If you bid for government IT projects, defence contracts, or large BFSI technology deals in India, CMMI Level 3 is often a mandatory qualification. It proves your organisation has defined, consistent processes for software development or IT services. Without it, your tender bid is disqualified before evaluation.
CMMI-DEV
Development — for software and systems
Level 3
Defined processes — government minimum
Lead Appraiser
ISACA-registered — required for formal appraisal
CMMI is a framework for improving how software and IT projects are managed. A higher maturity level means more consistent, predictable, and measurable project outcomes. If your company is pursuing CMMI Level 3, you will be asked to follow documented processes for project planning, requirements management, and quality assurance on your projects.
Process
Documented procedures for every project activity
Evidence
Artefacts showing the process was followed
Institutionalisation
Process used on every project, not just for the appraisal
Quick reference. CMMI v2.0 (current — published 2018). Three models: CMMI-DEV (development), CMMI-SVC (services), CMMI-ACQ (acquisition). 5 maturity levels: 1=Initial, 2=Managed, 3=Defined, 4=Quantitatively Managed, 5=Optimising. Appraisal method: SCAMPI A (formal, official rating), B, C (informal). Lead Appraiser: ISACA-certified and registered. Appraisal results submitted to ISACA.
CMMI v2.0
Current version
SCAMPI A
Formal appraisal for official rating
ISACA
Administers CMMI programme
CMMI (Capability Maturity Model Integration) was developed by Carnegie Mellon University's Software Engineering Institute (SEI) in the 1990s. It evolved from the earlier CMM (Capability Maturity Model) for software. CMMI v2.0 (2018) is now administered by ISACA. It integrates multiple process improvement models into one framework covering development, services, and acquisition.
1990s
CMM developed by Carnegie Mellon SEI
2018
CMMI v2.0 published
ISACA
Current administrator
Required for many government, defence, and BFSI IT contracts in IndiaLevel 3 is the de facto minimum for government IT project qualificationAppraisal by ISACA-registered Lead Appraiser — not a certification body audit
What’s on this page
01 —What it isUnderstanding CMMI
The process maturity framework that government IT contracts require — five levels, one framework.
CMMI (Capability Maturity Model Integration) is a process improvement framework that defines five maturity levels for how organisations manage software and IT projects. Level 1 (Initial) means processes are ad hoc. Level 5 (Optimising) means processes are continuously improved through quantitative data.
Level 3 (Defined) is the most commonly required level for government IT contracts — it means all processes are documented, consistently followed across the organisation, and tailored from a standard set of organisational processes.
CMMI is not certified by a certification body — it is appraised by an ISACA-registered Lead Appraiser using the SCAMPI (Standard CMMI Appraisal Method for Process Improvement) methodology. The formal appraisal result is registered with ISACA and is searchable in their published appraisal results.
CMMI appraisal and certification are different things. There is no "CMMI certificate." There is a CMMI appraisal result — which is a published rating showing your organisation's maturity level at the time of the appraisal. The rating expires and must be renewed periodically (typically every 3 years for SCAMPI A).
👥 Illustrative case — details changed for confidentiality
The business
Software product company Hyderabad · 250 employees, supplying government and defence clients
The trigger
A Defence Research and Development Organisation (DRDO) tender required CMMI Level 3 as a mandatory qualification. The company had been targeting Level 3 for two years without a formal appraisal programme.
The challenge
Process documentation was partially done — but evidence collection had never been structured. Individual project managers had different interpretations of what "following the process" meant. No SEPG (Software Engineering Process Group) existed.
Where Clicarity came in
They managed the CMMI appraisal programme in Clicarity. Each process area was a sub-job with its own documentation owner and evidence set. Project management and requirements management ran in parallel as separate sub-jobs. Evidence collection was a tracked stage — the appraisal did not proceed until the Lead Appraiser confirmed evidence was complete.
The discipline of treating evidence as a tracked deliverable — not something assembled before the appraisal — made all the difference.
02 —Who needs itIs it right for you?
Do you actually need it? Honest answer.
✓ You need it
Software development companies bidding for government IT projects
IT companies bidding for defence and public sector contracts
IT services firms bidding for BFSI (banking, financial services) contracts that require it
Companies supplying to larger IT service providers who require it from their subcontractors
∼ Worth considering
IT companies targeting US government contracts (CMMI widely recognised)
Companies wanting to demonstrate process maturity to enterprise clients
— Not immediately needed
Software companies whose clients have not requested CMMI
Early-stage startups — build basic ISO 9001 process foundation first
03 —What it requiresWhat is checked
What CMMI Level 3 requires — from Level 2 foundation to defined processes.
1
Level 2: Project-level managed processes
Before Level 3, Level 2 requirements must be in place: project planning, project monitoring, requirements management, process and product quality assurance, measurement and analysis.
E.g. Every project has a project plan, tracked against actuals. Requirements are managed with traceability.
2
Organisational process definition
A set of standard processes defined at the organisational level from which project teams tailor their own process.
E.g. Organisation-wide project management process. Project teams tailor it (with documented tailoring decisions) for their specific project.
3
Organisational training
Training programme to develop skills needed to perform defined processes. Training records maintained.
E.g. Project managers trained on the organisation's project planning and monitoring processes. Training records kept.
4
Integrated project management
Projects managed using tailored versions of the organisation's standard processes. Lessons learnt fed back into process improvement.
E.g. Project retrospectives with findings fed into the SEPG (Software Engineering Process Group) for process updates.
5
Risk management
Risks identified, analysed, and mitigated systematically on every project. Risk register maintained and reviewed.
E.g. Risk register for every project. Top risks reviewed at each project status meeting.
6
Decision analysis and resolution
Formal decision-making process for significant decisions — evaluating alternatives against defined criteria.
E.g. Make vs buy decision for a software component: criteria defined, alternatives evaluated, decision documented.
7
Institutionalisation evidence
Processes must be followed on all projects in scope — not just the projects selected for the appraisal. Appraisers verify this.
E.g. Project artefacts from multiple projects showing the same defined process was followed.
What inspectors really check
A SCAMPI A appraisal involves an ISACA-registered Lead Appraiser reviewing artefacts from multiple projects, interviewing project managers and team members, and verifying that processes are institutionalised — not just documented. Institutionalisation is the hardest part to evidence. Projects selected must represent the organisation — not the best-performing outliers.
Gap analysis checklist — tick what you already have
All Level 2 process areas met before targeting Level 3
Level 2 is prerequisite.
Standard organisational processes defined and documented
Project teams tailor from this set.
SEPG (Software Engineering Process Group) established
Responsible for process definition and improvement.
Training programme documented and delivered
For all defined processes.
Projects managed using defined processes — artefacts available
Multiple projects, not just the appraisal showcase.
Risk management process followed on every project
Risk registers on file for recent projects.
Institutionalisation evidence from projects across the organisation
Not just selected projects.
0 of 7 complete
04 —Official bodyWho certifies in India
Who issues this in India — and how to verify it.
CMMI programme is administered by ISACA. Formal SCAMPI A appraisals must be conducted by an ISACA-registered Lead Appraiser. Appraisal results are submitted to ISACA and published in their official appraisal results database.
Only ISACA-registered Lead Appraisers can conduct a SCAMPI A appraisal. Verify your Lead Appraiser's registration at cmmiinstitute.com before engaging them. An appraisal conducted by an unregistered appraiser will not be accepted for government tender qualification.
ISACA — CMMI programme
CMMI v2.0 framework, Lead Appraiser search, published results.
Based on cmmiinstitute.com. Actual timelines vary. Confirm with your CB.
CMMI Journey
Step 1
Gap analysis against target level
Assess current practices against Level 2 and Level 3 requirements.
Step 2
Define standard processes
Organisational standard process set. SEPG established.
Step 3
Train project teams
On defined processes before piloting.
Step 4
Pilot on selected projects
Two or more projects using defined processes.
Step 5
Institutionalise
Apply to all projects in scope. Collect evidence.
Appraisal
SCAMPI A
ISACA-registered Lead Appraiser. Results published.
▶Where to begin: Use the checklist in Section 3 to assess your readiness before contacting any CB.
Level 3 timeline
12-24 months from Level 1
Depends on organisation size and current process maturity.
SCAMPI A validity
3 years typically
Check current ISACA requirements.
Lead Appraiser
ISACA-registered only
Verify at cmmiinstitute.com before engaging.
Cost
Varies by organisation size
Lead Appraiser fees + preparation consultancy.
Institutionalisation is the most common reason Level 3 appraisals fail. Processes are documented, one or two projects show good evidence — but the appraisal sample reveals other projects didn't follow the processes. Evidence must come from across the organisation, not just the best-prepared projects.
06 —Find certified companiesHow to verify
How to find and verify certified organisations.
CMMI appraisal results are published in ISACA's PARS (Published Appraisal Results System) database. Any organisation's current CMMI maturity level can be verified there.
How to verify: To confirm whether any organisation holds a current CMMI certification, use the official register. Verify the issuing CB's accreditation at nabcb.qci.org.in.
Good records are the foundation. A process tracker builds them automatically.
Clicarity — Live Job Process Tracker & Bottleneck Identifier
Clicarity doesn't assess your CMMI maturity. It tracks the appraisal programme — ensuring process documentation, evidence collection, and institutionalisation are completed systematically before the formal appraisal.
CMMI appraisal preparation involves multiple parallel process areas, each requiring documentation, piloting, institutionalisation, and evidence collection. Without a tracking system, the programme drifts — some process areas are ready, others are not, and the appraisal is delayed or fails. In Clicarity, each process area is a sub-job with its own owner, documentation stage, and evidence set. When they rejoin at the mini appraisal stage, the Lead Appraiser can see at a glance which process areas are ready and which need attention.
Each CMMI process area tracked as a sub-job — separate process owners, separate evidence sets, separate readiness sign-offs.
Evidence collection stage: Lead Appraiser sign-off required before the formal appraisal stage can proceed — preventing the appraisal from starting with evidence gaps.
Mini appraisal stage gates the formal appraisal — findings from the mini appraisal are addressed before the ISACA-registered Lead Appraiser conducts the formal assessment.
Clicarity shows which process areas are behind schedule — visible bottlenecks in the preparation programme before the appraisal date.
▼ Job splits — each component tracked independently
#CMMI-2026-01-A
Project management process area
▼Process documented
#Evidence items
▼Ready for appraisal
#CMMI-2026-01-B
Requirements management process area
▼Process documented
#Evidence items
▼Ready for appraisal
▲
Components rejoin as #CMMI-2026-01 — complete record of every branch, every data point, every sign-off preserved.
Evidence collection
#Artefacts collected
▼Evidence verified
▼Lead Appraiser reviewed
📅Collection date
▼No gaps
→
Mini appraisal / readiness check
▼Lead Appraiser conducted
✎Gaps found
▼Gaps closed
📅Mini appraisal date
→
Formal appraisal
▼Lead Appraiser
▼Appraisal outcome
✎Maturity level achieved
📅Appraisal date
▼ISACA registered
Wastage tracked:▰ Project management and requirements management process areas prepared as separate sub-jobs — different process owners, different evidence▰ Evidence collected continuously — not assembled before the appraisal▰ Formal appraisal proceeds only after mini appraisal confirms readiness
ⓘ Fields and stage names are fully customisable. This illustrates a typical software company — CMMI-DEV Level 3 appraisal setup.
👥 Illustrative case — details changed for confidentiality
The business
Software product company Hyderabad · 250 employees, supplying government and defence clients
The trigger
A Defence Research and Development Organisation (DRDO) tender required CMMI Level 3 as a mandatory qualification. The company had been targeting Level 3 for two years without a formal appraisal programme.
The challenge
Process documentation was partially done — but evidence collection had never been structured. Individual project managers had different interpretations of what "following the process" meant. No SEPG (Software Engineering Process Group) existed.
Where Clicarity came in
They managed the CMMI appraisal programme in Clicarity. Each process area was a sub-job with its own documentation owner and evidence set. Project management and requirements management ran in parallel as separate sub-jobs. Evidence collection was a tracked stage — the appraisal did not proceed until the Lead Appraiser confirmed evidence was complete.