CMMI capability maturity models in the UK

Someone I worked with moved to another software house in the US. So, I googled their new employer. They don’t have ISO 9001:2015, but have been appraised at Level 3 of the CMMI Institute’s Capability Maturity Model Integration (CMMI) process model. This was new to me, so I googled it. CMMI is all about process …

GDPR is unrewarding to develop systems for, but satisfying nevertheless

Businesses need to cater for GDPR. You need to understand what PII data you have, how you got it and why, what you do with it, and how you satisfy the requirements of GDPR. Someone in the business needs to know about it. Someone needs to make sure it’s sorted. If that’s you, you have …

Be confident about ISO standard requirements

Perusing LinkedIn groups, it strikes me that people overthink ISO requirements. As a result, they lack confidence in their own management system. Project this to an auditor at your peril. As an example, I’ve just contributed to a conversation where the poster was unsure about an ISO 27001 Annex A control. The regulation of cryptographic …