What are the IGRM maturity levels and how do you assess them?
A quick note on terms. The IGRM (Information Governance Reference Model) is a visual framework that shows how legal, records, IT, privacy, security, and business stakeholders share responsibility for information across its lifecycle. It is a coordination model, not a scoring system. The “maturity levels” people ask about usually come from a companion idea: a maturity model that rates how developed an organization’s governance practices are. The two are often used together, so this answer covers both.
What the maturity levels describe
Most information governance maturity models use a tiered scale, frequently five levels that progress roughly like this:
- Sub-standard / minimal — Practices are absent or ad hoc. Information is managed inconsistently and reactively, often only when a problem forces it.
- In development — Some policies exist but are incomplete or unevenly applied across departments.
- Essential — Baseline requirements are met. Policies, retention schedules, and accountability are defined and generally followed.
- Proactive — Governance is integrated into routine operations, monitored, and improved over time.
- Transformational — Governance is embedded in culture and strategy, continuously measured, and treated as a source of value and risk reduction.
These levels are typically mapped against principles such as accountability, transparency, integrity, protection, compliance, availability, retention, and disposition.
How to assess maturity
Assessment is a structured self-evaluation rather than a single test. A practical approach:
- Choose a framework and define the principles you will score against.
- Gather evidence — review policies, retention schedules, system inventories, audit logs, and interview stakeholders across legal, IT, records, privacy, and the business.
- Score each principle against the level definitions, using the same criteria consistently.
- Identify gaps between current and target maturity.
- Build a roadmap with prioritized, measurable improvements, then reassess periodically to track progress.
The goal is not a perfect score but a shared, honest picture of where information risk lives and where coordinated effort will pay off.
To explore related concepts, see the information governance topic hub.
International records standards such as ISO 15489 offer complementary guidance on the underlying recordkeeping practices these models evaluate.
Sources & further reading
Authoritative government and non-profit references.
- ISO 15489-1 Records management — ISO
- ARMA International — ARMA International
How to cite this page
APA
RM University Editorial. (2026). What are the IGRM maturity levels and how do you assess them?. Records Management University. https://www.recordsmgmt.org/questions/what-are-the-igrm-maturity-levels/
MLA
RM University Editorial. "What are the IGRM maturity levels and how do you assess them?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/what-are-the-igrm-maturity-levels/.
Related questions
- Big-bucket vs item-level retention schedules: how do I choose between them?
- Can a company be penalized for keeping data too long under privacy laws even if nothing was breached?
- Can a US company store records in the EU, or do data localization and cross-border transfer rules block it?
- Can executives or board members be held personally liable for information governance failures?
- Can information governance help reduce cloud storage costs, and how?