Section navigation
Annex J: Conformance Model Crosswalk
ARCS defines two conformance architectures that serve different purposes. This annex provides an approximate crosswalk between them for operators using both. This annex is informative. Neither model takes normative precedence over the other. The maturity levels and the conformance profiles are designed to evolve independently.
The two models and their roles
Maturity levels (Section 16.3) describe governance coverage — how completely an implementation has documented and governed its record environment. They answer: how far along are we? They are useful for strategic planning, reporting to boards and leadership, and benchmarking progress over time.
Conformance profiles (Section 16.2) describe control implementation — which specific control families have been satisfied. They answer: which controls are implemented? They are useful for procurement evaluation, audit, and contractual compliance requirements.
Neither model is superior. They serve different audiences and different purposes. Procurement and audit contexts generally prefer the profiles because individual controls are directly verifiable. Governance reporting and strategic planning generally prefer the maturity levels because they convey coverage at a glance.
Approximate crosswalk
The following table shows the approximate correspondence between maturity levels and conformance profiles. The relationship is directional, not definitional — satisfying a profile does not automatically confer a maturity level, and reaching a maturity level does not automatically satisfy a profile.
| Maturity Level | Description | Approximate Profile Correspondence |
|---|---|---|
| Level 0 | Undocumented record governance | Below Foundation |
| Level 1 | Record identification | ARCS-TAX + basic ARCS-LIF inventory |
| Level 2 | Surface mapping and disclosure | ARCS-CUS, ARCS-TAX, ARCS-LIF with review/routing disclosure |
| Level 3 | Documented lifecycle governance | ARCS-LIF, ARCS-PUB, deletion and routing controls |
| Level 4 | Governance-grade implementation | Minimum Profile |
| Level 5 | Full-surface governance | Enterprise Profile + agent runtime coverage |
Level 4 as the institutional minimum
Level 4 corresponds to the Minimum Profile. An operator claiming Level 4 should be able to declare Minimum Profile conformance. Both designations indicate that the implementation can demonstrate where interaction records exist, who holds them, and how long they persist, for all normal deployment modes, in a form reviewable by an auditor.
Level 4 is the institutional minimum for ARCS conformance. Lower levels represent governance in progress.
Level 5 and the Enterprise Profile
Level 5 corresponds approximately to the Enterprise Profile combined with agent runtime coverage. The Enterprise Profile does not by itself confer Level 5, because Level 5 requires no unknown surfaces and documented governance of advanced runtime artifacts, which are not required by the Enterprise Profile alone.
Foundation Profile and the maturity ladder
The Foundation Profile (ARCS-LIF, ARCS-CUS, ARCS-TAX) sits between Level 1 and Level 2 on the maturity ladder. It is sufficient to establish baseline record identification and surface mapping but does not require the full disclosure controls that distinguish Level 2 from Level 1. Organizations satisfying the Foundation Profile are typically at Level 1 to Level 2, progressing toward Minimum Profile conformance.
Using both models together
An operator may find it useful to declare both a maturity level and a conformance profile in a single statement. For example:
This system is assessed at ARCS Maturity Level 4 and satisfies ARCS Minimum Profile conformance.
Or, for partial progress:
This system is assessed at ARCS Maturity Level 2. The following control families are satisfied: ARCS-LIF, ARCS-CUS, ARCS-TAX. Remaining families are in progress.
These statements are complementary and independently verifiable.