assessment against objectives;
(3) an understanding of strengths, weaknesses and opportunities (which can support
decision making concerning strategy and project portfolio management).
We can trace the subject of maturity models back to 1973 [1], and recognize as high-
lights the Software Engineering Institute (SEI) Capability Maturity Model Integration
(CMMI) [2] that was first presented in 1991, and in 2004 the ISO/IEC 15504 [3]. Both
the CMMI and ISO/IEC 15504 are key references, born in the Software Engineering
domain, culminating decades of development and refinement of the corresponding
models. Moreover, there is certification for these two references, which are the de facto
2

assessment techniques to use when benchmarking organizations for their software en-
gineering process implementation and maturity. As such, in order for the results to be
comparable, there is a detailed maturity assessment method behind each of these ma-
turity models. These methods define in detail how to plan, conduct, and determine the
maturity levels of an assessment and how to present the results to the organization.
These methods make each assessment repeatable and comparable with results from
other organizations, allowing for benchmarking.
This paper is structured as follows. The first sections of this paper provide a back-
ground to the concepts of maturity and maturity model, the rationale for the selection
of the maturity models examined, and a brief description of each maturity model. A
more detailed analysis follows. The next section provides a discussion on the analysis
of the selected maturity models. A concluding section highlights gaps in the current
range of maturity models and identifies opportunities for further research.

2 Background
To evaluate maturity, organizational assessment models are used, which are also known
as stages-of-growth models, stage models, or stage theories [4].
Maturity is a state in which, when optimized to a particular organizational context,
is not advisable to proceed with any further action. It is not an end, because it is a
“mobile and dynamic goal” [4]. It is rather a state in which, given certain conditions, it
is agreed not to continue any further action. Several authors have defined maturity,
however many of these definitions fit into the context in which each the maturity model
was developed.
In [5], the authors define maturity as a specific process to explicitly define, manage,
measure and control the evolutionary growth of an entity. In turn, in [6] the authors
define maturity as a state in which an organization is perfectly able to achieve the goals
it sets itself. In [7] it is suggested that maturity is associated with an evaluation criterion
or the state of being complete, perfect and ready and in [8] as being a concept which
progresses from an initial state to a final state (which is more advanced), that is, higher
levels of maturity. Similarly, in [9] maturity is related with the evolutionary progress
in demonstrating a particular capacity or the pursuit of a certain goal, from an initial
state to a final desirable state. In [10] maturity is seen as the “extent to which an organ-
ization has explicitly and consistently deployed processes that are documented, man-
aged, measured, controlled, and continually improved.”
Most maturity model definitions found in literature clarify that maturity models are
particularly important for identifying strengths and weaknesses of the organizational
context to which they are applied, and the collection of information through methodol-
ogies associated with benchmarking.
In [4] the authors define maturity models as a series of sequential levels, which to-
gether form an anticipated or desired logical path from an initial state to a final state of
maturity. Röglinger et al. [14] explain that a maturity model includes “a sequence of
levels (or stages) that together form an anticipated, desired, or logical path from an
initial state to maturity.”
Some definitions involve common organizational concepts. For example, the defini-
tion in [11] defines a maturity model as “... a framework of evaluation that allows an
 3

organization to compare their projects and against the best practices or the practices of
their competitors, while defining a structured path for improvement.” This definition is
deeply embedded in the concept of benchmarking. In other definitions, such as the in
[12], we identify the concern of associating a maturity model to the concept of contin-
uous improvement. In [13], it was concluded that the great advantage of maturity mod-
els is that they show that maturity must evolve through different dimensions and, once
reached a maturity level, sometime is needed for it to be actually sustained.
The SEI explains that a maturity model “contains the essential elements of effective
processes for one or more areas of interest and describes an evolutionary improvement
path from ad hoc, immature processes to disciplined, mature processes with improved
quality and effectiveness.”
Currently, the lack of a generic and global standard for maturity models has been
identified as the cause of poor dissemination of this concept.

3 Overview of Maturity Models

Many maturity models are referenced in discussion in the domains related with data
and information management. We performed literature searches in Scopus and Google
Scholar for variations of ‘data management’, ‘information management’, ‘model’, ‘ma-
turity’, capability’, ‘assessment’, ‘improvement’, ‘measurement’, as well sampling the
citations that resulted from this initial set of literature sources. Community websites
were also explored, such as the Research Data Alliance (RDA), the Digital Preservation
Coalition, and the CMMI Institute.
We additionally included models based on our knowledge with existing publications.
Next, we developed a set of inclusion and exclusion criteria. First, the maturity assess-
ment must be explicitly focused on the domains that surround the data and information
management topics. There are models that measure almost every perceivable aspect of
an organization without focusing on the aspects relating with the management of data
and information. One example is the ISACA’s COBIT5 which focuses on measuring
IT Governance. This model has several measures for aspects relating with data and
information in the IT context. However, the model does not explicitly focus on data and
information management aspects and for this reason was not considered for this work.
Further, we excluded models that their explicit outputs are not a set of maturity or
capability levels. These models can be used to assess an organization however their
output can be a percentage value or a grade without the underlying concept of maturity.
Such models include, the ISO16363 [15] and the Data Seal of Approval1 from the dig-
ital preservation domain, and MoRec2 from the records management domain.
In total 14 maturity models met all the criteria, described briefly below in chrono-
logical order and listed together with the respective abbreviation and main reference in
Table 1.

1 https://www.datasealofapproval.org/en/
2 http://www.moreq.info/
4

Table 1. Maturity models analyzed.

Name Abbreviation Year Reference
Gartner Enterprise Information Management Maturity Model EIMM 2008 [25]
ARMA Information Governance Maturity Model IGMM 2010 [26]
Enterprise Content Management Maturity Model ECMM 2010 [27]
Recordkeeping Maturity Model and Roadmap RKMM 2010 [28]
Asset Management Maturity Model AMMM 2011 [29]
Stanford Data Governance Maturity Model DGMM 2011 [30]
Digital Preservation Capability Maturity Model DPCMM 2012 [31]
Brown Digital Preservation Maturity Model BDPMM 2013 [32]
JISC Records Management Maturity Model RMMM 2013 [33]
CMMI Institute Data Management Maturity Model DMMM 2014 [34]
SU Capability Maturity Model for Research Data Management CMMRDM 2014 [35]
Preservica Digital Preservation Maturity Model PDPMM 2015 [36]
Digital Asset Management Maturity Model DAMM 2017 [37]
E-ARK Information Governance Maturity Model A2MIGO 2017 [40][41]

Gartner Enterprise Information Management Maturity Model (2008) – Enter-

prise Information Management (EIM) is defined by Gartner as the organizational com-
mitment to “structure, secure and improve the accuracy and integrity of enterprise in-
formation; solve semantic inconsistencies across boundaries and; support the objectives
of enterprise architecture and the business strategy” [25]. Gartner proposes six phases
of maturity regarding EIM. Where in level 0 there are no EIM activities in place and in
level 5 EIM is fully implemented in the organization. It provides examples on how to
get questions from the maturity criteria. However, it does not provide a method or
guidelines for assessment using this maturity model. This maturity model consists of
five maturity levels with no attributes defined.
ARMA Information Governance Maturity Model (2010) – Builds on the gener-
ally accepted recordkeeping principles developed by ARMA 3. The principles provide
high-level guidelines of good practice for recordkeeping although they do not go into
detail to the implementation of these principles and do not have further details on poli-
cies, procedures, technologies and roles [26]. There are a series of steps to assess the
current maturity level and identify the desired level. These steps are not formal and
consist of simple statements of what to do without defined guidance on how to perform
the steps. This maturity model consists of five maturity levels with eight attributes de-
fined which are called principles.
Enterprise Content Management (ECM) Maturity Model (2010) – Provides the
tools to build a roadmap for ECM improvement by providing the current state of ECM
implementation as well as a roadmap to reach the required maturity level [27]. Its aim
is to build a roadmap for ECM improvement, in a step-by-step fashion ranging from
basic information collection and simple control to refined management and integration.
No assessment method is described, the way of getting the current level is done by the
organization itself by checking if the organization possesses all the requirements for a
given level regarding a specific dimension. This maturity model consists of five ma-
turity levels with attributes at two levels, three attributes called categories which are
further decomposed into 13 dimensions.

3 www.arma.org/principles
 5

Recordkeeping Maturity Model and Roadmap (2010) – Developed to improve

recordkeeping practice is Queensland public authorities. It builds on the premise that
“good business practice incorporates regular review and assessment to ensure optimal
performance o processes and systems” [28] The maturity model identifies the minimum
mandatory requirements for recordkeeping which represent maturity level 3. In other
words, organizations should be at least at level 3 to be compliant with the minimum
requirements. The assessment results can also be used to prioritize a strategic record-
keeping implementation plan. This maturity model consists of five maturity levels with
attributes at two levels, nine attributes called principles which are further decomposed
into 36 key areas.
Asset Management Maturity Model (2011) – Originated from an evaluation in the
Netherlands to investigate how asset managers deal with long-term investment deci-
sions [29]. This evaluation took into consideration organizations that control infrastruc-
tures, such as, networks, roads and waterways and focus on the strategy, tools, environ-
ment and resources. The maturity model consists of five maturity levels and is detailed
through four dimensions. Its aim is to understand how asset managers deal with long-
term investment decisions and provide an improvement path for organization to im-
prove the long-term investment decisions. This maturity model consists of five maturity
levels with four attributes defined which are called categories.
Stanford Data Governance Maturity Model (2011) – Based on the Data Govern-
ance Program from Stanford and is centered on the institution as it was developed hav-
ing in mind the goals, priorities and competences of Stanford. It focuses on both the
foundations and the project aspects of data governance and measures the core data gov-
ernance capabilities and development of the program resources [30]. The name for each
of the maturity levels is not described in this model. Its aim is to measure the founda-
tional aspects and project components of the Stanford’s Data Governance program.
This maturity model consists of five maturity levels with three attributes defined which
are called dimensions.
Digital Preservation Capability Maturity Model (2012) – A tool to chart the evo-
lution from a disorganized and undisciplined electronic records management program,
or one that does not exist, into increasingly mature stages of digital preservation capa-
bility [31]. The DPCMM is designed to help identify, protect and provide access to
long-term and permanent digital assets. Consists of 75 statements where which has an
integer value ranging from zero to four designated as an index value [31]. These index
values are then mapped to a certain capability level. There is an on-line assessment tool
available at http://www.digitalok.org. This maturity model consists of five maturity
levels with attributes at two levels, three attributes called domains which are further
decomposed into 15 components.
Brown Digital Preservation Maturity Model (2013) – Examines the notion of
“trusted” digital repositories and proposes a maturity model for digital preservation.
The author defined the digital preservation process perspectives, which are the set of
processes that together establish the digital preservation capability. Then, for each of
these processes there are a set of requirements that organizations must achieve to reach
a certain maturity level for a certain process [32]. An assessment method is not defined.
The organization should assess themselves against the requirements of the maturity
6

model and position themselves among the maturity levels. However, there is no method
or tool to facilitate this assessment. This maturity model consists of five maturity levels
with ten attributes defined which are called process perspectives.
JISC Records Management Maturity Model (2013) – Created by JISC infoNet
and stands as a self-assessment tool for higher education institution in England and
Wales [33]. It is based on a code of practice and its aim is to help in the compliance
with this code although it is independent from the code. Its aim is to help higher edu-
cation institutions to assess their current approach on records management regarding
recommendations issued by the United Kingdom government and benchmark against
other similar organizations. Self-assessment is conducted by using a spreadsheet, con-
sisting of statements for each of the nine sections. Users should choose the level that
best suits the organization for each statement. This maturity model consists of five ma-
turity levels with nine attributes defined which are called sections.
CMMI Institute Data Management Maturity Model (2014) – A reference model
for data management process improvement created by the CMMI Institute. Defines the
fundamental business processes of data management and specific capabilities that con-
stitute a path to maturity [34]. It allows organizations to evaluate themselves against
documented best practices, determine gaps, and improve data management across func-
tional, business, and geographic boundaries. Its aim is to facilitate an organization’s
understanding of data management as a critical infrastructure, through increasing capa-
bilities and practices. This maturity model consists of five maturity levels with attrib-
utes at two levels, six attributes called categories which are further decomposed into 25
process areas.
Syracuse University Capability Maturity Model for Research Data Manage-
ment (2014) – Developed by the school of information studies at the University of
Syracuse in the USA [35]. It is based on the number and name of levels of CMMI, as
well as, the principles of each level. RDM has become a treading topic in data manage-
ment as increased importance from government agencies, such as, the US National Sci-
ence Foundation. These funding agencies are raising the issue of maintaining good
RDM practices for the projects that are funded by them. There is no assessment method
specified. This maturity model consists of five maturity levels with five attributes de-
fined which are called key process areas.
Preservica Digital Preservation Maturity Model (2015) - Created on the premise
that organizations have realized that is critical for their business that information is
retained over a long period of time [36]. Preservica defines three main sections for the
maturity model. The first section is durable storage which comprehends levels 1 to 3,
where raw bit storage increases in safety and security. The second section comprehends
levels 4 to 5, where the raw bits in storage become preserved and organized. The third
and last section is information preservation which comprehends level 6, where the in-
formation survives the lifetime of the application that created it. There is no assessment
method specified. This maturity model consists of six maturity levels with no attributes
defined.
Digital Asset Management (DAM) Maturity Model (2017) - Provides a descrip-
tion of where an organization is, where it needs to be so that it can perform gap analysis
 7

and comprehend what it needs to do to achieve the desired state of DAM implementa-
tion [37]. There is a description on how to do a self-assessment. It should begin by
identifying the stakeholders who identified the need for DAM and can advocate in favor
of it. Then, a set of questionnaires must be created and administered to each of the
stakeholders identified. Then the levels can be determined using the answers to the
questionnaires. This maturity model consists of five maturity levels with attributes at
two levels, four attributes called categories which are further decomposed into 15 di-
mensions.
E-ARK Information Governance Maturity Model (2017) – Based on the
OAIS/ISO 14721 [38], the TRAC/ISO 16363 [15] and PAIMAS/ISO 20652 [39].
A2MIGO uses the dimensions described in ISO9001 (Management, Processes and In-
frastructure) and the maturity levels defined in SEI CMMI (Initial, Managed, Defined,
Quantitatively Managed, Optimizing) [40]. The SEI CMMI levels were selected due to
their broader scope making them suitable for wider fields such as that of information
governance. This maturity model provides a self-assessment questionnaire, details how
the results are analyzed, and clarifies the concepts being used [41]. This maturity model
consists of five maturity levels with three attributes defined which are called dimen-
sions.

4 Analysis
There is a growing body of knowledge studying maturity models in other domains, and
we draw from this work in our analysis. Mettler et al. [16] note the variety of research
that exists on maturity models, and we have attempted to cover a wide range to form
our theoretical foundation here. First, the works by Maier et al. [17] and Proenca et al.
[18] provide a similar survey of models in a variety of domains and that focus on the
application of models. Second, to understand the models as artefacts, we have drawn
on work in Design Science research, including the examples and approaches to define
requirements for the process of developing a maturity model [14], as well as general
design principles for maturity models [4].
We determined a set of attributes to analyze the existing options available for data
and information management maturity assessment, the results of which are detailed in
Table 2. We first determined the domain of the maturity model. For this work, we iden-
tified three domains that deal with data and information management. These are Infor-
mation Management (IM), Digital Preservation (DP), and Records Management (RM).
We also examined the nature of the assessment process and expected outputs. Spe-
cific requirements are necessary for different types of intended audience of the model,
e.g. to be shared internally in the organization, with external stakeholders, or both. As
well, we considered the assessment method, e.g. whether it is performed as a self-as-
sessment, third-party assisted, or by a certified practitioner.
Next, we examined the practicality of the maturity model, which details if the prac-
ticality of the recommendations is problem-specific or general in nature. For this aspect,
we examined if the maturity model provided just general recommendations or if it de-
tailed specific improvement activities. A maturity model that just provides general rec-
ommendations is categorized as a descriptive model. One that details specific improve-
ment activities is considered a prescriptive model according Röglinger et al. [4].
8

Table 2. Analyzed maturity models for assessment in data and information management.
Name Domain Audience AM PRA CER Origin IOP SWPI ACC
EIMM IM External TPA GR No C No No Free
IGMM RM Both SA SIA No C No Yes Charged
ECMM IM Both SA GR No C No No Free
RKMM RM Internal SA SIA No P Yes Yes Free
AMMM IM Internal TPA GR No A No Yes Free
DGMM DM Internal SA SIA No A No Yes Free
DPCMM DP Internal TPA GR No P No Yes Free
BDPMM DP Internal SA SIA No C No Yes Charged
RMMM RM Both SA GR No P No No Free
DMMM DM Both CP SIA Yes C Yes Yes Charged
CMMRDM DM Internal N/A GR No A No Yes Free
PDPMM DP Both N/A GR No C No No Free
DAMM DM Both SA, TPA GR No C No No Charged
A2MIGO DP Internal SA, TPA SIA No A Yes Yes Free
Legend: Columns - AM = Assessment Method; PRA = Practicality; CER = Certification; IOP = Improvement Opportunities
Prioritization; SWPI = Strong/Weak Point Identification; ACC = Accessibility. Column Domain - IM= Information Man-
agement; DP= Digital Preservation; RM= Records Management. Column Assessment Method - SA= Self-Assessment;
TPA= Third-party Assisted; CP= Certified Professionals. Column Practicality - GR = General recommendations;
SIA=Specific improvement activities. Column Origin - C= Commercial; A = Academic; P = Practitioner.

Another aspect relevant when analyzing a maturity model is whether it provides a

certification or not. A certification can be used as a universal proof of conformance
with a specific maturity model which intent is to recognize an organization as excel-
lence in a given area of interest. There are cases when certifications are taken into con-
sideration when organizations apply for research grants or projects.
Additionally, we examined the origin of the model, whether it originated in the aca-
demia, from practitioners, or with a commercial intent. This aspect was useful to un-
derstand that many of the maturity models that have a commercial intent recommend
the acquisition of a certain service or product from the organization that developed the
maturity model. This means that the purpose of the maturity model is to help organiza-
tions identify which products are the most relevant for their scenario the vendor organ-
ization’s portfolio. On the other hand, practitioner and academic maturity models draw
their criteria from the respective body of knowledge in their respective domains, with
the intent of aiding organizations become efficient and effective in their respective do-
mains. A distinction between the maturity model that originates from practitioners and
the academic community, is that the academic maturity models are well-founded, with
exhaustive documentation, rationale for the assessment criteria, empirical evidence,
and detailed assessment method. The maturity models developed by practitioners often
don’t have an assessment method or a well-founded definition for the “maturity” con-
cept and the maturity levels.
Moreover, we examined whether each maturity model allows for the prioritization
of the improvement opportunities. The intention is to verify whether a maturity model
defines a generic set of requirements to reach higher maturity levels or whether it pro-
vides a prioritized set of requirements relevant for the organization being assessed to
improve their maturity. This aspect is closely related with the following aspect, whether
the maturity model identifies strong and weak points of the organization. Without an
 9

identification of the weaknesses prioritizing the improvement opportunities is next to

impossible.
Finally, the final aspect took into consideration in our analysis was the accessibility
of the model. This means whether the maturity model documentation and assessment
mechanisms are available for free or not. This is one of the most important aspects
organizations consider when opting for a maturity model to be used in their organiza-
tion. As one can expect, all of the maturity models that originated from academics and
practitioners are freely available. On the other hand, the models that have a commercial
intent can be charged. From our analysis maturity models which purpose is to identify
products or services relevant for an organization to acquire are freely available. How-
ever, for commercial maturity models that provide a certification, as is the case with
the DMMM, or were developed by an organization focused on custom development of
products and solutions, the access is charged.

5 Discussion
This analysis of maturity models has generated a number of insights into both the do-
mains that deal with data and information management and the maturity models them-
selves, as well as shedding light on the limitations around assessments performed using
maturity models.
One significant trend to emerge from this comparison is a noticeable increase in the
number and complexity of maturity models in recent years. This increasing interest in
assessment models mirrors the increasing number of legislation surrounding the man-
agement of information. Increased interest and development of maturity models can
indicate a domain’s transition from a state of lack of definition and standardization to-
wards optimization and improvement, although this shift is not always valuable or de-
sired. Maturity models come with assumptions that sometimes conflict with the reality
in organization scenarios. Improvement is often oriented towards quality control and
consistency, minimizing unpredictability of outcomes over time and reducing individ-
ual efforts to a minimum. However, the culture built around the work of skilled indi-
viduals can contrast abruptly with these assumptions, resulting in resistance to the tran-
sition to a streamlined approach.
The assumptions of the most recognized maturity models such as those compliant
with ISO33000 [19], a family of standards for process assessment, include a process
orientation which considers the availability of multiple instances of the assessed pro-
cesses across the organization. Just as the CMMI was not universally praised in the
software industry [20], current highly detailed standards prescribing functional require-
ments are not necessarily fit for all purposes. Additional limitations that result from
using maturity models include the tendency to oversimplify reality and obscuring alter-
nate paths to maturity [21].
Some of the maturity models examined in this paper declare adherence to a model
such as the SEI CMMI, they often do not demonstrate awareness of the concepts and
assumptions. One exception to this reality is A2MIGO where the authors clearly show
the relevance and extent of use of the CMMI in their work. Despite this fact and in
general, greater clarity about underlying concepts and a stronger adherence to design
principles for maturity models is needed to introduce trust in these maturity models.
10

6 Conclusion and Outlook

This work presented a state of the art on the subject of maturity models. This work is
built upon several works, and it intends to provide a detailed overview on the topic,
with a detailed coverage of the different approaches to this domain throughout the
years. In addition, by doing this literature review, and by raising the various issues still
faced regarding the subject, it is hoped that new research is raised from the points raised
throughout this paper.
Indeed, there are still lots of interesting future research questions that can be derived
from the analysis and conclusions provided by this paper that can help both Maturity
Models developers and users. In this paper, we also described the concepts which form
the foundation of maturity models. A description of the different aspects of current
maturity models was presented, combining knowledge from the different domains an-
alyzed.
As future work resulting from this paper, we concluded that current maturity assess-
ment methods focus on highly complex and specialized tasks being performed by com-
petent assessors in an organizational context [19]. These tasks mainly focus on manu-
ally collecting evidence to substantiate the maturity level determination. Because of the
complexity of these methods, maturity assessment becomes an expensive and burden-
some activity for organizations.
As such, this work motivated us to develop methods and techniques to automate
maturity assessment. The wide spread of modeling practices of business domains, as-
sisted by modeling tools, makes it possible to have access, for processing, to the data
created and managed by these tools. There are several examples of models used to rep-
resent an organization architecture, such as, Archimate [23], BPMN [22] or UML [24].
These models are descriptive and can be detailed enough to allow to perform, to some
extent, maturity assessment. For example, the collected evidence from an organization
can be synthetized into a set of model representations that can then be used when ana-
lyzing and calculating the maturity levels.
Building on the knowledge of ontologies from the computer science and information
science domains, these were used to represent maturity models and model representa-
tions. This was achieved by developing ontologies that express all the core concepts
and relationships among them, as also the rules for a maturity assessment accordingly
Then, by representing maturity models and models representations of concrete organi-
zational scenarios using ontologies we can verify if an organization models representa-
tions matches the requirements to reach a certain maturity level using ontology query
and reasoning techniques, such as Description Logics inference.

Acknowledgements
This work was supported by national funds through Fundação para a Ciência e a Tecno-
logia (FCT) with reference UID/CEC/50021/2013.

References
1. R. L. Nolan, "Managing the Computer Resource: A Stage Hypothesis," in Communications
of the ACM, vol. 16, pp. 399-405, 1973.
 11

2. D. M. Ahern, A. Clouse, R. Turner, CMMI Distilled: A Practical Introduction to Integrated

Process Improvement - Third Edition, Addison Wesley Professional, 2008.
3. ISO/IEC 15504:2004, Information technology - Process assessment, International Organi-
zation for Standardization and International Electrotechnical Commission, 2004.
4. M. Röglinger, J. Pöppelbuß, “What makes a useful maturity model? A framework for gen-
eral design principles for maturity models and its demonstration in business process man-
agement,” In proceedings of the 19th European Conference on Information Systems, Hel-
sinki, Finland, June. 2011.
5. M. Paulk, B. Curtis, M. Chrissis, C. Weber, Capability Maturity Model for software, Ver-
sion 1.1 CMU/SEI-93-TR-24, Pittsburgh, Pennsylvania, USA, Carnegie Melon University.
1993.
6. E. Anderson, S. Jessen, “Project Maturity in Organizations,” in International Journal of
Project Management Accounting, Vol. 21, pp. 457-461. 2003.
7. R. Fitterer, P. Rohner, “Towards assessing the networkability of health care providers: a
maturity model approach,” Information Systems E-business Management, Vol. 8, pp. 309-
333. 2010.
8. A. Sen, K. Ramammurthy, A. Sinha, “A model of data warehousing process maturity,” In
IEEE Transactions of Software Engineering. 2011.
9. T. Mettler, “A design science research perspective on maturity models in information sys-
tems,” St. Gallen: Institute of Information Management, University of St. Gallen. 2009.
10. CMMI Product Team, CMMI for development - version 1.3, Software Engineering Institute
- Carnegie Mellon University, Tech. Rep. CMU/SEI-2010-TR-033, 2010.
11. A. Korbel, R. Benedict, “Application of the project management maturity model to drive
organizational improvement in a state-owned corporation,” in proceedings of 2007 AIPM
Conference, Tasmania, Australia, 7-10, October 2007.
12. G. Jia, Y. Chen, X. Xue, J. Chen, J. Cao, K. Tang, “Program management organization
maturity integrated model for mega construction programs in China,” in International
Journal of Project Management, vol. 29, pp. 834-845, 2011.
13. R. Jamaluddin, C. Chin, C. Lee, “Understanding the requirements for project management
maturity models: awareness of the ICT industry in Malaysia,” in proceedings of the 2010
IEEE IEEM, pp. 1573-1577, 2010.
14. J. Becker, R. Knackstedt, J. Pöppelbuβ, “Developing maturity models for IT management:
A procedure model and its application,” in Business and Information Systems Engineering,
vol. 3, pp 213-222. 2009.
15. ISO 16363:2012, Space data and information transfer systems – Audit and certification of
trustworthy digital repositories, 2012.
16. T. Mettler, P. Rohner, R. Winter, "Towards a Classification of Maturity Models in Infor-
mation Systems," In A. D'Atri, M. De Marco, A. M. Braccini and F. Cabiddu: Management
of the Interconnected World, Physica-Verlag, Heidelberg, 2010.
17. A. Maier, J. Moultrie, P. Clarkson, “Assessing Organizational Capabilities: Reviewing and
Guiding the Development of Maturity Grids,” in IEEE transactions on engineering man-
agement, vol. 59, no. 1, 2012.
18. D. Proenca, J. Borbinha, “Maturity Models for Information Systems,” in Proceedings of
the Conference on ENTERprise Information Systems 2016 (CENTERIS 2016), 2016.
19. ISO/IEC 33000:2015, Information technology — Process assessment,. International Or-
ganization for Standardization and International Electrotechnical Commission, 2015.
20. M. Fayad, M. Laitnen, "Process assessment considered wasteful," Communications of the
ACM, 40(11):125–128, 1997.
 12

21. M. Roglinger, J. Poppelbuß, J. Becker, "Maturity models in business process manage-

ment," BPMJ, 18(2):328–346, Apr. 2012.
22. Object Management Group, Business Process Model and Notation (BPMN), Version 2.0,
OMG Standard, formal/2011-01-03, 2011.
23. The Open Group. ArchiMate 3.1 Specification, Van Haren Publishing, 2017.
24. Object Management Group, “OMG Unified Modelling Language (OMG UML), Version
2.5.” 2015.
25. D. Newman, D. Logan, “Gartner Introduces the EIM Maturity Model,” Gartner, 2008.
26. ARMA International, “Generally Accepted Recordkeeping Principles - Information Gov-
ernance Maturity Model.” [Online]. Available: http://www.arma.org/principles
27. A. Pelz-Sharpe, A. Durga, D. Smigiel, E. Hartmen, T. Byrne, J. Gingras, “Ecm Maturity
Model - Version 2.0,” Wipro - Real Story Group - Hartman, 2010.
28. Queensland State Archives, "Recordkeeping maturity model and road map: Improving
recordkeeping in Queensland public authorities," The State of Queensland (Department of
Public Works), 2010.
29. T. Lei, A. Ligtvoet, L. Volker, P. Herder, “Evaluating Asset Management Maturity in the
Netherlands: A Compact Benchmark of Eight Different Asset Management Organiza-
tions,” In Proceedings of the 6th World Congress of Engineering Asset Management, 2011.
30. Stanford University, “Data Governance Maturity Model.” [Online]. Available:
http://web.stanford.edu/dept/pres-provost/cgi-bin/dg/wordpress/
31. C. M. Dollar, L. J. Ashley, “Assessing Digital Preservation Capability Using a Maturity
Model Process Improvement Approach”, Technical Report, February 2013.
32. A. Brown, Practical Digital Preservation - A how-to guide for organizations of any size,
Facet Publishing. 2013.
33. JISC InfoNet, “Records Management Maturity Model.” [Online]. Available:
http://www.jiscinfonet.ac.uk/tools/maturity-model/
34. CMMI Institute, “Data Management Maturity (DMM) Model,” Version 1.0, August 2014.
35. Syracuse University, “CMM for RDM – A Capability Maturity Model for Research Data
Management.” [Online]. Available: http://rdm.ischool.syr.edu/
36. Preservica, “Digital Preservation Maturity Model”, White Paper, 2014.
37. Real Story Group, DAM Foundation, “The DAM Maturity Model.” [Online]. Available:
http://dammaturitymodel.org/
38. ISO 14721:2010, Space data and information transfer systems – Open archival information
system – Reference model, 2010.
39. ISO 20652:2006, Space data and information transfer systems – Producer-archive inter-
face – Methodology abstract standard, 2006.
40. E-ARK Project, "D7.5 – A Maturity Model for Information Governance - Final Version,"
E-ARK Project Consortium, 2017.
41. E-ARK Project, "D7.6 – Final Assessment and Evaluation," E-ARK Project Consortium,
2017.

View publication stats