CERT-RMM Capability Appraisals
A CERT-RMM appraisal is used to objectively review an organization against the model's processes and practices. It can be used internally to improve the organization's processes for managing operational resilience, or it can be applied externally to determine the capability of a third-party organization (e.g., business partner, supplier). Either way, the appraisal provides a foundation for long-term process improvement.
Unlike assessments, audits, or evaluations in the security, business continuity, or IT domains, the CERT-RMM appraisal helps an organization understand its level of capability through an examination of process maturity. In other words, it determines not only whether an organization is doing the right things right now, but whether it is capable of sustaining an acceptable level of performance during times of stress and over the long run.
A CERT-RMM appraisal provides insight into
- current state of the organization's processes for managing operational resilience
- the organization's process strengths and weaknesses
- opportunities for improvement relative to the CERT-RMM
- potential value of improvements
- ways to prioritize improvement activities
The appraisal is performed by SEI-authorized appraisers who are trained in CERT-RMM and its appraisal methodology. How involved the organization's personnel will be in the appraisal depends on the appraisal's scope.
Join Us on LinkedIn
Discuss resilience management as a member of the CERT Resilience Management Forum.