Target Maturity Levels

Maturity levels indicate the robustness of formal articulation of policies and the extent of assimilation and adoption into organizational practices.
The definition of maturity levels is derived from common acceptable IT Standard models:

Level

Description

Characteristics of level

0

Non-existent

  • No articulation of policies and recognisable processes are lacking

1

Ad-hoc

  • Processes are not standardised but ad-hoc approaches are  applied incidentally on an individual or case-by-case basis
  • The overall approach to IT management and governance is disorganized

2

Repeatable

  • Processes have evolved to the extent that similar approaches are adopted  by different individuals undergoing the same task
  • There is no formal training or communication of standard procedures, and responsibility is left to the individual. There is a high degree of reliance on the knowledge of individuals

3

Defined

  • Processes are properly defined, documented, and communicated through formal training
  • Processes are integrated into organizational practices via formal approved policy
  • Automation and tools are used in a limited and fragmented way

4

Managed and Measurable

  • Measurable quality goals are established, and management monitors & measures compliance with procedures  and takes action where processes appear not to be working effectively
  • Processes are under constant improvement and provide good practice

5

Optimised

  • Processes are refined to the level of good practice, based on  continuous improvement
  • Quality management & continuous improvement activities are embedded in process management
  • IT is leveraged in an integrated way to automate the workflow, providing tools to improve quality and effectiveness

The minimum target maturity level for IT Standards for the financial services industry is Level 3 in respect of standards that align to the maturity model.
Level 3 maturity requires that IT standards are:

  • Defined
  • Documented
  • Integrated into organizational practices via policy and procedures
  • Communicated through training, and that
  • Automation and tools are used in a limited and fragmented way

Data Centre Maturity

The TIA 942 and Uptime Institute standards are the reference standards for data centre infrastructure and environment. Data Center standards provide guidance for data centres including primary data centres hosting live production infrastructure as well as backup data centres/disaster recovery locations.
The following tier levels are adapted from the TIA 942 and Uptime Institute Tier Standards:

Tier Description Characteristics of Tier

1

Basic Data Centre Site Infrastructure

  • Numerous single points of failure in all aspects of design

  • Generally unable to sustain more than a 10 minute power outage

2

Redundant Site Infrastructure Capacity Components

  • Some redundancy in power and cooling systems
  • Generator backup
  • Able to sustain 24 hour power outage
  • Minimal thought to site selection
  • Vapour barrier
  • Formal data room separate from other areas

3

Concurrently Maintainable Site Infrastructure

  • Two utility paths (active and passive)
  • Redundant power and cooling systems
  • Redundant service providers
  • Able to sustain 72-hour power outage
  • Careful site selection planning
  • One-hour fire rating
  • Allows for concurrent maintenance

4

Fault Tolerant Site Infrastructure

  • Two independent utility paths
  • Independently dual-powered cooling systems
  • Able to sustain 96 hour power outage
  • Stringent site selection criteria
  • Minimum two-hour fire rating
  • 24/7 onsite maintenance staff

 Target tier is Tier 3:  Concurrently Maintainable Site Infrastructure and supports 99.982% availability.