CERT-RMM Capability Appraisals

A CERT-RMM appraisal is used to objectively review an organization against the model's processes and practices. It can be used internally to improve the organization's processes for managing operational resilience, or it can be applied externally to determine the capability of a third-party organization (e.g., business partner, supplier). Either way, the appraisal provides a foundation for long-term process improvement.

Unlike assessments, audits, or evaluations in the security, business continuity, or IT domains, the CERT-RMM appraisal helps an organization understand its level of capability through an examination of process maturity. In other words, it determines not only whether an organization is doing the right things right now, but whether it is capable of sustaining an acceptable level of performance during times of stress and over the long run.

A CERT-RMM appraisal provides insight into

  • current state of the organization's processes for managing operational resilience
  • the organization's process strengths and weaknesses
  • opportunities for improvement relative to the CERT-RMM
  • potential value of improvements
  • ways to prioritize improvement activities

The appraisal is performed by SEI-authorized appraisers who are trained in CERT-RMM and its appraisal methodology. How involved the organization's personnel will be in the appraisal depends on the appraisal's scope.

To learn more about CERT-RMM appraisals, see our CERT-RMM Appraisal FAQ. To arrange for a CERT Division appraiser to perform a CERT-RMM appraisal in your organization contact us.

Take the Next Step

Learn more about CERT-RMM appraisals, become a licensed CERT-RMM appraiser, or arrange for CERT staff to perform a CERT-RMM appraisal in your organization.

Request an Appraisal

Join Us on LinkedIn

Discuss resilience management as a member of the CERT Resilience Management Forum.