Companies can be proactive or reactive in terms of assessing the quality of their technology. Modern firms use a variety of technology products and services, including cybersecurity, document management, data management, various third-party and in-house software applications, et cetera.

Some firms find out about the quality of their infrastructure through an “event” - a cybersecurity breach, a ransomware attack, a database failure, a lost connection, an inability to buy a third party application because it cannot connect to legacy software, an inability to have the workforce connect remotely more or less simultaneously, or other similar events.

Firms that are proactive in assessing the quality of their technology conduct an initial evaluation of enterprise capabilities that is called the current assessment. Current assessment can cover a portion of technical capabilities (for example, a penetration test is a current assessment of cybersecurity capabilities) or the entire infrastructure. The best practice frameworks for evaluating technology are Capability Maturity Model (CMM) and NIST framework. The best practice framework for assessing the quality of the entire infrastructure is the COSO Governance Assessment.