What records management maturity models exist and how do you assess which level your program is at?
A maturity model is a framework that describes how a records and information management program evolves from ad hoc practices toward fully optimized, embedded ones. Rather than a pass/fail audit, it gives you a vocabulary and a yardstick for measuring progress and prioritizing improvements.
Common maturity models
Several widely referenced frameworks share a similar structure:
- Generally Accepted Recordkeeping Principles (the Principles), with an accompanying maturity model, organize good recordkeeping around dimensions such as accountability, transparency, integrity, protection, compliance, availability, retention, and disposition.
- Capability-style models borrow the familiar five-level progression: from ad hoc and reactive, to defined and managed, up to optimized.
- Standards-based self-assessment, drawing on ISO 15489, evaluates whether records are authentic, reliable, usable, and properly retained and dispositioned across their lifecycle.
Most models converge on similar tiers: practices that are largely undocumented and inconsistent at the low end, formally defined and consistently applied in the middle, and continuously measured and improved at the high end.
How to assess your level
Assessment is largely an evidence-gathering exercise. For each dimension, ask what is documented, what is consistently practiced, and what is measured:
- Policy and authority — Do approved retention schedules and policies exist, and is there clear ownership?
- Coverage — Do schedules and controls reach all record types and systems, including email and other electronic records?
- Execution — Is retention and disposition actually carried out, including legal holds, or do records simply accumulate?
- Monitoring — Are compliance and outcomes audited, reported, and used to drive improvement?
A dimension where practices are documented, applied, and measured sits near the top; one that depends on individual heroics or tribal knowledge sits near the bottom. Scoring each dimension separately usually reveals an uneven profile rather than a single number, which is exactly what makes these models useful for planning.
Using the results
Treat the assessment as a roadmap, not a grade. Target the lowest-scoring, highest-risk dimensions first, set a realistic next-level goal, and reassess periodically to confirm progress. Strengthening retention and disposition specifically is often the fastest way to reduce risk and cost.
For related guidance, see the retention and disposition topic hub.
Sources & further reading
Authoritative government and non-profit references.
- ARMA International — ARMA International
- ISO 15489-1 Records management — ISO
How to cite this page
APA
RM University Editorial. (2026). What records management maturity models exist and how do you assess which level your program is at?. Records Management University. https://www.recordsmgmt.org/questions/records-management-maturity-models-how-to-assess-your-level/
MLA
RM University Editorial. "What records management maturity models exist and how do you assess which level your program is at?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/records-management-maturity-models-how-to-assess-your-level/.
Related questions
- Can a company be fined for keeping records longer than the law requires?
- Can any manager authorize destroying records, or does it have to be someone specific?
- Can deleting emails too soon be considered illegal spoliation of evidence?
- Can different copies of the same document have different retention periods?
- Can GDPR storage limitation requirements force you to delete records you are legally required to keep elsewhere?