NIST privacy framework recommends that companies summarize their maturity with respect to each category by using four Tiers describing whether current practices with respect to the domain are partially in place Tier 1, risk informed Tier 2, repeatable Tier 3, or adaptive Tier 4.