Program Maturity Levels
To differentiate our programs, according to size and intricacy, Certified By embrace a comprehensive Maturity Level model.
Simplifying Standards
Compliance standards exist for all businesses – big and small. Yet they are rarely seen by those who matter most and can be difficult and expensive to implement.
Our mission is to simplify standards, mitigate risk and provide a pathway to best practice audit and certification – something we are all too familiar with ourselves.
We’ve cleared the clutter around what it means to achieve compliance with our series of easy to navigate online programs.
Through our affordable, seamless and scalable tech, we have removed the complexity of compliance and made it a tool for growth that is applicable to businesses of all sizes – from not-for-profits to ASX listed companies.
What is a Program?
Using an ‘Assess, report, remediate and certify’ methodology, we help businesses implement best practice standards by providing a self assessment, risk report and remediation report to identify and prioritise risk mitigation and essential compliance strategies.
This, as you can imagine though, is not a one size fits all application.
For example: a small business with 10 staff requires a very different level of framework to follow than that of a mature company of 500+.
To differentiate our programs, according to the size and intricacy, and to recognise user achievements, Certified By embraces a comprehensive Maturity Level model.
Maturity Levels > 1 - 3
We have established three maturity levels to assist organisations in the implementation of Certified By programs / modules in Cyber Security, Workplace Relations & Sustainability + ESG.
These are defined by Maturity Levels 1-3.
The maturity levels are based on increasing levels of mitigating organisational governance, risk and compliance requirements (i.e. policies, procedures, credentialing, training and monitoring).
Organisations need to consider their regulatory and reputational risk tolerance, and the likelihood and consequence of an incident occurring under their watch.
This, in combination with the descriptions for each maturity level, can be used to help determine a target Maturity Level to implement.
|
LEVEL
|
INTRICACY
|
DESCRIPTION
|
|---|---|---|
|
1
|
ESSENTIAL
|
Organisations with a Risk Score of 0-10% have demonstrated an excellent level of compliance with a Program framework, and should be reveered for their commitment to best practice.
|
|
2
|
PATHWAY
|
Organisations with a Risk Score of 31-50% have demonstrated a reasonable level of compliance with a Program framework, and should be encouraged to continue their commitment to best practice.
|
|
3
|
PINNACLE
|
Organisations with a Risk Score of 71-100% have demonstrated an emerging level of compliance with a Program framework, and should be encouraged to continue their commitment to best practice.
|
Maturity Level 1: This is the essential first step in measuring your business against essential risk factors and Standards requirements. Ideal for small businesses, non-profits and start-ups, our Maturity Level 1 Programs allow your business to measure itself against best practice standards and become familiar with measuring risk and compliance posture, performance and improvement.
Maturity Level 2: Incorporating the above mechanisms, this level is the pathway to Maturity Level 3, literally levelling up businesses seeking a higher level of risk and compliance visibility. This is a progressive step for growing businesses.
Maturity Level 3: Finally, the pinnacle – Maturity Level Three. This will by no means mitigate all risk, but alongside an organisation’s willingness to remain vigilant and commit necessary resources to improve, monitor and respond, Maturity Level Three represents a preparedness and pathway to best practice Certification Standards like ISO and SOC2.
Program Implementation
Where available, organisations should begin with an “ML1” program. Once completed, they should then progressively implement each maturity level until they are complete and they are satisfied with their risk result.
Our programs have been designed to compliment each other, and to provide coverage of various threats. Based on its maturity in each category, an organisation should plan to *implement in line with its goals and priorities.
While our programs can help to mitigate the majority of risks, it will not mitigate them all. As such, additional remediation strategies and security controls need to be considered, including those provided by our Trusted Partners.
Program Review Process
When a program has been completed, with a Risk Score of 50% or lower, organisations can request a Virtual Review from Certified By. On completion, approved businesses will receive a Certificate of Assessment to evidence their achievements as per Maturity Levels 1-3 listed above – building trust in brand.
Why Go To All The Trouble?
Because it’s becoming increasingly difficult to compete in this modern global economy. Procurement and client expectations, people and culture responsibilities and sustainable workplace practices have never been more important. It’s about time there was a way for SMEs to prove they too can be trusted.
Disclaimer 🤚
We’ve put our heart and soul into building something to help millions of SMEs & nonprofits around the world.
We’ve done a lot right and made mistakes along the way, cause no one ever said #RegTech was easy.
Rest assured we are leveraging the brightest minds, deepest resources, connected partnerships and hunger for growth to develop a better product every day for you.
With that being said… we make no representation that part or all of CertifiedBy’s programs, features or services assures risks will be avoided or managed in a particular way, and we are not liable for any loss whatsoever arising.
