CMMI (Capability Maturity Model Integration) is a process improvement maturity model for the development of products and services (see IR Home). It is developed and published by the Software Engineering Institute of the Carnegie Mellon University, Pittsburgh (USA). The documented CMMI processes, which were selected for integration with Risk Management processes, cover activities which guide through the implementation of highly mature development and service processes (CMMI for Development V. 1.2). The CMMI processes themselves are generic and may be applied to various concrete business processes.
Similar to PRINCE2™, CMMI has a very large scope and can thus be used to integrate IT Risk Management with the (re-)design phase of any kind of IT process, i.e. IT Risk Management can be included in the IT process improvement efforts. CMMI is not focussed on projects, like an application development process or a project management framework, but on regular business processes which are executed on a daily basis. During the maturity improvement process execution, valuable information about expected operational risks can be gathered and passed to IT Risk Management. In turn Risk Treatment measures coming from IT Risk Management can be included in the process design.