CMMI Level 2 — Managed

Capability Maturity Model Integration (CMMI) describes five maturity levels for an organisation's processes. Level 1 is "Initial" — heroic effort, unpredictable outcomes. Level 2 is "Managed" — projects are planned, tracked, and reviewed using documented procedures so outcomes are repeatable.

Media Tech holds itself to CMMI Level 2 across all customer-facing work, including SPYN. The discipline is the same regardless of whether a project ships to consumers (SPYN) or solves an internal problem (Atlas).

The seven Level 2 process areas, with SPYN artifact mapping

REQM — Requirements Management

Requirements are baselined, traceable, and changes are controlled.

SPYN artifacts. Requirement Specifications in the 10-section format (developer/requirements-specification), version-controlled in the SPYN repo, with a bidirectional traceability matrix linking each requirement to the test cases (developer/test-cases-functional, developer/test-cases-technical) and the release notes (developer/release-notes) that confirm delivery.

PP — Project Planning

Estimates, schedule, budget, and risks are documented before commitment.

SPYN artifacts. The SPYN portfolio plan in monday.com, sprint plans, the risk register (pm/risk-register), the team RACI (hr/raci-model).

PMC — Project Monitoring and Control

Actuals are compared to the plan; corrective action is taken when they diverge.

SPYN artifacts. Weekly status updates in monday.com, the running corrective-action log on the SPYN board, fortnightly burn-down review, the risk register's weekly review for high-severity entries.

MA — Measurement and Analysis

A small set of metrics is defined and tracked against objectives.

SPYN artifacts. The SPYN operational dashboard (latency, error rate, AI Diary generation cost per user, queue depth on Horizon), the product dashboard (DAU, retention, time-to-first-diary), and the engineering dashboard (lead time, change failure rate, mean time to restore). Each metric has a defined target and an owner.

PPQA — Process and Product Quality Assurance

Process compliance is checked independently of the work itself.

SPYN artifacts. The QA Lead's spot-check log against the SDLC gates (developer/sdlc-process), independent functional tests run by QA Testers who did not write the code (developer/test-cases-functional), and the Master Audit's per-skill freshness checks.

CM — Configuration Management

Items under control are identified, versioned, and changes are auditable.

SPYN artifacts. Git for code (developer/git-workflow), this skill library for process documentation, monday.com for project artifacts, the release manifest for shipped versions. Everything has a version; nothing changes silently.

SAM — Supplier Agreement Management

Suppliers are selected, agreements documented, and deliverables verified.

SPYN artifacts. The DPA inventory (legal/data-processing-agreements), the procurement checklist for new vendors, quarterly review of active processors against contract terms.

Audit cadence

The Master skill audits each Level 2 project once per phase transition (developer/sdlc-process) and runs a portfolio-level review monthly. The audit checks: are the expected artifacts present, are they current, do they reflect the actual work. Missing or stale artifacts produce an issue against the project's monday.com board with an owner and due date.

The Master skill does not block transitions automatically — that decision belongs to the project sponsor — but unresolved Level 2 audit issues are visible in the project dashboard and in the next investor-pack regeneration (finance/investor-materials).

Moving to Level 3

Level 3 — "Defined" — adds organisational standardisation on top of project-level discipline. Projects at Level 3 don't just have their own plans; they tailor a shared organisational process. We are piloting Level 3 practices on Project Orion before rolling them out portfolio-wide; SPYN will follow once the pilot demonstrates the additional artefacts pay back the additional process overhead.

Owned by

Project Manager (Mikkel Nygaard).