How is Your ITSM Maturity?

IT service management (ITSM) maturity assessments are interesting tools. Used wisely, they can be powerful drivers of change. However, this requires an appreciation of their true purpose and a commitment to make maturity assessments part of your organization’s continuous improvement approach.  

Ultimately, maturity models and assessments should be about improvement, focusing not on where your organization is now but on its improvement journey relative to its desired future state. It begs the question of whether your organization’s ITSM maturity is more about its ability to become better than the initial maturity score. It’s similar to the definition of intelligence as the ability to learn or understand rather than what is already known. 

To help, this blog examines how best to apply maturity assessments in your organization, starting with where issues commonly arise. 

The common issues with ITSM maturity assessments 

Sadly, maturity assessments are often used in the wrong way. This issue occurs when the maturity assessment is seen as a one-time exercise (maybe as part of a new ITSM tool implementation project) rather than being repeated as a continual improvement tool. 

But this “one-and-done” approach to maturity assessments isn’t the only issue. There can also be issues related to focus. First, the approach might overlook that the maturity of an IT organization is dependent on more than the state of the employed ITSM processes.  

Second, as an industry, we have often confused process “quantity” with quality when assessing maturity. For example, if an organization has adopted twelve ITSM practices rated as low maturity and another has adopted five ITSM practices rated as above-average maturity. Which organization has the highest ITSM maturity? The one with the highest level of adoption or with the highest average practice maturity? 

A third issue is that people might think their organization needs to hit the highest possible scores across the maturity assessment areas. But maturity models aren’t about achieving Level 5 (see the next section) for every capability. Instead, it’s about achieving the level of maturity your organization needs for each capability. For many organizations, achieving Level 3 or 4 is all that’s required.  

The 5-level approach to maturity assessment 

Whether related to ITSM or not, maturity models usually have five or six maturity levels. This is level 1 to level 5, as described at a high level in the table below, and perhaps a level 0 to denote when a capability is non-existent. 

Maturity level  Description 
Level 1 – Initial  An area is deemed a needed capability, but there are currently no standard practices and processes, only ad hoc activities.  
Level 2 – Repeatable  There are standard practices and processes but little else. There’s no guarantee that operations and outcomes are consistent.  
Level 3 – Defined  Practices and processes are documented and mandated, with individuals suitably trained. Improvement opportunities are still available. 
Level 4 – Managed  Practices and processes are based on industry best practices. Performance monitoring, governance, and continual improvement are all in place. 
Level 5 – Optimized  Optimized practices and processes leverage industry best practices, automation, continual improvement, and benchmarking. 


The limitations of maturity assessments  

In addition to the earlier issues, it’s essential to recognize that maturity model and assessment use has limitations, i.e. ways in which they shouldn’t be used. For example, maturity assessments can’t: 

  • Assess individual employee performance. 
  • Propose the maturity level your organization needs for a given ITSM capability (although aggregated data can offer the average current and desired states for similar organizations as a guide). 
  • Quantify the potential benefits from maturity improvements. 
  • Provide an improvement route map – for example, what to tackle first and whether to take a parallel or serial improvement approach. 
  • Assess compliance because an assessment is not a standard to be complied with (such as the ISO/IEC 20000 service management standard). 

It’s important to understand these limitations when using ITSM maturity assessment tools. 

4 key ITSM maturity assessment use cases 

Maturity assessments can provide a structured approach for identifying the strengths and weaknesses across your corporate ITSM capabilities to help to focus improvements on the right things. The key ITSM use case opportunities for maturity assessments include: 

  • Benchmarking the current ITSM current capabilities establishing a benchmark against which to measure improvement progress over time.  
  • Identifying and prioritizing areas for improvement – where weak areas in current ITSM practices are considered for the best use of limited improvement resources.  
  • Identifying IT service delivery and support risks, followed by implementing mitigation measures.  
  • ITSM roadmap creation – where the roadmap guide the required improvements across people, process, and technology based on the most significant needs. 

10 tips for getting maximum value from ITSM maturity assessments 

ITSM maturity investments need to be correctly positioned to be effective. The following tips will help your organization get maximum value from its ITSM maturity assessments: 

  1. Remember that ITSM maturity assessments are a “means to an end” and not the end itself. While the assessment scores are important, the resulting improvements are more important. 
  2. Set clear objectives for your ITSM maturity assessment initiative. Failing to do so will likely adversely impact the assessment scope and your ability to deliver the required results. 
  3. Recognize that a single ITSM maturity assessment is just a snapshot in time. If used this way, it’s a missed opportunity and likely not a successful investment of time and money. Assessments should instead be focused on improvement over time.  
  4. Appreciate that one-off assessment scenarios can be dictated by the need, with scores inflated or understated to meet that need. Beyond this, and in multi-assessment scenarios, be aware that biases can influence assessments, leading to inconsistencies or inaccuracies over time. 
  5. Choose the maturity model and assessment mechanism carefully, especially when benefits are expected from comparing results across organizations. 
  6. Start with a maturity baseline. There’s a need to understand where your organization is before you can fully understand where it’s going. Not only to help set direction – in terms of improvement plans – but also to quantify improvements in the following assessment. 
  7. Don’t underestimate the potential for resistance to change. It’s the usual need for organizational change management to combat the issues related to lack of understanding, fear of the unknown, or concerns regarding the personal impact of changes. 
  8. Don’t assume that a new ITSM tool will automatically improve your organization’s ITSM maturity. There’s still the need to address the underlying processes, people, and cultural aspects contributing to ITSM maturity. 
  9. Appreciate the time and resources needed to benefit from regular maturity assessments and the associated improvement activities. Failing to do so can cause a loss of momentum and potentially the loss of interest and investment in the maturity-assessment process. 
  10. Ensure that maturity assessments are adequately tied into the corporate continual improvement approach.  

ITSM maturity assessments can be powerful improvement tools in the right hands. So, Please bear all of the above in mind when considering your organization’s ITSM maturity. Failing to do so will adversely affect the benefits of your maturity assessment investments.