No. The NIST privacy framework recommends that companies summarize their maturity with respect to each category by using four “Tiers.” The Tiers are intended to describe whether the current practices of the company with respect to the domain are partially in place (Tier 1), risk informed (Tier 2), repeatable (Tier 3), or adaptive (Tier 4).
