The Open Group information security management maturity model ('''O-ISM3''') is The Open Group framework for managing information security, and wider still to managing information in the wider context. It aims to ensure that security processes in any organization are implemented so as to operate at a level consistent with that organization’s business requirements. O-ISM3 is technology-neutral. It defines a comprehensive but manageable number of information security processes sufficient for the needs of most organizations, with the relevant security control(s) being identified within each process as an essential subset of that process. In this respect, it is fully compatible with the well-established ISO/IEC 27000:2009, COBIT®, and ITIL® standards in this field. Additionally, as well as complementing the TOGAF® framework for Enterprise Architecture, O-ISM3 defines operational metrics and their allowable variances..<ref>O-ISM3 v2.0 2018 p6</ref>
