Climbing the Capability Maturity Model (CMM) ladder

    Written by HarmonyPSA on 2017-05-15 Last updated 2020-07-01 - 2 minute read

CMM is a concept that dates back to the US Department of Defence assessing their software contractors and developing a maturity model that enabled the contractor’s process maturity to be compared.

You sometimes see outsourced companies advertising themselves as CMM level 5 (the highest) with direct reference to this model.

There is significant debate about whether CMM Level 5 even makes sense as an operating model, in particular for innovative software development. However as a lens through which to review your processes, it has good applicability and is a stepping stone to ISO accreditation.

This blog post discusses the model and how a PSA tool can assist you to climb the ladder without burying the company in procedural documentation or stifling innovation.

Applied correctly, it is actually equally applicable to MSPs and ISVs using both waterfall and agile methodologies.

So, what are the 5 levels?

  • Initial: really describing a reactive, crisis management paradigm where people have skills but no clearly managed repeatable processes (so: undocumented break/fix models)
  • Repeatable: companies at this level operate repeatable processes in normal circumstances but may not follow those processes in crisis situations and rarely, if ever, analyse their process performance in any structured manner
  • Defined: here process models are agreed and generally used while ad-hoc analysis is used to improve them for outlying situations. So, processes need to be documented (in some way), applied and analytics must be available to enable improvements to be made, generally in response to failure incidents
  • Managed: for this maturity, process model options are available tailored to different situations that enable them to be used in all cases, not simply common cases. Combining this with consistent tracking of process metrics and more regular analysis and process model adaptations completes the picture
  • Optimised: the highest level builds on level 4 with regular enforced optimisation of processes, based upon periodic analysis as a fully repeatable process in its own right

Now, applying this thinking to the needs of a PSA is actually quite simple.

If you don’t use a PSA or service desk tool it is highly unlikely you will be able to demonstrate anything other than heroic crisis management, i.e. Level 1 activity.

Companies using PSA systems with limited optionality in the ticket sub-types and process models should immediately be able to claim Level 2, but they are unlikely to qualify for Level 3 due to outlying coverage issues. Where service desk systems are stand-alone and not used for time bookings, or project work, it will be hard to demonstrate much more than Level 2 due to a lack of company-wide, clean metrics. With project activity and time bookings taking place outside the system, getting a clear analytics across all activity is very hard to impossible.

To reach further, both service tickets and project work items need subclasses and specific workflows that are enforced, with complete time booking coverage enforced against both so that the process models are applied and measurable. Most time-booking, SLA-related, PSA configurations should be able to demonstrate Level 3 maturity if used correctly.

Level 4 needs a PSA that is both flexible enough to encompass all the work being done with robust (but easily editable) process workflows, combined with strong automatically available analytics that underpin improvement thinking in a consistent manner. The nice thing is that given a platform that capable, Level 4 maturity should be a relatively simple goal and a large step towards ISO accreditation. Then you can both demonstrate and sell a quality margin, improving your closure rate and growing your business.

Level 5 presents an impractical, high-cost goal that is beyond the economic reach of most technology businesses and can even be shown to hamper innovation.

So, stick to the practical, low-hanging fruit of Level 4 - providing your PSA is good enough to manage the situation. If it isn’t consider buying one that is.


About the Author: Harmony Business Systems Ltd (HBS) is the company behind HarmonyPSA, the most complete cloud PSA software on the market. Developed with functionality to cater for even the most complex needs of MSPs, VARs, ISVs and Professional Services organisations, HarmonyPSA truly is the next generation of PSA systems. Follow HarmonyPSA on , LinkedIn or Website

Tags: Business, Capability Maturity Model, CMM, ISV, MSP 2.0, MSP Business, Quality Processes, Software Business


Recent posts

Subscribe to our blog